virtumonde.sdn removal
I decided to re-run Spybot in the normal Windows mode. It ran normally and there were a number of items (in red) which I allowed the program to fix. The run report follows.....Thanks greenbdb
--- Search result list ---
BurstMedia: Tracking cookie (Internet Explorer: greenbdb) (Cookie, fixed)
MediaPlex: Tracking cookie (Internet Explorer: greenbdb) (Cookie, fixed)
HitBox: Tracking cookie (Internet Explorer: greenbdb) (Cookie, fixed)
DoubleClick: Tracking cookie (Internet Explorer: greenbdb) (Cookie, fixed)
AdRevolver: Tracking cookie (Internet Explorer: greenbdb) (Cookie, fixed)
AdRevolver: Tracking cookie (Internet Explorer: greenbdb) (Cookie, fixed)
BurstMedia: Tracking cookie (Internet Explorer: greenbdb) (Cookie, fixed)
Statcounter: Tracking cookie (Internet Explorer: greenbdb) (Cookie, fixed)
CasaleMedia: Tracking cookie (Internet Explorer: greenbdb) (Cookie, fixed)
HitBox: Tracking cookie (Internet Explorer: greenbdb) (Cookie, fixed)
MediaPlex: Tracking cookie (Internet Explorer: greenbdb) (Cookie, fixed)
Right Media: Tracking cookie (Internet Explorer: greenbdb) (Cookie, fixed)
LinkSynergy: Tracking cookie (Internet Explorer: greenbdb) (Cookie, fixed)
Common Dialogs: History (11 files) (Registry key, nothing done)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU
Log: Activity: SchedLgU.Txt (Backup file, nothing done)
C:\WINDOWS\SchedLgU.Txt
Log: Shutdown: System32\wbem\logs\wbemess.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemess.log
Log: Shutdown: System32\wbem\logs\wmiprov.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wmiprov.log
Internet Explorer: [SBI $1E8157BE] Typed URL list (25 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-299502267-2146983963-725345543-1003\Software\Microsoft\Internet Explorer\TypedURLs
Internet Explorer: [SBI $D9A946AF] Last used directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-299502267-2146983963-725345543-1003\Software\Microsoft\Internet Explorer\Main\Save Directory
Internet Explorer: [SBI $FF589D0C] Download directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-299502267-2146983963-725345543-1003\Software\Microsoft\Internet Explorer\Download Directory
Internet Explorer: [SBI $0BC7B918] User agent (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
Internet Explorer: [SBI $0BC7B918] User agent (Registry change, nothing done)
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
Internet Explorer: [SBI $0BC7B918] User agent (Registry change, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
Internet Explorer: [SBI $0BC7B918] User agent (Registry change, nothing done)
HKEY_USERS\S-1-5-21-299502267-2146983963-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
Internet Explorer: [SBI $0BC7B918] User agent (Registry change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\greenbdb\Application Data\Macromedia\Flash Player\#SharedObjects\NGKF7ZG4\bin.clearspring.com\clearspring.sol
Properties.size=61
Properties.md5=12C41EF8D9615792965CACA7BAF35067
Properties.filedate=1244051284
Properties.filedatetext=2009-06-03 13:48:04
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\greenbdb\Application Data\Macromedia\Flash Player\#SharedObjects\NGKF7ZG4\mlb.mlb.com\s_br.sol
Properties.size=35
Properties.md5=760FCA2DC2B18E30543493B04290322A
Properties.filedate=1243995217
Properties.filedatetext=2009-06-02 22:13:37
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\greenbdb\Application Data\Macromedia\Flash Player\#SharedObjects\NGKF7ZG4\s.ytimg.com\soundData.sol
Properties.size=58
Properties.md5=25585B3F7C8A99AE7EE6E859CACBC074
Properties.filedate=1244034569
Properties.filedatetext=2009-06-03 09:09:29
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\greenbdb\Application Data\Macromedia\Flash Player\#SharedObjects\NGKF7ZG4\s.ytimg.com\videostats.sol
Properties.size=85
Properties.md5=EBC262C5A25E6173E682EF5996939689
Properties.filedate=1244034549
Properties.filedatetext=2009-06-03 09:09:08
MS Direct3D: [SBI $7FB7B83F] Most recent application (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name
MS Direct3D: [SBI $C2A44980] Most recent application (Registry change, nothing done)
HKEY_USERS\S-1-5-21-299502267-2146983963-725345543-1003\Software\Microsoft\Direct3D\MostRecentApplication\Name
MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name
MS Office 11.0: [SBI $53EEAC4B] Last opened-from-web file (Registry value, nothing done)
HKEY_USERS\S-1-5-21-299502267-2146983963-725345543-1003\Software\Microsoft\Office\11.0\Common\Internet\UseRWHlinkNavigation
MS Office 11.0 (Excel): [SBI $8DAB8D88] Recent file list (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-299502267-2146983963-725345543-1003\Software\Microsoft\Office\11.0\Excel\Recent Files
Windows: [SBI $1E4E2003] Drivers installation paths (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources
Windows.OpenWith: [SBI $F3568C7E] Open with list - .123 extension (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-299502267-2146983963-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.123\OpenWithList
Windows Explorer: [SBI $AA0766B5] Stream history (8 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-299502267-2146983963-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU
Windows Explorer: [SBI $2026AFB6] User Assistant history IE (5 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-299502267-2146983963-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count
Windows Explorer: [SBI $6107D172] User Assistant history files (22 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-299502267-2146983963-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count
Windows Explorer: [SBI $B7EBA926] Last visited history (5 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-299502267-2146983963-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU
Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry key, nothing done)
HKEY_USERS\S-1-5-21-299502267-2146983963-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry change, nothing done)
HKEY_USERS\S-1-5-21-299502267-2146983963-725345543-1003\Software\Microsoft\Windows Media\WMSDK\General\ComputerName
Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry change, nothing done)
HKEY_USERS\S-1-5-21-299502267-2146983963-725345543-1003\Software\Microsoft\Windows Media\WMSDK\General\UniqueID
Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry value, nothing done)
HKEY_USERS\S-1-5-21-299502267-2146983963-725345543-1003\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber
Cookie: [SBI $49804B54] Cookie (100) (Cookie, nothing done)
Cache: [SBI $49804B54] Cache (2937) (Cache, nothing done)
History: [SBI $49804B54] History (130) (History, nothing done)
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2008-07-07 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2009-02-14 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-01-26 advcheck.dll (1.6.2.15)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2009-05-19 Includes\Adware.sbi (*)
2009-06-02 Includes\AdwareC.sbi (*)
2009-01-22 Includes\Cookies.sbi (*)
2009-05-19 Includes\Dialer.sbi (*)
2009-06-02 Includes\DialerC.sbi (*)
2009-01-22 Includes\HeavyDuty.sbi (*)
2009-05-26 Includes\Hijackers.sbi (*)
2009-06-02 Includes\HijackersC.sbi (*)
2009-05-06 Includes\Keyloggers.sbi (*)
2009-06-02 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2009-05-12 Includes\Malware.sbi (*)
2009-06-02 Includes\MalwareC.sbi (*)
2009-03-25 Includes\PUPS.sbi (*)
2009-06-02 Includes\PUPSC.sbi (*)
2009-01-22 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2009-06-02 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2009-04-07 Includes\Spyware.sbi (*)
2009-06-02 Includes\SpywareC.sbi (*)
2009-04-07 Includes\Tracks.uti (*)
2009-06-02 Includes\Trojans.sbi (*)
2009-06-02 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
--- System information ---
Windows XP (Build: 2600) Service Pack 2 (5.1.2600)
/ Windows / SP1: Microsoft Internationalized Domain Names Mitigation APIs
/ Windows / SP1: Microsoft National Language Support Downlevel APIs
/ Windows Media Format 11 SDK: Hotfix for Windows Media Format 11 SDK (KB929399)
/ Windows Media Player: Security Update for Windows Media Player (KB952069)
/ Windows Media Player 11: Security Update for Windows Media Player 11 (KB936782)
/ Windows Media Player 11: Hotfix for Windows Media Player 11 (KB939683)
/ Windows Media Player 11: Security Update for Windows Media Player 11 (KB954154)
/ Windows Media Player 11: Critical Update for Windows Media Player 11 (KB959772)
/ Windows Media Player 6.4: Security Update for Windows Media Player 6.4 (KB925398)
/ Windows Media Player 9: Security Update for Windows Media Player 9 (KB936782)
/ Windows XP: Security Update for Windows XP (KB941569)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB938127)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB942615)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB944533)
/ Windows XP / SP0: Hotfix for Windows Internet Explorer 7 (KB947864)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB950759)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB953838)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB956390)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB958215)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB960714)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB961260)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB963027)
/ Windows XP / SP10: Microsoft Compression Client Pack 1.0 for Windows XP
/ Windows XP / SP3: Windows XP Hotfix - KB873339
/ Windows XP / SP3: Windows XP Hotfix - KB885835
/ Windows XP / SP3: Windows XP Hotfix - KB885836
/ Windows XP / SP3: Windows XP Hotfix - KB886185
/ Windows XP / SP3: Windows XP Hotfix - KB886677
/ Windows XP / SP3: Windows XP Hotfix - KB887472
/ Windows XP / SP3: Windows XP Hotfix - KB888302
/ Windows XP / SP3: Security Update for Windows XP (KB890046)
/ Windows XP / SP3: Windows XP Hotfix - KB890859
/ Windows XP / SP3: Windows XP Hotfix - KB891781
/ Windows XP / SP3: Security Update for Windows XP (KB893756)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Update for Windows XP (KB894391)
/ Windows XP / SP3: Hotfix for Windows XP (KB896344)
/ Windows XP / SP3: Security Update for Windows XP (KB896358)
/ Windows XP / SP3: Security Update for Windows XP (KB896423)
/ Windows XP / SP3: Security Update for Windows XP (KB896428)
/ Windows XP / SP3: Update for Windows XP (KB898461)
/ Windows XP / SP3: Security Update for Windows XP (KB899587)
/ Windows XP / SP3: Security Update for Windows XP (KB899591)
/ Windows XP / SP3: Update for Windows XP (KB900485)
/ Windows XP / SP3: Security Update for Windows XP (KB900725)
/ Windows XP / SP3: Security Update for Windows XP (KB901017)
/ Windows XP / SP3: Security Update for Windows XP (KB901214)
/ Windows XP / SP3: Security Update for Windows XP (KB902400)
/ Windows XP / SP3: Update for Windows XP (KB904942)
/ Windows XP / SP3: Security Update for Windows XP (KB905414)
/ Windows XP / SP3: Security Update for Windows XP (KB905749)
/ Windows XP / SP3: Security Update for Windows XP (KB908519)
/ Windows XP / SP3: Update for Windows XP (KB908531)
/ Windows XP / SP3: Update for Windows XP (KB910437)
/ Windows XP / SP3: Update for Windows XP (KB911280)
/ Windows XP / SP3: Security Update for Windows XP (KB911562)
/ Windows XP / SP3: Security Update for Windows XP (KB911927)
/ Windows XP / SP3: Security Update for Windows XP (KB913580)
/ Windows XP / SP3: Security Update for Windows XP (KB914388)
/ Windows XP / SP3: Security Update for Windows XP (KB914389)
/ Windows XP / SP3: Hotfix for Windows XP (KB914440)
/ Windows XP / SP3: Hotfix for Windows XP (KB915800)
/ Windows XP / SP3: Hotfix for Windows XP (KB915865)
/ Windows XP / SP3: Update for Windows XP (KB916595)
/ Windows XP / SP3: Security Update for Windows XP (KB917344)
/ Windows XP / SP3: Security Update for Windows XP (KB918118)
/ Windows XP / SP3: Security Update for Windows XP (KB918439)
/ Windows XP / SP3: Security Update for Windows XP (KB919007)
/ Windows XP / SP3: Security Update for Windows XP (KB920213)
/ Windows XP / SP3: Update for Windows XP (KB920342)
/ Windows XP / SP3: Security Update for Windows XP (KB920670)
/ Windows XP / SP3: Security Update for Windows XP (KB920683)
/ Windows XP / SP3: Security Update for Windows XP (KB920685)
/ Windows XP / SP3: Update for Windows XP (KB920872)
/ Windows XP / SP3: Security Update for Windows XP (KB921503)
/ Windows XP / SP3: Update for Windows XP (KB922582)
/ Windows XP / SP3: Security Update for Windows XP (KB922819)
/ Windows XP / SP3: Security Update for Windows XP (KB923191)
/ Windows XP / SP3: Security Update for Windows XP (KB923414)
/ Windows XP / SP3: Security Update for Windows XP (KB923980)
/ Windows XP / SP3: Security Update for Windows XP (KB924270)
/ Windows XP / SP3: Security Update for Windows XP (KB924496)
/ Windows XP / SP3: Security Update for Windows XP (KB924667)
/ Windows XP / SP3: Update for Windows XP (KB925720)
/ Windows XP / SP3: Security Update for Windows XP (KB925902)
/ Windows XP / SP3: Hotfix for Windows XP (KB926239)
/ Windows XP / SP3: Security Update for Windows XP (KB926247)
/ Windows XP / SP3: Security Update for Windows XP (KB926255)
/ Windows XP / SP3: Security Update for Windows XP (KB926436)
/ Windows XP / SP3: Security Update for Windows XP (KB927779)
/ Windows XP / SP3: Security Update for Windows XP (KB927802)
/ Windows XP / SP3: Update for Windows XP (KB927891)
/ Windows XP / SP3: Security Update for Windows XP (KB928255)
/ Windows XP / SP3: Security Update for Windows XP (KB928843)
/ Windows XP / SP3: Security Update for Windows XP (KB929123)
/ Windows XP / SP3: Security Update for Windows XP (KB930178)
/ Windows XP / SP3: Update for Windows XP (KB930916)
/ Windows XP / SP3: Security Update for Windows XP (KB931261)
/ Windows XP / SP3: Security Update for Windows XP (KB931784)
/ Windows XP / SP3: Security Update for Windows XP (KB932168)
/ Windows XP / SP3: Update for Windows XP (KB932823-v3)
/ Windows XP / SP3: Security Update for Windows XP (KB933729)
/ Windows XP / SP3: Security Update for Windows XP (KB935839)
/ Windows XP / SP3: Security Update for Windows XP (KB935840)
/ Windows XP / SP3: Security Update for Windows XP (KB936021)
/ Windows XP / SP3: Update for Windows XP (KB936357)
/ Windows XP / SP3: Security Update for Windows XP (KB937894)
/ Windows XP / SP3: Security Update for Windows XP (KB938127)
/ Windows XP / SP3: Update for Windows XP (KB938828)
/ Windows XP / SP3: Security Update for Windows XP (KB938829)
/ Windows XP / SP3: Security Update for Windows XP (KB941202)
/ Windows XP / SP3: Security Update for Windows XP (KB941568)
/ Windows XP / SP3: Security Update for Windows XP (KB941644)
/ Windows XP / SP3: Security Update for Windows XP (KB941693)
/ Windows XP / SP3: Update for Windows XP (KB942763)
/ Windows XP / SP3: Security Update for Windows XP (KB943055)
/ Windows XP / SP3: Security Update for Windows XP (KB943460)
/ Windows XP / SP3: Security Update for Windows XP (KB943485)
/ Windows XP / SP3: Security Update for Windows XP (KB944653)
/ Windows XP / SP3: Security Update for Windows XP (KB945553)
/ Windows XP / SP3: Security Update for Windows XP (KB946026)
/ Windows XP / SP3: Security Update for Windows XP (KB948590)
/ Windows XP / SP3: Security Update for Windows XP (KB948881)
/ Windows XP / SP3: Security Update for Windows XP (KB950749)
/ Windows XP / SP4: Security Update for Windows XP (KB923561)
/ Windows XP / SP4: Security Update for Windows XP (KB938464)
/ Windows XP / SP4: Security Update for Windows XP (KB946648)
/ Windows XP / SP4: Security Update for Windows XP (KB950760)
/ Windows XP / SP4: Security Update for Windows XP (KB950762)
/ Windows XP / SP4: Security Update for Windows XP (KB950974)
/ Windows XP / SP4: Security Update for Windows XP (KB951066)
/ Windows XP / SP4: Update for Windows XP (KB951072-v2)
/ Windows XP / SP4: Security Update for Windows XP (KB951376)
/ Windows XP / SP4: Security Update for Windows XP (KB951376-v2)
/ Windows XP / SP4: Security Update for Windows XP (KB951698)
/ Windows XP / SP4: Security Update for Windows XP (KB951748)
/ Windows XP / SP4: Security Update for Windows XP (KB952004)
/ Windows XP / SP4: Hotfix for Windows XP (KB952287)
/ Windows XP / SP4: Security Update for Windows XP (KB952954)
/ Windows XP / SP4: Security Update for Windows XP (KB953839)
/ Windows XP / SP4: Security Update for Windows XP (KB954211)
/ Windows XP / SP4: Security Update for Windows XP (KB954600)
/ Windows XP / SP4: Security Update for Windows XP (KB955069)
/ Windows XP / SP4: Update for Windows XP (KB955839)
/ Windows XP / SP4: Security Update for Windows XP (KB956391)
/ Windows XP / SP4: Security Update for Windows XP (KB956572)
/ Windows XP / SP4: Security Update for Windows XP (KB956802)
/ Windows XP / SP4: Security Update for Windows XP (KB956803)
/ Windows XP / SP4: Security Update for Windows XP (KB956841)
/ Windows XP / SP4: Security Update for Windows XP (KB957095)
/ Windows XP / SP4: Security Update for Windows XP (KB957097)
/ Windows XP / SP4: Security Update for Windows XP (KB958644)
/ Windows XP / SP4: Security Update for Windows XP (KB958687)
/ Windows XP / SP4: Security Update for Windows XP (KB958690)
/ Windows XP / SP4: Security Update for Windows XP (KB959426)
/ Windows XP / SP4: Security Update for Windows XP (KB960225)
/ Windows XP / SP4: Security Update for Windows XP (KB960715)
/ Windows XP / SP4: Security Update for Windows XP (KB960803)
/ Windows XP / SP4: Security Update for Windows XP (KB961373)
/ Windows XP / SP4: Update for Windows XP (KB967715)
/ XML Paper Specification Shared Components Pack 1.0: XML Paper Specification Shared Components Pack 1.0
--- Startup entries list ---
Located: HK_LM:Run, Adobe Reader Speed Launcher
command: "D:\Adobe\Reader 9.0\Reader\Reader_sl.exe"
file: D:\Adobe\Reader 9.0\Reader\Reader_sl.exe
size: 35696
MD5: 452FA961163EF4AEE4815796A13AB2CF
Located: HK_LM:Run, HP Lamp
command: D:\SCANJET\PrecisionScanPro\HPLamp.exe
file: D:\SCANJET\PrecisionScanPro\HPLamp.exe
size: 42496
MD5: 5CDCCC4CD40342A6B6CF260D7F86E059
Located: HK_LM:Run, InCD
command: D:\NERO 6\InCD\InCD.exe
file: D:\NERO 6\InCD\InCD.exe
size: 1409136
MD5: A9F8EE79B0857C370B7D224ED3003AC7
Located: HK_LM:Run, ISUSPM Startup
command: C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
file: C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, ISUSScheduler
command: "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
file: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, McAfeeUpdaterUI
command: "C:\Program Files\McAfee\Common Framework\UpdaterUI.exe" /StartedFromRunKey
file: C:\Program Files\McAfee\Common Framework\UpdaterUI.exe
size: 139320
MD5: BA717FBE772BDB2B9CD50D44B44692F0
Located: HK_LM:Run, NeroFilterCheck
command: C:\WINDOWS\system32\NeroCheck.exe
file: C:\WINDOWS\system32\NeroCheck.exe
size: 155648
MD5: 3E4C03CEFAD8DE135263236B61A49C90
Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
file: C:\Program Files\QuickTime\QTTask.exe
size: 413696
MD5: FABAD2BFD44661D8CC627E5485BFAFAF
Located: HK_LM:Run, ShStatEXE
command: "C:\Program Files\McAfee\AntiSpyware Enterprise\SHSTAT.EXE" /STANDALONE
file: C:\Program Files\McAfee\AntiSpyware Enterprise\SHSTAT.EXE
size: 110592
MD5: D96F94467354CC72B1011243E137E8D0
Located: HK_LM:Run, SigmatelSysTrayApp
command: stsystra.exe
file: C:\WINDOWS\stsystra.exe
size: 339968
MD5: 0F869E88FA4489FBE231A42646488CE8
Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files\Java\jre6\bin\jusched.exe"
file: C:\Program Files\Java\jre6\bin\jusched.exe
size: 148888
MD5: A2D390F1F2408B94EF34BFE3A00C29D3
Located: HK_LM:Run, Windows Defender
command: "D:\Windows Defender\MSASCui.exe" -hide
file: D:\Windows Defender\MSASCui.exe
size: 866584
MD5: 77C03BF23AE56B0A31AE4D5BB4B3D0AC
Located: HK_LM:Run, zSPGuard
command: c:\pjw\spguard\spguard.exe /s /r
file: c:\pjw\spguard\spguard.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, Net-It Launcher (DISABLED)
command: C:\WINDOWS\system32\NILaunch.exe
file: C:\WINDOWS\system32\NILaunch.exe
size: 24576
MD5: CA7ADD387B276901D50C1FF145842C7C
Located: HK_LM:Run, SpybotSnD (DISABLED)
command: "D:\Spybot - Search & Destroy\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
file: D:\Spybot - Search & Destroy\Spybot - Search & Destroy\SpybotSD.exe
size: 5365592
MD5: 0477C2F9171599CA5BC3307FDFBA8D89
Located: HK_CU:Run, ctfmon.exe
where: S-1-5-21-299502267-2146983963-725345543-1003...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8
Located: HK_CU:Run, MSGTAG
where: S-1-5-21-299502267-2146983963-725345543-1003...
command: "D:\MSGTAG Status\MSGTAGStatus.exe" /startup
file: D:\MSGTAG Status\MSGTAGStatus.exe
size: 1820160
MD5: 0F229E34C77215B130938C75ECDE939E
Located: HK_CU:Run, PhotoShow Deluxe Media Manager
where: S-1-5-21-299502267-2146983963-725345543-1003...
command: ]
file: ]
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:Run, tinySpell
where: S-1-5-21-299502267-2146983963-725345543-1003...
command: D:\TinySpell\tinyspell.exe
file: D:\TinySpell\tinyspell.exe
size: 200704
MD5: F1D21D4358A0B794679F66DC63F09890
Located: HK_CU:Run, Uniblue RegistryBooster 2
where: S-1-5-21-299502267-2146983963-725345543-1003...
command: D:\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
file: D:\Uniblue\RegistryBooster 2\RegistryBooster.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:Run, Picasa Media Detector (DISABLED)
where: S-1-5-21-299502267-2146983963-725345543-1003...
command: D:\Picasa2\PicasaMediaDetector.exe
file: D:\Picasa2\PicasaMediaDetector.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: Startup (common), CorelCENTRAL 10.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\WINDOWS\Installer\{F73E7B59-F951-11D4-884D-00902761A46D}\I_26dadCC.exe
file: C:\WINDOWS\Installer\{F73E7B59-F951-11D4-884D-00902761A46D}\I_26dadCC.exe
size: 5222
MD5: 7CE8CE74CD6B217F49BA74934BDCDAA1
Located: Startup (common), CorelCENTRAL 10.lnk (DISABLED)
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\WINDOWS\Installer\{F73E7B59-F951-11D4-884D-00902761A46D}\I_26dadCC.exe
file: C:\WINDOWS\Installer\{F73E7B59-F951-11D4-884D-00902761A46D}\I_26dadCC.exe
size: 5222
MD5: 7CE8CE74CD6B217F49BA74934BDCDAA1
Located: Startup (common), SnagIt 8.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
file: C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
size: 6395464
MD5: 3D7886FC8D8FF280D3C0536E9486E98E
Located: Startup (common), Windows Desktop Search.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\Windows Desktop Search\WindowsSearch.exe
file: C:\Program Files\Windows Desktop Search\WindowsSearch.exe
size: 118784
MD5: 946467B375D696FA073A6B9370A4C6CE
Located: Startup (disabled), PageKeeper Jobs (DISABLED)
command: D:\PAGEKE~1\system\PKJobs.exe
file: D:\PAGEKE~1\system\PKJobs.exe
size: 150016
MD5: DE129E1F72EB47CCDF2FD032BF5B1D8C
Located: WinLogon, AtiExtEvent
command: Ati2evxx.dll
file: Ati2evxx.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, WgaLogon
command: WgaLogon.dll
file: WgaLogon.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
--- Browser helper object list ---
{02478D38-C3F9-4efb-9B51-7695ECA05670} (&Yahoo! Toolbar Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: &Yahoo! Toolbar Helper
description: Yahoo Companion!
classification: Legitimate
known filename: Ycomp*_*_*_*.dll
info link:
http://companion.yahoo.com/
info source: TonyKlein
Path: C:\Program Files\Yahoo!\Companion\Installs\cpn\
Long name: yt.dll
Short name:
Date (created): 7/28/2008 6:47:40 AM
Date (last access): 6/3/2009 2:09:36 PM
Date (last write): 7/28/2008 6:47:40 AM
Filesize: 882416
Attributes:
MD5: 6A2E0E49A4F2A9DF3E6293E37E7486BD
CRC32: F6C7B4F3
Version: 2008.7.28.1
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Adobe PDF Reader Link Helper
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll
info link:
http://www.adobe.com/products/acrobat/readstep2.html
info source: TonyKlein
Path: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\
Long name: AcroIEHelper.dll
Short name: ACROIE~1.DLL
Date (created): 2/27/2009 12:07:32 PM
Date (last access): 6/3/2009 3:02:56 PM
Date (last write): 2/27/2009 12:07:32 PM
Filesize: 61816
Attributes: archive
MD5: ECE58A352984777519D4937E41871B4C
CRC32: FEB919AF
Version: 9.1.0.163
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (AcroIEHelperStub)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: AcroIEHelperStub
CLSID name: Adobe PDF Link Helper
Path: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\
Long name: AcroIEHelperShim.dll
Short name: ACROIE~2.DLL
Date (created): 2/27/2009 12:07:26 PM
Date (last access): 6/3/2009 3:12:58 PM
Date (last write): 2/27/2009 12:07:26 PM
Filesize: 75128
Attributes: archive
MD5: 5CF6190CD875DA6B35256FEE573E7908
CRC32: 764BA81B
Version: 9.1.0.163
{53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Spybot-S&D IE Protection
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link:
http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: D:\SPYBOT~1\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 8/6/2008 10:35:54 PM
Date (last access): 6/3/2009 3:02:56 PM
Date (last write): 1/26/2009 4:31:02 PM
Filesize: 1879896
Attributes: archive
MD5: 022C2F6DCCDFA0AD73024D254E62AFAC
CRC32: 5BA24007
Version: 1.6.2.14
{78875F5C-A685-4405-8DC5-D48DC65452B0} (CDelHotkeys Object)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: CDelHotkeys Object
Path: C:\Program Files\Delicious Add-on for Internet Explorer\
Long name: DeliciousExtension.dll
Short name: DELICI~1.DLL
Date (created): 11/27/2008 7:06:04 AM
Date (last access): 6/3/2009 3:12:58 PM
Date (last write): 11/27/2008 7:06:04 AM
Filesize: 652528
Attributes:
MD5: 541BCDFBBE6B061DBDE02AFD5E62BDEE
CRC32: F6303567
Version: 1.10.269.0
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} (scriptproxy)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: scriptproxy
CLSID name: scriptproxy
Path: C:\Program Files\McAfee\AntiSpyware Enterprise\
Long name: scriptproxy.dll
Short name: SCRIPT~1.DLL
Date (created): 12/7/2005 9:50:00 AM
Date (last access): 6/3/2009 3:02:58 PM
Date (last write): 12/7/2005 9:50:00 AM
Filesize: 53248
Attributes:
MD5: D1B8526F2816EEC5616372876F7BD727
CRC32: F737CAF8
Version: 13.0.0.207
{DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Java(tm) Plug-In 2 SSV Helper
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2ssv.dll
Short name:
Date (created): 3/28/2009 9:11:02 PM
Date (last access): 6/3/2009 3:13:24 PM
Date (last write): 3/28/2009 9:11:02 PM
Filesize: 35840
Attributes: archive
MD5: 96A225C7F5346A9E81FC3DFA89A900C0
CRC32: BAD5D2EF
Version: 6.0.130.3
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (JQSIEStartDetectorImpl)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: JQSIEStartDetectorImpl
CLSID name:
{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} (SingleInstance Class)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: SingleInstance Class
Path: C:\Program Files\Yahoo!\Companion\Installs\cpn\
Long name: YTSingleInstance.dll
Short name: YTSING~1.DLL
Date (created): 7/28/2008 6:47:42 AM
Date (last access): 6/3/2009 3:03:22 PM
Date (last write): 7/28/2008 6:47:42 AM
Filesize: 160496
Attributes:
MD5: F64C4241FE5E519F62C47C361DC671D7
CRC32: 5F6F96A7
Version: 2008.7.28.1
--- ActiveX list ---
{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool)
DPF name:
CLSID name: Office Genuine Advantage Validation Tool
Installer: C:\WINDOWS\Downloaded Program Files\OGAControl.inf
Codebase:
http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
Path: C:\WINDOWS\system32\
Long name: OGACheckControl.DLL
Short name: OGACHE~1.DLL
Date (created): 3/5/2007 2:34:28 PM
Date (last access): 6/3/2009 3:20:02 PM
Date (last write): 2/4/2008 7:23:10 PM
Filesize: 693792
Attributes:
MD5: D1346A4683E98836E2FE003859E5DC0D
CRC32: DF1DBA7A
Version: 1.6.28.0
{0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility)
DPF name:
CLSID name: PCPitstop Utility
Installer: C:\WINDOWS\Downloaded Program Files\PCPitstop.inf
Codebase:
http://pcpitstop.com/pcpitstop/PCPitStop.CAB
description: Gateway tools
classification: Legitimate
known filename: PCPITSTOP.DLL
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\Downloaded Program Files\
Long name: PCPitstop.dll
Short name: PCPITS~1.DLL
Date (created): 7/21/2008 5:31:56 PM
Date (last access): 6/3/2009 8:33:50 AM
Date (last write): 7/21/2008 5:31:56 PM
Filesize: 452312
Attributes: archive
MD5: 3237628EA03CE7EB4836C7CE915CB9E7
CRC32: 51D27D7B
Version: 1.0.0.191
{166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control)
DPF name:
CLSID name: Shockwave ActiveX Control
Installer: C:\WINDOWS\Downloaded Program Files\swdir.inf
Codebase:
http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
description: Macromedia ShockWave Flash Player 7
classification: Legitimate
known filename: SWDIR.DLL
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\Adobe\Director\
Long name: swdir.dll
Short name:
Date (created): 5/2/2008 4:12:30 PM
Date (last access): 6/3/2009 8:33:54 AM
Date (last write): 3/19/2008 7:36:22 PM
Filesize: 202168
Attributes:
MD5: 284259B6EB9901B8978B78AFC5514627
CRC32: 6C37B749
Version: 11.0.0.429
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class)
DPF name:
CLSID name: MUWebControl Class
Installer: C:\WINDOWS\Downloaded Program Files\muweb.inf
Codebase:
http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1201634056296
description:
classification: Legitimate
known filename: muweb.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\
Long name: muweb.dll
Short name:
Date (created): 7/30/2007 8:18:34 PM
Date (last access): 6/3/2009 3:22:22 PM
Date (last write): 10/16/2008 3:06:48 PM
Filesize: 208744
Attributes:
MD5: D2E6F0A06391FE5556E8A1D6D5041A5E
CRC32: 27FBFA7D
Version: 7.2.6001.788
{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_13
Installer:
Codebase:
http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre6\bin\
Long name: npjpi160_13.dll
Short name: NPJPI1~1.DLL
Date (created): 3/28/2009 9:11:02 PM
Date (last access): 6/3/2009 8:33:48 AM
Date (last write): 3/28/2009 9:11:02 PM
Filesize: 136600
Attributes: archive
MD5: 20188EB1790C5EB9057DDFE3EA138FC7
CRC32: 2EA1ACCF
Version: 6.0.130.3
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\erma.inf
Codebase:
http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
description:
classification: Open for discussion
known filename:
info link:
info source: Safer Networking Ltd.
{99FE5072-78AA-4FEE-89BA-69A5FA55343F} (IGDTester Class)
DPF name:
CLSID name: IGDTester Class
Installer: C:\WINDOWS\Downloaded Program Files\igdtoolx.inf
Codebase:
http://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: igdtoolx.dll
Short name:
Date (created): 3/23/2007 4:51:28 PM
Date (last access): 6/3/2009 3:20:56 PM
Date (last write): 3/23/2007 4:51:28 PM
Filesize: 150368
Attributes:
MD5: 11DAA9288E382EBED84D048B6EE17C4F
CRC32: 554659E2
Version: 1.3.5.0
{A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan)
DPF name:
CLSID name: Crucial cpcScan
Installer:
Codebase:
http://www.crucial.com/controls/cpcScanner.cab
description:
classification: Legitimate
known filename: cpcscan.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: cpcScan.dll
Short name:
Date (created): 10/23/2006 10:37:28 AM
Date (last access): 6/3/2009 8:33:46 AM
Date (last write): 10/23/2006 10:37:28 AM
Filesize: 241664
Attributes:
MD5: 20C3403D5BC63883D8E2F3EDDC340AFF
CRC32: 34EF62D4
Version: 2.2.0.1
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_13
Installer:
Codebase:
http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Path: C:\Program Files\Java\jre6\bin\
Long name: npjpi160_13.dll
Short name: NPJPI1~1.DLL
Date (created): 3/28/2009 9:11:02 PM
Date (last access): 6/3/2009 3:45:16 PM
Date (last write): 3/28/2009 9:11:02 PM
Filesize: 136600
Attributes: archive
MD5: 20188EB1790C5EB9057DDFE3EA138FC7
CRC32: 2EA1ACCF
Version: 6.0.130.3
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_13
Installer:
Codebase:
http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre6\bin\
Long name: npjpi160_13.dll
Short name: NPJPI1~1.DLL
Date (created): 3/28/2009 9:11:02 PM
Date (last access): 6/3/2009 3:45:16 PM
Date (last write): 3/28/2009 9:11:02 PM
Filesize: 136600
Attributes: archive
MD5: 20188EB1790C5EB9057DDFE3EA138FC7
CRC32: 2EA1ACCF
Version: 6.0.130.3
{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} ()
DPF name:
CLSID name:
Installer:
Codebase:
{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf
Codebase:
http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\Macromed\Flash\
Long name: Flash10b.ocx
Short name:
Date (created): 2/2/2009 10:07:18 PM
Date (last access): 6/3/2009 1:33:04 PM
Date (last write): 2/2/2009 10:07:18 PM
Filesize: 3866528
Attributes: readonly archive
MD5: 8AFC17155ED5AB60B7C52D7F553D579C
CRC32: 0FBC13F3
Version: 10.0.22.87
{DE22A7AB-A739-4C58-AD52-21F9CD6306B7} (CTAdjust Class)
DPF name:
CLSID name: CTAdjust Class
Installer: C:\WINDOWS\Downloaded Program Files\clearadj.inf
Codebase:
http://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab
description:
classification: Legitimate
known filename: clearadj.cab
info link:
info source: JavaCool
Path: C:\WINDOWS\Downloaded Program Files\
Long name: clearadjust.dll
Short name: CLEARA~1.DLL
Date (created): 4/29/2003 4:41:50 PM
Date (last access): 6/3/2009 8:34:32 AM
Date (last write): 4/29/2003 4:41:50 PM
Filesize: 32768
Attributes:
MD5: 939522429B24A97D57E84C2A2DAEC45E
CRC32: C91FBA03
Version: 1.0.0.4
{EE884C7D-21A0-49EA-B6F2-61ACF4E226F6} (Microsoft Office Live Workspace Upload Tool)
DPF name:
CLSID name: Microsoft Office Live Workspace Upload Tool
Installer: C:\WINDOWS\Downloaded Program Files\Microsoft.OfficeLive.Workspace.RichUpload.inf
Codebase:
http://workspace.office.live.com/Misc/Microsoft.OfficeLive.Workspace.RichUpload.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: Microsoft.OfficeLive.Workspace.RichUpload.dll
Short name: MICROS~1.DLL
Date (created): 1/30/2008 4:22:36 PM
Date (last access): 6/3/2009 8:34:34 AM
Date (last write): 1/30/2008 4:22:36 PM
Filesize: 179272
Attributes:
MD5: AB841AF3FC8EFFB1DBED42FD94442FF9
CRC32: 556861C7
Version: 2.0.1330.0
{FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DLM Control)
DPF name:
CLSID name: DLM Control
Installer: C:\WINDOWS\Downloaded Program Files\DownloadManagerV2.inf
Codebase:
http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.3.4.cab
description:
classification: Open for discussion
known filename: DOWNLO~1.OCX
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\DOWNLO~1\
Long name: DownloadManagerV2.ocx
Short name: DOWNLO~1.OCX
Date (created): 1/21/2008 10:35:16 PM
Date (last access): 6/3/2009 8:34:00 AM
Date (last write): 1/21/2008 10:35:16 PM
Filesize: 45056
Attributes:
MD5: 7CBFED39041D0BB8EA540E99C2C72121
CRC32: B52B6E75
Version: 2.2.3.4
--- Process list ---
PID: 0 ( 0) [System]
PID: 708 ( 4) \SystemRoot\System32\smss.exe
size: 50688
PID: 760 ( 708) \??\C:\WINDOWS\system32\csrss.exe
size: 6144
PID: 788 ( 708) \??\C:\WINDOWS\system32\winlogon.exe
size: 502272
PID: 832 ( 788) C:\WINDOWS\system32\services.exe
size: 110592
MD5: 37561F8D4160D62DA86D24AE41FAE8DE
PID: 844 ( 788) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 84885F9B82F4D55C6146EBF6065D75D2
PID: 1028 ( 832) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1108 ( 832) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1204 ( 832) D:\Windows Defender\MsMpEng.exe
size: 13592
MD5: F45DD1E1365D857DD08BC23563370D0E
PID: 1244 ( 832) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1272 ( 832) D:\NERO 6\InCD\InCDsrv.exe
size: 1163378
MD5: 6884AA2767F9F603E9550F1EA868A5C6
PID: 1424 ( 832) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1552 ( 832) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1680 ( 832) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: DA81EC57ACD4CDC3D4C51CF3D409AF9F
PID: 2024 (1960) C:\WINDOWS\Explorer.EXE
size: 1033216
MD5: 97BD6515465659FF8F3B7BE375B2EA87
PID: 332 (2024) C:\Program Files\McAfee\AntiSpyware Enterprise\SHSTAT.EXE
size: 110592
MD5: D96F94467354CC72B1011243E137E8D0
PID: 344 (2024) C:\Program Files\McAfee\Common Framework\UpdaterUI.exe
size: 139320
MD5: BA717FBE772BDB2B9CD50D44B44692F0
PID: 416 (2024) C:\WINDOWS\stsystra.exe
size: 339968
MD5: 0F869E88FA4489FBE231A42646488CE8
PID: 440 (2024) D:\NERO 6\InCD\InCD.exe
size: 1409136
MD5: A9F8EE79B0857C370B7D224ED3003AC7
PID: 452 (2024) D:\Windows Defender\MSASCui.exe
size: 866584
MD5: 77C03BF23AE56B0A31AE4D5BB4B3D0AC
PID: 468 (2024) C:\Program Files\Java\jre6\bin\jusched.exe
size: 148888
MD5: A2D390F1F2408B94EF34BFE3A00C29D3
PID: 480 (2024) D:\SCANJET\PrecisionScanPro\HPLamp.exe
size: 42496
MD5: 5CDCCC4CD40342A6B6CF260D7F86E059
PID: 504 (2024) C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8
PID: 512 (2024) D:\MSGTAG Status\MSGTAGStatus.exe
size: 1820160
MD5: 0F229E34C77215B130938C75ECDE939E
PID: 528 (2024) D:\TinySpell\tinyspell.exe
size: 200704
MD5: F1D21D4358A0B794679F66DC63F09890
PID: 740 ( 832) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 848 ( 832) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
size: 132424
MD5: 367592EFCA7FF8B4CE11AB6B0744E1E2
PID: 1064 ( 832) C:\Program Files\Bonjour\mDNSResponder.exe
size: 238888
MD5: 3F56903E124E820AEECE6D471583C6C1
PID: 1148 ( 832) C:\WINDOWS\system32\cisvc.exe
size: 5632
MD5: 3192BD04D032A9C4A85A3278C268A13A
PID: 1164 ( 832) C:\Program Files\Prevx\prevx.exe
size: 4368952
MD5: C616BD429CC9C05E4EF72B211A5DBFDB
PID: 1516 ( 832) C:\Program Files\Java\jre6\bin\jqs.exe
size: 152984
MD5: 890369AED0DDE1A98F09F7DC239CA2BD
PID: 1588 ( 832) C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
size: 198944
MD5: D933FC7C5E51F4DA342A4E1F2BE3F764
PID: 1772 ( 832) C:\Program Files\McAfee\Common Framework\FrameworkService.exe
size: 102463
MD5: 151549FCB8958B42D9984C3529E2417D
PID: 1856 ( 832) C:\Program Files\McAfee\AntiSpyware Enterprise\Mcshield.exe
size: 122880
MD5: 6C07561D8464C62FD72E6B52303F998F
PID: 1924 ( 832) C:\Program Files\McAfee\AntiSpyware Enterprise\VsTskMgr.exe
size: 30720
MD5: BAE093404E8EEBA9EB8DA93C8D099B94
PID: 1944 (2024) C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
size: 6395464
MD5: 3D7886FC8D8FF280D3C0536E9486E98E
PID: 2108 (1028) C:\PROGRA~1\McAfee\COMMON~1\naPrdMgr.exe
size: 241719
MD5: 943EC57208D2727152D3BDEF4AFFE05D
PID: 2164 ( 832) C:\WINDOWS\System32\snmp.exe
size: 33280
MD5: 6FEB04DE6288F5466391E29057DC5B0E
PID: 2284 ( 832) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 2588 (1944) C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
size: 58952
MD5: 9E0706AF45E5B89F90547B29162FF4AB
PID: 2596 (1944) C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe
size: 75336
MD5: 1636180F24DEA63B8F28B689A5A9A156
PID: 2684 ( 832) C:\WINDOWS\system32\SearchIndexer.exe
size: 300032
MD5: 2EC497AA4B728D1B1A368ACF2E309E8B
PID: 2836 (1164) C:\Program Files\Prevx\prevx.exe
size: 4368952
MD5: C616BD429CC9C05E4EF72B211A5DBFDB
PID: 4076 ( 832) C:\WINDOWS\System32\alg.exe
size: 44544
MD5: F1958FBF86D5C004CF19A5951A9514B7
PID: 212 (1244) C:\WINDOWS\system32\wuauclt.exe
size: 51224
MD5: E654B78D2F1D791B30D0ED9A8195EC22
PID: 4060 (1148) C:\WINDOWS\system32\cidaemon.exe
size: 8192
MD5: 582304F6F1946FA5068CF143D729D7ED
PID: 988 (2024) C:\PROGRA~1\Qualcomm\Eudora\Eudora.exe
size: 2658304
MD5: F940761D4F0F5677EC0F35F1E0FAC204
PID: 296 ( 988) C:\Program Files\Internet Explorer\IEXPLORE.EXE
size: 636072
MD5: A251068640DDB69FD7805B57D89D7FF7
PID: 1160 (1028) C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousManager.exe
size: 685296
MD5: 1BCF0F61D16C08DF101ABCC53C6774CB
PID: 3872 (1564) C:\WINDOWS\system32\NOTEPAD.EXE
size: 69120
MD5: 388B8FBC36A8558587AFC90FB23A3B99
PID: 2224 (2024) D:\Spybot - Search & Destroy\Spybot - Search & Destroy\SpybotSD.exe
size: 5365592
MD5: 0477C2F9171599CA5BC3307FDFBA8D89
PID: 4 ( 0) System
--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 6/3/2009 3:45:16 PM
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.google.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
http://www.google.com/ie
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://search.bearflix.com/
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]
Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]
Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]
Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 5: MSAFD Tcpip [TCP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]
Protocol 6: MSAFD Tcpip [UDP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]
Protocol 7: MSAFD Tcpip [RAW/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]
Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP
Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS
Namespace Provider 2: Network Location Awareness (NLA) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace
Namespace Provider 3: mdnsNSP
GUID: {B600E6E9-553B-4A19-8696-335E5C896153}
Filename: C:\Program Files\Bonjour\mdnsNSP.dll
Description: Apple Rendezvous protocol
DB filename: %ProgramFiles%\Rendezvous\bin\mdnsNSP.dll
DB protocol: mdnsNSP
