never posted before so will try keep it informative as possible,
i was sent two executable files, both of which i opened and upon opening dissappeared.
i have AVG installed and this cathes a virus called 'vondu' opening. it occurs every hour on the hour. i presume since its getting it upon opening that it isnt doing any damage but would still like to be rid of it as computer is only week old
after downloading spybot search and destroy, i updated and ran the search two problems were found. virtumondu and a windowsupdateoverrider... spybot was able to fix both problems... however avg was still catching 'vondu' opening every hour. after running spybot again the update overrider is not found but virtumonde is still found. after clicking 'fix' i get the green tick. however if i run the search again the same file is still found and it will still appear in AVG as opeing under a new 'random' name every hour in c:\windows\system32.****.dll
i have tried spybot in safe mode... still finds it and says it fixes it, but again it will be there if search again..., i have alkso tried to run vondufix, it finds nothing at all......
ummm not sure what other information i may need to provide.
but here are some of the infections AVG finds:
vondu virus:
c:\windows\system32\qoMccBut.dll
c:\windows\system32\iifeccYp.dll
c:\windows\system32\opnmJCSk.dll
c:\windows\system32\iifdcASI
etc etc.
Spybot finds
Virtumonde: [SBI $1F8EC695] Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR
also dunno if helps but looking at spybot search of the 15000 files it searches a good couple a thousand appear as vondu.dll !?!?!?!
any help or pointing me in the right direction would be GREATLY appreciated..
thanks in advance
OK SORRY ABOUT NOT READING STICKY THREADS AND GETTING A BIT AHEAD OF MYSELF. I HAVE JUST GONE THROUGH AND COMPLETED ALL TASKS ASKED. I WILL POST THE LOGS BELOW.... THANKS
;*******************************************************************************
********************************************************************************
*
*******************
ANALYSIS: 2008-06-03 09:34:09
PROTECTIONS: 1
MALWARE: 2
SUSPECTS: 0
;*******************************************************************************
********************************************************************************
*
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
================================================================================
=
===================
AVG Anti-Virus Free 8.0 Yes Yes
;===============================================================================
================================================================================
=
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
================================================================================
=
===================
00139535 Application/Processor HackTools No 0 Yes No C:\Documents and Settings\HP\Local Settings\Temp\nsi47.tmp
00377802 Spyware/PeoplePC Spyware No 0 Yes No C:\Program Files\Online Services\PeoplePC\ISP5900\Dll\RAS.DLL
;===============================================================================
================================================================================
=
===================
SUSPECTS
Sent Location b
;===============================================================================
================================================================================
=
===================
;===============================================================================
================================================================================
=
===================
VULNERABILITIES
Id Severity Description b
;===============================================================================
================================================================================
=
===================
;===============================================================================
================================================================================
=
===================
Malwarebytes' Anti-Malware 1.14
Database version: 814
10:55:37 PM 6/2/2008
mbam-log-6-2-2008 (22-55-37).txt
Scan type: Quick Scan
Objects scanned: 39239
Time elapsed: 2 minute(s), 59 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\WINDOWS\system32\winjgf32.dll (Dialer) -> Unloaded module successfully.
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winjgf32 (Dialer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR (Trojan.Downloader) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\winjgf32.dll (Dialer) -> Delete on reboot.
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 06/03/2008 at 00:17 AM
Application Version : 4.1.1046
Core Rules Database Version : 3472
Trace Rules Database Version: 1463
Scan type : Complete Scan
Total Scan Time : 00:57:02
Memory items scanned : 476
Memory threats detected : 0
Registry items scanned : 6304
Registry threats detected : 0
File items scanned : 93463
File threats detected : 2
Adware.Tracking Cookie
C:\Documents and Settings\HP\Cookies\[email protected][1].txt
Adware.180solutions/Seekmo/Zango
C:\DOCUMENTS AND SETTINGS\HP\TEMPORARY INTERNET FILES\CONTENT.IE5\F6CDISU0\HOTBAR[1].EXE
[06/02/2008, 16:32:06] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\HP\Temporary Internet Files\Content.IE5\45CBAHS3\VirtumundoBeGone[1].exe" )
[06/02/2008, 16:32:12] - Detected System Information:
[06/02/2008, 16:32:12] - Windows Version: 5.1.2600, Service Pack 3
[06/02/2008, 16:32:12] - Current Username: HP (Admin)
[06/02/2008, 16:32:12] - Windows is in NORMAL mode.
[06/02/2008, 16:32:12] - Searching for Browser Helper Objects:
[06/02/2008, 16:32:12] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[06/02/2008, 16:32:12] - BHO 2: {22BF413B-C6D2-4d91-82A9-A0F997BA588C} (Skype add-on (mastermind))
[06/02/2008, 16:32:12] - BHO 3: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} (BitComet Helper)
[06/02/2008, 16:32:12] - BHO 4: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (AVG Safe Search)
[06/02/2008, 16:32:12] - BHO 5: {487C9905-26A8-42C8-8033-C58AD3D2AEC3} ()
[06/02/2008, 16:32:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/02/2008, 16:32:12] - Checking for HKLM\...\Winlogon\Notify\cbXQjjJD
[06/02/2008, 16:32:12] - Found: HKLM\...\Winlogon\Notify\cbXQjjJD - This is probably Virtumundo.
[06/02/2008, 16:32:12] - Assigning {487C9905-26A8-42C8-8033-C58AD3D2AEC3} MSEvents Object
[06/02/2008, 16:32:12] - BHO list has been changed! Starting over...
[06/02/2008, 16:32:12] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[06/02/2008, 16:32:12] - BHO 2: {22BF413B-C6D2-4d91-82A9-A0F997BA588C} (Skype add-on (mastermind))
[06/02/2008, 16:32:12] - BHO 3: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} (BitComet Helper)
[06/02/2008, 16:32:12] - BHO 4: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (AVG Safe Search)
[06/02/2008, 16:32:12] - BHO 5: {487C9905-26A8-42C8-8033-C58AD3D2AEC3} (MSEvents Object)
[06/02/2008, 16:32:12] - ALERT: Found MSEvents Object!
[06/02/2008, 16:32:12] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[06/02/2008, 16:32:12] - BHO 7: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[06/02/2008, 16:32:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/02/2008, 16:32:12] - No filename found. Continuing.
[06/02/2008, 16:32:12] - BHO 8: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[06/02/2008, 16:32:12] - BHO 9: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[06/02/2008, 16:32:12] - Finished Searching Browser Helper Objects
[06/02/2008, 16:32:12] - *** Detected MSEvents Object
[06/02/2008, 16:32:12] - Trying to remove MSEvents Object...
[06/02/2008, 16:32:13] - Terminating Process: IEXPLORE.EXE
[06/02/2008, 16:32:14] - Terminating Process: RUNDLL32.EXE
[06/02/2008, 16:32:14] - Disabling Automatic Shell Restart
[06/02/2008, 16:32:14] - Terminating Process: EXPLORER.EXE
[06/02/2008, 16:32:14] - Suspending the NT Session Manager System Service
[06/02/2008, 16:32:14] - Terminating Windows NT Logon/Logoff Manager
[06/02/2008, 16:32:15] - Re-enabling Automatic Shell Restart
[06/02/2008, 16:32:15] - File to disable: C:\WINDOWS\system32\cbXQjjJD.dll
[06/02/2008, 16:32:15] - Renaming C:\WINDOWS\system32\cbXQjjJD.dll -> C:\WINDOWS\system32\cbXQjjJD.dll.vir
[06/02/2008, 16:32:15] - File successfully renamed!
[06/02/2008, 16:32:15] - Removing HKLM\...\Browser Helper Objects\{487C9905-26A8-42C8-8033-C58AD3D2AEC3}
[06/02/2008, 16:32:15] - Removing HKCR\CLSID\{487C9905-26A8-42C8-8033-C58AD3D2AEC3}
[06/02/2008, 16:32:15] - Adding Kill Bit for ActiveX for GUID: {487C9905-26A8-42C8-8033-C58AD3D2AEC3}
[06/02/2008, 16:32:15] - Deleting ATLEvents/MSEvents Registry entries
[06/02/2008, 16:32:15] - Removing HKLM\...\Winlogon\Notify\cbXQjjJD
[06/02/2008, 16:32:15] - Searching for Browser Helper Objects:
[06/02/2008, 16:32:15] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[06/02/2008, 16:32:15] - BHO 2: {22BF413B-C6D2-4d91-82A9-A0F997BA588C} (Skype add-on (mastermind))
[06/02/2008, 16:32:15] - BHO 3: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} (BitComet Helper)
[06/02/2008, 16:32:15] - BHO 4: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (AVG Safe Search)
[06/02/2008, 16:32:15] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[06/02/2008, 16:32:15] - BHO 6: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[06/02/2008, 16:32:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/02/2008, 16:32:15] - No filename found. Continuing.
[06/02/2008, 16:32:15] - BHO 7: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[06/02/2008, 16:32:15] - BHO 8: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[06/02/2008, 16:32:15] - Finished Searching Browser Helper Objects
[06/02/2008, 16:32:15] - Finishing up...
[06/02/2008, 16:32:15] - A restart is needed.
[06/02/2008, 16:32:24] - Attempting to Restart via STOP error (Blue Screen!)
--- Search result list ---
Virtumonde: [SBI $1F8EC695] Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR
Right Media: Tracking cookie (Internet Explorer: HP) (Cookie, nothing done)
--- Spybot - Search & Destroy version: 1.5.2 (build: 20080128) ---
2008-01-28 blindman.exe (1.0.0.7)
2008-01-28 SDDelFile.exe (1.0.2.4)
2008-01-28 SDMain.exe (1.0.0.5)
2008-01-28 SDUpdate.exe (1.0.8.8)
2008-01-28 SDWinSec.exe (1.0.0.11)
2008-01-28 SpybotSD.exe (1.5.2.20)
2008-01-28 TeaTimer.exe (1.5.2.16)
2008-06-01 unins000.exe (51.49.0.0)
2008-01-28 Update.exe (1.4.0.6)
2008-01-28 advcheck.dll (1.5.4.5)
2007-04-02 aports.dll (2.1.0.0)
2007-11-17 DelZip179.dll (1.79.7.4)
2008-01-28 SDFiles.dll (1.5.1.19)
2008-01-28 SDHelper.dll (1.5.0.11)
2008-01-28 Tools.dll (2.1.3.3)
2008-04-16 Includes\Adware.sbi (*)
2008-05-28 Includes\AdwareC.sbi (*)
2008-05-28 Includes\Cookies.sbi (*)
2007-12-26 Includes\Dialer.sbi (*)
2008-05-28 Includes\DialerC.sbi (*)
2008-05-28 Includes\HeavyDuty.sbi (*)
2008-05-28 Includes\Hijackers.sbi (*)
2008-05-28 Includes\HijackersC.sbi (*)
2008-04-30 Includes\Keyloggers.sbi (*)
2008-05-28 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2008-05-28 Includes\Malware.sbi (*)
2008-05-28 Includes\MalwareC.sbi (*)
2008-03-26 Includes\PUPS.sbi (*)
2008-05-28 Includes\PUPSC.sbi (*)
2008-05-28 Includes\Revision.sbi (*)
2008-01-10 Includes\Security.sbi (*)
2008-05-28 Includes\SecurityC.sbi (*)
2008-04-16 Includes\Spybots.sbi (*)
2008-05-28 Includes\SpybotsC.sbi (*)
2008-04-16 Includes\Spyware.sbi (*)
2008-05-28 Includes\SpywareC.sbi (*)
2007-11-06 Includes\Tracks.uti
2008-05-28 Includes\Trojans.sbi (*)
2008-05-28 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
--- System information ---
Windows XP (Build: 2600) Service Pack 3 (5.1.2600)
/ .NETFramework / 1.0: Microsoft .NET Framework 1.0 Hotfix (KB930494)
/ .NETFramework / 1.0: Microsoft .NET Framework 1.0 Service Pack 3
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB928366)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
/ Media Center 2005 / SP4: Update Rollup 2 for Windows XP Media Center Edition 2005
/ MSXML4SP2: Security update for MSXML4 SP2 (KB936181)
/ Step By Step Interactive Training / SP2: Security Update for Step By Step Interactive Training (KB923723)
/ Windows / SP1: Microsoft Internationalized Domain Names Mitigation APIs
/ Windows / SP1: Microsoft National Language Support Downlevel APIs
/ Windows Media Player 10: Update for Windows Media Player 10 (KB913800)
/ Windows Media Player 10: Update for Windows Media Player 10 (KB926251)
/ Windows Media Player 10: Security Update for Windows Media Player 10 (KB936782)
/ Windows Media Player 6.4: Security Update for Windows Media Player 6.4 (KB925398)
/ Windows XP: Security Update for Windows XP (KB923689)
/ Windows XP: Security Update for Windows XP (KB941569)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB938127)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB944533)
/ Windows XP / SP0: Hotfix for Windows Internet Explorer 7 (KB947864)
/ Windows XP / SP10: Microsoft Compression Client Pack 1.0 for Windows XP
/ Windows XP / SP3: Windows XP Service Pack 3
--- Startup entries list ---
Located: HK_LM:Run,
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, Adobe Photo Downloader
command: "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
file: C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
size: 57344
MD5: 617FA5BE646B5E8D6670FD4710ACD2D3
Located: HK_LM:Run, AVG8_TRAY
command: C:\PROGRA~1\AVG\AVG8\avgtray.exe
file: C:\PROGRA~1\AVG\AVG8\avgtray.exe
size: 1177368
MD5: 2AC3626BE28448526942A863C6F1B45C
Located: HK_LM:Run, Cpqset
command: C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
file: C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
size: 40960
MD5: 99F6A49A51D6045152F935EEF0BE235F
Located: HK_LM:Run, ehTray
command: C:\WINDOWS\ehome\ehtray.exe
file: C:\WINDOWS\ehome\ehtray.exe
size: 64512
MD5: 7A21E06385E748E9CB0252F1BBC493F1
Located: HK_LM:Run, High Definition Audio Property Page Shortcut
command: CHDAudPropShortcut.exe
file: C:\WINDOWS\system32\CHDAudPropShortcut.exe
size: 61952
MD5: 8EAC49BF89C0FE814EC4E7F404211839
Located: HK_LM:Run, HP Software Update
command: C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
file: C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
size: 54840
MD5: 21293443961A4E2597453EE7A9347F22
Located: HK_LM:Run, hpWirelessAssistant
command: C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
file: C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
size: 458752
MD5: 1E4037F987986B200EB8421A1CEEEE68
Located: HK_LM:Run, ISUSPM Startup
command: "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
file: C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
size: 249856
MD5: 1C46FC1AB600766B8554580204806E84
Located: HK_LM:Run, ISUSScheduler
command: "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
file: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
size: 81920
MD5: 7D58C9BDF9C0A3955BDCDE7387AD12AC
Located: HK_LM:Run, NSLauncher
command: C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
file: C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
size: 3100672
MD5: D83EB2B71ECE7D606225F8EA1F3A68A2
Located: HK_LM:Run, NvCplDaemon
command: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, NvMediaCenter
command: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, nwiz
command: nwiz.exe /installquiet /nodetect
file: C:\WINDOWS\system32\nwiz.exe
size: 1519616
MD5: AE3E8372269282C94F12CCE4E2ABA8DA
Located: HK_LM:Run, QlbCtrl
command: %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
file: C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
size: 163840
MD5: 0B55D3A8CDAB67F647EE0CBAD87CCB6D
Located: HK_LM:Run, QPService
command: "C:\Program Files\HP\QuickPlay\QPService.exe"
file: C:\Program Files\HP\QuickPlay\QPService.exe
size: 102400
MD5: CD7A1D584FC809B82D6A391BBDB42A44
Located: HK_LM:Run, RecGuard
command: C:\Windows\SMINST\RecGuard.exe
file: C:\Windows\SMINST\RecGuard.exe
size: 1187840
MD5: C764F15F0AE8A02DF1523CB24F355B22
Located: HK_LM:Run, sclauncher
command: C:\Program Files\SimpleCenter\bin\win\sclauncher.exe
file: C:\Program Files\SimpleCenter\bin\win\sclauncher.exe
size: 94208
MD5: 59E69E968D7ADFCBBCDCB3B1AF36EEFB
Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
file: C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
size: 144784
MD5: 836DC47E6CAD975304D1D3EB2F516A1C
Located: HK_LM:Run, SynTPEnh
command: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
file: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
size: 761946
MD5: 69775ADC944C2F37D3FB3B04E8A7EB7B
Located: HK_CU:Run, MSMSGS
where: PE_C_ADMINISTRATOR...
command: "C:\Program Files\Messenger\msmsgs.exe" /background
file: C:\Program Files\Messenger\msmsgs.exe
size: 1695232
MD5: 3E930C641079443D4DE036167A69CAA2
Located: HK_CU:Run, ctfmon.exe
where: PE_C_GUEST...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3
Located: HK_CU:Run, MSMSGS
where: PE_C_GUEST...
command: "C:\Program Files\Messenger\msmsgs.exe" /background
file: C:\Program Files\Messenger\msmsgs.exe
size: 1695232
MD5: 3E930C641079443D4DE036167A69CAA2
Located: HK_CU:Run, swg
where: PE_C_GUEST...
command: C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
file: C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
size: 171448
MD5: 0FA44EA8B03ABA3E1D240B5A333D8E6A
Located: HK_CU:Run, ctfmon.exe
where: S-1-5-21-1068889986-1223655787-1347587012-1005...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3
Located: HK_CU:Run, MsnMsgr
where: S-1-5-21-1068889986-1223655787-1347587012-1005...
command: "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
file: C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
size: 5724184
MD5: A8972A2F9A744DD5EE0BFE429D767F1C
Located: HK_CU:Run, swg
where: S-1-5-21-1068889986-1223655787-1347587012-1005...
command: C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
file: C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
size: 171448
MD5: 0FA44EA8B03ABA3E1D240B5A333D8E6A
Located: Startup (common), Adobe Reader Speed Launch.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
file: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
size: 29696
MD5: 43362B96870CE8649F4F2EC893DA93F0
Located: Startup (common), HP Photosmart Premier Fast Start.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
file: C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
size: 73728
MD5: B2DDFF1F7FF31E8103DC221772353417
Located: Startup (user), Vongo Tray.lnk
where: C:\Documents and Settings\Administrator\Start Menu\Programs\StartUp...
command: C:\Program Files\Vongo\Tray.exe
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: Startup (user), Vongo Tray.lnk
where: C:\Documents and Settings\Default User\Start Menu\Programs\Startup...
command: C:\Program Files\Vongo\Tray.exe
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: Startup (user), Vongo Tray.lnk
where: C:\Documents and Settings\Guest\Start Menu\Programs\StartUp...
command: C:\Program Files\Vongo\Tray.exe
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, cbXQjjJD
command: cbXQjjJD.dll
file: cbXQjjJD.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, dimsntfy
command: %SystemRoot%\System32\dimsntfy.dll
file: %SystemRoot%\System32\dimsntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, winjgf32
command: winjgf32.dll
file: winjgf32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
--- Browser helper object list ---
{22BF413B-C6D2-4d91-82A9-A0F997BA588C} (Skype add-on (mastermind))
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: Skype add-on (mastermind)
CLSID name: Skype add-on (mastermind)
Path: C:\Program Files\Skype\Toolbars\Internet Explorer\
Long name: SkypeIEPlugin.dll
Short name: SKYPEI~1.DLL
Date (created): 5/1/2008 8:17:34 AM
Date (last access): 6/2/2008 4:04:22 PM
Date (last write): 5/1/2008 8:17:34 AM
Filesize: 1372160
Attributes: archive
MD5: 8669649F76D1C0141B6B7F40ABF4B057
CRC32: ED1AD92D
Version: 2.2.0.176
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} (BitComet ClickCapture)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: BitComet ClickCapture
CLSID name: BitComet Helper
Path: C:\Program Files\BitComet\tools\
Long name: BitCometBHO_1.2.2.28.dll
Short name: BITCOM~2.DLL
Date (created): 2/29/2008 6:49:22 PM
Date (last access): 6/2/2008 4:04:24 PM
Date (last write): 2/29/2008 6:49:22 PM
Filesize: 468280
Attributes: archive
MD5: 6E438603FD14543F7DD09B876945892A
CRC32: 72B5568D
Version: 1.2.2.28
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (WormRadar.com IESiteBlocker.NavFilter)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: WormRadar.com IESiteBlocker.NavFilter
CLSID name: AVG Safe Search
Path: C:\Program Files\AVG\AVG8\
Long name: avgssie.dll
Short name:
Date (created): 5/26/2008 5:16:28 PM
Date (last access): 6/2/2008 4:04:24 PM
Date (last write): 5/26/2008 5:16:28 PM
Filesize: 419096
Attributes: archive
MD5: DA81132E88295813BDD4F8F681560160
CRC32: 73B399CD
Version: 8.0.0.90
{487C9905-26A8-42C8-8033-C58AD3D2AEC3} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:
Path: C:\WINDOWS\system32\
Long name: cbXQjjJD.dll
Short name:
Date (created): 6/1/2008 5:35:58 PM
Date (last access): 6/2/2008 3:17:36 PM
Date (last write): 6/1/2008 5:35:58 PM
Filesize: 57344
Attributes: archive
MD5: 4B836AC4F8D9557EB733C3EA7E804C55
CRC32: 187B381C
{7E853D72-626A-48EC-A868-BA8D5E23E045} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:
{9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Windows Live Sign-in Helper
Path: C:\Program Files\Common Files\Microsoft Shared\Windows Live\
Long name: WindowsLiveLogin.dll
Short name: WINDOW~1.DLL
Date (created): 9/21/2007 1:30:18 AM
Date (last access): 6/2/2008 4:02:26 PM
Date (last write): 9/21/2007 1:30:18 AM
Filesize: 328752
Attributes: archive
MD5: 59CF5BF6684AFCF906CADAD39B4214DE
CRC32: C363813C
Version: 4.200.520.1
{AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Google Toolbar Helper
description: Google toolbar
classification: Open for discussion
known filename: googletoolbar.dll<br>googletoolbar*.dll<br>(* = number)<br>googletoolbar_en_*.**-big.dll<br>Googletoolbar_en_*.*.**-deleon.dll
info link: http://toolbar.google.com/
info source: TonyKlein
Path: c:\program files\google\
Long name: GoogleToolbar2.dll
Short name: GOOGLE~2.DLL
Date (created): 5/28/2008 5:14:56 AM
Date (last access): 6/2/2008 4:04:24 PM
Date (last write): 5/28/2008 5:14:56 AM
Filesize: 2403392
Attributes: readonly archive
MD5: 6319F2D4708DBCAE37CFA03DA10782C0
CRC32: D51D8296
Version: 4.0.1601.4978
--- ActiveX list ---
{5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module)
DPF name:
CLSID name: Windows Live Safety Center Base Module
Installer: C:\WINDOWS\Downloaded Program Files\wlscBase.inf
Codebase: http://cdn.scan.onec...lscbase9563.cab
description:
classification: Legitimate
known filename: wlscBase.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: wlscBase.dll
Short name:
Date (created): 4/29/2008 8:49:06 AM
Date (last access): 6/2/2008 3:46:18 PM
Date (last write): 4/29/2008 8:49:06 AM
Filesize: 456768
Attributes: archive
MD5: 20FF2CD676A4BF3F94F2247442BE7B74
CRC32: 84188B06
Version: 1.7.9563.1
{6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager)
DPF name:
CLSID name: HP Download Manager
Installer: C:\WINDOWS\Downloaded Program Files\HPDEXAXO.inf
Codebase: https://h20436.www2....re/HPDEXAXO.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: HPDEXAXO.dll
Short name:
Date (created): 10/18/2007 10:04:16 AM
Date (last access): 6/2/2008 3:46:18 PM
Date (last write): 10/18/2007 10:04:16 AM
Filesize: 341296
Attributes: archive
MD5: CDE357CD3FC047F5C7D8B8345B6A42BF
CRC32: 7ABDC22F
Version: 1.0.5.1
{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_05
Installer:
Codebase: http://java.sun.com/...indows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre1.6.0_05\bin\
Long name: npjpi160_05.dll
Short name: NPJPI1~1.DLL
Date (created): 2/22/2008 5:33:32 PM
Date (last access): 6/2/2008 4:04:24 PM
Date (last write): 2/22/2008 7:25:20 PM
Filesize: 132496
Attributes: archive
MD5: 4FDFB86D78994BD71CBB779A7809E9CD
CRC32: 5A0EB880
Version: 6.0.50.13
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_06
Installer:
Codebase: http://java.sun.com/...indows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.5.0_06\bin\
Long name: NPJPI150_06.dll
Short name: NPJPI1~1.DLL
Date (created): 11/11/2005 9:22:10 PM
Date (last access): 6/2/2008 4:04:24 PM
Date (last write): 11/11/2005 9:22:10 PM
Filesize: 69746
Attributes: archive
MD5: D2CF6BB5E9020E6707B62575F8083954
CRC32: 7F39DC54
Version: 5.0.60.5
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_05
Installer:
Codebase: http://java.sun.com/...indows-i586.cab
Path: C:\Program Files\Java\jre1.6.0_05\bin\
Long name: npjpi160_05.dll
Short name: NPJPI1~1.DLL
Date (created): 2/22/2008 5:33:32 PM
Date (last access): 6/2/2008 4:04:24 PM
Date (last write): 2/22/2008 7:25:20 PM
Filesize: 132496
Attributes: archive
MD5: 4FDFB86D78994BD71CBB779A7809E9CD
CRC32: 5A0EB880
Version: 6.0.50.13
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_05
Installer:
Codebase: http://java.sun.com/...indows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.6.0_05\bin\
Long name: npjpi160_05.dll
Short name: NPJPI1~1.DLL
Date (created): 2/22/2008 5:33:32 PM
Date (last access): 6/2/2008 4:04:24 PM
Date (last write): 2/22/2008 7:25:20 PM
Filesize: 132496
Attributes: archive
MD5: 4FDFB86D78994BD71CBB779A7809E9CD
CRC32: 5A0EB880
Version: 6.0.50.13
{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf
Codebase: https://fpdownload.m...ash/swflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\Macromed\Flash\
Long name: Flash10.ocx
Short name:
Date (created): 5/10/2008 11:36:44 AM
Date (last access): 6/2/2008 4:04:24 PM
Date (last write): 5/10/2008 11:36:44 AM
Filesize: 3854848
Attributes: archive
MD5: 7C2E8E6F8EA5F2957A4A4A0A05EF6AE9
CRC32: 6524B3E0
Version: 10.0.1.218
--- Process list ---
PID: 0 ( 0) [System]
PID: 832 ( 4) \SystemRoot\System32\smss.exe
size: 50688
PID: 892 ( 832) \??\C:\WINDOWS\system32\csrss.exe
size: 6144
PID: 920 ( 832) \??\C:\WINDOWS\system32\winlogon.exe
size: 507904
PID: 992 ( 920) C:\WINDOWS\system32\services.exe
size: 108544
MD5: 0E776ED5F7CC9F94299E70461B7B8185
PID: 1004 ( 920) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: BF2466B3E18E970D8A976FB95FC1CA85
PID: 1172 ( 992) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1220 ( 992) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1264 ( 992) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1304 ( 992) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1384 ( 992) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1448 ( 992) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1736 ( 992) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: D8E14A61ACC1D4A6CD0D38AEBAC7FA3B
PID: 336 ( 300) C:\WINDOWS\Explorer.EXE
size: 1033728
MD5: 12896823FB95BFB3DC9B46BCAEDC9923
PID: 604 ( 336) C:\WINDOWS\ehome\ehtray.exe
size: 64512
MD5: 7A21E06385E748E9CB0252F1BBC493F1
PID: 612 ( 336) C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
size: 458752
MD5: 1E4037F987986B200EB8421A1CEEEE68
PID: 624 ( 336) C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
size: 144784
MD5: 836DC47E6CAD975304D1D3EB2F516A1C
PID: 652 ( 336) C:\WINDOWS\system32\RUNDLL32.EXE
size: 33280
MD5: 037B1E7798960E0420003D05BB577EE6
PID: 684 ( 336) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
size: 761946
MD5: 69775ADC944C2F37D3FB3B04E8A7EB7B
PID: 696 ( 336) C:\Program Files\HP\QuickPlay\QPService.exe
size: 102400
MD5: CD7A1D584FC809B82D6A391BBDB42A44
PID: 716 ( 336) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
size: 81920
MD5: 7D58C9BDF9C0A3955BDCDE7387AD12AC
PID: 724 ( 336) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
size: 163840
MD5: 0B55D3A8CDAB67F647EE0CBAD87CCB6D
PID: 844 ( 336) C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
size: 54840
MD5: 21293443961A4E2597453EE7A9347F22
PID: 868 ( 336) C:\PROGRA~1\AVG\AVG8\avgtray.exe
size: 1177368
MD5: 2AC3626BE28448526942A863C6F1B45C
PID: 896 ( 336) C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
size: 57344
MD5: 617FA5BE646B5E8D6670FD4710ACD2D3
PID: 1284 ( 336) C:\Program Files\SimpleCenter\bin\win\sclauncher.exe
size: 94208
MD5: 59E69E968D7ADFCBBCDCB3B1AF36EEFB
PID: 1400 ( 336) C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
size: 5724184
MD5: A8972A2F9A744DD5EE0BFE429D767F1C
PID: 1488 ( 992) C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
size: 282904
MD5: 4AE6C392F9146805EA03FDAFC338CA30
PID: 1516 ( 336) C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
size: 171448
MD5: 0FA44EA8B03ABA3E1D240B5A333D8E6A
PID: 1532 ( 992) C:\WINDOWS\eHome\ehRecvr.exe
size: 237568
MD5: 5D1347AA5AE6E2F77D7F4F8372D95AC9
PID: 1636 ( 992) C:\WINDOWS\eHome\ehSched.exe
size: 102912
MD5: A53243709439AC2A4C216B817F8D7411
PID: 1768 ( 336) C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3
PID: 2012 ( 992) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 348 ( 992) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
size: 49152
MD5: 86E8BCAA91FC2ACFACD99CF2BF9F1F47
PID: 1836 ( 992) C:\WINDOWS\system32\nvsvc32.exe
size: 143426
MD5: F35D41D6CBDA7A4503DCA9F375DC427A
PID: 2108 ( 992) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 2180 ( 992) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 2476 ( 992) C:\WINDOWS\ehome\mcrdsvc.exe
size: 99328
MD5: DF0A511F38F16016BF658FCA0090CB87
PID: 2832 ( 992) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
size: 135168
MD5: 04C1DCBB226C6AE647B794833CE3CEB6
PID: 3168 ( 992) C:\Program Files\Windows Media Player\WMPNetwk.exe
size: 913408
MD5: F74E3D9A7FA9556C3BBB14D4E5E63D3B
PID: 3204 ( 776) C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
size: 475136
MD5: 6C56CF33C2C6236A1162FDFC0BECD042
PID: 356 (1488) C:\Program Files\AVG\AVG8\avgrsx.exe
size: 311576
MD5: 622C0B028C6ABD0AFE4BD4AD70BC632E
PID: 3604 ( 992) C:\PROGRA~1\AVG\AVG8\avgemc.exe
size: 902424
MD5: 06DCDA534F189867D84B22D9AFF51F52
PID: 4092 (1172) C:\WINDOWS\system32\wbem\wmiprvse.exe
size: 218112
MD5: 0FFAE66E6D5B1C87CBD22D1F3B6079FD
PID: 536 ( 992) C:\WINDOWS\system32\dllhost.exe
size: 5120
MD5: 0A9BA6AF531AFE7FA5E4FB973852D863
PID: 4072 ( 336) C:\Program Files\Internet Explorer\iexplore.exe
size: 625664
MD5: 2D0E5592AB5A46C27DAF7CCAFF4F5B59
PID: 1856 ( 992) C:\WINDOWS\System32\alg.exe
size: 44544
MD5: 8C515081584A38AA007909CD02020B3D
PID: 2764 (1172) C:\WINDOWS\eHome\ehmsas.exe
size: 46592
MD5: 03A905FBA1D62317087DB5C21C0F8F62
PID: 4000 (1172) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
size: 118336
MD5: 7FA0AA2F3DABA5BEB2C4AC1EEC054EFA
PID: 3004 ( 992) C:\Program Files\Windows Live\Messenger\usnsvc.exe
size: 98328
MD5: 9D19B042A4FD5C02195071EA2FE0C821
PID: 3352 ( 336) C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
size: 12037688
MD5: 1EEA7DD2F1EA6EFEF380B99A90228D2F
PID: 1248 (4072) C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
size: 65536
MD5: 4370CAA3CC5F216A112052257A962E15
PID: 2544 ( 868) C:\Program Files\AVG\AVG8\avgui.exe
size: 2636568
MD5: 60466541229C83F4F8F8B8492201E4E7
PID: 5528 ( 336) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 5146448
MD5: 2ECA8CDEED7C82F879E766DA92A3561A
PID: 2952 (2544) C:\Program Files\AVG\AVG8\avgscanx.exe
size: 580888
MD5: F0DF76487D33FAA6458D0103C39EF43E
PID: 4 ( 0) System
PID: 6092 ( 336) C:\Program Files\Skype\Phone\Skype.exe
size: 22058792
MD5: 4BBE956B0711A2F4AA6706FFE871289E
PID: 5816 (6092) C:\Program Files\Skype\Plugin Manager\skypePM.exe
size: 76744
MD5: 1580C60476D4C68B58E0307E6BC979A7
--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 6/2/2008 4:09:42 PM
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.google.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
http://www.google.com/ie
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.google.com.au/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://www.google.com/ie
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
http://www.google.com/search?q=%s
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft....k/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://go.microsoft....k/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://go.microsoft....k/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://go.microsoft....k/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://www.google.com/ie
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn...st/srchcust.htm
--- Winsock Layered Service Provider list ---
--- Uninstall list ---
Zuma Deluxe from Hewlett-Packard Laptops (remove only) (074EEF5F-3BE8-4112-B253-C5D6CDE2924C)
install location: C:\Program Files\WildTangent\Apps\GameChannel\Games\074EEF5F-3BE8-4112-B253-C5D6CDE2924C
uninstall cmd: "C:\Program Files\WildTangent\Apps\GameChannel\Games\074EEF5F-3BE8-4112-B253-C5D6CDE2924C\Uninstall.exe"
publisher: WildTangent
Insaniquarium Deluxe from Hewlett-Packard Laptops (remove only) (0E5266B4-9069-401A-93AE-5FF9F1712016)
install location: C:\Program Files\WildTangent\Apps\GameChannel\Games\0E5266B4-9069-401A-93AE-5FF9F1712016
uninstall cmd: "C:\Program Files\WildTangent\Apps\GameChannel\Games\0E5266B4-9069-401A-93AE-5FF9F1712016\Uninstall.exe"
publisher: WildTangent
SCRABBLE from Hewlett-Packard Laptops (remove only) (103EFD47-9F2C-4490-95DD-AE6C442AFB92)
install location: C:\Program Files\WildTangent\Apps\GameChannel\Games\103EFD47-9F2C-4490-95DD-AE6C442AFB92
uninstall cmd: "C:\Program Files\WildTangent\Apps\GameChannel\Games\103EFD47-9F2C-4490-95DD-AE6C442AFB92\Uninstall.exe"
publisher: WildTangent
GemMaster Mystic (12133444-BF36-4d4e-B7FB-A3424C645DE4)
uninstall cmd: "C:\Program Files\GemMaster\uninstallgemmaster.exe"
Tradewinds from Hewlett-Packard Laptops (remove only) (1C3FDBBA-EBF7-4CDB-AD8A-A1125734AF86)
install location: C:\Program Files\WildTangent\Apps\GameChannel\Games\1C3FDBBA-EBF7-4CDB-AD8A-A1125734AF86
uninstall cmd: "C:\Program Files\WildTangent\Apps\GameChannel\Games\1C3FDBBA-EBF7-4CDB-AD8A-A1125734AF86\Uninstall.exe"
publisher: WildTangent
Final Drive Nitro from Hewlett-Packard Laptops (remove only) (320F055A-570F-4335-B026-16A836DB9549)
install location: C:\Program Files\WildTangent\Apps\GameChannel\Games\320F055A-570F-4335-B026-16A836DB9549
uninstall cmd: "C:\Program Files\WildTangent\Apps\GameChannel\Games\320F055A-570F-4335-B026-16A836DB9549\Uninstall.exe"
publisher: WildTangent
Chuzzle Deluxe from Hewlett-Packard Laptops (remove only) (382C11F0-1A18-4F76-B8E0-15CA7F209C22)
install location: C:\Program Files\WildTangent\Apps\GameChannel\Games\382C11F0-1A18-4F76-B8E0-15CA7F209C22
uninstall cmd: "C:\Program Files\WildTangent\Apps\GameChannel\Games\382C11F0-1A18-4F76-B8E0-15CA7F209C22\Uninstall.exe"
publisher: WildTangent
Blackhawk Striker 2 from Hewlett-Packard Laptops (remove only) (384E0BF4-1E1F-45A6-B60E-42144A3F15CD)
install location: C:\Program Files\WildTangent\Apps\GameChannel\Games\384E0BF4-1E1F-45A6-B60E-42144A3F15CD
uninstall cmd: "C:\Program Files\WildTangent\Apps\GameChannel\Games\384E0BF4-1E1F-45A6-B60E-42144A3F15CD\Uninstall.exe"
publisher: WildTangent
Jewel Quest from Hewlett-Packard Laptops (remove only) (4C061F83-EE92-445A-A03F-184B0BD59242)
install location: C:\Program Files\WildTangent\Apps\GameChannel\Games\4C061F83-EE92-445A-A03F-184B0BD59242
uninstall cmd: "C:\Program Files\WildTangent\Apps\GameChannel\Games\4C061F83-EE92-445A-A03F-184B0BD59242\Uninstall.exe"
publisher: WildTangent
Boggle Supreme from Hewlett-Packard Laptops (remove only) (5658FB14-16A4-4DAE-946B-1457BE31572E)
install location: C:\Program Files\WildTangent\Apps\GameChannel\Games\5658FB14-16A4-4DAE-946B-1457BE31572E
uninstall cmd: "C:\Program Files\WildTangent\Apps\GameChannel\Games\5658FB14-16A4-4DAE-946B-1457BE31572E\Uninstall.exe"
publisher: WildTangent
Lexibox Deluxe from Hewlett-Packard Laptops (remove only) (5758A0E8-A112-4A1D-82EC-EC72F7F16B88)
install location: C:\Program Files\WildTangent\Apps\GameChannel\Games\5758A0E8-A112-4A1D-82EC-EC72F7F16B88
uninstall cmd: "C:\Program Files\WildTangent\Apps\GameChannel\Games\5758A0E8-A112-4A1D-82EC-EC72F7F16B88\Uninstall.exe"
publisher: WildTangent
5 Card Slingo from Hewlett-Packard Laptops (remove only) (5DE4D54F-AA79-43A4-9C8A-C173E7E2B025)
install location: C:\Program Files\WildTangent\Apps\GameChannel\Games\5DE4D54F-AA79-43A4-9C8A-C173E7E2B025
uninstall cmd: "C:\Program Files\WildTangent\Apps\GameChannel\Games\5DE4D54F-AA79-43A4-9C8A-C173E7E2B025\Uninstall.exe"
publisher: WildTangent
Bejeweled 2 Deluxe from Hewlett-Packard Laptops (remove only) (6E377D95-DF37-4E67-B64B-68C314600BCB)
install location: C:\Program Files\WildTangent\Apps\GameChannel\Games\6E377D95-DF37-4E67-B64B-68C314600BCB
uninstall cmd: "C:\Program Files\WildTangent\Apps\GameChannel\Games\6E377D95-DF37-4E67-B64B-68C314600BCB\Uninstall.exe"
publisher: WildTangent
FATE from Hewlett-Packard Laptops (remove only) (6ECB6EE6-92E1-4525-AF3B-3CE51A7C5F89)
install location: C:\Program Files\WildTangent\Apps\GameChannel\Games\6ECB6EE6-92E1-4525-AF3B-3CE51A7C5F89
uninstall cmd: "C:\Program Files\WildTangent\Apps\GameChannel\Games\6ECB6EE6-92E1-4525-AF3B-3CE51A7C5F89\Uninstall.exe"
publisher: WildTangent
Big Kahuna Reef from Hewlett-Packard Laptops (remove only) (7948472C-423F-4134-B68F-48D660A05D71)
install location: C:\Program Files\WildTangent\Apps\GameChannel\Games\7948472C-423F-4134-B68F-48D660A05D71
uninstall cmd: "C:\Program Files\WildTangent\Apps\GameChannel\Games\7948472C-423F-4134-B68F-48D660A05D71\Uninstall.exe"
publisher: WildTangent
Bounce Symphony from Hewlett-Packard Laptops (remove only) (7A940E33-6993-404B-ABA6-ED62E8FBE615)
install location: C:\Program Files\WildTangent\Apps\GameChannel\Games\7A940E33-6993-404B-ABA6-ED62E8FBE615
uninstall cmd: "C:\Program Files\WildTangent\Apps\GameChannel\Games\7A940E33-6993-404B-ABA6-ED62E8FBE615\Uninstall.exe"
publisher: WildTangent
Super Granny from Hewlett-Packard Laptops (remove only) (7ED8A70C-9597-40BE-AEA0-0573182F1F51)
install location: C:\Program Files\WildTangent\Apps\GameChannel\Games\7ED8A70C-9597-40BE-AEA0-0573182F1F51
uninstall cmd: "C:\Program Files\WildTangent\Apps\GameChannel\Games\7ED8A70C-9597-40BE-AEA0-0573182F1F51\Uninstall.exe"
publisher: WildTangent
Polar Bowler from Hewlett-Packard Laptops (remove only) (7F8C5718-1BA9-4AAE-96D2-2B04D05F2D54)
install location: C:\Program Files\WildTangent\Apps\GameChannel\Games\7F8C5718-1BA9-4AAE-96D2-2B04D05F2D54
uninstall cmd: "C:\Program Files\WildTangent\Apps\GameChannel\Games\7F8C5718-1BA9-4AAE-96D2-2B04D05F2D54\Uninstall.exe"
publisher: WildTangent
Blasterball 2 from Hewlett-Packard Laptops (remove only) (9F3399B2-9ED6-4339-84A2-686432638B86)
install location: C:\Program Files\WildTangent\Apps\GameChannel\Games\9F3399B2-9ED6-4339-84A2-686432638B86
uninstall cmd: "C:\Program Files\WildTangent\Apps\GameChannel\Games\9F3399B2-9ED6-4339-84A2-686432638B86\Uninstall.exe"
publisher: WildTangent
(AddressBook)
Adobe Flash Player ActiveX 10.0.1.218 (Adobe Flash Player ActiveX)
uninstall cmd: C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
publisher: Adobe Systems Incorporated
help link: http://www.adobe.com...player_support/
(AudioPlugin.dll)
uninstall cmd: C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
AVG Free 8.0 (AVG8Uninstall)
uninstall cmd: C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Slyder from Hewlett-Packard Laptops (remove only) (B0202B33
Attached Files
Edited by MIXMASTERMIKE, 02 June 2008 - 06:21 PM.