Thanks for the follow up:
Trojan Hunger Scan Report:
TrojanHunter Scan Report - Saved 2008-03-17 20:59
Registry value exists: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Salestart (matches WinFixer.150)
Registry value exists: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Salestart (matches WinFixer.150)
Registry value exists: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\AVSystemCare (matches FraudTool.AVSystemCare.100)
Registry value exists: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\AVSystemCare (matches FraudTool.AVSystemCare.100)
Removed registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Salestart
Removed registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\AVSystemCare
Here is Spybot Report:
-- Spybot - Search & Destroy version: 1.5.2 (build: 20080128) ---
2008-01-28 blindman.exe (1.0.0.7)
2008-01-28 SDDelFile.exe (1.0.2.4)
2008-01-28 SDMain.exe (1.0.0.5)
2007-10-07 SDShred.exe (1.0.1.2)
2008-01-28 SDUpdate.exe (1.0.8.8)
2008-01-28 SDWinSec.exe (1.0.0.11)
2008-01-28 SpybotSD.exe (1.5.2.20)
2008-01-28 TeaTimer.exe (1.5.2.16)
2008-02-27 unins000.exe (51.49.0.0)
2008-01-28 Update.exe (1.4.0.6)
2008-01-28 advcheck.dll (1.5.4.5)
2007-04-02 aports.dll (2.1.0.0)
2007-11-17 DelZip179.dll (1.79.7.4)
2008-01-28 SDFiles.dll (1.5.1.19)
2008-01-28 SDHelper.dll (1.5.0.11)
2008-01-28 Tools.dll (2.1.3.3)
2008-03-12 Includes\Cookies.sbi
2007-12-26 Includes\Dialer.sbi
2008-03-12 Includes\DialerC.sbi
2008-03-12 Includes\HeavyDuty.sbi
2008-03-05 Includes\Hijackers.sbi
2008-03-12 Includes\HijackersC.sbi
2008-02-27 Includes\Keyloggers.sbi
2008-03-12 Includes\KeyloggersC.sbi
2004-11-29 Includes\LSP.sbi
2008-03-12 Includes\Malware.sbi
2008-03-12 Includes\MalwareC.sbi
2008-02-20 Includes\PUPS.sbi
2008-03-12 Includes\PUPSC.sbi
2008-03-12 Includes\Revision.sbi
2008-01-09 Includes\Security.sbi
2008-03-12 Includes\SecurityC.sbi
2008-02-20 Includes\Spybots.sbi
2008-03-12 Includes\SpybotsC.sbi
2007-11-06 Includes\Tracks.uti
2008-02-27 Includes\Trojans.sbi
2008-03-12 Includes\TrojansC.sbi
2007-12-24 Plugins\TCPIPAddress.dll
--- System information ---
Windows XP (Build: 2600) Service Pack 1 (5.1.2600)
/ DataAccess: Security update for Microsoft Data Access Components
/ Windows Media Player: Windows Media Update 817787
/ Windows XP / SP2: Windows XP Hotfix - KB282010
/ Windows XP / SP2: Windows XP Hotfix - KB818383
/ Windows XP / SP2: Windows XP Hotfix - KB821557
/ Windows XP / SP2: Windows XP Hotfix - KB823559
/ Windows XP / SP2: Windows XP Hotfix - KB824146
/ Windows XP / SP2: Windows XP Hotfix (SP2) [See Q323183 for more information]
/ Windows XP / SP2: Windows XP Hotfix (SP2) [See Q323255 for more information]
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q328310
/ Windows XP / SP2: Windows XP Hotfix (SP2) [See q328345 for more information]
/ Windows XP / SP2: Windows XP Hotfix (SP2) [See Q328979 for more information]
/ Windows XP / SP2: Windows XP Hotfix (SP2) [See Q329048 for more information]
/ Windows XP / SP2: Windows XP Hotfix (SP2) [See Q329115 for more information]
/ Windows XP / SP2: Windows XP Hotfix (SP2) [See Q329390 for more information]
/ Windows XP / SP2: Windows XP Hotfix (SP2) [See Q329581 for more information]
/ Windows XP / SP2: Windows XP Hotfix (SP2) q329623
/ Windows XP / SP2: Windows XP Hotfix (SP2) [See Q329692 for more information]
/ Windows XP / SP2: Windows XP Hotfix (SP2) [See Q329834 for more information]
/ Windows XP / SP2: Windows XP Hotfix (SP2) q330512
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q810019
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q810090
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q810565
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q810577
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q810833
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q811493
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q811630
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q814033
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q815021
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q817287
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q817606
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q819696
--- Startup entries list ---
Located: HK_LM:Run, AGRSMMSG
command: AGRSMMSG.exe
file: C:\WINDOWS\AGRSMMSG.exe
size: 87751
MD5: D4977E5B6B3BF4DAA1F35D6EE44DA80F
Located: HK_LM:Run, ATIModeChange
command: Ati2mdxx.exe
file: C:\WINDOWS\system32\Ati2mdxx.exe
size: 28672
MD5: FAE95D6D7651B5629C4E19ADBC9A3863
Located: HK_LM:Run, ATIPTA
command: C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
file: C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
size: 315392
MD5: C73FF76885EB1C95B43A4610CBFBE2FC
Located: HK_LM:Run, avgnt
command: "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
file: C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
size: 249896
MD5: 6E898F5959E7195D64594C30E9251938
Located: HK_LM:Run, AVSystemCare
command: C:\Program Files\AVSystemCare\pgs.exe
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, BluetoothAuthenticationAgent
command: rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, BMMGAG
command: RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, BMMLREF
command: C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
file: C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
size: 20480
MD5: EEEB2F1891E79DC77DE07D31359CD861
Located: HK_LM:Run, dla
command: C:\WINDOWS\system32\dla\tfswctrl.exe
file: C:\WINDOWS\system32\dla\tfswctrl.exe
size: 106551
MD5: 587D68D1F57D6203A1BB7AFC0EF428CE
Located: HK_LM:Run, EZEJMNAP
command: C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
file: C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
size: 204800
MD5: CEDE80A6379C3C4F92A7F805DDFC1D3F
Located: HK_LM:Run, icasServ
command: C:\WINDOWS\System32\icasServ.exe
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, QCTray
command: C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, QCWLICON
command: C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, S3TRAY2
command: S3Tray2.exe
file: C:\WINDOWS\system32\S3Tray2.exe
size: 69632
MD5: C11D79B0421D833CBC2A182E708A170A
Located: HK_LM:Run, Salestart
command: "C:\Program Files\Common Files\ErrClean\strpmon.exe" dm=http://errclean.com ad=http://errclean.com sd=http://inspaid.errclean.com
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, StorageGuard
command: "c:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
file: c:\Program Files\VERITAS Software\Update Manager\sgtray.exe
size: 155648
MD5: 68C91658A3CB6773EC79C90CC0EE6BC1
Located: HK_LM:Run, SynTPEnh
command: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
file: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
size: 512000
MD5: 60F9B56EF5F7615D4762FE8A6B6FEADB
Located: HK_LM:Run, SynTPLpr
command: C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
file: C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
size: 110592
MD5: 0B9D759A3891D06B0F5415DB3CB4A07B
Located: HK_LM:Run, THGuard
command: "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
file: C:\Program Files\TrojanHunter 5.0\THGuard.exe
size: 1047712
MD5: 0658BAB5FFFB6EB48A8BA0D9D87C519E
Located: HK_LM:Run, TP4EX
command: tp4ex.exe
file: C:\WINDOWS\system32\tp4ex.exe
size: 53248
MD5: 15CFE57F05D7FD80D1C5E70BCDCB01FF
Located: HK_LM:Run, TPHOTKEY
command: C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, TPKMAPHELPER
command: C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
file: C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe
size: 897024
MD5: 865F49B1EEC049728CDDB35F948DE759
Located: HK_LM:Run, ucookw
command: "C:\PROGRA~1\ErrClean\ucookw.exe" -start
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, ZoneAlarm Client
command: "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
file: C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
size: 919016
MD5: 29FF6100B7B3D4818B61119BBFAAE53A
Located: HK_CU:Run, ibmmessages
where: PE_C_ADMINISTRATOR...
command: C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
file: C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
size: 495616
MD5: 6DBB6F4BFD311C5672DC736C7CC341F4
Located: HK_CU:Run, MSMSGS
where: S-1-5-21-510812086-3930200193-1037951259-1004...
command: "C:\Program Files\Messenger\msmsgs.exe" /background
file: C:\Program Files\Messenger\msmsgs.exe
size: 1511453
MD5: 1E455B08870D4AC3BB6AB5968603E8AF
Located: HK_CU:Run, Spoolsv
where: S-1-5-21-510812086-3930200193-1037951259-1004...
command: C:\WINDOWS\System32\spoolvs.exe
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:Run, SpybotSD TeaTimer
where: S-1-5-21-510812086-3930200193-1037951259-1004...
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 2097488
MD5: A9A5DB6AC3721BE698B996913693D73F
Located: Startup (common), Belkin Wireless G Notebook Card Client Utility.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\Belkin\Cardbus F5D701F\Wireless Utility\Belkinwcui.exe
file: C:\Program Files\Belkin\Cardbus F5D701F\Wireless Utility\Belkinwcui.exe
size: 1556480
MD5: 5D53A408C98B9FB78A87C7B1CB3D1BD5
Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
--- Browser helper object list ---
{53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Spybot-S&D IE Protection
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link:
http://spybot.eon.net.au/ info source: Patrick M. Kolla
Path: C:\PROGRA~1\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 2/27/2008 7:58:20 AM
Date (last access): 3/17/2008 8:53:10 PM
Date (last write): 1/28/2008 11:43:28 AM
Filesize: 1554256
Attributes: archive
MD5: 5248E02EFBCB64D328647CD00E384B85
CRC32: C1B426A9
Version: 1.5.0.11
--- ActiveX list ---
DirectAnimation Java Classes (DirectAnimation Java Classes)
DPF name: DirectAnimation Java Classes
CLSID name:
Installer:
Codebase: file://C:\WINDOWS\Java\classes\dajava.cab
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\dajava.cab
info link:
info source: Patrick M. Kolla
Microsoft XML Parser for Java (Microsoft XML Parser for Java)
DPF name: Microsoft XML Parser for Java
CLSID name:
Installer:
Codebase: file://C:\WINDOWS\Java\classes\xmldso.cab
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\xmldso.cab
info link:
info source: Patrick M. Kolla
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object)
DPF name:
CLSID name: CKAVWebScan Object
Installer: C:\WINDOWS\Downloaded Program Files\kavwebscan.inf
Codebase:
http://www.kaspersky...can_unicode.cab description:
classification: Legitimate
known filename:
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\System32\Kaspersky Lab\Kaspersky Online Scanner\
Long name: kavwebscan.dll
Short name: KAVWEB~1.DLL
Date (created): 8/29/2007 3:49:54 PM
Date (last access): 3/17/2008 8:53:12 PM
Date (last write): 8/29/2007 3:49:54 PM
Filesize: 950272
Attributes: archive
MD5: BC915C49931CE46222F9B0A7EFB56CEE
CRC32: 11048171
Version: 5.0.98.0
{6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
DPF name:
CLSID name: WUWebControl Class
Installer: C:\WINDOWS\Downloaded Program Files\wuweb.inf
Codebase:
http://www.update.mi...b?1204393670618 description:
classification: Legitimate
known filename: wuweb.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\System32\
Long name: wuweb.dll
Short name:
Date (created): 7/30/2007 7:19:46 PM
Date (last access): 3/17/2008 8:53:12 PM
Date (last write): 7/30/2007 7:19:46 PM
Filesize: 203096
Attributes: archive
MD5: FD984F9BFC9C62BD6546BD183CE5ADE7
CRC32: 8092F837
Version: 7.0.6000.381
{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf
Codebase:
http://fpdownload.ma...ash/swflash.cab description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\System32\Macromed\Flash\
Long name: Flash9e.ocx
Short name:
Date (created): 11/20/2007 4:04:14 PM
Date (last access): 3/17/2008 8:53:12 PM
Date (last write): 11/20/2007 4:04:14 PM
Filesize: 2987392
Attributes: readonly archive
MD5: D3C50535C26190FEAD7785A03499C0AC
CRC32: A77C3E92
Version: 9.0.115.0
--- Process list ---
PID: 0 ( 0) [System]
PID: 784 ( 4) \SystemRoot\System32\smss.exe
size: 45568
PID: 872 ( 784) \??\C:\WINDOWS\system32\csrss.exe
size: 4096
PID: 896 ( 784) \??\C:\WINDOWS\system32\winlogon.exe
size: 516608
PID: 948 ( 896) C:\WINDOWS\system32\services.exe
size: 101376
MD5: E3DF4A0252D287C44606EE55355E1623
PID: 960 ( 896) C:\WINDOWS\system32\lsass.exe
size: 11776
MD5: B2B6BA905D0E3F8A32A0EB3B4051807B
PID: 1148 ( 948) C:\WINDOWS\system32\svchost.exe
size: 12800
MD5: 0F7D9C87B0CE1FA520473119752C6F79
PID: 1296 ( 948) C:\WINDOWS\System32\svchost.exe
size: 12800
MD5: 0F7D9C87B0CE1FA520473119752C6F79
PID: 1488 ( 948) C:\WINDOWS\System32\svchost.exe
size: 12800
MD5: 0F7D9C87B0CE1FA520473119752C6F79
PID: 1588 ( 948) C:\WINDOWS\System32\svchost.exe
size: 12800
MD5: 0F7D9C87B0CE1FA520473119752C6F79
PID: 1676 ( 948) C:\WINDOWS\system32\ZoneLabs\vsmon.exe
size: 75304
MD5: 1495486C0C39013A98BDB149A3145751
PID: 1880 (1840) C:\WINDOWS\Explorer.EXE
size: 1004032
MD5: A82B28BFC2E4455FE43022A498C0EF0A
PID: 176 (1880) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
size: 110592
MD5: 0B9D759A3891D06B0F5415DB3CB4A07B
PID: 248 (1880) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
size: 512000
MD5: 60F9B56EF5F7615D4762FE8A6B6FEADB
PID: 252 (1880) C:\WINDOWS\System32\RunDll32.exe
size: 31744
MD5: 0FB22DD37C17F80AD71316049F725170
PID: 392 (1880) C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
size: 204800
MD5: CEDE80A6379C3C4F92A7F805DDFC1D3F
PID: 404 (1880) C:\WINDOWS\AGRSMMSG.exe
size: 87751
MD5: D4977E5B6B3BF4DAA1F35D6EE44DA80F
PID: 508 (1880) C:\WINDOWS\system32\dla\tfswctrl.exe
size: 106551
MD5: 587D68D1F57D6203A1BB7AFC0EF428CE
PID: 520 (1880) C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
size: 249896
MD5: 6E898F5959E7195D64594C30E9251938
PID: 528 (1880) C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
size: 919016
MD5: 29FF6100B7B3D4818B61119BBFAAE53A
PID: 536 (1880) C:\Program Files\TrojanHunter 5.0\THGuard.exe
size: 1047712
MD5: 0658BAB5FFFB6EB48A8BA0D9D87C519E
PID: 676 (1880) C:\Program Files\Messenger\msmsgs.exe
size: 1511453
MD5: 1E455B08870D4AC3BB6AB5968603E8AF
PID: 920 (1880) C:\Program Files\Belkin\Cardbus F5D701F\Wireless Utility\Belkinwcui.exe
size: 1556480
MD5: 5D53A408C98B9FB78A87C7B1CB3D1BD5
PID: 1260 ( 948) C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
size: 607576
MD5: 1A198D2182ED39470A70C54C5078BD4D
PID: 372 ( 948) C:\WINDOWS\system32\spoolsv.exe
size: 51200
MD5: 9B4155BA58192D4073082B8FC5D42612
PID: 868 ( 948) C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
size: 214056
MD5: F640EA98231D7B1DB730385813BFCE79
PID: 1700 ( 948) C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
size: 63016
MD5: A6FA9C14E649B2F3DE15390A1840774D
PID: 1948 ( 948) C:\WINDOWS\System32\Ati2evxx.exe
size: 159744
MD5: A3AA4BB72B3661F92DCEDADCF792E415
PID: 3276 (1296) C:\WINDOWS\System32\wuauclt.exe
size: 53080
MD5: F3E9065EB617A7E3A832A7976BFA021B
PID: 2620 (3756) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 2097488
MD5: A9A5DB6AC3721BE698B996913693D73F
PID: 2208 (1880) C:\Program Files\TrojanHunter 5.0\TrojanHunter.exe
size: 2418336
MD5: 7718EB7BD0949DB95AB57F78EAB082C9
PID: 2296 (1880) C:\Program Files\Mozilla Firefox\firefox.exe
size: 7655024
MD5: 5F5DB4D92B7095DAED04689DB6DFD586
PID: 2624 (1880) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 5146448
MD5: 2ECA8CDEED7C82F879E766DA92A3561A
PID: 4 ( 0) System
--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 3/17/2008 8:55:48 PM
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\System32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft...amp;ar=iesearchHKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.google.comHKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft....k/?LinkId=54896HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.google.comHKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://go.microsoft....k/?LinkId=69157HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://go.microsoft....k/?LinkId=54896HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn...st/srchasst.htmHKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn...st/srchcust.htm--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]
Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]
Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]
Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 5: MSAFD nwlnkipx [IPX]
GUID: {11058240-BE47-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP Novell Netware UPX protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD nwlnkipx *
Protocol 6: MSAFD nwlnkspx [SPX]
GUID: {11058241-BE47-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP Novell Netware SPX protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD nwlnkspx *
Protocol 7: MSAFD nwlnkspx [SPX] [Pseudo Stream]
GUID: {11058241-BE47-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP Novell Netware SPX protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD nwlnkspx *
Protocol 8: MSAFD nwlnkspx [SPX II]
GUID: {11058241-BE47-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP Novell Netware SPX protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD nwlnkspx *
Protocol 9: MSAFD nwlnkspx [SPX II] [Pseudo Stream]
GUID: {11058241-BE47-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP Novell Netware SPX protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD nwlnkspx *
Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{BB23AE86-B50E-466F-B938-F0E14C396BA8}] SEQPACKET 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{BB23AE86-B50E-466F-B938-F0E14C396BA8}] DATAGRAM 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{533DA78F-41A1-4CD5-B373-92D33C749C49}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{533DA78F-41A1-4CD5-B373-92D33C749C49}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{8AC73171-6899-4232-ACED-FF39B66D2AFC}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{8AC73171-6899-4232-ACED-FF39B66D2AFC}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{5A80516A-0F52-493D-A91C-1257286B3EAB}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip_{5A80516A-0F52-493D-A91C-1257286B3EAB}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 18: MSAFD NetBIOS [\Device\NetBT_Tcpip_{836FF792-7BFA-44EE-AB05-67D85E2381FD}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 19: MSAFD NetBIOS [\Device\NetBT_Tcpip_{836FF792-7BFA-44EE-AB05-67D85E2381FD}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 20: MSAFD NetBIOS [\Device\NetBT_Tcpip_{56B2D501-D026-4300-A8BF-157F06E79FEA}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 21: MSAFD NetBIOS [\Device\NetBT_Tcpip_{56B2D501-D026-4300-A8BF-157F06E79FEA}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP
Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS
Namespace Provider 2: Network Location Awareness (NLA) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace
Namespace Provider 3: NWLink IPX/SPX/NetBIOS Compatible Transport Protocol
GUID: {E02DAAF0-7E9F-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\nwprovau.dll
Description: Microsoft Windows NT/2k/XP Novell Netware name space provider
DB filename: %SystemRoot%\system32\nwprovau.dll
DB protocol: NWLink IPX/SPX/NetBIOS*