When I tell Spybot to remove...they come back. That's been a couple of times now.
I've just run SilentRunners and Spybot again. Here are the logs:
"Silent Runners.vbs", revision 41,
http://www.silentrunners.org/Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"H/PC Connection Agent" = ""C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"" [MS]
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"BCMSMMSG" = "BCMSMMSG.exe" ["Broadcom Corporation"]
"Apoint" = "C:\Program Files\Apoint\Apoint.exe" ["Alps Electric Co., Ltd."]
"dla" = "C:\WINDOWS\system32\dla\tfswctrl.exe" ["Sonic Solutions"]
"SigmaTel StacMon" = "C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe" ["SigmaTel Inc."]
"Zone Labs Client" = ""C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"" ["Zone Labs Inc."]
"HotKeysCmds" = "C:\WINDOWS\System32\hkcmd.exe" ["Intel Corporation"]
"CoolSwitch" = "C:\WINDOWS\system32\taskswitch.exe" [null data]
"KAVPersonal50" = ""C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize" ["Kaspersky Lab"]
"CmUsbSound" = "RunDll32 cmcnfgu.cpl,CMICtrlWnd" [MS]
"iTunesHelper" = ""C:\Program Files\iTunes\iTunesHelper.exe"" ["Apple Computer, Inc."]
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe" ["Sun Microsystems, Inc."]
"BluetoothAuthenticationAgent" = "rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent" [MS]
"Dell AIO Printer A920" = ""C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"" ["Dell Computer Corporation"]
"Dell QuickSet" = "C:\Program Files\Dell\QuickSet\quickset.exe" [file not found]
"IgfxTray" = "C:\WINDOWS\System32\igfxtray.exe" ["Intel Corporation"]
"Nokia Tray Application" = "C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe" ["Nokia Mobile Phones"]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"UpdateManager" = ""C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r" ["Sonic Solutions"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{4A368E80-174F-4872-96B5-0B27DDD11DB2}\(Default) = "SpywareGuard Download Protection"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\SpywareGuard\dlprotect.dll" [null data]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
{5CA3D70E-1895-11CF-8E15-001234567890}\(Default) = "*i" (unwritable string)
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\dla\tfswshx.dll" ["Sonic Solutions"]
{CBA74CDA-DF78-4AD9-954E-3B15D0A993DE}\(Default) = "SpoofStick BHO"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\CoreStreet\SpoofStick\SpoofStickBHO.dll" ["CoreStreet, Ltd."]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{DEE12703-6333-4D4E-8F34-738C4DCC2E04}" = "RecordNow! SendToExt"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Sonic\RecordNow!\shlext.dll" ["Sonic Solutions"]
"{5CA3D70E-1895-11CF-8E15-001234567890}" = "DriveLetterAccess"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\dla\tfswshx.dll" ["Sonic Solutions"]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{310A0C95-EA11-42AE-A8E4-53E69E650310}" = "ZipGenius Zip Drop handler"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\ZIPGEN~1\DROPHA~1.DLL" ["M.Dev Software"]
"{FE8D01BF-610A-4261-9C6E-32D65A42C907}" = "ZipGenius 5.5 DnD Extract handler"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\ZIPGEN~1\ZGDRAG~1.DLL" ["M.Dev Software"]
"{81559C35-8464-49F7-BB0E-07A383BEF910}" = "SpywareGuard.Handler" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\SpywareGuard\spywareguard.dll" [null data]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]
"{6af09ec9-b429-11d4-a1fb-0090960218cb}" = "My Bluetooth Places"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\btneighborhood.dll" ["WIDCOMM, Inc."]
"{1530F7EE-5128-43BD-9977-84A4B0FAD7DF}" = "PhotoToys"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\phototoys.dll" [MS]
"{efb97cb8-a4a4-4357-a261-002ffaed0267}" = "CD Slideshow Powertoy"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\slideshow.dll" [MS]
"{709C6E11-538F-4759-86AC-6ACB302AA0DE}" = "Desktop Manager"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\msvdm.dll" [null data]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{81559C35-8464-49F7-BB0E-07A383BEF910}" = "SpywareGuard.Handler" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\SpywareGuard\spywareguard.dll" [null data]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! igfxcui\DLLName = "igfxsrvc.dll" ["Intel Corporation"]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\shellex.dll" ["Kaspersky Lab"]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\shellex.dll" ["Kaspersky Lab"]
Active Desktop and Wallpaper:
-----------------------------
Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Al\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"
Startup items in "Al" & "All Users" startup folders:
----------------------------------------------------
C:\Documents and Settings\Al\Start Menu\Programs\Startup
INFECTION WARNING! "PowerReg Scheduler V3.exe" ["Leader Technologies"]
"SpywareGuard" -> shortcut to: "C:\Program Files\SpywareGuard\sgmain.exe" [null data]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"Adobe Gamma Loader.exe" -> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" [file not found]
"Adobe Reader Speed Launch" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
"BTTray" -> shortcut to: "C:\Program Files\Dell\Bluetooth Software\BTTray.exe" ["WIDCOMM, Inc."]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000004\LibraryPath = "%SystemRoot%\system32\wshbth.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 27
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{4D46ED77-1429-4CF6-8F63-C84B5D710BAF}" = "SpoofStick" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\CoreStreet\SpoofStick\SpoofStick.dll" ["CoreStreet, Ltd."]
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{4D46ED77-1429-4CF6-8F63-C84B5D710BAF}" = "SpoofStick" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\CoreStreet\SpoofStick\SpoofStick.dll" ["CoreStreet, Ltd."]
Explorer Bars
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
{FE54FA40-D68C-11D2-98FA-00C0F0318AFE}\ = "Real.com" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Shdocvw.dll" [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll" ["Sun Microsystems, Inc."]
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}\
"ButtonText" = "Create Mobile Favorite"
"CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft ActiveSync\INetRepl.dll" [MS]
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}\
"MenuText" = "Create Mobile Favorite..."
"CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft ActiveSync\INetRepl.dll" [MS]
{CCA281CA-C863-46EF-9331-5C8D4460577F}\
"ButtonText" = "@btrez.dll,-4015"
"MenuText" = "@btrez.dll,-4017"
"Script" = "C:\Program Files\Dell\Bluetooth Software\btsendto_ie.htm" [null data]
{CD67F990-D8E9-11D2-98FE-00C0F0318AFE}\
"ButtonText" = "Real.com"
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
Bluetooth Service, btwdins, "C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe" ["WIDCOMM, Inc."]
Bluetooth Support Service, BthServ, "C:\WINDOWS\system32\svchost.exe -k bthsvcs" {"C:\WINDOWS\System32\bthserv.dll" [MS]}
iPodService, iPodService, "C:\Program Files\iPod\bin\iPodService.exe" ["Apple Computer, Inc."]
kavsvc, kavsvc, ""C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe"" ["Kaspersky Lab"]
LexBce Server, LexBceS, "C:\WINDOWS\system32\LEXBCES.EXE" ["Lexmark International, Inc."]
Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"" [MS]
TrueVector Internet Monitor, vsmon, "C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe -service" ["Zone Labs Inc."]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]
WLTRYSVC, WLTRYSVC, "C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\System32\bcmwltry.exe" [null data]
Print Monitors:
---------------
HKLM\System\CurrentControlSet\Control\Print\Monitors\
Bluetooth Printer Port\Driver = "bthcrp.dll" ["WIDCOMM, Inc."]
Dell Network Port\Driver = "LEXLMPM.DLL" ["Lexmark International, Inc."]
----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 39 seconds, including 11 seconds for message boxes)
Spybot.....
--- Search result list ---
Windows Security Center.FirewallDisableNotify: Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify!=dword:0
Windows Security Center.AntiVirusDisableNotify: Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify!=dword:0
Windows Security Center.UpdateDisableNotify: Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify!=dword:0
Winfixer: Tracking cookie (Firefox: default) (Cookie, nothing done)
Winfixer: Tracking cookie (Firefox: default) (Cookie, nothing done)
Marketengines: Tracking cookie (Firefox: default) (Cookie, nothing done)
Winfixer: Tracking cookie (Firefox: default) (Cookie, nothing done)
Winfixer: Tracking cookie (Firefox: default) (Cookie, nothing done)
Common Dialogs: History (4 files) (Registry key, nothing done)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU
Log: Activity: SchedLgU.Txt (Backup file, nothing done)
C:\WINDOWS\SchedLgU.Txt
Log: Activity: imsins.log (Backup file, nothing done)
C:\WINDOWS\imsins.log
Log: Activity: ntbtlog.txt (Backup file, nothing done)
C:\WINDOWS\ntbtlog.txt
Log: Install: comsetup.log (Backup file, nothing done)
C:\WINDOWS\comsetup.log
Log: Install: ocgen.log (Backup file, nothing done)
C:\WINDOWS\ocgen.log
Log: Install: setupact.log (Backup file, nothing done)
C:\WINDOWS\setupact.log
Log: Install: setupapi.log (Backup file, nothing done)
C:\WINDOWS\setupapi.log
Log: Install: wmsetup.log (Backup file, nothing done)
C:\WINDOWS\wmsetup.log
Log: Shutdown: System32\wbem\logs\wbemess.lo_ (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemess.lo_
Log: Shutdown: System32\wbem\logs\wbemess.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemess.log
Log: Shutdown: System32\wbem\logs\wbemprox.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemprox.log
Log: Shutdown: System32\wbem\logs\wmiprov.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wmiprov.log
Cookie: Cookie (718) (Cookie, nothing done)
--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---
2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2005-06-12 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2005-05-31 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2005-05-31 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2005-12-02 Includes\Beta.sbi (*)
2005-02-16 Includes\Beta.uti (*)
2005-12-02 Includes\Cookies.sbi (*)
2005-12-02 Includes\Dialer.sbi (*)
2005-12-02 Includes\Hijackers.sbi (*)
2005-12-02 Includes\Keyloggers.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2005-12-02 Includes\Malware.sbi (*)
2005-12-02 Includes\PUPS.sbi (*)
2005-12-02 Includes\Revision.sbi (*)
2005-12-02 Includes\Security.sbi (*)
2005-12-02 Includes\Spybots.sbi (*)
2005-02-17 Includes\Tracks.uti
2005-12-02 Includes\Trojans.sbi (*)
--- System information ---
Windows XP (Build: 2600) Service Pack 2
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB886903)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
/ DataAccess: Microsoft Data Access Components KB870669
/ DataAccess: Security Update for Microsoft Data Access Components
/ DirectX / DX9 / SP1: DirectX 9 Hotfix - KB839643
/ Step By Step Interactive Training / SP2: Security Update for Step By Step Interactive Training (KB898458)
/ Windows Media Player: Windows Media Player Hotfix [See KB837272 for more information]
/ Windows Media Player: Windows Media Player Hotfix [See Q828026 for more information]
/ Windows Media Player / SP0: Windows Media Player Hotfix [See Q828026 for more information]
/ Windows Media Player: Windows Media Update 817787
/ Windows XP / SP2: Windows XP Service Pack 2
/ Windows XP / SP3: Windows XP Hotfix - KB834707
/ Windows XP / SP3: Windows XP Hotfix - KB867282
/ Windows XP / SP3: Windows XP Hotfix - KB873333
/ Windows XP / SP3: Windows XP Hotfix - KB873339
/ Windows XP / SP3: Security Update for Windows XP (KB883939)
/ Windows XP / SP3: Windows XP Hotfix - KB885250
/ Windows XP / SP3: Windows XP Hotfix - KB885835
/ Windows XP / SP3: Windows XP Hotfix - KB885836
/ Windows XP / SP3: Windows XP Hotfix - KB885884
/ Windows XP / SP3: Windows XP Hotfix - KB886185
/ Windows XP / SP3: Windows XP Hotfix - KB887472
/ Windows XP / SP3: Windows XP Hotfix - KB887742
/ Windows XP / SP3: Windows XP Hotfix - KB887797
/ Windows XP / SP3: Windows XP Hotfix - KB888113
/ Windows XP / SP3: Windows XP Hotfix - KB888302
/ Windows XP / SP3: Security Update for Windows XP (KB890046)
/ Windows XP / SP3: Windows XP Hotfix - KB890047
/ Windows XP / SP3: Windows XP Hotfix - KB890175
/ Windows XP / SP3: Windows XP Hotfix - KB890859
/ Windows XP / SP3: Windows XP Hotfix - KB890923
/ Windows XP / SP3: Windows XP Hotfix - KB891781
/ Windows XP / SP3: Security Update for Windows XP (KB893066)
/ Windows XP / SP3: Windows XP Hotfix - KB893086
/ Windows XP / SP3: Hotfix for Windows XP (KB893357)
/ Windows XP / SP3: Security Update for Windows XP (KB893756)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Update for Windows XP (KB894391)
/ Windows XP / SP3: Hotfix for Windows XP (KB896344)
/ Windows XP / SP3: Security Update for Windows XP (KB896358)
/ Windows XP / SP3: Security Update for Windows XP (KB896422)
/ Windows XP / SP3: Security Update for Windows XP (KB896423)
/ Windows XP / SP3: Security Update for Windows XP (KB896424)
/ Windows XP / SP3: Security Update for Windows XP (KB896428)
/ Windows XP / SP3: Security Update for Windows XP (KB896688)
/ Windows XP / SP3: Update for Windows XP (KB896727)
/ Windows XP / SP3: Update for Windows XP (KB898461)
/ Windows XP / SP3: Security Update for Windows XP (KB899587)
/ Windows XP / SP3: Security Update for Windows XP (KB899588)
/ Windows XP / SP3: Security Update for Windows XP (KB899591)
/ Windows XP / SP3: Security Update for Windows XP (KB900725)
/ Windows XP / SP3: Update for Windows XP (KB900930)
/ Windows XP / SP3: Security Update for Windows XP (KB901017)
/ Windows XP / SP3: Security Update for Windows XP (KB901214)
/ Windows XP / SP3: Security Update for Windows XP (KB902400)
/ Windows XP / SP3: Security Update for Windows XP (KB903235)
/ Windows XP / SP3: Security Update for Windows XP (KB904706)
/ Windows XP / SP3: Security Update for Windows XP (KB905414)
/ Windows XP / SP3: Security Update for Windows XP (KB905749)
--- Startup entries list ---
Located: HK_LM:Run, Apoint
command: C:\Program Files\Apoint\Apoint.exe
file: C:\Program Files\Apoint\Apoint.exe
size: 155648
MD5: f50c447c15a25dc960a8c8bb86a3b2b4
Located: HK_LM:Run, BCMSMMSG
command: BCMSMMSG.exe
file: C:\WINDOWS\BCMSMMSG.exe
size: 122880
MD5: 2d99607f21ff368c0e335a2d91a052a1
Located: HK_LM:Run, BluetoothAuthenticationAgent
command: rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
file: C:\WINDOWS\system32\rundll32.exe
size: 33280
MD5: da285490bbd8a1d0ce6623577d5ba1ff
Located: HK_LM:Run, CmUsbSound
command: RunDll32 cmcnfgu.cpl,CMICtrlWnd
file:
Located: HK_LM:Run, CoolSwitch
command: C:\WINDOWS\system32\taskswitch.exe
file: C:\WINDOWS\system32\taskswitch.exe
size: 45632
MD5: ebd2ea535fc47d426d0c2fc7c7293534
Located: HK_LM:Run, Dell AIO Printer A920
command: "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
file: C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
size: 270336
MD5: a0eb666c942075547f355b4a6b18346c
Located: HK_LM:Run, Dell QuickSet
command: C:\Program Files\Dell\QuickSet\quickset.exe
file:
Located: HK_LM:Run, dla
command: C:\WINDOWS\system32\dla\tfswctrl.exe
file: C:\WINDOWS\system32\dla\tfswctrl.exe
size: 114741
MD5: 2bff8a443334a034df73d2c8d808d2a7
Located: HK_LM:Run, HotKeysCmds
command: C:\WINDOWS\System32\hkcmd.exe
file: C:\WINDOWS\System32\hkcmd.exe
size: 126976
MD5: e278ba143188e6029555d70f291ddb6b
Located: HK_LM:Run, IgfxTray
command: C:\WINDOWS\System32\igfxtray.exe
file: C:\WINDOWS\System32\igfxtray.exe
size: 155648
MD5: dfcba58a26c6540cb398418a050fffc3
Located: HK_LM:Run, iTunesHelper
command: "C:\Program Files\iTunes\iTunesHelper.exe"
file: C:\Program Files\iTunes\iTunesHelper.exe
size: 278528
MD5: cb21e01c16631b5f625149a860672ce3
Located: HK_LM:Run, KAVPersonal50
command: "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
file: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe
size: 139367
MD5: c9c4ffd9ad3156f3f1b5d79af9efc90b
Located: HK_LM:Run, Nokia Tray Application
command: C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
file: C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
size: 401408
MD5: ed6b8e797adcfd8559b5df7d4b684fd0
Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
file: C:\Program Files\QuickTime\qttask.exe
size: 155648
MD5: d772c357e47a6817ac3b73f2426b3c10
Located: HK_LM:Run, SigmaTel StacMon
command: C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
file: C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
size: 90169
MD5: d257c5540e5ab498f92a231ba469ec93
Located: HK_LM:Run, SunJavaUpdateSched
command: C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
file: C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
size: 36975
MD5: 4428823c1edcc549e3f494f7a90b46a3
Located: HK_LM:Run, UpdateManager
command: "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
file: C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
size: 110592
MD5: 22fd4e58d69969a9165721c797d54931
Located: HK_LM:Run, Zone Labs Client
command: "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
file: C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
size: 714000
MD5: 839fbb1afbac1bbf1ec5974c11dc96b9
Located: HK_CU:Run, ctfmon.exe
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996a38c0b0cf151c2140ae29fc8
Located: HK_CU:Run, H/PC Connection Agent
command: "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
file: C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
size: 376912
MD5: f1661c89618ecd0fa4f1c9f6f2946134
Located: Startup (common), Adobe Gamma Loader.exe.lnk
command: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
file:
Located: Startup (common), Adobe Reader Speed Launch.lnk
command: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
file: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
size: 29696
MD5: 43362b96870ce8649f4f2ec893da93f0
Located: Startup (common), BTTray.lnk
command: C:\Program Files\Dell\Bluetooth Software\BTTray.exe
file: C:\Program Files\Dell\Bluetooth Software\BTTray.exe
size: 561213
MD5: 3086e4506fc4a872173adc6a8549e707
Located: Startup (user), SpywareGuard.lnk
command: C:\Program Files\SpywareGuard\sgmain.exe
file: C:\Program Files\SpywareGuard\sgmain.exe
size: 360448
MD5: 61c028aba5e49573a6332f4a7c744e87
Located: System.ini, crypt32chain
command: crypt32.dll
file: crypt32.dll
Located: System.ini, cryptnet
command: cryptnet.dll
file: cryptnet.dll
Located: System.ini, cscdll
command: cscdll.dll
file: cscdll.dll
Located: System.ini, igfxcui
command: igfxsrvc.dll
file: igfxsrvc.dll
Located: System.ini, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
Located: System.ini, Schedule
command: wlnotify.dll
file: wlnotify.dll
Located: System.ini, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
Located: System.ini, SensLogn
command: WlNotify.dll
file: WlNotify.dll
Located: System.ini, termsrv
command: wlnotify.dll
file: wlnotify.dll
Located: System.ini, wlballoon
command: wlnotify.dll
file: wlnotify.dll
--- Browser helper object list ---
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
BHO name:
CLSID name: AcroIEHlprObj Class
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll
info link:
http://www.adobe.com/products/acrobat/readstep2.html info source: TonyKlein
Path: C:\Program Files\Adobe\Acrobat 7.0\ActiveX\
Long name: AcroIEHelper.dll
Short name: ACROIE~1.DLL
Date (created): 14/12/2004 00:56:50
Date (last access): 08/12/2005 19:53:54
Date (last write): 24/09/2005 04:12:08
Filesize: 63136
Attributes: archive
MD5: B61D5D651ECC6055C29BF826CA7B1141
CRC32: FEF15799
Version: 7.0.5.172
{4A368E80-174F-4872-96B5-0B27DDD11DB2} (SpywareGuard Download Protection)
BHO name: SpywareGuard Download Protection
CLSID name: SpywareGuardDLBLOCK.CBrowserHelper
description: SpywareGuard download protection
classification: Legitimate
known filename: dlprotect.dll
info link:
http://www.wilderssecurity.net/spywareguard.html info source: TonyKlein
Path: C:\Program Files\SpywareGuard\
Long name: dlprotect.dll
Short name: DLPROT~1.DLL
Date (created): 02/08/2003 22:24:02
Date (last access): 08/12/2005 19:53:54
Date (last write): 02/08/2003 22:24:02
Filesize: 192512
Attributes: readonly
MD5: 964621E8B2415FEAA99026ED4F29D198
CRC32: DC8CF59D
Version: 2.2.0.0
{53707962-6F74-2D53-2644-206D7942484F} ()
BHO name:
CLSID name:
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link:
http://spybot.eon.net.au/ info source: Patrick M. Kolla
Path: C:\PROGRA~1\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 12/06/2005 00:23:48
Date (last access): 08/12/2005 19:53:54
Date (last write): 31/05/2005 00:04:00
Filesize: 853672
Attributes:
MD5: 250D787A5712D7768DDC133B3E477759
CRC32: D4589A41
Version: 1.4.0.0
{5CA3D70E-1895-11CF-8E15-001234567890} (DriveLetterAccess)
BHO name:
CLSID name: DriveLetterAccess
description: Hewlett-Packard's DLA software
classification: Unknown
known filename: tfswshx.dll
info link:
info source: TonyKlein
Path: C:\WINDOWS\system32\dla\
Long name: tfswshx.dll
Short name:
Date (created): 01/04/2004 11:45:46
Date (last access): 08/12/2005 19:53:14
Date (last write): 06/08/2003 00:04:00
Filesize: 106548
Attributes:
MD5: 15F6F27916A2D2AF3ABF029F6CF3037B
CRC32: 808FB6C8
Version: 1.4.5.1
{CBA74CDA-DF78-4AD9-954E-3B15D0A993DE} (SpoofStick BHO)
BHO name: SpoofStick BHO
CLSID name: CBHO Object
description: SpoofStick, SpoofStick
classification: Legitimate
known filename: SpoofStickBHO.dll
info link:
http://www.corestreet.com/spoofstick/ info source: TonyKlein
Path: C:\Program Files\CoreStreet\SpoofStick\
Long name: SpoofStickBHO.dll
Short name: SPOOFS~2.DLL
Date (created): 18/08/2004 04:10:40
Date (last access): 08/12/2005 19:52:56
Date (last write): 18/08/2004 04:10:40
Filesize: 94208
Attributes:
MD5: C5BE2601F7109B4FB5C0383B9D1119CD
CRC32: C22F07BF
Version: 1.0.2.0
--- ActiveX list ---
{01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class)
DPF name:
CLSID name: SysProWmi Class
Installer: C:\WINDOWS\Downloaded Program Files\SysPro.inf
Codebase:
http://support.euro.dell.com/systemprofiler/SysPro.CAB description:
classification: Open for discussion
known filename: SysPro.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\Dell\SystemProfiler\
Long name: SysPro.ocx
Short name:
Date (created): 23/01/2003 13:23:18
Date (last access): 08/12/2005 03:50:26
Date (last write): 23/01/2003 13:23:18
Filesize: 86016
Attributes: archive
MD5: 2EE3E0AE6AA35F135CAE24DF2DA9B172
CRC32: A76A5BDA
Version: 2.0.0.1
{31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player)
DPF name:
CLSID name: Cult3D ActiveX Player
Installer: C:\WINDOWS\Downloaded Program Files\Cult.inf
Codebase:
http://www.cult3d.com/download/cult.cab description:
classification: Open for discussion
known filename: IECult.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\Cult3D\
Long name: IECult.dll
Short name:
Date (created): 07/01/2004 16:00:06
Date (last access): 08/12/2005 03:50:22
Date (last write): 07/01/2004 16:00:06
Filesize: 1888256
Attributes:
MD5: 422FE2685963C2A83A8FF2139124FF9B
CRC32: 25DD48C0
Version: 5.3.0.228
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine)
DPF name:
CLSID name: Office Update Installation Engine
Installer: C:\WINDOWS\Downloaded Program Files\opuc.inf
Codebase:
http://office.microsoft.com/officeupdate/content/opuc.cab description:
classification: Legitimate
known filename: opuc.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\
Long name: opuc.dll
Short name:
Date (created): 27/08/2003 03:10:30
Date (last access): 08/12/2005 19:52:20
Date (last write): 27/08/2003 03:10:30
Filesize: 314368
Attributes:
MD5: 1E32EC4A8A17B19926B49EA5F6B79A76
CRC32: E98FC293
Version: 11.0.5626.0
{6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
DPF name:
CLSID name: WUWebControl Class
Installer: C:\WINDOWS\Downloaded Program Files\wuweb.inf
Codebase:
http://update.microsoft.com/windowsupdate/...b?1121383136368 description:
classification: Legitimate
known filename: wuweb.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\System32\
Long name: wuweb.dll
Short name:
Date (created): 03/08/2004 12:59:06
Date (last access): 08/12/2005 03:53:38
Date (last write): 26/05/2005 03:19:32
Filesize: 173536
Attributes: archive
MD5: C459F2D5E64C942F3F66E1CD7F1C4C00
CRC32: EEF66B50
Version: 5.8.0.2469
{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_05
Installer:
Codebase:
http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre1.5.0_05\bin\
Long name: NPJPI150_05.dll
Short name: NPJPI1~1.DLL
Date (created): 26/08/2005 18:14:48
Date (last access): 08/12/2005 03:30:40
Date (last write): 26/08/2005 18:33:54
Filesize: 69746
Attributes: archive
MD5: 52A85771BE18C9C00732F475A2C192AE
CRC32: 525AE3AD
Version: 5.0.50.5
{90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class)
DPF name:
CLSID name: DmiReader Class
Installer: C:\WINDOWS\Downloaded Program Files\SysProfLcd.INF
Codebase:
http://support.euro.dell.com/global/apps/s...er/PROFILER.CAB description:
classification: Open for discussion
known filename: SYSPRO~1.DLL
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\DOWNLO~1\
Long name: SysProfLcd.dll
Short name: SYSPRO~1.DLL
Date (created): 16/04/2002 13:36:08
Date (last access): 08/12/2005 19:52:46
Date (last write): 16/04/2002 13:36:08
Filesize: 200704
Attributes:
MD5: 02999DA46201565770790799FDCB1241
CRC32: 642AF8CC
Version: 1.2.0.0
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class)
DPF name:
CLSID name: ActiveScan Installer Class
Installer: C:\WINDOWS\Downloaded Program Files\asinst.inf
Codebase:
http://acs.pandasoftware.com/activescan/as5free/asinst.cab description:
classification: Open for discussion
known filename: ASINST.DLL
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: asinst.dll
Short name:
Date (created): 11/11/2005 08:28:22
Date (last access): 08/12/2005 19:52:46
Date (last write): 11/11/2005 08:28:22
Filesize: 135168
Attributes: archive
MD5: 5793AB11CE5B5029ED2B9EB4CF67641C
CRC32: 1E2240F6
Version: 58.3.0.0
{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.2)
DPF name: Java Runtime Environment 1.4.2
CLSID name: Java Plug-in 1.4.2
Installer:
Codebase:
http://java.sun.com/products/plugin/autodl...indows-i586.cab description:
classification: Legitimate
known filename: npjpi142.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\j2re1.4.2\bin\
Long name: NPJPI142.dll
Short name:
Date (created): 01/04/2004 11:36:12
Date (last access): 08/12/2005 03:30:16
Date (last write): 01/04/2004 11:36:12
Filesize: 65636
Attributes:
MD5: 4ACFBF6AB1BBE79DBD665C186B3B5AFD
CRC32: BE89D675
Version: 1.4.2.0
{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_05
Installer:
Codebase:
http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab Path: C:\Program Files\Java\jre1.5.0_05\bin\
Long name: NPJPI150_05.dll
Short name: NPJPI1~1.DLL
Date (created): 26/08/2005 18:14:48
Date (last access): 08/12/2005 19:59:26
Date (last write): 26/08/2005 18:33:54
Filesize: 69746
Attributes: archive
MD5: 52A85771BE18C9C00732F475A2C192AE
CRC32: 525AE3AD
Version: 5.0.50.5
{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf
Codebase:
http://download.macromedia.com/pub/shockwa...ash/swflash.cab description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\macromed\flash\
Long name: Flash.ocx
Short name:
Date (created): 27/11/2002 09:46:46
Date (last access): 08/12/2005 10:25:00
Date (last write): 09/06/2004 14:59:26
Filesize: 939224
Attributes:
MD5: FC3E17E12C2E31FAC34B416B3DAB829F
CRC32: D1CF3A57
Version: 7.0.19.0
--- Process list ---
PID: 0 ( 0) [System]
PID: 572 ( 4) \SystemRoot\System32\smss.exe
PID: 700 ( 572) \??\C:\WINDOWS\system32\csrss.exe
PID: 724 ( 572) \??\C:\WINDOWS\system32\winlogon.exe
PID: 768 ( 724) C:\WINDOWS\system32\services.exe
size: 108032
MD5: C6CE6EEC82F187615D1002BB3BB50ED4
PID: 780 ( 724) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 84885F9B82F4D55C6146EBF6065D75D2
PID: 948 ( 768) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1016 ( 768) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1044 ( 768) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1100 ( 768) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1228 ( 768) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1468 (1420) C:\WINDOWS\Explorer.EXE
size: 1032192
MD5: A0732187050030AE399B241436565E64
PID: 1580 ( 768) C:\WINDOWS\system32\LEXBCES.EXE
size: 303104
MD5: D83658E21A184515CCAD79EEC6EEB05B
PID: 1608 ( 768) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: DA81EC57ACD4CDC3D4C51CF3D409AF9F
PID: 1640 (1580) C:\WINDOWS\system32\LEXPPS.EXE
size: 174592
MD5: FB6E8BED981B3D2307A874D7001E9FA9
PID: 1820 ( 768) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1832 ( 768) C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe
size: 163840
MD5: E49AEF45C3D7FCE95B58FAFA27E2D1F2
PID: 1916 ( 768) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
size: 270336
MD5: 0EFEE4F2D23BA2D8B27FBA942106E0E1
PID: 2004 ( 768) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 132 ( 768) C:\WINDOWS\system32\wdfmgr.exe
size: 38912
MD5: C81B8635DEE0D3EF5F64B3DD643023A5
PID: 220 ( 768) C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
size: 918792
MD5: E2273987E24A070BCE4465991DB32C51
PID: 312 (1468) C:\WINDOWS\BCMSMMSG.exe
size: 122880
MD5: 2D99607F21FF368C0E335A2D91A052A1
PID: 476 (1468) C:\Program Files\Apoint\Apoint.exe
size: 155648
MD5: F50C447C15A25DC960A8C8BB86A3B2B4
PID: 496 (1468) C:\WINDOWS\system32\dla\tfswctrl.exe
size: 114741
MD5: 2BFF8A443334A034DF73D2C8D808D2A7
PID: 504 (1468) C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
size: 90169
MD5: D257C5540E5AB498F92A231BA469EC93
PID: 512 (1468) C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
size: 714000
MD5: 839FBB1AFBAC1BBF1EC5974C11DC96B9
PID: 528 (1468) C:\WINDOWS\System32\hkcmd.exe
size: 126976
MD5: E278BA143188E6029555D70F291DDB6B
PID: 540 (1468) C:\WINDOWS\system32\taskswitch.exe
size: 45632
MD5: EBD2EA535FC47D426D0C2FC7C7293534
PID: 600 (1468) C:\WINDOWS\system32\RunDll32.exe
size: 33280
MD5: DA285490BBD8A1D0CE6623577D5BA1FF
PID: 620 (1468) C:\Program Files\iTunes\iTunesHelper.exe
size: 278528
MD5: CB21E01C16631B5F625149A860672CE3
PID: 628 (1468) C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
size: 36975
MD5: 4428823C1EDCC549E3F494F7A90B46A3
PID: 636 (1468) C:\WINDOWS\system32\rundll32.exe
size: 33280
MD5: DA285490BBD8A1D0CE6623577D5BA1FF
PID: 668 ( 652) C:\Program Files\Apoint\Apntex.exe
size: 45056
MD5: 0AA31DE4E40861EAF259D194A58D4317
PID: 888 ( 768) C:\WINDOWS\System32\wltrysvc.exe
size: 45056
MD5: 59A8AC20B65BDDE509F25465F00417E7
PID: 1120 ( 888) C:\WINDOWS\System32\bcmwltry.exe
size: 643072
MD5: 0975E8F3FB8C1D32029B30B91C1811F0
PID: 1376 (1468) C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
size: 270336
MD5: A0EB666C942075547F355B4A6B18346C
PID: 828 (1376) C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
size: 53248
MD5: 9066AA2500DC7566D7CA197B4694AC76
PID: 1764 (1468) C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
size: 401408
MD5: ED6B8E797ADCFD8559B5DF7D4B684FD0
PID: 1988 (1468) C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
size: 376912
MD5: F1661C89618ECD0FA4F1C9F6F2946134
PID: 2096 (1468) C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8
PID: 2108 ( 768) C:\Program Files\iPod\bin\iPodService.exe
size: 323584
MD5: 2CFE2843F576561B3842ECBFF4A7F744
PID: 2228 ( 768) C:\WINDOWS\System32\alg.exe
size: 44544
MD5: F1958FBF86D5C004CF19A5951A9514B7
PID: 2420 ( 948) C:\PROGRA~1\COMMON~1\Nokia\Services\SERVIC~1.EXE
size: 69632
MD5: F2612A85E65BE34A0C2E6BAEE024DF54
PID: 2660 (1468) C:\Program Files\Dell\Bluetooth Software\BTTray.exe
size: 561213
MD5: 3086E4506FC4A872173ADC6A8549E707
PID: 3036 ( 948) C:\PROGRA~1\Dell\BLUETO~1\BTSTAC~1.EXE
size: 1245268
MD5: D1A8C2619F58FCB82B685D462FC69397
PID: 2948 (1468) C:\Program Files\Mozilla Firefox\firefox.exe
size: 7162979
MD5: F375D4684A1F72D279A7CFA7A5DE1A9C
PID: 2772 (1468) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4393096
MD5: 09CA174A605B480318731E691DC98539
PID: 4 ( 0) System
PID: 1888 ( 768) kavsvc.exe
PID: 564 (1468) kav.exe
--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 08/12/2005 19:59:28
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.google.co.uk/HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.euro.dell.com/countries/uk/enu/gen/default.htmHKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.euro.dell.com/countries/uk/enu/gen/default.htmHKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhomeHKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htmHKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]
Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]
Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]
Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 5: MSAFD Irda [IrDA]
GUID: {3972523D-2AF1-11D1-B655-00805F3642CC}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Infrared protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Irda [IrDA]
Protocol 6: MSAFD RfComm [Bluetooth]
GUID: {9FC48064-7298-43E4-B7BD-181F2089792A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Bluetooth
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD RfComm [Bluetooth]
Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{7471E8CD-7D3B-48DF-A46B-AE1E41085919}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{7471E8CD-7D3B-48DF-A46B-AE1E41085919}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D52A69CA-2661-4DC0-89BE-BD434865CEFA}] SEQPACKET 9
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D52A69CA-2661-4DC0-89BE-BD434865CEFA}] DATAGRAM 9
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{84D5B62C-B31F-48A1-A97E-52D6BD6694FC}] SEQPACKET 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{84D5B62C-B31F-48A1-A97E-52D6BD6694FC}] DATAGRAM 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{FA102A50-77C8-4D86-BE06-DA8B42665E81}] SEQPACKET 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{FA102A50-77C8-4D86-BE06-DA8B42665E81}] DATAGRAM 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{70F73E9C-CDAF-4A4E-937B-20F11AD46D07}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{70F73E9C-CDAF-4A4E-937B-20F11AD46D07}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip_{324C34C4-B45A-467B-BCDF-B11A2EE07AFC}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
D
