Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

What on Earth...?


  • Please log in to reply
15 replies to this topic

#1 John R

John R

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:19 AM

Posted 02 June 2009 - 12:07 PM

I swear, I think Facebook is plagued with trojan laden apps, or something.

(I think I got this from the "Owned!" app)

Anyway, it's the mis-spelling of the word "program" (spelled at "programm") as well as the "Enable Protection" button that strikes me as odd.

Malwarebyte doesn't seem to pick it up.

So, could anyone tell me what this is? It can't be legit. Microsoft employees should have a working knowledge of the English language.

Screenshot

BC AdBot (Login to Remove)

 


#2 JacobHall

JacobHall

  • Members
  • 300 posts
  • OFFLINE
  •  
  • Local time:11:19 AM

Posted 02 June 2009 - 12:14 PM

You are right, the spelling is pretty bad, and Malware is known to be created and ditributed in other countrys

Try googling that Virus...and I think you have picked up a fake alert virus, becuase Microsoft never has a link saying to download etc

Update MBAM, Run a quick scan, If nothing wait for an advisor

#3 John R

John R
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:19 AM

Posted 02 June 2009 - 12:21 PM

I'm not exactly sure what it is I'm supposed to Google.

Upon reading it again, I have noticed other misspellings. I wouldn't be surprised if it came from the East. I do agree that it's a fake alert.

Before I ran the MBAM sweep, I did download the most recent update. This is the log:

Malwarebytes' Anti-Malware 1.37
Database version: 2214
Windows 5.1.2600 Service Pack 3

6/2/2009 12:51:45 PM
mbam-log-2009-06-02 (12-51-45).txt

Scan type: Quick Scan
Objects scanned: 118620
Time elapsed: 1 hour(s), 2 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#4 JacobHall

JacobHall

  • Members
  • 300 posts
  • OFFLINE
  •  
  • Local time:11:19 AM

Posted 02 June 2009 - 12:23 PM

Wow, a quick scan took a whole hour!!

Have you got SaS installed? Try Updating and running that in Quick Mode
Notice any strange processes in your Task manager?

#5 John R

John R
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:19 AM

Posted 02 June 2009 - 12:27 PM

Actually, I have noticed a couple of strange apps in Taskmanager. One of them being simply "c.exe". Although, I can't say for certain.

Will be posting up SAS log after it runs.

#6 JacobHall

JacobHall

  • Members
  • 300 posts
  • OFFLINE
  •  
  • Local time:11:19 AM

Posted 02 June 2009 - 12:29 PM

Actually, I have noticed a couple of strange apps in Taskmanager. One of them being simply "c.exe". Although, I can't say for certain.

Will be posting up SAS log after it runs.



Any Processes that are unusual, just search them up on Google and if they are known malware or you still arent sure post them up here and a advisor will be happy to help

Good Luck

EDIT: I have had processes like at.exe which are actually legimate, just they look really starnge!

Edited by jacoblloyd, 02 June 2009 - 12:30 PM.


#7 JacobHall

JacobHall

  • Members
  • 300 posts
  • OFFLINE
  •  
  • Local time:11:19 AM

Posted 02 June 2009 - 12:32 PM

Hey there again

PrevxCSI is a fantastic scanning tool, although costs to remove

But here is analysis for c.exe

http://www.prevx.com/filenames/X8254179882...7-X1/C.EXE.html

Run PrevxCSi just for confirmation, But note that PrevxCSi doesnt remove malware and dont purchase it, just use it as its a great tool to check for malware!

c.exe also uses these aliasis
C.EXE can also use the following file names:

B.EXE 0.EXE A.EXE D.EXE E.EXE N.EXE I.EXE G.EXE 11570418.EXE 89731979.EXE 21950877.EXE SVCHOST.EXE SYSTEM.EXE 57576589.EXE MSA.EXE 63489729.EXE AI.EXE AP.EXE K.EXE W.EXE MSB.EXE H5AWCBEK.EXE UB87E2P8.EXE 0UC6S1M2.EXE 22CR0333.EXE LH2M356P.EXE O1WFJQQX.EXE KN1OGOLY.EXE O4RT7A00.EXE N2JCG7XA.EXE STGL4SAW.EXE INTERNAT.EXE 67025821.DAT WPV901241460535.EXE WPV031241460535.EXE WPV041241460535.EXE WPV951241460535.EXE WPV741241460535.EXE WPV991241460535.EXE WPV341241460535.EXE WPV441241460535.EXE WPV511241460535.EXE WPV831241460535.EXE WPV161241460535.EXE WPV611241460535.EXE WPV311241460535.EXE WPV011241460535.EXE WPV431241460535.EXE WPV271241460535.EXE SOOO5[n].EXE 19185764.DAT

Got any?

Edited by jacoblloyd, 02 June 2009 - 12:35 PM.


#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,040 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:19 AM

Posted 02 June 2009 - 12:35 PM

Hello c.exe is malware and probably not alone.. We can remove all this for free...
Please run these next...
Next run ATF and SAS:
From your regular user account..
Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..
DO NOT run yet.
Open SUPER from icon and install and Update it
Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining
.
Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.

Now reboot into Safe Mode: How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.

If you use Firefox or Opera browser click that browser at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program
.

NOW Scan with SUPER
Open from the desktop icon or the program Files list
On the left, make sure you check C:\Fixed Drive.
Perform a Complete scan. After scan,Verify they are all checked.
Click OK on the summary screen to quarantine all found items.
If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log.
A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.



Also that's a lot of files for a quick scan so...
Rerun MBAM like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select FULL scan and scan.
After scan click Remove Selected, Post new scan log and Reboot into normal mode.

Edited by boopme, 02 June 2009 - 12:37 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 John R

John R
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:19 AM

Posted 02 June 2009 - 12:58 PM

Hello everyone!

Before I start:

I ran Spyware - Search and Destroy, after applying the latest update.

It picked up one cookie and one change in the registry. Removing both didn't change much. The "Windows Security Alert" popped up again.

This is the resulting log that was generated:


--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2008-07-30 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2009-06-02 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-01-26 advcheck.dll (1.6.2.15)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2009-05-19 Includes\Adware.sbi
2009-05-26 Includes\AdwareC.sbi
2009-01-22 Includes\Cookies.sbi
2009-05-19 Includes\Dialer.sbi
2009-05-26 Includes\DialerC.sbi
2009-01-22 Includes\HeavyDuty.sbi
2009-05-26 Includes\Hijackers.sbi
2009-05-26 Includes\HijackersC.sbi
2009-05-06 Includes\Keyloggers.sbi
2009-05-26 Includes\KeyloggersC.sbi
2004-11-29 Includes\LSP.sbi
2009-05-12 Includes\Malware.sbi
2009-05-26 Includes\MalwareC.sbi
2009-03-25 Includes\PUPS.sbi
2009-05-26 Includes\PUPSC.sbi
2009-01-22 Includes\Revision.sbi
2009-01-13 Includes\Security.sbi
2009-05-26 Includes\SecurityC.sbi
2008-06-03 Includes\Spybots.sbi
2008-06-03 Includes\SpybotsC.sbi
2009-04-07 Includes\Spyware.sbi
2009-05-26 Includes\SpywareC.sbi
2009-04-07 Includes\Tracks.uti
2009-05-12 Includes\Trojans.sbi
2009-05-26 Includes\TrojansC.sbi
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll


--- System information ---
Windows XP (Build: 2600) Service Pack 3 (5.1.2600)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB928366)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
/ Microsoft .NET Framework 2.0: This Security Update is for Microsoft .NET Framework 2.0. \n
If you later install a more recent service pack, this Security Update will be uninstalled automatically. \n
For more information, visit http://support.microsoft.com/kb/928365
/ MSXML4SP2: Security update for MSXML4 SP2 (KB936181)
/ MSXML4SP2: Security update for MSXML4 SP2 (KB954430)
/ Windows / SP1: Microsoft Internationalized Domain Names Mitigation APIs
/ Windows / SP1: Microsoft National Language Support Downlevel APIs
/ Windows Media Format 11 SDK: Hotfix for Windows Media Format 11 SDK (KB929399)
/ Windows Media Player: Security Update for Windows Media Player (KB952069)
/ Windows Media Player 11: Security Update for Windows Media Player 11 (KB936782)
/ Windows Media Player 11: Hotfix for Windows Media Player 11 (KB939683)
/ Windows Media Player 11: Security Update for Windows Media Player 11 (KB954154)
/ Windows Media Player 11: Critical Update for Windows Media Player 11 (KB959772)
/ Windows XP: Security Update for Windows XP (KB941569)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB938127-v2)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB953838)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB961260)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB963027)
/ Windows XP / SP10: Microsoft Compression Client Pack 1.0 for Windows XP
/ Windows XP / SP3: Update for Windows XP (KB898461)
/ Windows XP / SP4: Security Update for Windows XP (KB923561)
/ Windows XP / SP4: Security Update for Windows XP (KB938464)
/ Windows XP / SP4: Update for Windows XP (KB942763)
/ Windows XP / SP4: Hotfix for Windows XP (KB945436)
/ Windows XP / SP4: Security Update for Windows XP (KB946648)
/ Windows XP / SP4: Hotfix for Windows XP (KB949764)
/ Windows XP / SP4: Security Update for Windows XP (KB950759)
/ Windows XP / SP4: Security Update for Windows XP (KB950762)
/ Windows XP / SP4: Security Update for Windows XP (KB950974)
/ Windows XP / SP4: Security Update for Windows XP (KB951066)
/ Windows XP / SP4: Update for Windows XP (KB951072-v2)
/ Windows XP / SP4: Security Update for Windows XP (KB951376-v2)
/ Windows XP / SP4: Security Update for Windows XP (KB951698)
/ Windows XP / SP4: Security Update for Windows XP (KB951748)
/ Windows XP / SP4: Update for Windows XP (KB951978)
/ Windows XP / SP4: Security Update for Windows XP (KB952004)
/ Windows XP / SP4: Hotfix for Windows XP (KB952287)
/ Windows XP / SP4: Security Update for Windows XP (KB952954)
/ Windows XP / SP4: Security Update for Windows XP (KB953838)
/ Windows XP / SP4: Security Update for Windows XP (KB953839)
/ Windows XP / SP4: Security Update for Windows XP (KB954459)
/ Windows XP / SP4: Security Update for Windows XP (KB954600)
/ Windows XP / SP4: Security Update for Windows XP (KB955069)
/ Windows XP / SP4: Update for Windows XP (KB955839)
/ Windows XP / SP4: Security Update for Windows XP (KB956572)
/ Windows XP / SP4: Security Update for Windows XP (KB956802)
/ Windows XP / SP4: Security Update for Windows XP (KB956803)
/ Windows XP / SP4: Security Update for Windows XP (KB956841)
/ Windows XP / SP4: Security Update for Windows XP (KB957097)
/ Windows XP / SP4: Security Update for Windows XP (KB958644)
/ Windows XP / SP4: Security Update for Windows XP (KB958687)
/ Windows XP / SP4: Security Update for Windows XP (KB958690)
/ Windows XP / SP4: Security Update for Windows XP (KB959426)
/ Windows XP / SP4: Security Update for Windows XP (KB960225)
/ Windows XP / SP4: Security Update for Windows XP (KB960715)
/ Windows XP / SP4: Security Update for Windows XP (KB960803)
/ Windows XP / SP4: Security Update for Windows XP (KB961373)
/ Windows XP / SP4: Update for Windows XP (KB967715)
/ XML Paper Specification Shared Components Pack 1.0: XML Paper Specification Shared Components Pack 1.0


--- Startup entries list ---
Located: HK_LM:Run,
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, Adobe Reader Speed Launcher
command: "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
file: C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
size: 39792
MD5: 8B9145D229D4E89D15ACB820D4A3A90F

Located: HK_LM:Run, AESTFltr
command: %SystemRoot%\system32\AESTFltr.exe /NoDlg
file: C:\WINDOWS\system32\AESTFltr.exe
size: 466944
MD5: 6C03AE4B4605294928FB4BBD786B3277

Located: HK_LM:Run, Apoint
command: C:\Program Files\DellTPad\Apoint.exe
file: C:\Program Files\DellTPad\Apoint.exe
size: 196608
MD5: F6DC033E6E576291C42287237B9E4C48

Located: HK_LM:Run, ChangeTPMAuth
command: C:\Program Files\Wave Systems Corp\Common\ChangeTPMAuth.exe /T:NTRU12
file: C:\Program Files\Wave Systems Corp\Common\ChangeTPMAuth.exe
size: 180224
MD5: 25671D6605581CF63212A5A3751E6E3F

Located: HK_LM:Run, DCPstrApp
command: C:\Program Files\Dell\Dell ControlPoint\Security Manager\SecurityDeviceInfoSetRegistryString.exe
file: C:\Program Files\Dell\Dell ControlPoint\Security Manager\SecurityDeviceInfoSetRegistryString.exe
size: 6656
MD5: A7C407BFEA5AFD591A04E71FFFF67E4D

Located: HK_LM:Run, DellConnectionManager
command: "C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe"
file: C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe
size: 1486848
MD5: 08374D5D2868FB3385ACA44596B10F2B

Located: HK_LM:Run, DellControlPoint
command: "C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe"
file: C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
size: 593920
MD5: A987062CD6331A906AE93FA9A35056EB

Located: HK_LM:Run, ECenter
command: C:\Dell\E-Center\EULALauncher.exe
file: C:\Dell\E-Center\EULALauncher.exe
size: 17920
MD5: D6B7814AA0D1412F0EA77845C0AF7B51

Located: HK_LM:Run, EmbassySecurityCheck
command: "C:\Program Files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe"
file: C:\Program Files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe
size: 79160
MD5: 4B2DB9A223D7C7B19033B18D3AF4D7C4

Located: HK_LM:Run, GrooveMonitor
command: "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
file: C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
size: 33648
MD5: 35DCD380D4D579D8B8EA91D5D8AE444C

Located: HK_LM:Run, HotKeysCmds
command: C:\WINDOWS\system32\hkcmd.exe
file: C:\WINDOWS\system32\hkcmd.exe
size: 170520
MD5: 1818806AEC047EEB385DCCFC8CC00BFB

Located: HK_LM:Run, IAAnotif
command: C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
file: C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
size: 178712
MD5: 821465022ABD469A27F014A5E0FDD0D8

Located: HK_LM:Run, IgfxTray
command: C:\WINDOWS\system32\igfxtray.exe
file: C:\WINDOWS\system32\igfxtray.exe
size: 143360
MD5: C47C5D8CE9703C6CCE4E264CBE83A9F7

Located: HK_LM:Run, IntelWireless
command: "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
file: C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
size: 1191936
MD5: A3DCE037F6961535596781C2CE9047CE

Located: HK_LM:Run, IntelZeroConfig
command: "C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe"
file: C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
size: 1351680
MD5: E549D44F9ACA2C1D02B82ADB203EFAA9

Located: HK_LM:Run, Kernel and Hardware Abstraction Layer
command: KHALMNPR.EXE
file: C:\WINDOWS\KHALMNPR.EXE
size: 100888
MD5: FEED9D6E39DB12BB641929D708E267BF

Located: HK_LM:Run, Logitech Hardware Abstraction Layer
command: "C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE"
file: C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
size: 100888
MD5: FEED9D6E39DB12BB641929D708E267BF

Located: HK_LM:Run, McAfeeUpdaterUI
command: "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
file: C:\Program Files\McAfee\Common Framework\UdaterUI.exe
size: 136768
MD5: 5DC6DA1B20E62BBA3EB5716367DA580D

Located: HK_LM:Run, PDVDDXSrv
command: "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
file: C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
size: 128296
MD5: 0940767CB618E3EDD744161A00ADE5DB

Located: HK_LM:Run, Persistence
command: C:\WINDOWS\system32\igfxpers.exe
file: C:\WINDOWS\system32\igfxpers.exe
size: 141848
MD5: 26A3B2A077BBAE71A955D5620C4C8166

Located: HK_LM:Run, SafeBootTrayManager
command: "C:\Program Files\SafeBoot Tray Manager\SbTrayManager.exe"
file: C:\Program Files\SafeBoot Tray Manager\SbTrayManager.exe
size: 69632
MD5: 2068607318F72796B1DA38611888373C

Located: HK_LM:Run, SecureUpgrade
command: C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
file: C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
size: 243000
MD5: AECE58ACAC97E058F9827E1FF4BC04A1

Located: HK_LM:Run, ShStatEXE
command: "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
file: C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
size: 112216
MD5: B02178866C19F73310FD70B789135240

Located: HK_LM:Run, SysTrayApp
command: %ProgramFiles%\IDT\WDM\sttray.exe
file: C:\Program Files\IDT\WDM\sttray.exe
size: 442467
MD5: A45074E85BB55EA0524F0067F00DD980

Located: HK_LM:Run, UniPrint
command: C:\Program Files\UniPrint\Client\SetDfltSettings.exe
file: C:\Program Files\UniPrint\Client\SetDfltSettings.exe
size: 155857
MD5: 39BFF1A7522B253C66D8FB714C23B81B

Located: HK_LM:Run, WavXMgr
command: C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
file: C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
size: 105472
MD5: 52D850FCDE2D4316209FD555B013FC2E

Located: HK_CU:Run, CTFMON.EXE
where: .DEFAULT...
command: C:\WINDOWS\system32\CTFMON.EXE
file: C:\WINDOWS\system32\CTFMON.EXE
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3

Located: HK_CU:Run, ctfmon.exe
where: S-1-5-21-2048821209-1766502010-1858346338-2828...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3

Located: HK_CU:Run, defender.exe
where: S-1-5-21-2048821209-1766502010-1858346338-2828...
command: C:\DOCUME~1\redant\LOCALS~1\Temp\defender.exe
file: C:\DOCUME~1\redant\LOCALS~1\Temp\defender.exe
size: 41984
MD5: B6BC7C76F5C7DD594A469836A3E045C3

Located: HK_CU:Run, ISUSPM
where: S-1-5-21-2048821209-1766502010-1858346338-2828...
command: "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
file: C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
size: 218032
MD5: 43D083268A0919F3527A2837390BAF63

Located: HK_CU:Run, swg
where: S-1-5-21-2048821209-1766502010-1858346338-2828...
command: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
file: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
size: 68856
MD5: E616A6A6E91B0A86F2F6217CDE835FFE

Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-18...
command: C:\WINDOWS\system32\CTFMON.EXE
file: C:\WINDOWS\system32\CTFMON.EXE
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3

Located: Startup (common), Bluetooth.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
file: C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
size: 604776
MD5: 4D5900DB7E367A7C566FF536B8E43EFD

Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, dimsntfy
command: %SystemRoot%\System32\dimsntfy.dll
file: %SystemRoot%\System32\dimsntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, igfxcui
command: igfxdev.dll
file: igfxdev.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, WgaLogon
command: WgaLogon.dll
file: WgaLogon.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!



--- Browser helper object list ---
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Adobe PDF Reader Link Helper
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll
info link: http://www.adobe.com/products/acrobat/readstep2.html
info source: TonyKlein
Path: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\
Long name: AcroIEHelper.dll
Short name: ACROIE~1.DLL
Date (created): 10/22/2006 11:08:42 PM
Date (last access): 6/2/2009 12:52:28 PM
Date (last write): 10/22/2006 11:08:42 PM
Filesize: 62080
Attributes: archive
MD5: C11F6A1F61481E24BE3FDC06EA6F7D2A
CRC32: E388508F
Version: 8.0.0.456

{31816979-F864-4acf-919F-D0B3B56432E6} (IDXHlprObj Class)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: IDXHlprObj Class
Path: C:\Program Files\IDX Web Desktop\
Long name: IDXIEController.dll
Short name: IDXIEC~1.DLL
Date (created): 6/20/2006 12:13:10 PM
Date (last access): 6/2/2009 12:52:28 PM
Date (last write): 6/20/2006 12:13:10 PM
Filesize: 73728
Attributes: readonly archive
MD5: F67378656A2231CDBBE5C2CDC6638EC3
CRC32: BC77F542
Version: 1.0.0.9

{53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Spybot-S&D IE Protection
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\Program Files\Spybot - Search & Destroy\
Long name: SDHelper.dll
Short name:
Date (created): 9/10/2008 5:00:42 PM
Date (last access): 6/2/2009 1:38:26 PM
Date (last write): 1/26/2009 3:31:02 PM
Filesize: 1879896
Attributes: archive
MD5: 022C2F6DCCDFA0AD73024D254E62AFAC
CRC32: 5BA24007
Version: 1.6.2.14

{72853161-30C5-4D22-B7F9-0BBC1D38A37E} (Groove GFS Browser Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Groove GFS Browser Helper
Path: C:\Program Files\Microsoft Office\Office12\
Long name: GrooveShellExtensions.dll
Short name: GRA8E1~1.DLL
Date (created): 8/24/2007 7:01:22 AM
Date (last access): 6/2/2009 12:51:46 PM
Date (last write): 8/24/2007 7:01:22 AM
Filesize: 2212224
Attributes: archive
MD5: 32C4927E013C018A13D8DFBDA4148812
CRC32: 9A9F3D8B
Version: 12.0.6211.1000

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: SSVHelper Class
Path: C:\Program Files\Java\jre1.5.0_11\bin\
Long name: ssv.dll
Short name:
Date (created): 12/15/2006 3:09:16 AM
Date (last access): 6/2/2009 12:52:28 PM
Date (last write): 12/15/2006 3:23:24 AM
Filesize: 440056
Attributes: archive
MD5: 38C5BE22267A9236E79B1401B5D71D04
CRC32: 2D9C7143
Version: 5.0.110.3

{7DB2D5A0-7241-4E79-B68D-6309F01C5231} (scriptproxy)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: scriptproxy
CLSID name: scriptproxy
Path: C:\Program Files\McAfee\VirusScan Enterprise\
Long name: ScriptCl.dll
Short name:
Date (created): 11/30/2006 8:50:00 AM
Date (last access): 6/2/2009 12:52:30 PM
Date (last write): 11/30/2006 8:50:00 AM
Filesize: 67136
Attributes: archive
MD5: 100ADCB3C368F15B83DA81278101D53B
CRC32: 70466014
Version: 13.3.1.100

{AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Google Toolbar Helper
description: Google toolbar
classification: Open for discussion
known filename: googletoolbar.dll<br>googletoolbar*.dll<br>(* = number)<br>googletoolbar_en_*.**-big.dll<br>Googletoolbar_en_*.*.**-deleon.dll
info link: http://toolbar.google.com/
info source: TonyKlein
Path: C:\Program Files\Google\Google Toolbar\
Long name: GoogleToolbar.dll
Short name: GOOGLE~1.DLL
Date (created): 3/19/2009 9:55:04 AM
Date (last access): 6/2/2009 12:52:26 PM
Date (last write): 4/30/2009 9:19:40 AM
Filesize: 259696
Attributes: archive
MD5: 6154D449D3856AE42EB38531CE22DC83
CRC32: A7F1D641
Version: 6.1.1518.856

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Google Toolbar Notifier BHO
Path: C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\
Long name: swg.dll
Short name:
Date (created): 4/16/2009 8:44:40 AM
Date (last access): 6/2/2009 12:52:28 PM
Date (last write): 4/16/2009 8:44:42 AM
Filesize: 668656
Attributes: archive
MD5: D1585B06DED161E13B905DC4FFBF7F12
CRC32: 88D5BAA5
Version: 5.1.1309.3572

{C84D72FE-E17D-4195-BB24-76C02E2E7C4E} (Google Dictionary Compression sdch)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: Google Dictionary Compression sdch
CLSID name: Google Dictionary Compression sdch
Path: C:\Program Files\Google\Google Toolbar\Component\
Long name: fastsearch_A8904FB862BD9564.dll
Short name: FASTSE~2.DLL
Date (created): 4/30/2009 9:19:40 AM
Date (last access): 6/2/2009 12:52:28 PM
Date (last write): 4/30/2009 9:19:40 AM
Filesize: 470512
Attributes: archive
MD5: E35BCCB1D1D96F8E5B09C72AF70EC3F6
CRC32: 73C702FE
Version: 1.0.610.27482

{CA6319C0-31B7-401E-A518-A07C3DB8F777} (Browser Address Error Redirector)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: Browser Address Error Redirector
CLSID name: CBrowserHelperObject Object
Path: C:\Program Files\Dell\BAE\
Long name: BAE.dll
Short name:
Date (created): 11/9/2006 10:56:48 AM
Date (last access): 6/2/2009 12:52:30 PM
Date (last write): 11/9/2006 10:56:48 AM
Filesize: 98304
Attributes: archive
MD5: 1A4F60EF6DA38621F1091B0CB0FA2C09
CRC32: 54D81822
Version: 1.2.0.3



--- ActiveX list ---
{474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class)
DPF name:
CLSID name: UploadListView Class
Installer: C:\WINDOWS\Downloaded Program Files\default.inf
Codebase: http://picasaweb.google.com/s/v/49.12/uploader2.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: UploaderX.dll
Short name: UPLOAD~1.DLL
Date (created): 9/18/2007 11:20:50 AM
Date (last access): 6/2/2009 1:06:36 PM
Date (last write): 9/18/2007 11:20:50 AM
Filesize: 878072
Attributes: archive
MD5: 4314A3B6073BDB452725F8EFD4B77C34
CRC32: F6A8D4BC
Version: 1.0.0.31

{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_11
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre1.5.0_11\bin\
Long name: NPJPI150_11.dll
Short name: NPJPI1~1.DLL
Date (created): 12/15/2006 3:09:16 AM
Date (last access): 6/2/2009 1:48:54 PM
Date (last write): 12/15/2006 3:23:26 AM
Filesize: 75528
Attributes: archive
MD5: 3B3F6984DBF972DAFF1B7E9C44E2FE75
CRC32: 4BDE2041
Version: 5.0.110.3

{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\erma.inf
Codebase: http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab
description:
classification: Open for discussion
known filename:
info link:
info source: Safer Networking Ltd.

{9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist))
DPF name:
CLSID name: Microsoft RDP Client Control (redist)
Installer: C:\WINDOWS\Downloaded Program Files\msrdp.inf
Codebase: http://lvaa.ccit.musc.edu/accessanyware/tsweb/msrdp.cab
description:
classification: Legitimate
known filename: msrdp.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\DOWNLO~1\
Long name: msrdp.ocx
Short name:
Date (created): 9/11/2008 12:50:46 PM
Date (last access): 6/2/2009 1:48:54 PM
Date (last write): 8/10/2002 4:16:46 AM
Filesize: 600064
Attributes: archive
MD5: 84BDD594488DB17884B8E826768D5759
CRC32: 4A97BB11
Version: 5.1.2600.1095

{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA} (Java Runtime Environment 1.3.0_05)
DPF name: Java Runtime Environment 1.3.0_05
CLSID name: Java Plug-in 1.3.0_05
Installer: c:\winnt\Download Program Files\jinstall.inf
Codebase: http://java.sun.com/products/plugin/1.3.0_...-130_05-win.cab
Path: C:\Program Files\JavaSoft\JRE\1.3.0_05\bin\
Long name: NPJava130_05.dll
Short name: NPJAVA~1.DLL
Date (created): 9/11/2008 12:50:44 PM
Date (last access): 6/2/2009 1:48:54 PM
Date (last write): 10/16/2001 11:30:56 AM
Filesize: 28777
Attributes: archive
MD5: 16BF914A7BC269345041748DA19B1C5C
CRC32: C2C75F21
Version: 1.3.0.5

{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} (Java Runtime Environment 1.4.2)
DPF name: Java Runtime Environment 1.4.2
CLSID name: Java Plug-in 1.4.2_06
Installer:
Codebase: http://java.sun.com/update/1.4.2/jinstall-...indows-i586.cab
description:
classification: Legitimate
known filename: NPJPI142_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\j2re1.4.2_06\bin\
Long name: NPJPI142_06.dll
Short name: NPJPI1~1.DLL
Date (created): 9/28/2004 8:26:10 PM
Date (last access): 6/2/2009 1:48:54 PM
Date (last write): 9/28/2004 8:26:00 PM
Filesize: 65650
Attributes: archive
MD5: 69E5147BA901A9238C4EB08C84E1A85B
CRC32: 6CB34BCC
Version: 1.4.2.60

{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA} (Java Runtime Environment 1.4.2)
DPF name: Java Runtime Environment 1.4.2
CLSID name: Java Plug-in 1.4.2_18
Installer:
Codebase: http://java.sun.com/update/1.4.2/jinstall-...indows-i586.cab
Path: C:\Program Files\Java\j2re1.4.2_18\bin\
Long name: NPJPI142_18.dll
Short name: NPJPI1~1.DLL
Date (created): 5/28/2008 1:20:12 AM
Date (last access): 6/2/2009 1:48:56 PM
Date (last write): 5/28/2008 1:19:58 AM
Filesize: 65650
Attributes: archive
MD5: 9E264385B518B10814D8A2D4A27B0208
CRC32: 745BC596
Version: 1.4.2.180

{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_11
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_11.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.5.0_11\bin\
Long name: NPJPI150_11.dll
Short name: NPJPI1~1.DLL
Date (created): 12/15/2006 3:09:16 AM
Date (last access): 6/2/2009 1:48:54 PM
Date (last write): 12/15/2006 3:23:26 AM
Filesize: 75528
Attributes: archive
MD5: 3B3F6984DBF972DAFF1B7E9C44E2FE75
CRC32: 4BDE2041
Version: 5.0.110.3

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_11
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.5.0_11\bin\
Long name: NPJPI150_11.dll
Short name: NPJPI1~1.DLL
Date (created): 12/15/2006 3:09:16 AM
Date (last access): 6/2/2009 1:48:54 PM
Date (last write): 12/15/2006 3:23:26 AM
Filesize: 75528
Attributes: archive
MD5: 3B3F6984DBF972DAFF1B7E9C44E2FE75
CRC32: 4BDE2041
Version: 5.0.110.3

{D965D483-9F35-47D9-AF34-D448CACE97F7} (AAInstall Control)
DPF name:
CLSID name: AAInstall Control
Installer:
Codebase: http://lvaa.ccit.musc.edu/accessanyware/AAInstall.ocx
Path: C:\WINDOWS\DOWNLO~1\
Long name: AAInstall.ocx
Short name: AAINST~1.OCX
Date (created): 9/10/2008 5:05:20 PM
Date (last access): 6/2/2009 1:48:56 PM
Date (last write): 9/10/2008 5:05:20 PM
Filesize: 50784
Attributes: archive
MD5: ECF6BF56A20E82271D84C4571F66C5F6
CRC32: BDDB828A
Version: 1.1.2075.13

{E19F9331-3110-11d4-991C-005004D3B3DB} (Java Runtime Environment 1.3.0_02)
DPF name: Java Runtime Environment 1.3.0_02
CLSID name: Java Plug-in 1.3.0_02
Installer: c:\winnt\Download Program Files\jinstall.inf
Codebase: http://java.sun.com/products/plugin/1.3.0_...-130_02-win.cab
description:
classification: Legitimate
known filename: npjava130_02.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\JavaSoft\JRE\1.3.0_02\bin\
Long name: NPJava130_02.dll
Short name: NPJAVA~1.DLL
Date (created): 9/11/2008 12:50:40 PM
Date (last access): 6/2/2009 1:48:56 PM
Date (last write): 1/30/2001 11:21:04 AM
Filesize: 28777
Attributes: archive
MD5: 0A964CACEBC0C0C87A7D1AFF8FB24AA6
CRC32: B9BFEE0E
Version: 1.3.0.2



--- Process list ---
PID: 0 ( 0) [System]
PID: 848 ( 4) \SystemRoot\System32\smss.exe
size: 50688
PID: 912 ( 848) \??\C:\WINDOWS\system32\csrss.exe
size: 6144
PID: 940 ( 848) \??\C:\WINDOWS\system32\winlogon.exe
size: 507904
PID: 984 ( 940) C:\WINDOWS\system32\services.exe
size: 110592
MD5: 65DF52F5B8B6E9BBD183505225C37315
PID: 996 ( 940) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: BF2466B3E18E970D8A976FB95FC1CA85
PID: 1204 ( 984) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1272 ( 984) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1416 ( 984) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1456 ( 984) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1552 ( 984) C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
size: 901120
MD5: D7F1F8D85F31CBB74442EC30177885CC
PID: 1612 ( 984) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1740 ( 984) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1752 ( 984) C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
size: 370872
MD5: 5298DCF8D684DBBF24CDB622F8A7CB37
PID: 2020 ( 984) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: D8E14A61ACC1D4A6CD0D38AEBAC7FA3B
PID: 208 ( 984) c:\drivers\audio\r190031\stacsv.exe
size: 221273
MD5: 12898D947CFCB36CB7A43E8F86A53CBC
PID: 316 ( 984) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
size: 808296
MD5: 5B0C32A596FDD0AAA10E147E4D71E086
PID: 336 ( 984) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
size: 21352
MD5: 14CE9DEC178A24356BC2FDE8CE586D80
PID: 356 ( 984) C:\WINDOWS\System32\SCardSvr.exe
size: 95744
MD5: 86D007E7A654B9A71D1D7D856B104353
PID: 496 ( 984) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 652 ( 984) C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
size: 69632
MD5: AF916F97671D188BF336CB47888DBEAE
PID: 708 (1204) C:\WINDOWS\system32\wbem\wmiprvse.exe
size: 227840
MD5: 798A9E6828997EEF4517ADA8A2259831
PID: 1852 ( 984) C:\Program Files\McAfee\Endpoint Encryption for PC\SbClientManager.exe
size: 380988
MD5: 7EF54505C9913E4E36C12ACB10A09FDC
PID: 228 ( 984) C:\Program Files\Intel\ASF Agent\ASFAgent.exe
size: 133968
MD5: 9AD6EF4D591211A93848103368125B41
PID: 244 ( 984) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
size: 342624
MD5: D48148110AE078CB7221D0FCF20ADFEC
PID: 352 ( 984) C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
size: 386328
MD5: 4749020C47AA0F13F256D8F694751812
PID: 604 ( 984) C:\WINDOWS\system32\cisvc.exe
size: 5632
MD5: 1CFE720EB8D93A7158A4EBC3AB178BDE
PID: 620 ( 984) C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
size: 455960
MD5: B3DD7677A80F75B2DF38A08585084447
PID: 796 ( 984) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
size: 819200
MD5: 2D41D7250F73272946DE04FF7A19761E
PID: 888 ( 984) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
size: 354840
MD5: F148C2E931BFC20397EDC0A7B4F8E22B
PID: 1120 ( 984) C:\Program Files\McAfee\Common Framework\FrameworkService.exe
size: 104000
MD5: 1BC1A6B644D4CC1964CD851E92B604F4
PID: 1340 ( 984) C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
size: 144960
MD5: 12BEF73E0281AC793865BE1A331C67FC
PID: 2200 ( 984) C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
size: 54872
MD5: DD61B815E2CBA6CCA6B7ED607F466652
PID: 2424 ( 984) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
size: 335872
MD5: 7CF1B716372B89568AE4C0FE769F5869
PID: 2548 ( 984) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
size: 466944
MD5: ED8C9F16E10C1E4C4C5D16CD04966E24
PID: 2668 ( 984) C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
size: 786432
MD5: EA63BF38938AD9917BEB1846D6D15C84
PID: 2708 (1204) C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
size: 136768
MD5: EFB1E30EA77C70704F1417E20CC4BF53
PID: 2772 ( 984) C:\Program Files\UltraVNC\WinVNC.exe
size: 1519168
MD5: 61A66B66F46A60842D0E40FF241B5B11
PID: 2996 ( 984) C:\Program Files\Intel\WiFi\bin\WLKeeper.exe
size: 352256
MD5: BD4DACD31BD71CFCD5610BF9AD6E06E7
PID: 3152 (1204) C:\WINDOWS\system32\wbem\wmiprvse.exe
size: 227840
MD5: 798A9E6828997EEF4517ADA8A2259831
PID: 3936 ( 984) C:\WINDOWS\System32\alg.exe
size: 44544
MD5: 8C515081584A38AA007909CD02020B3D
PID: 3976 (2772) C:\Program Files\UltraVNC\WinVNC.exe
size: 1519168
MD5: 61A66B66F46A60842D0E40FF241B5B11
PID: 432 (1760) C:\WINDOWS\Explorer.EXE
size: 1033728
MD5: 12896823FB95BFB3DC9B46BCAEDC9923
PID: 2268 (2080) C:\Program Files\WIDCOMM\Bluetooth Software\BtTray.exe
size: 604776
MD5: 4D5900DB7E367A7C566FF536B8E43EFD
PID: 2912 (1204) C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
size: 1448576
MD5: E3F9B268BACFCDD6DD32760248A9C94C
PID: 3096 ( 432) C:\Program Files\DellTPad\Apoint.exe
size: 196608
MD5: F6DC033E6E576291C42287237B9E4C48
PID: 3248 ( 432) C:\Program Files\IDT\WDM\sttray.exe
size: 442467
MD5: A45074E85BB55EA0524F0067F00DD980
PID: 3312 ( 432) C:\WINDOWS\system32\AESTFltr.exe
size: 466944
MD5: 6C03AE4B4605294928FB4BBD786B3277
PID: 3324 ( 984) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 3332 ( 432) C:\WINDOWS\system32\igfxtray.exe
size: 143360
MD5: C47C5D8CE9703C6CCE4E264CBE83A9F7
PID: 3408 (3096) C:\Program Files\DellTPad\ApMsgFwd.exe
size: 46376
MD5: B3353D24F65E3520199E68FFC50BC667
PID: 3440 ( 432) C:\WINDOWS\system32\hkcmd.exe
size: 170520
MD5: 1818806AEC047EEB385DCCFC8CC00BFB
PID: 3464 (3096) C:\Program Files\DellTPad\HidFind.exe
size: 40960
MD5: C574C551637734B13278898FE2D12D15
PID: 3468 ( 432) C:\WINDOWS\system32\igfxpers.exe
size: 141848
MD5: 26A3B2A077BBAE71A955D5620C4C8166
PID: 3484 (1204) C:\WINDOWS\system32\igfxsrvc.exe
size: 256536
MD5: 038AFFE828B9D11CBC8B1C7E19B54C4C
PID: 3500 ( 432) C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
size: 178712
MD5: 821465022ABD469A27F014A5E0FDD0D8
PID: 2348 (3448) C:\Program Files\DellTPad\Apntex.exe
size: 49152
MD5: 359937EFD1763DF9F8B8D166BD4CC022
PID: 1548 ( 432) C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
size: 105472
MD5: 52D850FCDE2D4316209FD555B013FC2E
PID: 1516 ( 432) C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
size: 243000
MD5: AECE58ACAC97E058F9827E1FF4BC04A1
PID: 3028 ( 432) C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
size: 593920
MD5: A987062CD6331A906AE93FA9A35056EB
PID: 3748 ( 432) C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe
size: 1486848
MD5: 08374D5D2868FB3385ACA44596B10F2B
PID: 3952 ( 432) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
size: 128296
MD5: 0940767CB618E3EDD744161A00ADE5DB
PID: 4072 ( 432) C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
size: 112216
MD5: B02178866C19F73310FD70B789135240
PID: 4088 ( 432) C:\Program Files\McAfee\Common Framework\UdaterUI.exe
size: 136768
MD5: 5DC6DA1B20E62BBA3EB5716367DA580D
PID: 1048 ( 432) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
size: 33648
MD5: 35DCD380D4D579D8B8EA91D5D8AE444C
PID: 2084 ( 432) C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
size: 1351680
MD5: E549D44F9ACA2C1D02B82ADB203EFAA9
PID: 2312 ( 432) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
size: 1191936
MD5: A3DCE037F6961535596781C2CE9047CE
PID: 2140 (4088) C:\Program Files\McAfee\Common Framework\McTray.exe
size: 86016
MD5: F01DE4E2D6DF141628BAB697B7B43057
PID: 2440 ( 432) C:\Program Files\SafeBoot Tray Manager\SbTrayManager.exe
size: 69632
MD5: 2068607318F72796B1DA38611888373C
PID: 2432 ( 432) C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
size: 218032
MD5: 43D083268A0919F3527A2837390BAF63
PID: 2476 ( 432) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
size: 68856
MD5: E616A6A6E91B0A86F2F6217CDE835FFE
PID: 2592 ( 432) C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3
PID: 2716 ( 432) C:\DOCUME~1\redant\LOCALS~1\Temp\defender.exe
size: 41984
MD5: B6BC7C76F5C7DD594A469836A3E045C3
PID: 5020 (1204) C:\WINDOWS\system32\wbem\unsecapp.exe
size: 16896
MD5: C7000F2DB2A5515C64C257478769A481
PID: 1864 ( 604) C:\WINDOWS\system32\cidaemon.exe
size: 8192
MD5: 582304F6F1946FA5068CF143D729D7ED
PID: 1848 ( 432) C:\Program Files\Internet Explorer\iexplore.exe
size: 636072
MD5: A251068640DDB69FD7805B57D89D7FF7
PID: 4848 ( 432) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 5365592
MD5: 0477C2F9171599CA5BC3307FDFBA8D89
PID: 4 ( 0) System


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 6/2/2009 1:55:36 PM

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.google.com/hws/sb/dell-usuk-rel...html?channel=us
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
http://www.google.com/hws/sb/dell-usuk-rel...html?channel=us
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.musc.edu/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5080904
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://www.google.com/ie
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
http://www.google.com/search?q=%s
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://www.google.com/hws/sb/dell-usuk-rel...html?channel=us
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2F9A87D9-4EB6-414B-A791-DB82FC42ADB3}] SEQPACKET 9
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2F9A87D9-4EB6-414B-A791-DB82FC42ADB3}] DATAGRAM 9
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A68D0DB5-3B3F-4055-A053-A13741024FC6}] SEQPACKET 8
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A68D0DB5-3B3F-4055-A053-A13741024FC6}] DATAGRAM 8
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{001B9605-C301-410E-8F49-1B55EBAB4A81}] SEQPACKET 7
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{001B9605-C301-410E-8F49-1B55EBAB4A81}] DATAGRAM 7
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{8BBF9EFD-7B62-40BB-9183-B9B0D0BD7FD2}] SEQPACKET 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{8BBF9EFD-7B62-40BB-9183-B9B0D0BD7FD2}] DATAGRAM 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D2482573-A29A-41E6-87B1-95FB513A88CF}] SEQPACKET 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D2482573-A29A-41E6-87B1-95FB513A88CF}] DATAGRAM 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D1BF320F-3195-45E8-89D1-833D92FAA9C2}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D1BF320F-3195-45E8-89D1-833D92FAA9C2}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D9F1DD43-5A13-402B-9F1A-B716CCF0DC98}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 18: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D9F1DD43-5A13-402B-9F1A-B716CCF0DC98}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 19: MSAFD NetBIOS [\Device\NetBT_Tcpip_{99403F32-BFAE-4D69-9A56-5AAB18E3C4DC}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 20: MSAFD NetBIOS [\Device\NetBT_Tcpip_{99403F32-BFAE-4D69-9A56-5AAB18E3C4DC}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 21: MSAFD NetBIOS [\Device\NetBT_Tcpip_{64DC389E-8DC9-4E47-B8DF-8567014426A6}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 22: MSAFD NetBIOS [\Device\NetBT_Tcpip_{64DC389E-8DC9-4E47-B8DF-8567014426A6}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 23: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E73E3251-C720-4328-B27E-7A348946056D}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 24: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E73E3251-C720-4328-B27E-7A348946056D}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS

Namespace Provider 2: Network Location Awareness (NLA) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace

#10 John R

John R
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:19 AM

Posted 02 June 2009 - 01:34 PM

I have a problem and it's mainly an Admin one. When my IT person had installed a boot protection program on my laptop (and pretty much for everyone in the entire department), she had reverted my password to an old one. To make a complicated story short: I can't log in Safe Mode.

Short of emailing my IT person and asking what the password is, could I do the exact same procedure in normal mode? Maybe unplugging the network connection? Or something?

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,040 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:19 AM

Posted 02 June 2009 - 10:19 PM

Hello ,,, I am sorry ,what we have here is the Boss's keyloger application.. We can not help you ren=move and if we did the Boss will be at your shoulder in minutes.
I am double checking the application.

Edited by boopme, 02 June 2009 - 10:24 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 John R

John R
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:19 AM

Posted 02 June 2009 - 11:02 PM

I'm not entirely sure what you mean by a Boss keylogger app.

Should I just find a way to log into Safemode?

#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,040 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:19 AM

Posted 02 June 2009 - 11:28 PM

I am verifying gthat applicatiion.. I feel it may be the bosses ( Owner) installed application.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#14 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,277 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:19 AM

Posted 03 June 2009 - 11:36 AM

Keylogging, surveillance and monitor type programs can have legitimate uses in contexts where an authorized user, IT tech or administrator has knowingly installed them.

If this a work computer, we will not get involved due to the potential legal ramifications of helping to remove a legitimate keylogger, as well as considering the wide range of reasons it may have been placed on a computer. In most work environments, the IT staff implement specific policies and procedures for the use of computer equipment and related resources. In fact, many companies will require you to read those policies and sign a statement of understanding. These official procedures are designed and implemented to provide security and certain restrictions to protect the network. This allows all users to safely use business resources with minimum risk of malware infection, illegal software, and exposure to inappropriate Internet sites or other prohibited activity. Employers also have every right to know what employees are doing on company time. If monitoring your surfing habits with surveillance tools is business policy, we will not assist you with circumventing that policy.

Our response is not intended to imply that any specific situation invokes legal concerns, but merely that it is impossible for us to make the determination in any given situation, particularly a work-related computer. If you believe the person who put the keylogger on the computer did so without legal authority, you should contact an attorney, your local law enforcement, and/or a qualified computer forensics specialist for program removal. Otherwise contact a member of your IT Department in regards to discovery of the keylogger and further assistance by their staff.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#15 John R

John R
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:19 AM

Posted 03 June 2009 - 11:39 AM

Nuts. Alright. I'll take it to my IT people.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users