Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Started With Emlkdvo.dll, Now I Have ?


  • Please log in to reply
12 replies to this topic

#1 dreww

dreww

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:09 PM

Posted 29 December 2007 - 01:41 PM

Hello,

I downloaded what I thought was a Windows codec like a newbie yesterday and I haven't been able to get rid of all the viruses. I was able to get rid of emlkdvo.dll and some others but I am still having problems, slow computer and something keeps trying to change my Registry. Spybot is blocking the Registry change for me at this time. I have ran Norton and Ad-Aware, these 2 find nothing. Spybot found quite a few things and got rid of them. Spybot seems to keep finding the same thing when I run a scan. I think I get rid of it and I run a scan and it finds the same thing all over again. I also ran Panda Anti Virus and it found c:hp\bin\killit.exe but from what I can come up with this is supposed to be here. That is all Panda found. Please help me get rid of this. This is my home office computer. I have been up for hours, all night long with no luck. All scans have been run in regular and safe mode.

Thank You,

Edited by dreww, 29 December 2007 - 01:47 PM.


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:09 PM

Posted 29 December 2007 - 03:38 PM

Please download SDFix by AndyManchesta and save it to your desktop.
alternate download
When using this tool, you must use the Administrator's account or an account with "Administrative rights"
  • Double click SDFix.exe and it will extract the files to %systemdrive%
  • (this is the drive that contains the Windows Directory, typically C:\SDFix).
  • DO NOT use it just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Open the SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts, the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load, the SDFix report will open on screen and also save a copy into the SDFix folder as Report.txt.
  • Copy and paste the contents of Report.txt in your next reply.
-- If this error message is displayed when running SDFix: "The command prompt has been disabled by your administrator. Press any key to continue..."
Please go to Start Menu > Run > and copy/paste the following line:
%systemdrive%\SDFix\apps\swreg IMPORT %systemdrive%\SDFix\apps\Enable_Command_Prompt.reg
Press Ok and then run SDFix again.

-- If the Command Prompt window flashes on then off again on XP or Win 2000, please go to Start Menu > Run > and copy/paste the following line:
%systemdrive%\SDFix\apps\FixPath.exe /Q
Reboot and then run SDFix again.

-- If SDFix still does not run, check the %comspec% variable. Right-click My Computer > click Properties > Advanced > Environment Variables and check that the ComSpec variable points to cmd.exe.
%SystemRoot%\system32\cmd.exe

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 dreww

dreww
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:09 PM

Posted 29 December 2007 - 07:04 PM

I just finished running SUPERAntiSpyware and here is the log from this, it found some things and got rid of them. I will now do what you mentioned above. Thank you for the reply.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/29/2007 at 03:36 PM

Application Version : 3.9.1008

Core Rules Database Version : 3370
Trace Rules Database Version: 1365

Scan type : Complete Scan
Total Scan Time : 02:32:01

Memory items scanned : 170
Memory threats detected : 0
Registry items scanned : 7917
Registry threats detected : 12
File items scanned : 136631
File threats detected : 1

Trojan.Net-MSV/VPS-Variant
HKLM\Software\Classes\CLSID\{3DAF1739-AB9E-493E-8DD7-F65CDF363BCB}
HKCR\CLSID\{3DAF1739-AB9E-493E-8DD7-F65CDF363BCB}
HKCR\CLSID\{3DAF1739-AB9E-493E-8DD7-F65CDF363BCB}
HKCR\CLSID\{3DAF1739-AB9E-493E-8DD7-F65CDF363BCB}\InprocServer32
HKCR\CLSID\{3DAF1739-AB9E-493E-8DD7-F65CDF363BCB}\InprocServer32#ThreadingModel
HKCR\CLSID\{3DAF1739-AB9E-493E-8DD7-F65CDF363BCB}\ProgID
HKCR\CLSID\{3DAF1739-AB9E-493E-8DD7-F65CDF363BCB}\Programmable
HKCR\CLSID\{3DAF1739-AB9E-493E-8DD7-F65CDF363BCB}\TypeLib
HKCR\CLSID\{3DAF1739-AB9E-493E-8DD7-F65CDF363BCB}\VersionIndependentProgID
C:\WINDOWS\DOMNFTWQPD.DLL

Trojan.Net-MSV/VPS
HKCR\MSVPS.MSVPSApp
HKCR\MSVPS.MSVPSApp\CLSID
HKCR\MSVPS.MSVPSApp\CurVer

#4 dreww

dreww
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:09 PM

Posted 29 December 2007 - 07:31 PM

Here is the SDFIX.exe Report.txt


SDFix: Version 1.120

Run by Compaq_Administrator on Sat 12/29/2007 at 04:13 PM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Default HomePage Value
Restoring Default Desktop Components Value

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\ac8zt2.dat - Deleted
C:\WINDOWS\alxvdvm.dll - Deleted
C:\WINDOWS\dat.txt - Deleted
C:\WINDOWS\fvkwdrt.exe - Deleted
C:\WINDOWS\rs.txt - Deleted
C:\WINDOWS\search_res.txt - Deleted




Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

catchme 0.3.1333.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-29 16:19:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"="C:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe:*:Enabled:Compaq Connections"
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"="C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe:*:Enabled:Earthlink"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\\WINDOWS\\system32\\fxsclnt.exe"="C:\\WINDOWS\\system32\\fxsclnt.exe:*:Enabled:Microsoft Fax Console"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\World of Warcraft\\WoW-1.12.0-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.12.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"="C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\WoW-2.0.3-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-2.0.3-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\WoW-2.0.4.6314-to-2.0.5.6320-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-2.0.4.6314-to-2.0.5.6320-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\WoW-2.0.5.6320-to-2.0.6.6337-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-2.0.5.6320-to-2.0.6.6337-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\DISC\\DISCover.exe"="C:\\Program Files\\DISC\\DISCover.exe:*:Enabled:DISCover Drop & Play System"
"C:\\Program Files\\DISC\\DiscStreamHub.exe"="C:\\Program Files\\DISC\\DiscStreamHub.exe:*:Enabled:DISCover Stream Hub"
"C:\\Program Files\\DISC\\myFTP.exe"="C:\\Program Files\\DISC\\myFTP.exe:*:Enabled:DISCover FTP"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"="C:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe:*:Enabled:Compaq Connections"

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

Sat 2 Sep 2006 211 ..SH. --- "C:\BOOT.BAK"
Thu 7 Dec 2006 22 A.SH. --- "C:\WINDOWS\SMINST\HPCD.sys"
Thu 30 Nov 2006 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sat 29 Dec 2007 85,946 A..H. --- "C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\BIT162.tmp"
Sat 29 Dec 2007 85,946 A..H. --- "C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\BIT1CD.tmp"
Wed 14 Dec 2005 200,704 A..H. --- "C:\Program Files\Online Services\Aol\United States\AOL90\ACST4.DLL"
Tue 22 Nov 2005 81,920 A..H. --- "C:\Program Files\Online Services\Aol\United States\AOL90\AOLFIREWALLMGR.DLL"
Tue 22 Nov 2005 73,728 A..H. --- "C:\Program Files\Online Services\Aol\United States\AOL90\AOLINSTALLERFW.DLL"
Wed 14 Dec 2005 88,064 A..H. --- "C:\Program Files\Online Services\Aol\United States\AOL90\INSTPH.DLL"
Wed 14 Dec 2005 200,704 A..H. --- "C:\Program Files\Online Services\Aol\United States\AOL90E\ACST4.DLL"
Tue 22 Nov 2005 81,920 A..H. --- "C:\Program Files\Online Services\Aol\United States\AOL90E\AOLFIREWALLMGR.DLL"
Tue 22 Nov 2005 73,728 A..H. --- "C:\Program Files\Online Services\Aol\United States\AOL90E\AOLINSTALLERFW.DLL"
Wed 14 Dec 2005 88,064 A..H. --- "C:\Program Files\Online Services\Aol\United States\AOL90E\INSTPH.DLL"
Sun 3 Sep 2006 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\lock.tmp"

Finished!

#5 dreww

dreww
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:09 PM

Posted 29 December 2007 - 07:36 PM

Here is my last Spybot report, not sure if this will help.


--- Spybot - Search & Destroy version: 1.5 (build: 20070830) ---

2007-08-31 blindman.exe (1.0.0.6)
2007-08-31 SDMain.exe (1.0.0.4)
2007-08-31 SDUpdate.exe (1.0.6.4)
2007-08-31 SDWinSec.exe (1.0.0.8)
2007-08-31 SpybotSD.exe (1.5.1.15)
2007-08-31 TeaTimer.exe (1.5.0.9)
2007-12-29 unins000.exe (51.46.0.0)
2007-08-31 Update.exe (1.4.0.5)
2007-08-31 advcheck.dll (1.5.3.0)
2007-04-02 aports.dll (2.1.0.0)
2007-04-02 DelZip179.dll (1.79.5.3)
2007-08-31 SDHelper.dll (1.5.0.8)
2007-08-31 Tools.dll (2.1.2.0)
2007-12-26 Includes\Cookies.sbi
2007-12-26 Includes\Dialer.sbi
2007-12-26 Includes\DialerC.sbi
2007-12-26 Includes\Hijackers.sbi
2007-12-26 Includes\HijackersC.sbi
2007-10-04 Includes\Keyloggers.sbi
2007-12-26 Includes\KeyloggersC.sbi
2004-11-29 Includes\LSP.sbi
2007-11-07 Includes\Malware.sbi
2007-12-26 Includes\MalwareC.sbi
2007-10-24 Includes\PUPS.sbi
2007-12-26 Includes\PUPSC.sbi
2007-12-26 Includes\Revision.sbi
2007-05-30 Includes\Security.sbi
2007-12-26 Includes\SecurityC.sbi
2007-11-07 Includes\Spybots.sbi
2007-12-26 Includes\SpybotsC.sbi
2007-11-06 Includes\Tracks.uti
2007-12-12 Includes\Trojans.sbi
2007-12-26 Includes\TrojansC.sbi
2008-12-24 Plugins\TCPIPAddress.dll


--- System information ---
Windows XP (Build: 2600) Service Pack 2 (5.1.2600)
/ .NETFramework / 1.0: Microsoft .NET Framework 1.0 Hotfix (KB887998)
/ .NETFramework / 1.0: Microsoft .NET Framework 1.0 Hotfix (KB930494)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB928366)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
/ Media Center 2005 / SP4: Update Rollup 2 for Windows XP Media Center Edition 2005
/ MSXML4SP2: FIX: ASP stops responding when calling Response.Redirect to another server using msxml4 sp2
/ MSXML4SP2: FIX: ASP stops responding when calling Response.Redirect to another server using msxml4 sp2
/ MSXML4SP2: Security update for MSXML4 SP2 (KB936181)
/ Step By Step Interactive Training / SP2: Security Update for Step By Step Interactive Training (KB898458)
/ Step By Step Interactive Training / SP2: Security Update for Step By Step Interactive Training (KB923723)
/ Windows Media Format 11 SDK: Hotfix for Windows Media Format 11 SDK (KB929399)
/ Windows Media Player 10: Update for Windows Media Player 10 (KB913800)
/ Windows Media Player 10: Security Update for Windows Media Player 10 (KB917734)
/ Windows Media Player 11: Security Update for Windows Media Player 11 (KB936782)
/ Windows Media Player 11: Hotfix for Windows Media Player 11 (KB939683)
/ Windows Media Player 6.4: Security Update for Windows Media Player 6.4 (KB925398)
/ Windows Presentation Foundation: This Hotfix is for Microsoft .NET Framework 3.0. \n
If you later install a more recent service pack, this Hotfix will be uninstalled automatically. \n
For more information, visit http://support.microsoft.com/kb/932471
/ Windows XP: Security Update for Windows XP (KB941569)
/ Windows XP / SP10: Microsoft Compression Client Pack 1.0 for Windows XP
/ Windows XP / SP3: Windows XP Hotfix - KB873333
/ Windows XP / SP3: Windows XP Hotfix - KB873339
/ Windows XP / SP3: Windows XP Hotfix - KB883667
/ Windows XP / SP3: Windows XP Hotfix - KB885250
/ Windows XP / SP3: Windows XP Hotfix - KB885835
/ Windows XP / SP3: Windows XP Hotfix - KB885836
/ Windows XP / SP3: Windows XP Hotfix - KB886185
/ Windows XP / SP3: Windows XP Hotfix - KB887472
/ Windows XP / SP3: Windows XP Hotfix - KB887742
/ Windows XP / SP3: Microsoft .NET Framework 1.0 Hotfix (KB887998)
/ Windows XP / SP3: Windows XP Hotfix - KB888113
/ Windows XP / SP3: Windows XP Hotfix - KB888302
/ Windows XP / SP3: Hotfix for Windows XP (KB888795)
/ Windows XP / SP3: Security Update for Windows XP (KB890046)
/ Windows XP / SP3: Windows XP Hotfix - KB890175
/ Windows XP / SP3: Windows XP Hotfix - KB890859
/ Windows XP / SP3: Hotfix for Windows XP (KB891593)
/ Windows XP / SP3: Windows XP Hotfix - KB891781
/ Windows XP / SP3: Windows XP Hotfix - KB892050
/ Windows XP / SP3: Windows XP Hotfix - KB893066
/ Windows XP / SP3: Hotfix for Windows XP (KB893357)
/ Windows XP / SP3: Security Update for Windows XP (KB893756)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Update for Windows XP (KB894391)
/ Windows XP / SP3: Hotfix for Windows XP (KB896344)
/ Windows XP / SP3: Security Update for Windows XP (KB896358)
/ Windows XP / SP3: Security Update for Windows XP (KB896422)
/ Windows XP / SP3: Security Update for Windows XP (KB896423)
/ Windows XP / SP3: Security Update for Windows XP (KB896424)
/ Windows XP / SP3: Security Update for Windows XP (KB896428)
/ Windows XP / SP3: Update for Windows XP (KB898461)
/ Windows XP / SP3: Hotfix for Windows XP (KB899337)
/ Windows XP / SP3: Hotfix for Windows XP (KB899510)
/ Windows XP / SP3: Security Update for Windows XP (KB899587)
/ Windows XP / SP3: Security Update for Windows XP (KB899588)
/ Windows XP / SP3: Security Update for Windows XP (KB899589)
/ Windows XP / SP3: Security Update for Windows XP (KB899591)
/ Windows XP / SP3: Update for Windows XP (KB900485)
/ Windows XP / SP3: Security Update for Windows XP (KB900725)
/ Windows XP / SP3: Security Update for Windows XP (KB901017)
/ Windows XP / SP3: Security Update for Windows XP (KB901214)
/ Windows XP / SP3: Security Update for Windows XP (KB902400)
/ Windows XP / SP3: Hotfix for Windows XP (KB902841)
/ Windows XP / SP3: Security Update for Windows XP (KB904706)
/ Windows XP / SP3: Update for Windows XP (KB904942)
/ Windows XP / SP3: Security Update for Windows XP (KB905414)
/ Windows XP / SP3: Security Update for Windows XP (KB905749)
/ Windows XP / SP3: Security Update for Windows XP (KB905915)
/ Windows XP / SP3: Hotfix for Windows XP (KB906569)
/ Windows XP / SP3: Security Update for Windows XP (KB908519)
/ Windows XP / SP3: Update for Windows XP (KB908531)
/ Windows XP / SP3: Hotfix for Windows XP (KB909394)
/ Windows XP / SP3: Update for Windows XP (KB910437)
/ Windows XP / SP3: Update for Windows XP (KB911280)
/ Windows XP / SP3: Security Update for Windows XP (KB911562)
/ Windows XP / SP3: Security Update for Windows XP (KB911567)
/ Windows XP / SP3: Security Update for Windows XP (KB911927)
/ Windows XP / SP3: Hotfix for Windows XP (KB912024)
/ Windows XP / SP3: Security Update for Windows XP (KB912919)
/ Windows XP / SP3: Update for Windows XP (KB912945)
/ Windows XP / SP3: Security Update for Windows XP (KB913580)
/ Windows XP / SP3: Security Update for Windows XP (KB914388)
/ Windows XP / SP3: Security Update for Windows XP (KB914389)
/ Windows XP / SP3: Security Update for Windows XP (KB916281)
/ Windows XP / SP3: Update for Windows XP (KB916595)
/ Windows XP / SP3: Security Update for Windows XP (KB917159)
/ Windows XP / SP3: Security Update for Windows XP (KB917344)
/ Windows XP / SP3: Security Update for Windows XP (KB917422)
/ Windows XP / SP3: Security Update for Windows XP (KB917953)
/ Windows XP / SP3: Security Update for Windows XP (KB918118)
/ Windows XP / SP3: Security Update for Windows XP (KB918439)
/ Windows XP / SP3: Security Update for Windows XP (KB918899)
/ Windows XP / SP3: Security Update for Windows XP (KB919007)
/ Windows XP / SP3: Security Update for Windows XP (KB920213)
/ Windows XP / SP3: Security Update for Windows XP (KB920214)
/ Windows XP / SP3: Update for Windows XP (KB920342)
/ Windows XP / SP3: Security Update for Windows XP (KB920670)
/ Windows XP / SP3: Security Update for Windows XP (KB920683)
/ Windows XP / SP3: Security Update for Windows XP (KB920685)
/ Windows XP / SP3: Update for Windows XP (KB920872)
/ Windows XP / SP3: Security Update for Windows XP (KB921398)
/ Windows XP / SP3: Security Update for Windows XP (KB921503)
/ Windows XP / SP3: Security Update for Windows XP (KB921883)
/ Windows XP / SP3: Update for Windows XP (KB922582)
/ Windows XP / SP3: Security Update for Windows XP (KB922616)
/ Windows XP / SP3: Security Update for Windows XP (KB922760)
/ Windows XP / SP3: Security Update for Windows XP (KB922819)
/ Windows XP / SP3: Security Update for Windows XP (KB923191)
/ Windows XP / SP3: Security Update for Windows XP (KB923414)
/ Windows XP / SP3: Security Update for Windows XP (KB923694)
/ Windows XP / SP3: Security Update for Windows XP (KB923980)
/ Windows XP / SP3: Security Update for Windows XP (KB924191)
/ Windows XP / SP3: Security Update for Windows XP (KB924270)
/ Windows XP / SP3: Security Update for Windows XP (KB924496)
/ Windows XP / SP3: Security Update for Windows XP (KB924667)
/ Windows XP / SP3: Security Update for Windows XP (KB925454)
/ Windows XP / SP3: Security Update for Windows XP (KB925486)
/ Windows XP / SP3: Update for Windows XP (KB925720)
/ Windows XP / SP3: Update for Windows XP (KB925876)
/ Windows XP / SP3: Security Update for Windows XP (KB925902)
/ Windows XP / SP3: Hotfix for Windows XP (KB926239)
/ Windows XP / SP3: Security Update for Windows XP (KB926255)
/ Windows XP / SP3: Security Update for Windows XP (KB926436)
/ Windows XP / SP3: Security Update for Windows XP (KB927779)
/ Windows XP / SP3: Security Update for Windows XP (KB927802)
/ Windows XP / SP3: Update for Windows XP (KB927891)
/ Windows XP / SP3: Security Update for Windows XP (KB928090)
/ Windows XP / SP3: Security Update for Windows XP (KB928255)
/ Windows XP / SP3: Hotfix for Windows XP (KB928388)
/ Windows XP / SP3: Security Update for Windows XP (KB928843)
/ Windows XP / SP3: Security Update for Windows XP (KB929123)
/ Windows XP / SP3: Update for Windows XP (KB929338)
/ Windows XP / SP3: Security Update for Windows XP (KB929969)
/ Windows XP / SP3: Security Update for Windows XP (KB930178)
/ Windows XP / SP3: Microsoft .NET Framework 1.0 Hotfix (KB930494)
/ Windows XP / SP3: Update for Windows XP (KB930916)
/ Windows XP / SP3: Security Update for Windows XP (KB931261)
/ Windows XP / SP3: Security Update for Windows XP (KB931768)
/ Windows XP / SP3: Security Update for Windows XP (KB931784)
/ Windows XP / SP3: Update for Windows XP (KB931836)
/ Windows XP / SP3: Security Update for Windows XP (KB932168)
/ Windows XP / SP3: Update for Windows XP (KB933360)
/ Windows XP / SP3: Security Update for Windows XP (KB933566)
/ Windows XP / SP3: Security Update for Windows XP (KB933729)
/ Windows XP / SP3: Hotfix for Windows XP (KB935448)
/ Windows XP / SP3: Security Update for Windows XP (KB935839)
/ Windows XP / SP3: Security Update for Windows XP (KB935840)
/ Windows XP / SP3: Security Update for Windows XP (KB936021)
/ Windows XP / SP3: Security Update for Windows XP (KB937143)
/ Windows XP / SP3: Security Update for Windows XP (KB937894)
/ Windows XP / SP3: Security Update for Windows XP (KB938127)
/ Windows XP / SP3: Update for Windows XP (KB938828)
/ Windows XP / SP3: Security Update for Windows XP (KB938829)
/ Windows XP / SP3: Security Update for Windows XP (KB939653)
/ Windows XP / SP3: Security Update for Windows XP (KB941202)
/ Windows XP / SP3: Security Update for Windows XP (KB941568)
/ Windows XP / SP3: Security Update for Windows XP (KB942615)
/ Windows XP / SP3: Update for Windows XP (KB942763)
/ Windows XP / SP3: Update for Windows XP (KB942840)
/ Windows XP / SP3: Security Update for Windows XP (KB943460)
/ Windows XP / SP3: Security Update for Windows XP (KB944653)
/ Windows XP / SP3: Update for Windows XP (KB946627)
/ XML Paper Specification Shared Components Pack 1.0: XML Paper Specification Shared Components Pack 1.0


--- Startup entries list ---
Located: HK_LM:Run, Adobe Photo Downloader
command: "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
file: C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
size: 63712
MD5: FC9E59FE8BC4FE05382CFF5C8FC59DE1

Located: HK_LM:Run, Adobe Reader Speed Launcher
command: "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
file: C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
size: 39792
MD5: E28D00EC675F5F5A5A0555E7A4523A6E

Located: HK_LM:Run, Alcmtr
command: ALCMTR.EXE
file: C:\WINDOWS\ALCMTR.EXE
size: 69632
MD5: 8B4CBBA1EA526830C7F97E7822E2493A

Located: HK_LM:Run, AlwaysReady Power Message APP
command: ARPWRMSG.EXE
file: C:\WINDOWS\ARPWRMSG.EXE
size: 77312
MD5: B596347A26DC054EBB44EB3BC8E95B0A

Located: HK_LM:Run, ccApp
command: "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
file: C:\Program Files\Common Files\Symantec Shared\ccApp.exe
size: 115816
MD5: 25BE770865658CB79100117112819A7C

Located: HK_LM:Run, DISCover
command: C:\Program Files\DISC\DISCover.exe nogui
file: C:\Program Files\DISC\DISCover.exe
size: 1095256
MD5: 6A24BAC693EBC81A5248F0CDD7F978F1

Located: HK_LM:Run, ehTray
command: C:\WINDOWS\ehome\ehtray.exe
file: C:\WINDOWS\ehome\ehtray.exe
size: 67584
MD5: 7E48B4958C131E9643DDCD2E7CA3FE9F

Located: HK_LM:Run, HP Software Update
command: C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
file: C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
size: 54840
MD5: 21293443961A4E2597453EE7A9347F22

Located: HK_LM:Run, HPBootOp
command: "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
file: C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
size: 249856
MD5: A789B145F17FA5C2326907F4872FE173

Located: HK_LM:Run, iTunesHelper
command: "C:\Program Files\iTunes\iTunesHelper.exe"
file: C:\Program Files\iTunes\iTunesHelper.exe
size: 270648
MD5: 018C1B1379D326ABFAA89EDA7E43F95A

Located: HK_LM:Run, KBD
command: C:\HP\KBD\KBD.EXE
file: C:\HP\KBD\KBD.EXE
size: 61440
MD5: C81BE1B951C36E97D3DA90DA745DA5F7

Located: HK_LM:Run, NvCplDaemon
command: "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
file: C:\WINDOWS\system32\RUNDLL32.EXE
size: 33280
MD5: DA285490BBD8A1D0CE6623577D5BA1FF

Located: HK_LM:Run, NvMediaCenter
command: "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
file: C:\WINDOWS\system32\RUNDLL32.EXE
size: 33280
MD5: DA285490BBD8A1D0CE6623577D5BA1FF

Located: HK_LM:Run, osCheck
command: "C:\Program Files\Norton Internet Security\osCheck.exe"
file: C:\Program Files\Norton Internet Security\osCheck.exe
size: 771704
MD5: 74867F6AAF1BADDA7E7C0E6E63A20732

Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
file: C:\Program Files\QuickTime\qttask.exe
size: 286720
MD5: 49CCFBE5D5225B9D3CC78C09DEE147D0

Located: HK_LM:Run, Recguard
command: C:\WINDOWS\SMINST\RECGUARD.EXE
file: C:\WINDOWS\SMINST\RECGUARD.EXE
size: 237568
MD5: F3EAEA279F09A7779C18793C87640794

Located: HK_LM:Run, RTHDCPL
command: RTHDCPL.EXE
file: C:\WINDOWS\RTHDCPL.EXE
size: 16855552
MD5: 9BED5FA9D8E98A1C4F8A9922185FDA7D

Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
file: C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
size: 132496
MD5: D4F0F7437327DBAA264338BAAFB5E5AF

Located: HK_LM:Run, Symantec PIF AlertEng
command: "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
file: C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
size: 583048
MD5: DEB2A99C1AD9B9190C78E895AE60A745

Located: HK_LM:Run, YSearchProtection
command: "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
file: C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
size: 224248
MD5: 0CFD137DA0BD428FC3FEE5FEC8A72AD1

Located: HK_CU:Run, ctfmon.exe
where: S-1-5-21-536829160-4200119975-3568639484-1008...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8

Located: HK_CU:Run, igndlm.exe
where: S-1-5-21-536829160-4200119975-3568639484-1008...
command: C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
file: C:\Program Files\Download Manager\DLM.exe
size: 1103480
MD5: E44DC8468555B204615E4712563A5A95

Located: HK_CU:Run, MSMSGS
where: S-1-5-21-536829160-4200119975-3568639484-1008...
command: "C:\Program Files\Messenger\msmsgs.exe" /background
file: C:\Program Files\Messenger\msmsgs.exe
size: 1694208
MD5: 74E6E96C6F0E2ECA4EDBB7F7A468F259

Located: HK_CU:Run, SpybotSD TeaTimer
where: S-1-5-21-536829160-4200119975-3568639484-1008...
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 1460560
MD5: B7D4586BFC0DD6C3BE7DCCC252A3E97E

Located: HK_CU:Run, WMPNSCFG
where: S-1-5-21-536829160-4200119975-3568639484-1008...
command: C:\Program Files\Windows Media Player\WMPNSCFG.exe
file: C:\Program Files\Windows Media Player\WMPNSCFG.exe
size: 204288
MD5: 7EAED08CCCA4DDDE61A388C82598CFA9

Located: HK_CU:Run, YSearchProtection
where: S-1-5-21-536829160-4200119975-3568639484-1008...
command: C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
file: C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
size: 224248
MD5: 0CFD137DA0BD428FC3FEE5FEC8A72AD1

Located: Startup (common), Compaq Connections.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
file: C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
size: 36903
MD5: 95DE6D9314F520FAD04755E4DE0EFA9E

Located: Startup (common), HOTSYNCSHORTCUTNAME.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\Palm\Hotsync.exe
file: C:\Program Files\Palm\Hotsync.exe
size: 471040
MD5: F8FB2CA91F25D3EAA2CAE2F0B55FEC54

Located: Startup (disabled), Adobe Reader Speed Launch (DISABLED)
command: C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: Startup (disabled), HP Digital Imaging Monitor (DISABLED)
command: C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe
file: C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe
size: 288472
MD5: 4543367E50BD35E7D1269D42841B156E

Located: WinLogon, !SASWinLogon
command: C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
file: C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, WgaLogon
command: WgaLogon.dll
file: WgaLogon.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!



--- Browser helper object list ---
{02478D38-C3F9-4EFB-9B51-7695ECA05670} (&Yahoo! Toolbar Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: &Yahoo! Toolbar Helper
description: Yahoo Companion!
classification: Legitimate
known filename: Ycomp*_*_*_*.dll
info link: http://companion.yahoo.com/
info source: TonyKlein
Path: C:\Program Files\Yahoo!\Companion\Installs\cpn5\
Long name: yt.dll
Short name:
Date (created): 9/5/2007 1:48:58 PM
Date (last access): 12/29/2007 3:59:56 PM
Date (last write): 9/5/2007 1:48:58 PM
Filesize: 816400
Attributes: archive
MD5: C1B2B3EF8AC5C8C32670D4EC7D524964
CRC32: AB11046B
Version: 2007.9.5.1

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Adobe PDF Reader Link Helper
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll
info link: http://www.adobe.com/products/acrobat/readstep2.html
info source: TonyKlein
Path: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\
Long name: AcroIEHelper.dll
Short name: ACROIE~1.DLL
Date (created): 10/22/2006 10:08:42 PM
Date (last access): 12/29/2007 3:59:56 PM
Date (last write): 10/22/2006 10:08:42 PM
Filesize: 62080
Attributes: archive
MD5: C11F6A1F61481E24BE3FDC06EA6F7D2A
CRC32: E388508F
Version: 8.0.0.456

{1E8A6170-7264-4D0F-BEAE-D42A53123C75} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:
Path: C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\
Long name: NppBHO.dll
Short name:
Date (created): 1/11/2007 11:04:50 PM
Date (last access): 12/29/2007 3:59:56 PM
Date (last write): 1/11/2007 11:04:50 PM
Filesize: 96936
Attributes: readonly archive
MD5: 27137DE322F6F86D23A53D67F3B8948C
CRC32: 62E4F780
Version: 2007.1.5.29

{53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Spybot-S&D IE Protection
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\PROGRA~1\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 12/29/2007 4:48:02 AM
Date (last access): 12/29/2007 3:59:56 PM
Date (last write): 8/31/2007 4:46:14 PM
Filesize: 1122128
Attributes: archive
MD5: B8958471DAA4481E93B03DF8F991DD6E
CRC32: 35E35F14
Version: 1.5.0.8

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: SSVHelper Class
Path: C:\Program Files\Java\jre1.6.0_03\bin\
Long name: ssv.dll
Short name:
Date (created): 10/19/2007 4:54:20 AM
Date (last access): 12/29/2007 3:59:56 PM
Date (last write): 9/25/2007 12:11:34 AM
Filesize: 501136
Attributes: archive
MD5: D787E3123FAD2BD58AB45B9A5C360ACD
CRC32: DDC625C2
Version: 6.0.30.5

{AAAE832A-5FFF-4661-9C8F-369692D1DCB9} (HpWebHelper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: HpWebHelper
CLSID name: hpWebHelper Class
Path: C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\
Long name: WebHelper.dll
Short name: WEBHEL~1.DLL
Date (created): 5/4/2006 7:26:14 PM
Date (last access): 12/29/2007 4:09:00 PM
Date (last write): 5/30/2006 10:20:10 AM
Filesize: 208896
Attributes: archive
MD5: BEBDF2293F53049569285B9B2FA7EC68
CRC32: F70B7831
Version: 1.0.0.1



--- ActiveX list ---
Microsoft XML Parser for Java (Microsoft XML Parser for Java)
DPF name: Microsoft XML Parser for Java
CLSID name:
Installer:
Codebase: file://C:\WINDOWS\Java\classes\xmldso.cab
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\xmldso.cab
info link:
info source: Patrick M. Kolla

{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object)
DPF name:
CLSID name: QuickTime Object
Installer: C:\WINDOWS\Downloaded Program Files\QTPlugin.inf
Codebase: http://www.apple.com/qtactivex/qtplugin.cab
description: Apple Quicktime
classification: Legitimate
known filename: QTPLUGIN.OCX
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\QuickTime\
Long name: QTPlugin.ocx
Short name:
Date (created): 6/29/2007 5:25:14 AM
Date (last access): 12/29/2007 4:33:48 PM
Date (last write): 6/29/2007 5:25:14 AM
Filesize: 574784
Attributes: archive
MD5: 92FCD2C6B05278FFD772AEE77D29A07C
CRC32: 3E432005
Version: 7.2.0.240

{0854D220-A90A-466D-BC02-6683183802B7} (PrintPreview Class)
DPF name:
CLSID name: PrintPreview Class
Installer:
Codebase: http://sar.fnismls.com/Paragon/Codebase/FNISPrintControl.cab
description:
classification: Open for discussion
known filename: FNISPrintControl.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: FNISPrintControl.dll
Short name: FNISPR~1.DLL
Date (created): 10/2/2003 12:21:10 PM
Date (last access): 12/29/2007 4:33:48 PM
Date (last write): 10/2/2003 12:21:10 PM
Filesize: 36864
Attributes: archive
MD5: 08D42155D48E573178F47AC7AB7D8A2F
CRC32: 095D5378
Version: 1.0.0.2

{200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class)
DPF name:
CLSID name: VerifyGMN Class
Installer: C:\WINDOWS\Downloaded Program Files\hpobjinstaller_gmn.inf
Codebase: http://h20270.www2.hp.com/ediags/gmn/insta...staller_gmn.cab
description:
classification: Legitimate
known filename: hpobjinstaller_gmn.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: hpobjinstaller_gmn.dll
Short name: HPOBJI~1.DLL
Date (created): 5/8/2006 3:24:56 PM
Date (last access): 12/29/2007 4:33:48 PM
Date (last write): 5/8/2006 3:24:56 PM
Filesize: 666168
Attributes: archive
MD5: 4D380946F7F20EEF8E69ACFD5B22A146
CRC32: 522AE8A1
Version: 1.0.0.12

{28E52D43-46EB-439B-8334-DA8D9C63D5B7} (ENCMAX Control)
DPF name:
CLSID name: ENCMAX Control
Installer: C:\WINDOWS\Downloaded Program Files\CONFLICT.1\encmax.inf
Codebase: http://drewwhite.isanexpert.com/system/ENCMAX.cab
Path: C:\WINDOWS\DOWNLO~1\CONFLICT.1\
Long name: encmax.ocx
Short name:
Date (created): 5/17/2006 3:50:38 PM
Date (last access): 12/29/2007 4:33:48 PM
Date (last write): 5/17/2006 3:50:38 PM
Filesize: 53248
Attributes: archive
MD5: B8D50A56948AEB10845CEA68C543091B
CRC32: 5D1B5361
Version: 1.5.0.0

{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner)
DPF name:
CLSID name: Symantec AntiVirus scanner
Installer: C:\WINDOWS\Downloaded Program Files\avsniff.inf
Codebase: http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
description: Symantec online scanner
classification: Legitimate
known filename: AVSNIFF.DLL
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\Downloaded Program Files\
Long name: avsniff.dll
Short name:
Date (created): 5/17/2006 1:32:30 PM
Date (last access): 12/29/2007 4:33:48 PM
Date (last write): 5/17/2006 1:32:30 PM
Filesize: 231072
Attributes: archive
MD5: A5E06A91CF82D97985C90B12FEE33A01
CRC32: 5AC66733
Version: 2006.2.22.58

{39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object)
DPF name:
CLSID name: CDownloadCtrl Object
Installer:
Codebase: http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
description:
classification: Legitimate
known filename: FilePlanetDownloadCtrl.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Download Manager\
Long name: DLMControl.dll
Short name: DLMCON~1.DLL
Date (created): 3/5/2007 1:57:44 PM
Date (last access): 12/29/2007 4:33:48 PM
Date (last write): 3/5/2007 1:57:44 PM
Filesize: 325240
Attributes: archive
MD5: DAE52D10CC04A60FB46C2C0A20A6DDD9
CRC32: 45E5F0BA
Version: 2.3.6.108

{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine)
DPF name:
CLSID name: Office Update Installation Engine
Installer: C:\WINDOWS\Downloaded Program Files\opuc.inf
Codebase: http://office.microsoft.com/officeupdate/content/opuc3.cab
description:
classification: Legitimate
known filename: opuc.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\
Long name: opuc.dll
Short name:
Date (created): 11/17/2005 10:12:26 PM
Date (last access): 12/29/2007 4:33:48 PM
Date (last write): 11/17/2005 10:12:26 PM
Filesize: 533504
Attributes: archive
MD5: 24F3058766D5FC3FD0F37F6D6EE6FE9B
CRC32: F1FAEDE3
Version: 12.0.3208.1014

{4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control)
DPF name:
CLSID name: InstallFromTheWeb ActiveX Control
Installer: C:\WINDOWS\Downloaded Program Files\iftw.inf
Codebase: http://support.rexplorer.net/iftw_install/iftwclix.cab
description:
classification: Legitimate
known filename: iftw.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: iftw.dll
Short name:
Date (created): 1/12/2000 10:09:38 AM
Date (last access): 12/29/2007 4:33:48 PM
Date (last write): 1/12/2000 10:09:38 AM
Filesize: 118784
Attributes: archive
MD5: F3E129954635DB80813C2AC7CBC2E20B
CRC32: 7D48CA96
Version: 3.0.33.0

{63BE9F48-B516-11D1-87CD-00A02476EC4D} (Labelselector Control)
DPF name:
CLSID name: Labelselector Control
Installer:
Codebase: http://sar.fnismls.com/Paragon/Codebase/LabelSelector.cab
Path: C:\WINDOWS\DOWNLO~1\
Long name: labelselector.ocx
Short name: LABELS~1.OCX
Date (created): 6/13/2003 12:48:28 PM
Date (last access): 12/29/2007 4:33:48 PM
Date (last write): 6/13/2003 12:48:28 PM
Filesize: 40960
Attributes: archive
MD5: E62B4A54648B495BED58DAFD1C53E461
CRC32: 73F63CB6
Version: 1.0.0.2

{644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class)
DPF name:
CLSID name: Symantec RuFSI Utility Class
Installer: C:\WINDOWS\Downloaded Program Files\CabSA.inf
Codebase: http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
description:
classification: Legitimate
known filename: rufsi.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: rufsi.dll
Short name:
Date (created): 5/17/2006 1:32:42 PM
Date (last access): 12/29/2007 4:33:48 PM
Date (last write): 5/17/2006 1:32:42 PM
Filesize: 161480
Attributes: archive
MD5: D9021B7C1D765851774FD9A753AEC435
CRC32: 6D65423F
Version: 2006.2.15.43

{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class)
DPF name:
CLSID name: MUWebControl Class
Installer: C:\WINDOWS\Downloaded Program Files\muweb.inf
Codebase: http://update.microsoft.com/microsoftupdat...b?1157350341828
description:
classification: Legitimate
known filename: muweb.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\
Long name: muweb.dll
Short name:
Date (created): 5/26/2005 3:19:32 AM
Date (last access): 12/29/2007 4:33:48 PM
Date (last write): 7/30/2007 6:19:04 PM
Filesize: 207736
Attributes: archive
MD5: 2DEE560CCEF55353EB62FDA870446393
CRC32: 5AA71F7B
Version: 7.0.6000.381

{845A8B24-D89F-11D1-9DA4-0080C885B976} (Galaxy PrintDC Class)
DPF name:
CLSID name: Galaxy PrintDC Class
Installer:
Codebase: http://sar.fnismls.com/Paragon/Codebase/Galaxy.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: Galaxy.dll
Short name:
Date (created): 2/24/2003 3:26:28 PM
Date (last access): 12/29/2007 4:33:48 PM
Date (last write): 2/24/2003 3:26:28 PM
Filesize: 32768
Attributes: archive
MD5: 6BBCA8D7A945702AF1B93F7DE6B5A1FA
CRC32: DC70B3DC
Version: 1.0.0.1

{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_03
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre1.6.0_03\bin\
Long name: npjpi160_03.dll
Short name: NPJPI1~1.DLL
Date (created): 9/24/2007 10:31:44 PM
Date (last access): 12/29/2007 4:33:48 PM
Date (last write): 9/25/2007 12:11:34 AM
Filesize: 132496
Attributes: archive
MD5: D6A4682A6FF41832A3F1A7AB9AE08199
CRC32: 9080B537
Version: 6.0.30.5

{A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan)
DPF name:
CLSID name: Crucial cpcScan
Installer:
Codebase: http://crucial.com/controls/cpcScanner.cab
description:
classification: Legitimate
known filename: cpcscan.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: cpcScan.dll
Short name:
Date (created): 10/23/2006 9:37:28 AM
Date (last access): 12/29/2007 4:33:48 PM
Date (last write): 10/23/2006 9:37:28 AM
Filesize: 241664
Attributes: archive
MD5: 20C3403D5BC63883D8E2F3EDDC340AFF
CRC32: 34EF62D4
Version: 2.2.0.1

{A97D270F-E14D-4AB3-96C2-72510B30AF23} ()
DPF name:
CLSID name:
Installer:
Codebase: http://showtime.pangocash.com/pop/matc/install.exe

{AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control)
DPF name:
CLSID name: Get_ActiveX Control
Installer:
Codebase: https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
description:
classification: Legitimate
known filename: HPGetDownloadManager.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\DOWNLO~1\
Long name: HPGetDownloadManager.ocx
Short name: HPGETD~1.OCX
Date (created): 9/3/2006 10:52:10 PM
Date (last access): 12/29/2007 4:33:48 PM
Date (last write): 9/3/2006 10:52:12 PM
Filesize: 88136
Attributes: archive
MD5: 200E3189656F9A29FB5BC7F71AB3F283
CRC32: 8C85B2F9
Version: 3.3.0.0

{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_05
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_05.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.5.0_05\bin\
Long name: NPJPI150_05.dll
Short name: NPJPI1~1.DLL
Date (created): 8/26/2005 5:14:48 PM
Date (last access): 12/29/2007 4:33:48 PM
Date (last write): 8/26/2005 5:33:54 PM
Filesize: 69746
Attributes: archive
MD5: 52A85771BE18C9C00732F475A2C192AE
CRC32: 525AE3AD
Version: 5.0.50.5

{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_06
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.5.0_06\bin\
Long name: NPJPI150_06.dll
Short name: NPJPI1~1.DLL
Date (created): 3/2/2006 12:52:58 PM
Date (last access): 12/29/2007 4:33:50 PM
Date (last write): 11/10/2005 12:22:12 PM
Filesize: 69746
Attributes: archive
MD5: D2CF6BB5E9020E6707B62575F8083954
CRC32: 7F39DC54
Version: 5.0.60.5

{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_09
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab
description:
classification: Legitimate
known filename: NPJPI150_09.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.5.0_09\bin\
Long name: NPJPI150_09.dll
Short name: NPJPI1~1.DLL
Date (created): 10/12/2006 3:10:58 AM
Date (last access): 12/29/2007 4:33:50 PM
Date (last write): 10/12/2006 3:25:44 AM
Filesize: 69746
Attributes: archive
MD5: A3CDEB59B6B8C2EA81B9ED2D3EF4C95E
CRC32: 2A32A9A2
Version: 5.0.90.3

{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_10
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_10.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.5.0_10\bin\
Long name: NPJPI150_10.dll
Short name: NPJPI1~1.DLL
Date (created): 11/9/2006 3:07:34 PM
Date (last access): 12/29/2007 4:33:50 PM
Date (last write): 11/9/2006 3:21:54 PM
Filesize: 75528
Attributes: archive
MD5: 635F4B3A0F1C661B5CEDE628BA85E46B
CRC32: 0C9B7145
Version: 5.0.100.3

{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_11
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_11.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.5.0_11\bin\
Long name: NPJPI150_11.dll
Short name: NPJPI1~1.DLL
Date (created): 12/15/2006 3:09:16 AM
Date (last access): 12/29/2007 4:33:50 PM
Date (last write): 12/15/2006 3:23:26 AM
Filesize: 75528
Attributes: archive
MD5: 3B3F6984DBF972DAFF1B7E9C44E2FE75
CRC32: 4BDE2041
Version: 5.0.110.3

{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_01
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab
description:
classification: Legitimate
known filename: npjpi160_01.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.6.0_01\bin\
Long name: npjpi160_01.dll
Short name: NPJPI1~1.DLL
Date (created): 3/14/2007 1:04:46 AM
Date (last access): 12/29/2007 4:33:50 PM
Date (last write): 3/14/2007 2:43:42 AM
Filesize: 132760
Attributes: archive
MD5: F112FB2FD2EF66D439799E3F834DF000
CRC32: D2B09219
Version: 6.0.0.6

{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_02
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab
description:
classification: Legitimate
known filename: npjpi160_02.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.6.0_02\bin\
Long name: npjpi160_02.dll
Short name: NPJPI1~1.DLL
Date (created): 7/12/2007 1:22:38 AM
Date (last access): 12/29/2007 4:33:50 PM
Date (last write): 7/12/2007 3:00:36 AM
Filesize: 132496
Attributes: archive
MD5: E3811F1A1C5063C941EC0E2766C3EA39
CRC32: AEFD3747
Version: 6.0.20.6

{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_03
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab
Path: C:\Program Files\Java\jre1.6.0_03\bin\
Long name: npjpi160_03.dll
Short name: NPJPI1~1.DLL
Date (created): 9/24/2007 10:31:44 PM
Date (last access): 12/29/2007 4:33:48 PM
Date (last write): 9/25/2007 12:11:34 AM
Filesize: 132496
Attributes: archive
MD5: D6A4682A6FF41832A3F1A7AB9AE08199
CRC32: 9080B537
Version: 6.0.30.5

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_03
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.6.0_03\bin\
Long name: npjpi160_03.dll
Short name: NPJPI1~1.DLL
Date (created): 9/24/2007 10:31:44 PM
Date (last access): 12/29/2007 4:33:48 PM
Date (last write): 9/25/2007 12:11:34 AM
Filesize: 132496
Attributes: archive
MD5: D6A4682A6FF41832A3F1A7AB9AE08199
CRC32: 9080B537
Version: 6.0.30.5

{D270FE47-4F7B-4AFF-BCF8-B023A6FF4DFA} (SystemChecker.CheckerCtrl)
DPF name:
CLSID name: SystemChecker.CheckerCtrl
Installer: C:\WINDOWS\Downloaded Program Files\SystemChecker.INF
Codebase: http://sar.fnismls.com/Paragon/Codebase/SystemChecker.cab
description:
classification: Open for discussion
known filename: SystemChecker.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: SystemChecker.ocx
Short name: SYSTEM~1.OCX
Date (created): 12/23/2005 10:53:34 AM
Date (last access): 12/29/2007 4:33:50 PM
Date (last write): 12/23/2005 10:53:34 AM
Filesize: 90112
Attributes: archive
MD5: CC02FBFB36050C85E66A60562567F62C
CRC32: A094430A
Version: 1.0.0.29

{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf
Codebase: http://download.macromedia.com/pub/shockwa...ash/swflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\Macromed\Flash\
Long name: Flash9d.ocx
Short name:
Date (created): 6/11/2007 12:04:32 PM
Date (last access): 12/29/2007 4:28:20 PM
Date (last write): 6/11/2007 12:04:32 PM
Filesize: 2267368
Attributes: readonly archive
MD5: B01E2A41389FBA42B7B5A026EA88C9B7
CRC32: 8980B6EC
Version: 9.0.47.0

{EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class)
DPF name:
CLSID name: QDiagHUpdateObj Class
Installer: C:\WINDOWS\Downloaded Program Files\qdiagh.inf
Codebase: http://h30155.www3.hp.com/ediags/hpfix/aio.../qdiagh.cab?326
description:
classification: Legitimate
known filename: qdiagh.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\
Long name: qdiagh.ocx
Short name:
Date (created): 11/30/2004 1:10:08 PM
Date (last access): 12/29/2007 4:33:50 PM
Date (last write): 11/30/2004 1:10:08 PM
Filesize: 824416
Attributes: archive
MD5: F74D5AEFB89DEDC35B2295ED424A7CDF
CRC32: 25AD1A25
Version: 1.0.1.326



--- Process list ---
PID: 0 ( 0) [System]
PID: 640 ( 0) \SystemRoot\System32\smss.exe
size: 50688
PID: 724 ( 0) \??\C:\WINDOWS\system32\csrss.exe
size: 6144
PID: 748 ( 0) \??\C:\WINDOWS\system32\winlogon.exe
size: 502272
PID: 804 ( 0) C:\WINDOWS\system32\services.exe
size: 108032
MD5: C6CE6EEC82F187615D1002BB3BB50ED4
PID: 816 ( 0) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 84885F9B82F4D55C6146EBF6065D75D2
PID: 984 ( 0) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1032 ( 0) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1128 ( 0) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1160 ( 0) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1432 ( 0) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1572 ( 0) C:\WINDOWS\Explorer.EXE
size: 1033216
MD5: 97BD6515465659FF8F3B7BE375B2EA87
PID: 1596 ( 0) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1704 ( 0) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
size: 108648
MD5: FE69C498B922CE835E2E2123FBD0A272
PID: 1808 ( 0) C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
size: 47712
MD5: EFF5C2A0A06BCBFC5CF931C00CF6146D
PID: 1952 ( 0) C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
size: 1252232
MD5: 595175D2E7F77A1440DE360EEC20FA7D
PID: 1708 ( 0) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: DA81EC57ACD4CDC3D4C51CF3D409AF9F
PID: 480 ( 0) C:\WINDOWS\system32\agrsmsvc.exe
size: 12800
MD5: 2B18BA73927F65CFB1137CC8DC74C557
PID: 492 ( 0) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
size: 106496
MD5: 2ACFC9242BE81AE2356E14E5E05C02BB
PID: 504 ( 0) C:\WINDOWS\arservice.exe
size: 58880
MD5: 9A0D9B2E263BEDE80FB79DDBAD240EC1
PID: 528 ( 0) C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
size: 554616
MD5: C0E25BB0E6A159D332048AFAA2ED24CE
PID: 664 ( 0) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
size: 108648
MD5: FE69C498B922CE835E2E2123FBD0A272
PID: 144 ( 0) C:\WINDOWS\eHome\ehRecvr.exe
size: 237568
MD5: 5D1347AA5AE6E2F77D7F4F8372D95AC9
PID: 864 ( 0) C:\WINDOWS\eHome\ehSched.exe
size: 102912
MD5: A53243709439AC2A4C216B817F8D7411
PID: 1152 ( 0) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1252 ( 0) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
size: 73728
MD5: E4973B3229E0015345AFBE43A8A8EB3B
PID: 1776 ( 0) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
size: 322120
MD5: 11F714F85530A2BD134074DC30E99FCA
PID: 1912 ( 0) C:\WINDOWS\system32\nvsvc32.exe
size: 131139
MD5: B0903C021BFCD6055C053A569EF98AEF
PID: 1984 ( 0) C:\WINDOWS\system32\HPZipm12.exe
size: 73728
MD5: 2D091A99624FB9E7EEF0A86D872EC0C3
PID: 2152 ( 0) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 2244 ( 0) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 2416 ( 0) C:\WINDOWS\ehome\mcrdsvc.exe
size: 99328
MD5: DF0A511F38F16016BF658FCA0090CB87
PID: 2508 ( 0) C:\Program Files\Windows Media Player\WMPNetwk.exe
size: 913408
MD5: F74E3D9A7FA9556C3BBB14D4E5E63D3B
PID: 2948 ( 0) C:\WINDOWS\system32\dllhost.exe
size: 5120
MD5: DD87DB7387B9EB441C5674888A0D840C
PID: 3476 ( 0) C:\WINDOWS\System32\alg.exe
size: 44544
MD5: F1958FBF86D5C004CF19A5951A9514B7
PID: 4004 ( 0) C:\WINDOWS\ehome\ehtray.exe
size: 67584
MD5: 7E48B4958C131E9643DDCD2E7CA3FE9F
PID: 4012 ( 0) C:\WINDOWS\ARPWRMSG.EXE
size: 77312
MD5: B596347A26DC054EBB44EB3BC8E95B0A
PID: 1372 ( 0) C:\WINDOWS\eHome\ehmsas.exe
size: 46592
MD5: 03A905FBA1D62317087DB5C21C0F8F62
PID: 2592 ( 0) C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
size: 54840
MD5: 21293443961A4E2597453EE7A9347F22
PID: 2620 ( 0) C:\WINDOWS\system32\RUNDLL32.EXE
size: 33280
MD5: DA285490BBD8A1D0CE6623577D5BA1FF
PID: 2660 ( 0) C:\HP\KBD\KBD.EXE
size: 61440
MD5: C81BE1B951C36E97D3DA90DA745DA5F7
PID: 2708 ( 0) C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
size: 132496
MD5: D4F0F7437327DBAA264338BAAFB5E5AF
PID: 2716 ( 0) C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
size: 63712
MD5: FC9E59FE8BC4FE05382CFF5C8FC59DE1
PID: 3160 ( 0) C:\Program Files\iTunes\iTunesHelper.exe
size: 270648
MD5: 018C1B1379D326ABFAA89EDA7E43F95A
PID: 3236 ( 0) C:\Program Files\Common Files\Symantec Shared\ccApp.exe
size: 115816
MD5: 25BE770865658CB79100117112819A7C
PID: 2168 ( 0) C:\Program Files\DISC\DISCover.exe
size: 1095256
MD5: 6A24BAC693EBC81A5248F0CDD7F978F1
PID: 3524 ( 0) C:\WINDOWS\system32\wbem\wmiprvse.exe
size: 218112
MD5: 075EA6C849AB0FE416A3D6DD65C3CF41
PID: 3656 ( 0) C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
size: 224248
MD5: 0CFD137DA0BD428FC3FEE5FEC8A72AD1
PID: 3496 ( 0) C:\Program Files\DISC\DiscStreamHub.exe
size: 75352
MD5: CB94432242EE917D5A39A8A4741E4691
PID: 3916 ( 0) C:\WINDOWS\RTHDCPL.EXE
size: 16855552
MD5: 9BED5FA9D8E98A1C4F8A9922185FDA7D
PID: 1564 ( 0) C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8
PID: 1388 ( 0) C:\Program Files\Messenger\msmsgs.exe
size: 1694208
MD5: 74E6E96C6F0E2ECA4EDBB7F7A468F259
PID: 2776 ( 0) C:\Program Files\Windows Media Player\WMPNSCFG.exe
size: 204288
MD5: 7EAED08CCCA4DDDE61A388C82598CFA9
PID: 244 ( 0) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 1460560
MD5: B7D4586BFC0DD6C3BE7DCCC252A3E97E
PID: 4068 ( 0) C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
size: 36903
MD5: 95DE6D9314F520FAD04755E4DE0EFA9E
PID: 3840 ( 0) C:\Program Files\Palm\Hotsync.exe
size: 471040
MD5: F8FB2CA91F25D3EAA2CAE2F0B55FEC54
PID: 3836 ( 0) C:\Program Files\iPod\bin\iPodService.exe
size: 501048
MD5: 83CD5F746B260457DEF125AEB8783B46
PID: 3028 ( 0) c:\windows\system\hpsysdrv.exe
size: 52736
MD5: 06A1ECB63DF139EC639E084D4AB3C9D7
PID: 2400 ( 0) C:\Program Files\Internet Explorer\IEXPLORE.EXE
size: 93184
MD5: E7484514C0464642BE7B4DC2689354C8
PID: 1992 ( 0) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4943184
MD5: C92780F50B8BB7A89E919585916494A9


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 12/29/2007 4:34:51 PM

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
http://search.msn.com/spbasic.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.yahoo.com/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
http://home.microsoft.com/access/autosearch.asp?p=%s
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Bar
http://search.msn.com/intl/searchpane/en-au/prov2.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{44240985-135A-49E7-A449-F33A1C55A565}] SEQPACKET 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{44240985-135A-49E7-A449-F33A1C55A565}] DATAGRAM 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{0DF17F47-69AD-4DF0-94F4-EA80D955B925}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{0DF17F47-69AD-4DF0-94F4-EA80D955B925}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{5996ED97-BD4A-4909-BBD3-D1AB0ECF5BC9}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{5996ED97-BD4A-4909-BBD3-D1AB0ECF5BC9}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{892900FC-9814-4488-99C0-81491C1EE93D}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{892900FC-9814-4488-99C0-81491C1EE93D}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{4D589907-2D53-4DBA-8511-D302D05BE3EB}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{4D589907-2D53-4DBA-8511-D302D05BE3EB}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{FECA2202-8AB9-4832-997F-0DA2317240A6}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{FECA2202-8AB9-4832-997F-0DA2317240A6}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS

Namespace Provider 2: Network Location Awareness (NLA) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:09 PM

Posted 30 December 2007 - 12:22 AM

Please print out and follow the generic instructions for using "SmitfraudFix".
(If you have downloaded SmitfraudFix previously, please delete that version and download it again as the tool is frequently updated!)
-- If the tool fails to launch from the Desktop, please move smitfraudFix.exe to the root of the system drive (usually C:\), and run it from there.

Your Spybot log is showing several older versions of Java Runtime Environment. You have the latest version but need to remove the old ones because they have vulnerabilities that malicious sites can use to infect your system.

Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.

Also let me know how your computer is running.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 dreww

dreww
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:09 PM

Posted 30 December 2007 - 02:33 AM

I ran SmitfraudFix.exe as mentioned above. Things seemed to be running better before I did this and are the same after. Not sure if this one did much? Thank you for the prompt replies. Do things look OK to you at this point? Here is the log:

SmitFraudFix v2.274

Scan done at 23:20:17.64, Sat 12/29/2007
Run from C:\Documents and Settings\Compaq_Administrator\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

Killing process


hosts

127.0.0.1 localhost

Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


Generic Renos Fix

GenericRenosFix by S!Ri


Deleting infected files


IEDFix

IEDFix.exe by S!Ri


DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{5996ED97-BD4A-4909-BBD3-D1AB0ECF5BC9}: DhcpNameServer=68.87.69.146 68.87.85.98
HKLM\SYSTEM\CCS\Services\Tcpip\..\{892900FC-9814-4488-99C0-81491C1EE93D}: DhcpNameServer=16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
HKLM\SYSTEM\CS1\Services\Tcpip\..\{5996ED97-BD4A-4909-BBD3-D1AB0ECF5BC9}: DhcpNameServer=68.87.69.146 68.87.85.98
HKLM\SYSTEM\CS1\Services\Tcpip\..\{892900FC-9814-4488-99C0-81491C1EE93D}: DhcpNameServer=16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
HKLM\SYSTEM\CS3\Services\Tcpip\..\{5996ED97-BD4A-4909-BBD3-D1AB0ECF5BC9}: DhcpNameServer=68.87.69.146 68.87.85.98
HKLM\SYSTEM\CS3\Services\Tcpip\..\{892900FC-9814-4488-99C0-81491C1EE93D}: DhcpNameServer=16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=68.87.69.146 68.87.85.98
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=68.87.69.146 68.87.85.98
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=68.87.69.146 68.87.85.98


Deleting Temp Files


Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


Registry Cleaning

Registry Cleaning done.

SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


End

#8 dreww

dreww
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:09 PM

Posted 30 December 2007 - 02:43 AM

Do I need to remove all these fixes now if things are running good, Smitfraudfix, SDfix, Vundofix? What about all the text documents that go with them?

Thank You,

#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:09 PM

Posted 30 December 2007 - 08:29 AM

Download OTMoveIt by OldTimer and save to your Desktop.
  • Connect to the Internet and double-click on OTMoveIt.exe to launch the program
  • Click on the CleanUp! button.
  • When you do this a text file named cleanup.txt will be downloaded from the Internet.
  • If you get a warning from your firewall or other security programs regarding OTMoveIt attempting to contact the Internet you should allow it to do so.
  • After the text file has been downloaded, you will be asked if you want to Begin cleanup process?
  • Select Yes.
  • Doing this will remove the specialized tools I had you download/run.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#10 dreww

dreww
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:09 PM

Posted 30 December 2007 - 02:26 PM

Dear Quietman7,

Thank you so much for your help with this. It is so nice seeing this forum around and the people on here that are so willing to help asking nothing in return. With so many people out there trying to hurt people via their computer it is nice to have some good ones around to help us that do not know the inner workings of these things they call computers, :thumbsup:

Thank You Again,
Drew

#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:09 PM

Posted 30 December 2007 - 04:47 PM

Your welcome.

Now you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "OK".
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#12 dreww

dreww
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:09 PM

Posted 31 December 2007 - 02:03 PM

Restore point created. I think my computer might be running better now than it did before all this happened. Thanks again for all the help.

Happy New Year,
Drew

#13 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:09 PM

Posted 31 December 2007 - 05:08 PM

Happy New Year to you as well.

Happy New YearTo protect yourself against malware and reduce the potential for re-infection, be sure to read:
"Simple and easy ways to keep your computer safe".
"How did I get infected?, With steps so it does not happen again!".
"Hardening Windows Security - Part 1".
"Hardening Windows Security - Part 2".
"[b][url=http://www.malwarehelp.org/configuring-internet-explorer2.html][color=blue]IE Recommended
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users