To try to fix the problem, I downloaded Microsoft Defender and Windows Live OneCare, neither of which seemed to assist. I also was given Spybot, which seems effective in identifying the problem and holding it at bay for some time, but it has clearly not eradicated the problem. I registered with GTG in despair and read the topics Worm.Win32.SkyNet - I have been infected with this! by Blondhottie5216 and Worm.Win32.SkyNet by Brownsm. I seem to have the same problem they describe, viz: Red flashing X on taskbar, popups of Windows error messages and my internet explorer continually opening to unknown pages offering ways to clean my pc, 3 pieces of software continually downloaded onto my desktop, etc. An additional line has also appeared under my IE menu bar with 4 buttons for Remove Popups, Scan Spyware, Security test and Spam Protection.
I have struggled with this now for a couple of weeks. As I am also not technical at all, I would be grateful for some help to get rid of it.
ILast weekend I downloaded Windows Update SP3, which seemed to stall the error messages, etc, but the infection is still there. I have just downloaded some security updates (I think) from Microsoft. Not sure whether this has helped.
I have run Spybot search & rescue numerous times over the last week and it identifies as many as 9 problems, but the three main ones are: Microsoft.Windows.SecurityCentre.FirewallDisabled, Smitfraud-C, Smitfraud-C.MSVPS, and Zlob.Downloader.vcd. I have pasted the latest report from Spybot below. I hope I have done this correctly.
After reading the above topics I downloaded SmitfraudFix to my desktop, but the .cmd file was blocked by Windows for protection. When I tried to copy it to my desktop or C: in order to unblock it, I get a message saying that an error occurred and when I click OK I get another message “the Target cannot handle this type of document”. So my frustration continues. Please help!
The Spybot report is:
--- Spybot - Search & Destroy version: 1.5 (build: 20070830) ---
2007-08-31 blindman.exe (1.0.0.6)
2007-08-31 SDMain.exe (1.0.0.4)
2007-08-31 SDUpdate.exe (1.0.6.4)
2007-08-31 SDWinSec.exe (1.0.0.8)
2007-08-31 SpybotSD.exe (1.5.1.15)
2007-08-31 TeaTimer.exe (1.5.0.9)
2007-11-29 unins000.exe (51.46.0.0)
2007-08-31 Update.exe (1.4.0.5)
2007-08-31 advcheck.dll (1.5.3.0)
2007-04-02 aports.dll (2.1.0.0)
2007-04-02 DelZip179.dll (1.79.5.3)
2007-08-31 SDHelper.dll (1.5.0.8)
2007-08-31 Tools.dll (2.1.2.0)
2007-12-05 Includes\Cookies.sbi
2007-10-31 Includes\Dialer.sbi
2007-12-05 Includes\DialerC.sbi
2007-11-07 Includes\Hijackers.sbi
2007-12-05 Includes\HijackersC.sbi
2007-10-04 Includes\Keyloggers.sbi
2007-12-05 Includes\KeyloggersC.sbi
2004-11-29 Includes\LSP.sbi
2007-11-07 Includes\Malware.sbi
2007-12-05 Includes\MalwareC.sbi
2007-10-24 Includes\PUPS.sbi
2007-12-05 Includes\PUPSC.sbi
2007-12-05 Includes\Revision.sbi
2007-05-30 Includes\Security.sbi
2007-12-05 Includes\SecurityC.sbi
2007-11-07 Includes\Spybots.sbi
2007-12-05 Includes\SpybotsC.sbi
2007-11-06 Includes\Tracks.uti
2007-11-29 Includes\Trojans.sbi
2007-12-05 Includes\TrojansC.sbi
2008-12-24 Plugins\TCPIPAddress.dll
--- System information ---
Windows XP (Build: 2600) Service Pack 2 (5.1.2600)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB928366)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
/ Microsoft .NET Framework 2.0: This Security Update is for Microsoft .NET Framework 2.0. \n
If you later install a more recent service pack, this Security Update will be uninstalled automatically. \n
For more information, visit http://support.microsoft.com/kb/917283
/ Microsoft .NET Framework 2.0: This Security Update is for Microsoft .NET Framework 2.0. \n
If you later install a more recent service pack, this Security Update will be uninstalled automatically. \n
For more information, visit http://support.microsoft.com/kb/922770
/ Microsoft .NET Framework 2.0: This Security Update is for Microsoft .NET Framework 2.0. \n
If you later install a more recent service pack, this Security Update will be uninstalled automatically. \n
For more information, visit http://support.microsoft.com/kb/928365
/ MSXML4SP2: FIX: ASP stops responding when calling Response.Redirect to another server using msxml4 sp2
/ MSXML4SP2: Security update for MSXML4 SP2 (KB936181)
/ Step By Step Interactive Training / SP2: Security Update for Step By Step Interactive Training (KB898458)
/ Step By Step Interactive Training / SP2: Security Update for Step By Step Interactive Training (KB923723)
/ Windows / SP1: Microsoft Internationalized Domain Names Mitigation APIs
/ Windows / SP1: Microsoft National Language Support Downlevel APIs
/ Windows Media Format 11 SDK: Hotfix for Windows Media Format 11 SDK (KB929399)
/ Windows Media Player 10: Security Update for Windows Media Player 10 (KB917734)
/ Windows Media Player 11: Security Update for Windows Media Player 11 (KB936782)
/ Windows Media Player 11: Hotfix for Windows Media Player 11 (KB939683)
/ Windows Media Player 6.4: Security Update for Windows Media Player 6.4 (KB925398)
/ Windows Media Player 9: Security Update for Windows Media Player 9 (KB917734)
/ Windows XP: Security Update for Windows XP (KB923689)
/ Windows XP: Security Update for Windows XP (KB941569)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB928090)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB929969)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB931768)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB933566)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB937143)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB938127)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB939653)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB942615)
/ Windows XP / SP10: Microsoft Compression Client Pack 1.0 for Windows XP
/ Windows XP / SP3: Windows XP Hotfix - KB867282
/ Windows XP / SP3: Windows XP Hotfix - KB873333
/ Windows XP / SP3: Windows XP Hotfix - KB873339
/ Windows XP / SP3: Security Update for Windows XP (KB883939)
/ Windows XP / SP3: Windows XP Hotfix - KB885250
/ Windows XP / SP3: Windows XP Hotfix - KB885835
/ Windows XP / SP3: Windows XP Hotfix - KB885836
/ Windows XP / SP3: Windows XP Hotfix - KB886185
/ Windows XP / SP3: Windows XP Hotfix - KB887472
/ Windows XP / SP3: Windows XP Hotfix - KB887742
/ Windows XP / SP3: Windows XP Hotfix - KB888113
/ Windows XP / SP3: Windows XP Hotfix - KB888302
/ Windows XP / SP3: Windows XP Hotfix - KB888310
/ Windows XP / SP3: Security Update for Windows XP (KB890046)
/ Windows XP / SP3: Windows XP Hotfix - KB890047
/ Windows XP / SP3: Windows XP Hotfix - KB890175
/ Windows XP / SP3: Windows XP Hotfix - KB890859
/ Windows XP / SP3: Windows XP Hotfix - KB890923
/ Windows XP / SP3: Windows XP Hotfix - KB891781
/ Windows XP / SP3: Security Update for Windows XP (KB893066)
/ Windows XP / SP3: Windows XP Hotfix - KB893086
/ Windows XP / SP3: Security Update for Windows XP (KB893756)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Update for Windows XP (KB894391)
/ Windows XP / SP3: Security Update for Windows XP (KB896358)
/ Windows XP / SP3: Security Update for Windows XP (KB896422)
/ Windows XP / SP3: Security Update for Windows XP (KB896423)
/ Windows XP / SP3: Security Update for Windows XP (KB896424)
/ Windows XP / SP3: Security Update for Windows XP (KB896428)
/ Windows XP / SP3: Security Update for Windows XP (KB896688)
/ Windows XP / SP3: Update for Windows XP (KB896727)
/ Windows XP / SP3: Update for Windows XP (KB898461)
/ Windows XP / SP3: Security Update for Windows XP (KB899587)
/ Windows XP / SP3: Security Update for Windows XP (KB899588)
/ Windows XP / SP3: Security Update for Windows XP (KB899589)
/ Windows XP / SP3: Security Update for Windows XP (KB899591)
/ Windows XP / SP3: Update for Windows XP (KB900485)
/ Windows XP / SP3: Security Update for Windows XP (KB900725)
/ Windows XP / SP3: Security Update for Windows XP (KB901017)
/ Windows XP / SP3: Security Update for Windows XP (KB901214)
/ Windows XP / SP3: Security Update for Windows XP (KB902400)
/ Windows XP / SP3: Security Update for Windows XP (KB903235)
/ Windows XP / SP3: Security Update for Windows XP (KB904706)
/ Windows XP / SP3: Update for Windows XP (KB904942)
/ Windows XP / SP3: Security Update for Windows XP (KB905414)
/ Windows XP / SP3: Security Update for Windows XP (KB905749)
/ Windows XP / SP3: Security Update for Windows XP (KB905915)
/ Windows XP / SP3: Security Update for Windows XP (KB908519)
/ Windows XP / SP3: Security Update for Windows XP (KB908531)
/ Windows XP / SP3: Hotfix for Windows XP (KB909394)
/ Windows XP / SP3: Update for Windows XP (KB910437)
/ Windows XP / SP3: Security Update for Windows XP (KB911280)
/ Windows XP / SP3: Security Update for Windows XP (KB911562)
/ Windows XP / SP3: Security Update for Windows XP (KB911567)
/ Windows XP / SP3: Security Update for Windows XP (KB911927)
/ Windows XP / SP3: Security Update for Windows XP (KB912812)
/ Windows XP / SP3: Security Update for Windows XP (KB912919)
/ Windows XP / SP3: Security Update for Windows XP (KB913446)
/ Windows XP / SP3: Security Update for Windows XP (KB913580)
/ Windows XP / SP3: Security Update for Windows XP (KB914388)
/ Windows XP / SP3: Security Update for Windows XP (KB914389)
/ Windows XP / SP3: Hotfix for Windows XP (KB914440)
/ Windows XP / SP3: Update for Windows XP (KB914882)
/ Windows XP / SP3: Hotfix for Windows XP (KB915865)
/ Windows XP / SP3: Security Update for Windows XP (KB916281)
/ Windows XP / SP3: Update for Windows XP (KB916595)
/ Windows XP / SP3: Security Update for Windows XP (KB917159)
/ Windows XP / SP3: Security Update for Windows XP (KB917344)
/ Windows XP / SP3: Security Update for Windows XP (KB917422)
/ Windows XP / SP3: Security Update for Windows XP (KB917953)
/ Windows XP / SP3: Security Update for Windows XP (KB918118)
/ Windows XP / SP3: Security Update for Windows XP (KB918439)
/ Windows XP / SP3: Security Update for Windows XP (KB918899)
/ Windows XP / SP3: Security Update for Windows XP (KB919007)
/ Windows XP / SP3: Security Update for Windows XP (KB920213)
/ Windows XP / SP3: Security Update for Windows XP (KB920214)
/ Windows XP / SP3: Security Update for Windows XP (KB920670)
/ Windows XP / SP3: Security Update for Windows XP (KB920683)
/ Windows XP / SP3: Security Update for Windows XP (KB920685)
/ Windows XP / SP3: Update for Windows XP (KB920872)
/ Windows XP / SP3: Security Update for Windows XP (KB921398)
/ Windows XP / SP3: Security Update for Windows XP (KB921503)
/ Windows XP / SP3: Security Update for Windows XP (KB921883)
/ Windows XP / SP3: Update for Windows XP (KB922582)
/ Windows XP / SP3: Security Update for Windows XP (KB922616)
/ Windows XP / SP3: Security Update for Windows XP (KB922760)
/ Windows XP / SP3: Security Update for Windows XP (KB922819)
/ Windows XP / SP3: Security Update for Windows XP (KB923191)
/ Windows XP / SP3: Security Update for Windows XP (KB923414)
/ Windows XP / SP3: Security Update for Windows XP (KB923694)
/ Windows XP / SP3: Update for Windows XP (KB923845)
/ Windows XP / SP3: Security Update for Windows XP (KB923980)
/ Windows XP / SP3: Security Update for Windows XP (KB924191)
/ Windows XP / SP3: Security Update for Windows XP (KB924270)
/ Windows XP / SP3: Security Update for Windows XP (KB924496)
/ Windows XP / SP3: Security Update for Windows XP (KB924667)
/ Windows XP / SP3: Security Update for Windows XP (KB925454)
/ Windows XP / SP3: Security Update for Windows XP (KB925486)
/ Windows XP / SP3: Security Update for Windows XP (KB925902)
/ Windows XP / SP3: Hotfix for Windows XP (KB926239)
/ Windows XP / SP3: Security Update for Windows XP (KB926255)
/ Windows XP / SP3: Security Update for Windows XP (KB926436)
/ Windows XP / SP3: Security Update for Windows XP (KB927779)
/ Windows XP / SP3: Security Update for Windows XP (KB927802)
/ Windows XP / SP3: Update for Windows XP (KB927891)
/ Windows XP / SP3: Security Update for Windows XP (KB928090)
/ Windows XP / SP3: Security Update for Windows XP (KB928255)
/ Windows XP / SP3: Security Update for Windows XP (KB928843)
/ Windows XP / SP3: Hotfix for Windows XP (KB929120)
/ Windows XP / SP3: Security Update for Windows XP (KB929123)
/ Windows XP / SP3: Update for Windows XP (KB929338)
/ Windows XP / SP3: Security Update for Windows XP (KB929969)
/ Windows XP / SP3: Security Update for Windows XP (KB930178)
/ Windows XP / SP3: Update for Windows XP (KB930916)
/ Windows XP / SP3: Security Update for Windows XP (KB931261)
/ Windows XP / SP3: Security Update for Windows XP (KB931784)
/ Windows XP / SP3: Update for Windows XP (KB931836)
/ Windows XP / SP3: Security Update for Windows XP (KB932168)
/ Windows XP / SP3: Update for Windows XP (KB933360)
/ Windows XP / SP3: Security Update for Windows XP (KB933729)
/ Windows XP / SP3: Security Update for Windows XP (KB935839)
/ Windows XP / SP3: Security Update for Windows XP (KB935840)
/ Windows XP / SP3: Security Update for Windows XP (KB936021)
/ Windows XP / SP3: Update for Windows XP (KB936357)
/ Windows XP / SP3: Security Update for Windows XP (KB937894)
/ Windows XP / SP3: Update for Windows XP (KB938828)
/ Windows XP / SP3: Security Update for Windows XP (KB938829)
/ Windows XP / SP3: Security Update for Windows XP (KB941202)
/ Windows XP / SP3: Security Update for Windows XP (KB941568)
/ Windows XP / SP3: Update for Windows XP (KB942763)
/ Windows XP / SP3: Security Update for Windows XP (KB943460)
/ Windows XP / SP3: Security Update for Windows XP (KB944653)
--- Startup entries list ---
Located: HK_LM:Run,
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, Adobe Reader Speed Launcher
command: "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
file: C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
size: 39792
MD5: E28D00EC675F5F5A5A0555E7A4523A6E
Located: HK_LM:Run, ATIPTA
command: C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
file: C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
size: 339968
MD5: ACC7B414EF1ABEA6AA654B74CC9A90CF
Located: HK_LM:Run, BigPondCable
command: "C:\Program Files\Telstra\Cable Login\bpcable.exe" /r
file: C:\Program Files\Telstra\Cable Login\bpcable.exe
size: 253952
MD5: ADF3E34BEC6C9B0D1CBA56FD202135D4
Located: HK_LM:Run, dla
command: C:\WINDOWS\system32\dla\tfswctrl.exe
file: C:\WINDOWS\system32\dla\tfswctrl.exe
size: 122939
MD5: 790490F273B0E3BCF05DC3C308ABCC0B
Located: HK_LM:Run, dvd43
command: C:\Program Files\dvd43\dvd43_tray.exe
file: C:\Program Files\dvd43\dvd43_tray.exe
size: 694272
MD5: 42A441AE3F5FC5EA8D9B8543EEAEADC1
Located: HK_LM:Run, DVDLauncher
command: "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
file: C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
size: 57344
MD5: 7E5FC860ECBD3FE4D0BF7E1814A37B56
Located: HK_LM:Run, HP Component Manager
command: "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
file: C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
size: 241664
MD5: E91CDE1B706189C03904A901A1CA1832
Located: HK_LM:Run, HP Software Update
command: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
file: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
size: 49152
MD5: 821F73B833C4DAEBC33C1A9A4B16BB5A
Located: HK_LM:Run, iTunesHelper
command: "C:\Program Files\iTunes\iTunesHelper.exe"
file: C:\Program Files\iTunes\iTunesHelper.exe
size: 270648
MD5: 018C1B1379D326ABFAA89EDA7E43F95A
Located: HK_LM:Run, LogitechVideoRepair
command: C:\Program Files\Logitech\Video\ISStart.exe
file: C:\Program Files\Logitech\Video\ISStart.exe
size: 458752
MD5: 93C8B9C6FD3D243D4B2C8C03C44B18E9
Located: HK_LM:Run, LogitechVideoTray
command: C:\Program Files\Logitech\Video\LogiTray.exe
file: C:\Program Files\Logitech\Video\LogiTray.exe
size: 217088
MD5: F433926BBEC782B603BA3BE0D4E92B7B
Located: HK_LM:Run, LVCOMSX
command: C:\WINDOWS\system32\LVCOMSX.EXE
file: C:\WINDOWS\system32\LVCOMSX.EXE
size: 221184
MD5: 5BA8A7DA5D0573F7923E02B260AAD2F1
Located: HK_LM:Run, OneCareUI
command: "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
file: C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
size: 67112
MD5: A074992B82B39937105E93187E8DB142
Located: HK_LM:Run, PCMService
command: "C:\Program Files\Dell\Media Experience\PCMService.exe"
file: C:\Program Files\Dell\Media Experience\PCMService.exe
size: 290816
MD5: E02C0E78E5CFB01BF9D1866DBA18B456
Located: HK_LM:Run, RealTray
command: C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
file: C:\Program Files\Real\RealPlayer\RealPlay.exe
size: 26112
MD5: 849D97FE4CC09CFC2772D10F641E1BAF
Located: HK_LM:Run, UpdateManager
command: "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
file: C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
size: 110592
MD5: 52B80C30225DE81D7AC989DFE7311877
Located: HK_LM:Run, Windows Defender
command: "C:\Program Files\Windows Defender\MSASCui.exe" -hide
file: C:\Program Files\Windows Defender\MSASCui.exe
size: 866584
MD5: 77C03BF23AE56B0A31AE4D5BB4B3D0AC
Located: HK_LM:Run, KernelFaultCheck (DISABLED)
command: %systemroot%\system32\dumprep 0 -k
file: C:\WINDOWS\system32\dumprep.exe
size: 10752
MD5: 13922EB54890C77005268882629A31FE
Located: HK_LM:Run, QuickTime Task (DISABLED)
command: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
file: C:\Program Files\QuickTime\QTTask.exe
size: 286720
MD5: 49CCFBE5D5225B9D3CC78C09DEE147D0
Located: HK_LM:Run, SunJavaUpdateSched (DISABLED)
command: "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
file: C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
size: 132496
MD5: D4F0F7437327DBAA264338BAAFB5E5AF
Located: HK_CU:Run, H/PC Connection Agent
where: S-1-5-21-974040889-2070146034-147808962-1007...
command: "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
file: C:\Program Files\Microsoft ActiveSync\wcescomm.exe
size: 1200128
MD5: 0D667F8B21D7975C663F35D7AF3C9BDB
Located: HK_CU:Run, LogitechSoftwareUpdate
where: S-1-5-21-974040889-2070146034-147808962-1007...
command: "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
file: C:\Program Files\Logitech\Video\ManifestEngine.exe
size: 196608
MD5: 660B6158BC2BC5D7CB1FF18D148C17AA
Located: HK_CU:Run, SpybotSD TeaTimer
where: S-1-5-21-974040889-2070146034-147808962-1007...
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 1460560
MD5: B7D4586BFC0DD6C3BE7DCCC252A3E97E
Located: HK_CU:Run, ctfmon.exe (DISABLED)
where: S-1-5-21-974040889-2070146034-147808962-1007...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8
Located: HK_CU:Run, ctfmon.exe
where: S-1-5-21-974040889-2070146034-147808962-1008...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8
Located: HK_CU:Run, H/PC Connection Agent
where: S-1-5-21-974040889-2070146034-147808962-1008...
command: "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
file: C:\Program Files\Microsoft ActiveSync\wcescomm.exe
size: 1200128
MD5: 0D667F8B21D7975C663F35D7AF3C9BDB
Located: HK_CU:Run, Skype
where: S-1-5-21-974040889-2070146034-147808962-1008...
command: "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
file: C:\Program Files\Skype\Phone\Skype.exe
size: 25263144
MD5: F6AC391E2CAE1794111F3D0AE2FA6234
Located: Startup (common), HP Digital Imaging Monitor.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
file: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
size: 241664
MD5: 16E91805CC071039372AE0037AAA9A2B
Located: Startup (common), HP Image Zone Fast Start.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
file: C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
size: 53248
MD5: 91C0436BD6CB73370895EF33C1C9CB47
Located: Startup (common), Image Transfer.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
file: C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
size: 73728
MD5: 2D7B847DA5E569ED4E0B15FEEFB8FCC4
Located: Startup (common), Logitech Desktop Messenger.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
file: C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
size: 450560
MD5: A5E4CD281C93E174181C5873FAFD4F16
Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, WgaLogon
command: WgaLogon.dll
file: WgaLogon.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
--- Browser helper object list ---
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Adobe PDF Reader Link Helper
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll
info link: http://www.adobe.com.../readstep2.html
info source: TonyKlein
Path: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\
Long name: AcroIEHelper.dll
Short name: ACROIE~1.DLL
Date (created): 23/10/2006 12:08:42 AM
Date (last access): 12/12/2007 10:16:52 PM
Date (last write): 23/10/2006 12:08:42 AM
Filesize: 62080
Attributes: archive
MD5: C11F6A1F61481E24BE3FDC06EA6F7D2A
CRC32: E388508F
Version: 8.0.0.456
{53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Spybot-S&D IE Protection
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\PROGRA~1\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 29/11/2007 9:02:00 PM
Date (last access): 12/12/2007 10:17:02 PM
Date (last write): 31/08/2007 4:46:14 PM
Filesize: 1122128
Attributes: archive
MD5: B8958471DAA4481E93B03DF8F991DD6E
CRC32: 35E35F14
Version: 1.5.0.8
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: SSVHelper Class
Path: C:\Program Files\Java\jre1.6.0_03\bin\
Long name: ssv.dll
Short name:
Date (created): 4/11/2007 9:02:38 PM
Date (last access): 12/12/2007 10:17:02 PM
Date (last write): 25/09/2007 1:11:34 AM
Filesize: 501136
Attributes: archive
MD5: D787E3123FAD2BD58AB45B9A5C360ACD
CRC32: DDC625C2
Version: 6.0.30.5
{AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Google Toolbar Helper
description: Google toolbar
classification: Open for discussion
known filename: googletoolbar.dll<br>googletoolbar*.dll<br>(* = number)<br>googletoolbar_en_*.**-big.dll<br>Googletoolbar_en_*.*.**-deleon.dll
info link: http://toolbar.google.com/
info source: TonyKlein
Path: c:\program files\google\
Long name: GoogleToolbar1.dll
Short name: GOOGLE~1.DLL
Date (created): 23/02/2006 3:46:34 AM
Date (last access): 12/12/2007 10:28:36 PM
Date (last write): 14/02/2006 8:05:30 PM
Filesize: 1191424
Attributes: readonly archive
MD5: 677C42CD9FE9C13B4B7B601A2E4065B0
CRC32: 58231F90
Version: 3.0.131.0
--- ActiveX list ---
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object)
DPF name:
CLSID name: QuickTime Object
Installer: C:\WINDOWS\Downloaded Program Files\QTPlugin.inf
Codebase: http://www.apple.com...ex/qtplugin.cab
description: Apple Quicktime
classification: Legitimate
known filename: QTPLUGIN.OCX
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\QuickTime\
Long name: QTPlugin.ocx
Short name:
Date (created): 29/06/2007 7:25:14 AM
Date (last access): 12/12/2007 10:00:16 PM
Date (last write): 29/06/2007 7:25:14 AM
Filesize: 574784
Attributes: archive
MD5: 92FCD2C6B05278FFD772AEE77D29A07C
CRC32: 3E432005
Version: 7.2.0.240
{1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class)
DPF name:
CLSID name: iNotes Class
Installer: C:\WINDOWS\Downloaded Program Files\inotes.inf
Codebase: https://extraweb-apa...aweb/iNotes.cab
description:
classification: Legitimate
known filename: inotes.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\DOWNLO~1\
Long name: inotes.dll
Short name:
Date (created): 8/01/2002 11:17:10 AM
Date (last access): 12/12/2007 9:47:32 PM
Date (last write): 8/01/2002 11:17:10 AM
Filesize: 344064
Attributes: archive
MD5: 6F1D553B845DC35F15941FBE2F7A2374
CRC32: A1083853
Version: 5.0.1.0
{233C1507-6A77-46A4-9443-F871F945D258} (Shockwave ActiveX Control)
DPF name:
CLSID name: Shockwave ActiveX Control
Installer: C:\WINDOWS\Downloaded Program Files\setup.inf
Codebase: http://download.macr...director/sw.cab
description:
classification: Legitimate
known filename: SwDir.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\SYSTEM32\Macromed\Director\
Long name: SwDir.dll
Short name:
Date (created): 15/10/2006 9:50:50 AM
Date (last access): 12/12/2007 10:00:16 PM
Date (last write): 7/08/2007 6:20:44 PM
Filesize: 182248
Attributes: archive
MD5: 6C90714399BD3F1E7C0503A38EADBAC7
CRC32: D1E8C81D
Version: 10.2.0.23
{3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class)
DPF name:
CLSID name: iNotes6 Class
Installer: C:\WINDOWS\Downloaded Program Files\inotes6W.inf
Codebase: https://extraweb-apa...01/iNotes6W.cab
description:
classification: Legitimate
known filename: inotes6W.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: inotes6W.dll
Short name:
Date (created): 23/06/2005 4:45:52 PM
Date (last access): 12/12/2007 9:47:32 PM
Date (last write): 3/03/2006 11:46:36 AM
Filesize: 262144
Attributes: archive
MD5: C9F9A2DE1F1ABF941FA27E13D5067889
CRC32: F7FA84DE
Version: 6.0.41.0
{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_03
Installer:
Codebase: http://java.sun.com/...indows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre1.6.0_03\bin\
Long name: npjpi160_03.dll
Short name: NPJPI1~1.DLL
Date (created): 24/09/2007 11:31:44 PM
Date (last access): 12/12/2007 10:00:16 PM
Date (last write): 25/09/2007 1:11:34 AM
Filesize: 132496
Attributes: archive
MD5: D6A4682A6FF41832A3F1A7AB9AE08199
CRC32: 9080B537
Version: 6.0.30.5
{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.4.2)
DPF name: Java Runtime Environment 1.4.2
CLSID name: Java Plug-in 1.4.2_03
Installer:
Codebase: http://java.sun.com/...indows-i586.cab
description:
classification: Legitimate
known filename: npjpi142_03.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\j2re1.4.2_03\bin\
Long name: NPJPI142_03.dll
Short name: NPJPI1~1.DLL
Date (created): 19/11/2003 8:48:18 PM
Date (last access): 12/12/2007 10:00:16 PM
Date (last write): 19/11/2003 8:48:12 PM
Filesize: 65650
Attributes: archive
MD5: 2AD31341BE41AC9B086128AD86A2B53F
CRC32: 081CFB35
Version: 1.4.2.30
{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_05
Installer:
Codebase: http://java.sun.com/...indows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_05.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.5.0_05\bin\
Long name: NPJPI150_05.dll
Short name: NPJPI1~1.DLL
Date (created): 26/08/2005 6:14:48 PM
Date (last access): 12/12/2007 10:00:16 PM
Date (last write): 26/08/2005 6:33:54 PM
Filesize: 69746
Attributes: archive
MD5: 52A85771BE18C9C00732F475A2C192AE
CRC32: 525AE3AD
Version: 5.0.50.5
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_06
Installer:
Codebase: http://java.sun.com/...indows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.5.0_06\bin\
Long name: NPJPI150_06.dll
Short name: NPJPI1~1.DLL
Date (created): 10/11/2005 1:03:56 PM
Date (last access): 12/12/2007 10:00:16 PM
Date (last write): 10/11/2005 1:22:10 PM
Filesize: 69746
Attributes: archive
MD5: D2CF6BB5E9020E6707B62575F8083954
CRC32: 7F39DC54
Version: 5.0.60.5
{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_09
Installer:
Codebase: http://java.sun.com/...indows-i586.cab
description:
classification: Legitimate
known filename: NPJPI150_09.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.5.0_09\bin\
Long name: NPJPI150_09.dll
Short name: NPJPI1~1.DLL
Date (created): 12/10/2006 3:10:58 AM
Date (last access): 12/12/2007 10:00:18 PM
Date (last write): 12/10/2006 3:25:44 AM
Filesize: 69746
Attributes: archive
MD5: A3CDEB59B6B8C2EA81B9ED2D3EF4C95E
CRC32: 2A32A9A2
Version: 5.0.90.3
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_10
Installer:
Codebase: http://java.sun.com/...indows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_10.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.5.0_10\bin\
Long name: NPJPI150_10.dll
Short name: NPJPI1~1.DLL
Date (created): 9/11/2006 3:07:34 PM
Date (last access): 12/12/2007 10:00:18 PM
Date (last write): 9/11/2006 3:21:54 PM
Filesize: 75528
Attributes: archive
MD5: 635F4B3A0F1C661B5CEDE628BA85E46B
CRC32: 0C9B7145
Version: 5.0.100.3
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_01
Installer:
Codebase: http://java.sun.com/...indows-i586.cab
description:
classification: Legitimate
known filename: npjpi160_01.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.6.0_01\bin\
Long name: npjpi160_01.dll
Short name: NPJPI1~1.DLL
Date (created): 14/03/2007 3:04:46 AM
Date (last access): 12/12/2007 10:00:18 PM
Date (last write): 14/03/2007 4:43:42 AM
Filesize: 132760
Attributes: archive
MD5: F112FB2FD2EF66D439799E3F834DF000
CRC32: D2B09219
Version: 6.0.0.6
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_02
Installer:
Codebase: http://java.sun.com/...indows-i586.cab
description:
classification: Legitimate
known filename: npjpi160_02.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.6.0_02\bin\
Long name: npjpi160_02.dll
Short name: NPJPI1~1.DLL
Date (created): 12/07/2007 3:22:38 AM
Date (last access): 12/12/2007 10:00:18 PM
Date (last write): 12/07/2007 5:00:36 AM
Filesize: 132496
Attributes: archive
MD5: E3811F1A1C5063C941EC0E2766C3EA39
CRC32: AEFD3747
Version: 6.0.20.6
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_03
Installer:
Codebase: http://java.sun.com/...indows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.6.0_03\bin\
Long name: npjpi160_03.dll
Short name: NPJPI1~1.DLL
Date (created): 24/09/2007 11:31:44 PM
Date (last access): 12/12/2007 10:00:16 PM
Date (last write): 25/09/2007 1:11:34 AM
Filesize: 132496
Attributes: archive
MD5: D6A4682A6FF41832A3F1A7AB9AE08199
CRC32: 9080B537
Version: 6.0.30.5
{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf
Codebase: http://download.macr...ash/swflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\Macromed\Flash\
Long name: Flash9b.ocx
Short name:
Date (created): 10/11/2006 9:46:26 AM
Date (last access): 12/12/2007 9:53:06 PM
Date (last write): 10/11/2006 9:46:26 AM
Filesize: 2262648
Attributes: readonly archive
MD5: F3B3EE66CA76C94510555ABE9D00A353
CRC32: A51F3CB4
Version: 9.0.28.0
{EA1B8527-E422-4909-825A-70BE0694F18E} (PortfolioManagerWT ProfileManager Class)
DPF name:
CLSID name: PortfolioManagerWT ProfileManager Class
Installer:
Codebase: https://online.westp...iomanagerwt.cab
description:
classification: Open for discussion
known filename: portfoliomanagerwt.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: portfoliomanagerwt.dll
Short name: PORTFO~1.DLL
Date (created): 10/06/2004 2:01:54 PM
Date (last access): 12/12/2007 9:47:32 PM
Date (last write): 1/02/2007 12:40:08 PM
Filesize: 312992
Attributes: archive
MD5: 85777A05B84423D6B8B1890F2D21B771
CRC32: 5F4DF8E1
Version: 3.2.20.24
--- Process list ---
PID: 0 ( 0) [System]
PID: 604 ( 0) \SystemRoot\System32\smss.exe
size: 50688
PID: 660 ( 0) \??\C:\WINDOWS\system32\csrss.exe
size: 6144
PID: 684 ( 0) \??\C:\WINDOWS\system32\winlogon.exe
size: 502272
PID: 732 ( 0) C:\WINDOWS\system32\services.exe
size: 108032
MD5: C6CE6EEC82F187615D1002BB3BB50ED4
PID: 744 ( 0) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 84885F9B82F4D55C6146EBF6065D75D2
PID: 932 ( 0) C:\WINDOWS\system32\Ati2evxx.exe
size: 389120
MD5: 4DEAA162480367B232F3EE3A6D34084B
PID: 948 ( 0) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1020 ( 0) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1116 ( 0) C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
size: 18832
MD5: B37F51ACC55027941653271C13A24D16
PID: 1212 ( 0) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1316 ( 0) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1424 ( 0) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1616 ( 0) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: DA81EC57ACD4CDC3D4C51CF3D409AF9F
PID: 1784 ( 0) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
size: 106496
MD5: 2ACFC9242BE81AE2356E14E5E05C02BB
PID: 1876 ( 0) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
size: 322120
MD5: 11F714F85530A2BD134074DC30E99FCA
PID: 1944 ( 0) C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
size: 755264
MD5: D23A0254934BE05B8153763BE45611EF
PID: 276 ( 0) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 648 ( 0) C:\Program Files\Microsoft Windows OneCare Live\winss.exe
size: 1111080
MD5: D256B81F9EB9106FB700A3BCCA59A084
PID: 1540 ( 0) C:\WINDOWS\Explorer.EXE
size: 1033216
MD5: 97BD6515465659FF8F3B7BE375B2EA87
PID: 280 ( 0) C:\Program Files\Canon\CAL\CALMAIN.exe
size: 96341
MD5: 20F89E232173985A455BC9A5F70D1166
PID: 2068 ( 0) C:\WINDOWS\system32\wbem\wmiprvse.exe
size: 218112
MD5: 075EA6C849AB0FE416A3D6DD65C3CF41
PID: 2336 ( 0) C:\WINDOWS\System32\alg.exe
size: 44544
MD5: F1958FBF86D5C004CF19A5951A9514B7
PID: 2784 ( 0) C:\Program Files\Dell\Media Experience\PCMService.exe
size: 290816
MD5: E02C0E78E5CFB01BF9D1866DBA18B456
PID: 2820 ( 0) C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
size: 57344
MD5: 7E5FC860ECBD3FE4D0BF7E1814A37B56
PID: 2828 ( 0) C:\Program Files\Real\RealPlayer\RealPlay.exe
size: 26112
MD5: 849D97FE4CC09CFC2772D10F641E1BAF
PID: 2844 ( 0) C:\WINDOWS\system32\dla\tfswctrl.exe
size: 122939
MD5: 790490F273B0E3BCF05DC3C308ABCC0B
PID: 2900 ( 0) C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
size: 241664
MD5: E91CDE1B706189C03904A901A1CA1832
PID: 2928 ( 0) C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
size: 49152
MD5: 821F73B833C4DAEBC33C1A9A4B16BB5A
PID: 2968 ( 0) C:\Program Files\dvd43\dvd43_tray.exe
size: 694272
MD5: 42A441AE3F5FC5EA8D9B8543EEAEADC1
PID: 2992 ( 0) C:\WINDOWS\system32\LVCOMSX.EXE
size: 221184
MD5: 5BA8A7DA5D0573F7923E02B260AAD2F1
PID: 3004 ( 0) C:\Program Files\Logitech\Video\LogiTray.exe
size: 217088
MD5: F433926BBEC782B603BA3BE0D4E92B7B
PID: 3020 ( 0) C:\Program Files\iTunes\iTunesHelper.exe
size: 270648
MD5: 018C1B1379D326ABFAA89EDA7E43F95A
PID: 3096 ( 0) C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
size: 67112
MD5: A074992B82B39937105E93187E8DB142
PID: 3116 ( 0) C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8
PID: 3128 ( 0) C:\Program Files\Skype\Phone\Skype.exe
size: 25263144
MD5: F6AC391E2CAE1794111F3D0AE2FA6234
PID: 3280 ( 0) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
size: 241664
MD5: 16E91805CC071039372AE0037AAA9A2B
PID: 3312 ( 0) C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
size: 73728
MD5: 2D7B847DA5E569ED4E0B15FEEFB8FCC4
PID: 3424 ( 0) C:\Program Files\Logitech\Video\FxSvr2.exe
size: 192512
MD5: 951504797D17139BDCA8F962DF65FDAB
PID: 3620 ( 0) C:\PROGRA~1\MI3AA1~1\rapimgr.exe
size: 180224
MD5: 3649EA61AAC1C48B7D282CB61421C15A
PID: 3912 ( 0) C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
size: 520192
MD5: B828B8620CAB7FC4D6865A30FB650049
PID: 1004 ( 0) C:\Program Files\iPod\bin\iPodService.exe
size: 501048
MD5: 83CD5F746B260457DEF125AEB8783B46
PID: 2088 ( 0) C:\Program Files\Skype\Plugin Manager\skypePM.exe
size: 1914824
MD5: 26BFE1CCCC2D1FBE7E682553DB8ADD80
PID: 2648 ( 0) \??\C:\WINDOWS\system32\csrss.exe
size: 6144
PID: 3584 ( 0) \??\C:\WINDOWS\system32\winlogon.exe
size: 502272
PID: 1800 ( 0) C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
size: 67112
MD5: A074992B82B39937105E93187E8DB142
PID: 3156 ( 0) C:\WINDOWS\Explorer.EXE
size: 1033216
MD5: 97BD6515465659FF8F3B7BE375B2EA87
PID: 1964 ( 0) C:\Program Files\Dell\Media Experience\PCMService.exe
size: 290816
MD5: E02C0E78E5CFB01BF9D1866DBA18B456
PID: 1676 ( 0) C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
size: 57344
MD5: 7E5FC860ECBD3FE4D0BF7E1814A37B56
PID: 2044 ( 0) C:\Program Files\Real\RealPlayer\RealPlay.exe
size: 26112
MD5: 849D97FE4CC09CFC2772D10F641E1BAF
PID: 328 ( 0) C:\WINDOWS\system32\dla\tfswctrl.exe
size: 122939
MD5: 790490F273B0E3BCF05DC3C308ABCC0B
PID: 3796 ( 0) C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
size: 241664
MD5: E91CDE1B706189C03904A901A1CA1832
PID: 4016 ( 0) C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
size: 49152
MD5: 821F73B833C4DAEBC33C1A9A4B16BB5A
PID: 3792 ( 0) C:\Program Files\dvd43\dvd43_tray.exe
size: 694272
MD5: 42A441AE3F5FC5EA8D9B8543EEAEADC1
PID: 3948 ( 0) C:\WINDOWS\system32\LVCOMSX.EXE
size: 221184
MD5: 5BA8A7DA5D0573F7923E02B260AAD2F1
PID: 3788 ( 0) C:\Program Files\Logitech\Video\LogiTray.exe
size: 217088
MD5: F433926BBEC782B603BA3BE0D4E92B7B
PID: 3720 ( 0) C:\Program Files\iTunes\iTunesHelper.exe
size: 270648
MD5: 018C1B1379D326ABFAA89EDA7E43F95A
PID: 2600 ( 0) C:\Program Files\Microsoft ActiveSync\wcescomm.exe
size: 1200128
MD5: 0D667F8B21D7975C663F35D7AF3C9BDB
PID: 992 ( 0) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 1460560
MD5: B7D4586BFC0DD6C3BE7DCCC252A3E97E
PID: 2520 ( 0) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
size: 241664
MD5: 16E91805CC071039372AE0037AAA9A2B
PID: 4072 ( 0) C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
size: 73728
MD5: 2D7B847DA5E569ED4E0B15FEEFB8FCC4
PID: 1872 ( 0) C:\PROGRA~1\MI3AA1~1\rapimgr.exe
size: 180224
MD5: 3649EA61AAC1C48B7D282CB61421C15A
PID: 4032 ( 0) C:\Program Files\Logitech\Video\FxSvr2.exe
size: 192512
MD5: 951504797D17139BDCA8F962DF65FDAB
PID: 2672 ( 0) C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
size: 520192
MD5: B828B8620CAB7FC4D6865A30FB650049
PID: 3464 ( 0) C:\Program Files\Internet Explorer\iexplore.exe
size: 625152
MD5: E854D02E4231F704D9BE782A424E6D8B
PID: 3408 ( 0) C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8
PID: 3452 ( 0) C:\WINDOWS\system32\HPZipm12.exe
size: 65536
MD5: 901C43516504CBE582E4C4193E00876A
PID: 3036 ( 0) C:\Program Files\Internet Explorer\iexplore.exe
size: 625152
MD5: E854D02E4231F704D9BE782A424E6D8B
PID: 3688 ( 0) C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
size: 341616
MD5: 80660C611B596FFE8AF4074B31AA6FB7
PID: 1632 ( 0) C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
size: 12310368
MD5: 443747857245BF90847AE396C53470A6
PID: 1192 ( 0) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4943184
MD5: C92780F50B8BB7A89E919585916494A9
PID: 3268 ( 0) C:\WINDOWS\system32\HPZinw12.exe
size: 61440
MD5: A05C2E0AFEE4300B536348F83651125F
--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 12/12/2007 10:56:58 PM
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.google.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
http://www.google.com/ie
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.google.com.au/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.dell.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft....k/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://go.microsoft....k/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://go.microsoft....k/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://go.microsoft....k/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://www.google.com/ie
--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]
Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]
Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]
Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{813FC93F-0AF0-4DB1-A3BF-CA7EAEAC98FA}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{813FC93F-0AF0-4DB1-A3BF-CA7EAEAC98FA}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{48878693-0488-4D62-B2AC-C6BE48F4AE87}] SEQPACKET 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{48878693-0488-4D62-B2AC-C6BE48F4AE87}] DATAGRAM 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32&