View Full Version : smitfraud-c
helpmuchappreciated!
2008-05-29, 19:37
Hello,
i can't seem to get rid of it all. a few months ago i performed smitfraudfix and thought it had done the job but my computer has been deteriorating in performance and shutting programmes down randomly, crashing often and making everything look bigger (like in safemode) amongst other things. spybot comes up with 8 smitfraud-c. i ran the kaspersky but it wouldnt allow me to see the full log report or copy it (i have no idea why) but it did locate three viruses.
i have tried super-antispyware and norton but they dont locate the viruses! i dont know what else to do.
here is the HJT log.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:26:14, on 29/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sky.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided By Sky Broadband
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
O4 - HKLM\..\Run: [Desktop SMS] C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe /auto
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: Bluetooth Monitor.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com (file missing)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?EN (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/VistaMSNPUplden-gb.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 12069 bytes
apologies for my illiterate computer speak!
and thank you in advance for any help/advice you may give :)
Hi helpmuchappreciated!
Download Deckard's System Scanner (DSS) (http://www.techsupportforum.com/sectools/Deckard/dss.exe) to your Desktop. Note: You must be logged onto an account with administrator privileges.
Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt to your post.
helpmuchappreciated!
2008-05-30, 21:50
Deckard's System Scanner v20071014.68
Run by Sam on 2008-05-30 19:38:51
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- Last 5 Restore Point(s) --
16: 2008-05-30 11:34:17 UTC - RP182 - Windows Update
15: 2008-05-29 13:33:59 UTC - RP181 - Shockwave Player
14: 2008-05-29 10:36:26 UTC - RP179 - Windows Update
13: 2008-05-28 22:39:09 UTC - RP178 - Windows Update
12: 2008-05-23 08:20:55 UTC - RP177 - Windows Update
-- First Restore Point --
1: 2008-04-24 13:30:54 UTC - RP166 - Installed Minitab 15 English.
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Sam.exe) -------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:44:16, on 30/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Users\Sam\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Sam.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sky.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided By Sky Broadband
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
O4 - HKLM\..\Run: [Desktop SMS] C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe /auto
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: Bluetooth Monitor.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com (file missing)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?EN (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/VistaMSNPUplden-gb.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 11944 bytes
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 SASDIFSV - \??\c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - \??\c:\program files\superantispyware\saskutil.sys
R1 StarOpen - c:\windows\system32\drivers\staropen.sys
S3 SASENUM - \??\c:\program files\superantispyware\sasenum.sys
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 CFSvcs (ConfigFree Service) - c:\program files\toshiba\configfree\cfsvcs.exe <Not Verified; TOSHIBA CORPORATION; ConfigFree(TM)>
R2 TODDSrv (TOSHIBA Optical Disc Drive Service) - c:\windows\system32\toddsrv.exe <Not Verified; TOSHIBA Corporation; TDCSrv Application>
R3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>
-- Device Manager: Disabled ----------------------------------------------------
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{DB1D8F12-95F3-402C-9B97-BC504C9A55C4}_LOCALMFG&000A\7&2EBCDE6F&0&001D257EE815_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{DB1D8F12-95F3-402C-9B97-BC504C9A55C4}_LOCALMFG&000A\7&2EBCDE6F&0&001D257EE815_C00000000
Service:
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: Nokia N73
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia N73
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd
-- Scheduled Tasks -------------------------------------------------------------
2008-04-18 21:07:53 484 --a------ C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Sam.job
-- Files created between 2008-04-30 and 2008-05-30 -----------------------------
2008-05-29 17:25:41 0 d-------- C:\Program Files\Trend Micro
2008-05-29 15:29:46 0 d-------- C:\Windows\system32\Kaspersky Lab
2008-05-29 14:34:24 0 d-------- C:\Windows\system32\Adobe
2008-05-23 14:19:09 0 d-------- C:\Program Files\Supple -- Episode 1
2008-05-14 14:52:44 0 d-------- C:\Program Files\Buildalot 2 Town Of The Year
-- Find3M Report ---------------------------------------------------------------
2008-05-30 13:34:17 1709 --a------ C:\Windows\bthservsdp.dat
2008-05-29 14:39:10 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-29 12:49:57 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-05-23 11:00:41 0 d-------- C:\Program Files\Games
2008-05-23 10:44:41 0 d-------- C:\Program Files\Alawar
2008-05-22 21:26:38 130923 --a------ C:\Windows\hpoins18.dat
2008-05-15 03:02:27 0 d-------- C:\Program Files\Windows Mail
2008-04-24 14:32:44 0 d-------- C:\Program Files\Minitab 15
2008-04-24 14:32:21 0 d-------- C:\Program Files\Common Files\InstallShield
2008-04-17 20:49:55 0 d-------- C:\Program Files\HP
2008-04-17 20:48:52 0 d-------- C:\Program Files\Common Files\HP
2008-04-17 20:45:15 0 d-------- C:\Program Files\Common Files
2008-04-17 20:45:15 0 d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-04-17 20:45:13 0 d-------- C:\Program Files\Hewlett-Packard
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [30/09/2007 14:41]
"RtHDVCpl"="RtHDVCpl.exe" [18/01/2007 14:46 C:\Windows\RtHDVCpl.exe]
"TPwrMain"="C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE" [20/12/2006 00:16]
"HSON"="C:\Program Files\TOSHIBA\TBS\HSON.exe" [07/12/2006 17:49]
"SmoothView"="C:\Program Files\Toshiba\SmoothView\SmoothView.exe" [29/01/2007 12:43]
"00TCrdMain"="C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe" [17/01/2007 14:46]
"KeNotify"="C:\Program Files\TOSHIBA\Utilities\KeNotify.exe" [06/11/2006 18:14]
"HWSetup"="C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" [01/11/2006 09:06]
"SVPWUTIL"="C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe" [01/11/2006 12:08]
"NDSTray.exe"="NDSTray.exe" []
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [24/10/2006 22:08]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [27/10/2006 00:18]
"topi"="C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe" [02/03/2007 15:10]
"Desktop SMS"="C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe" [19/01/2007 14:25]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [13/01/2007 09:40]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [13/01/2007 09:40]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [13/01/2007 09:40]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [02/02/2007 13:36]
"Toshiba Registration"="C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe" [19/02/2007 15:00]
"Camera Assistant Software"="C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" [13/02/2007 09:30]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [12/03/2007 18:30]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [29/06/2007 06:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [26/09/2007 14:42]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [18/06/2007 15:10]
"4oD"="C:\Program Files\Kontiki\KHost.exe" [23/04/2007 12:23]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [09/03/2007 12:09]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [10/12/2006 21:52]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 22:16]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [10/01/2008 09:36]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [13/11/2006 10:06]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [02/11/2006 13:35]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [19/01/2007 12:54]
"@"="" []
"kdx"="C:\Program Files\Kontiki\KHost.exe" [23/04/2007 12:23]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [02/11/2006 13:36]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [29/09/2007 09:09]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [11/09/2006 04:40]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Monitor.lnk - C:\Program Files\TOSHIBA\Bluetooth Monitor\BtMon2.exe [31/10/2007 15:50:19]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [02/01/2007 21:40:10]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [20/12/2006 14:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19/04/2007 14:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
bthsvcs BthServ
HPZ12 Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt hpqcxs08 hpqddsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{77da125c-175b-11dd-b6e2-00037ad999f1}]
Auto\command- auto.exe
AutoRun\command- C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8458dddd-77e0-11dc-91d4-0016d4f65d37}]
Auto\command- auto.exe
AutoRun\command- C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e57110ba-96ca-11dc-826c-00037ad999f1}]
Auto\command- auto.exe
AutoRun\command- C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe
*Newly Created Service* - COMHOST
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
-- End of Deckard's System Scanner: finished at 2008-05-30 19:46:25 ------------
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft® Windows Vista™ Home Premium (build 6000)
Architecture: X86; Language: English
CPU 0: Intel(R) Core(TM)2 CPU T7200 @ 2.00GHz
Percentage of Memory in Use: 43%
Physical Memory (total/avail): 2045.5 MiB / 1153.32 MiB
Pagefile Memory (total/avail): 4307.73 MiB / 3130.18 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1914.79 MiB
C: is Fixed (NTFS) - 93.16 GiB total, 52.42 GiB free.
D: is Fixed (NTFS) - 186.31 GiB total, 186.22 GiB free.
F: is Fixed (NTFS) - 91.69 GiB total, 91.6 GiB free.
G: is CDROM (No Media)
\\.\PHYSICALDRIVE0 - TOSHIBA MK2035GSS ATA Device - 186.31 GiB - 3 partitions
\PARTITION0 - Unknown - 1500 MiB
\PARTITION1 (bootable) - Installable File System - 93.16 GiB - C:
\PARTITION2 - Installable File System - 91.69 GiB - F:
\\.\PHYSICALDRIVE1 - TOSHIBA MK2035GSS ATA Device - 186.31 GiB - 1 partition
\PARTITION0 - Extended w/Extended Int 13 - 186.31 GiB - D:
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.
FW: Norton Internet Security v2007 (Symantec Corporation)
AV: Norton Internet Security v2007 (Symantec Corporation) Outdated
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)
AS: Norton Internet Security v2007 (Symantec Corporation) Disabled Outdated
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Sam\AppData\Roaming
CLASSPATH=.;C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=SAM-PC
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Sam
LOCALAPPDATA=C:\Users\Sam\AppData\Local
LOGONSERVER=\\SAM-PC
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\PC Connectivity Solution\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Samsung\Samsung PC Studio 3\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f06
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\Sam\AppData\Local\Temp
TMP=C:\Users\Sam\AppData\Local\Temp
USERDOMAIN=Sam-PC
USERNAME=Sam
USERPROFILE=C:\Users\Sam
windir=C:\Windows
-- User Profiles ---------------------------------------------------------------
Sam
-- Add/Remove Programs ---------------------------------------------------------
--> "C:\Program Files\InstallShield Installation Information\{A644254B-92F6-4970-8635-AB0775371E72}\setup.exe" --u:{A644254B-92F6-4970-8635-AB0775371E72}
--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{622E6F16-0904-49B6-BBE1-4CC836314CCF}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{697AFC77-F318-4CD4-BF16-F50F4C1072DA}\setup.exe" -l0x9
32 Bit HP CIO Components Installer --> MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
4oD --> MsiExec.exe /I {8B7443F5-E141-42A0-AB61-ED2331AAD606}
Activation Assistant for the 2007 Microsoft Office suites --> "C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player 11 --> C:\Windows\system32\adobe\SHOCKW~1\UNWISE.EXE C:\Windows\system32\Adobe\SHOCKW~1\Install.log
Adobe® Photoshop® Album Starter Edition 3.2 --> MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Apple Mobile Device Support --> MsiExec.exe /I{3EBD3749-304E-4A4C-9575-C00E5F015217}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
AV --> MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}
Big City Adventure SF (remove only) --> "C:\Program Files\Games\Big City Adventure SF\Uninstall.exe"
Bluetooth Monitor 3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{61539202-097E-487E-9237-B291AB56D54C}\setup.exe" -l0x9 -removeonly
Buildalot --> "C:\Program Files\Buildalot\ReflexiveArcade\unins000.exe"
Buildalot 2 Town Of The Year --> "C:\Program Files\Buildalot 2 Town Of The Year\ReflexiveArcade\unins000.exe"
Camera Assistant Software for Toshiba --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{37C866E4-AA67-4725-9E95-A39968DD7960}\setup.exe" -l0x9
ccCommon --> MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
CD/DVD Drive Acoustic Silencer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}\setup.exe" -l0x9
Chocolatier --> "C:\Program Files\Chocolatier\ReflexiveArcade\unins000.exe"
Desktop SMS --> MsiExec.exe /I{5980B928-1C95-4B3E-957B-B02D8147FF9E}
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Doggie Dash --> "C:\Program Files\Doggie Dash\ReflexiveArcade\unins000.exe"
DVD MovieFactory for TOSHIBA --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}\setup.exe" -l0x9
Escape From Paradise --> "C:\Program Files\Escape From Paradise\ReflexiveArcade\unins000.exe"
Fab Fashion --> "C:\Program Files\Fab Fashion\ReflexiveArcade\unins000.exe"
Farm Frenzy --> C:\Program Files\Alawar\FarmFrenzy\Uninstall.exe
Fashion Boutique --> "C:\Program Files\Fashion Boutique\ReflexiveArcade\unins000.exe"
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Home Sweet Home --> "C:\Program Files\Home Sweet Home\ReflexiveArcade\unins000.exe"
HP Customer Participation Program 8.0 --> C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Imaging Device Functions 8.0 --> C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP OCR Software 8.0 --> C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
HP Photosmart Essential --> MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}
HP Photosmart.All-In-One Driver Software 8.0 .A --> C:\Program Files\HP\Digital Imaging\{282E5AB2-8E47-4571-B6FA-6B512555B557}\setup\hpzscr01.exe -datfile hposcr18.dat -onestop -showdisconnect -forcereboot
HP Solution Center 8.0 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update --> MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
HPSSupply --> MsiExec.exe /X{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}
iTunes --> MsiExec.exe /I{B045B608-4A47-4C77-9EAD-06C394503306}
Java(TM) SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
Kaspersky Online Scanner --> C:\Windows\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Kindergarten --> MsiExec.exe /I{E131056C-7634-4DB8-9AFB-025BA0DA5B4E}
LimeWire 4.14.10 --> "C:\Program Files\LimeWire\uninstall.exe"
Little Shop Big City --> "C:\Program Files\Little Shop Big City\ReflexiveArcade\unins000.exe"
LiveUpdate 3.2 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LiveUpdate Notice (Symantec Corporation) --> MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Microsoft Digital Image Starter Edition 2006 --> "C:\Program Files\Common Files\Microsoft Shared\Picture It!\RmvSuite.exe" ADDREMOVE=1 SKU=TRIAL VERSION=12
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007 --> MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Works --> MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Minitab 15 English --> MsiExec.exe /I{4AAC5AE8-EDE6-44D4-AA87-E90870178FDC}
MSRedist --> MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69}
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
myphotobook 3.1 --> C:\Program Files\myphotobook\uninst.exe
Nokia Connectivity Cable Driver --> MsiExec.exe /X{11964613-805F-432D-A12B-169554B793E7}
Nokia PC Suite --> C:\ProgramData\Installations\{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}\Nokia_PC_Suite_6_84_10_3_eng_web[1].exe
Nokia PC Suite --> MsiExec.exe /I{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}
Norton AntiVirus --> MsiExec.exe /X{830D8CBD-C668-49e2-A969-C2C2106332E0}
Norton Confidential Browser Component --> MsiExec.exe /I{4843B611-8FCB-4428-8C23-31D0A5EAE164}
Norton Confidential Web Protection Component --> MsiExec.exe /I{D353CC51-430D-4C6F-9B7E-52003DA1E05A}
Norton Internet Security --> MsiExec.exe /I{3672B097-EA69-4bfe-B92F-29AE6D9D2B34}
Norton Internet Security --> MsiExec.exe /I{48185814-A224-447A-81DA-71BD20580E1B}
Norton Internet Security --> MsiExec.exe /I{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}
Norton Internet Security --> MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton Internet Security --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton Internet Security (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}_10_1_0_26\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}.exe" /X
Norton Protection Center --> MsiExec.exe /I{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}
NVIDIA Drivers --> C:\Windows\system32\NVUNINST.EXE UninstallGUI
Paradise Pet Salon --> "C:\Program Files\Paradise Pet Salon\ReflexiveArcade\unins000.exe"
PC Connectivity Solution --> MsiExec.exe /I{99A40651-0BC2-4095-8F9A-A40FAB224FEF}
Plantasia --> "C:\Program Files\Plantasia\ReflexiveArcade\unins000.exe"
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista --> C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x0009 -removeonly
Realtek High Definition Audio Driver --> RtlUpd.exe -r -m
SAMSUNG Mobile Modem Driver Set --> C:\Windows\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
Samsung Mobile phone USB driver Software --> C:\Windows\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software --> C:\Windows\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software --> C:\Windows\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung PC Studio 3 --> "C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -runfromtemp -l0x0009 -removeonly
Samsung PC Studio 3 USB Driver Installer --> "C:\Program Files\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -runfromtemp -l0x0009 -removeonly
Security Update for Excel 2007 (KB946974) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Office 2007 (KB934062) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33}
Security Update for Office 2007 (KB947801) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for the 2007 Microsoft Office System (KB936960) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5E5BD655-7AA9-47F9-BB6D-A1D8CE29AC86}
Security Update for Visio 2007 (KB947590) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Sky Broadband --> MsiExec.exe /I{14C35072-D7D0-4B29-B5BF-C94E426D77E9}
SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spybot - Search & Destroy 1.5.2.20 --> "C:\Windows\unins000.exe"
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Supple -- Episode 1 (remove only) --> "C:\Program Files\Supple -- Episode 1\Uninstall.exe"
SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Texas Instruments PCIxx21/x515/xx12 drivers. --> C:\Program Files\InstallShield Installation Information\{0409969E-BEFB-44D3-90B9-63BE50FBAE5E}\setup.exe -runfromtemp -l0x0409
The Apprentice Los Angeles --> "C:\Program Files\The Apprentice Los Angeles\ReflexiveArcade\unins000.exe"
TOSHIBA Assist --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{12B3A009-A080-4619-9A2A-C6DB151D8D67}\setup.exe" -l0x9
TOSHIBA ConfigFree --> C:\Program Files\InstallShield Installation Information\{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}\setup.exe -runfromtemp -l0x0009uninstall -removeonly
TOSHIBA Disc Creator --> MsiExec.exe /X{5DA0E02F-970B-424B-BF41-513A5018E4C0}
TOSHIBA Extended Tiles for Windows Mobility Center --> C:\Program Files\InstallShield Installation Information\{617C36FD-0CBE-4600-84B2-441CEB12FADF}\setup.exe -runfromtemp -l0x0409
TOSHIBA Flash Cards Support Utility --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{620BBA5E-F848-4D56-8BDA-584E44584C5E}
TOSHIBA Hardware Setup --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{5279374D-87FE-4879-9385-F17278EBB9D3} /l1033
Toshiba Online Product Information --> C:\Program Files\InstallShield Installation Information\{2290A680-4083-410A-ADCC-7092C67FC052}\setup.exe -runfromtemp -l0x0009 -removeonly
TOSHIBA SD Memory Utilities --> MsiExec.exe /X{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}
TOSHIBA Software Modem --> Tosmreg -U
TOSHIBA Supervisor Password --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE} /l1033
TOSHIBA Value Added Package --> C:\Program Files\InstallShield Installation Information\{FEDD27A0-B306-45EF-BF58-B527406B42C8}\setup.exe -runfromtemp -l0x0409
Update for Office 2007 (KB932080) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7}
Update for Office 2007 (KB934391) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B3091818-7C56-4C45-BE7D-CA23027A5EA5}
Update for Office 2007 (KB946691) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Office System 2007 Setup (KB929722) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {D8E9BEBD-655F-467D-8176-CA9959C140A3}
VeohTV BETA --> C:\Program Files\InstallShield Installation Information\{C35BF80A-6284-485E-AE18-023AA8C43185}\setup.exe -runfromtemp -l0x0409
Virtual Farm --> C:\Program Files\Alawar\VirtualFarm\Uninstall.exe
Virtual Villagers 2 --> "C:\Program Files\Virtual Villagers 2\ReflexiveArcade\unins000.exe"
Windows Driver Package - Nokia (WUDFRd) WPD (06/01/2007 6.84.33.0) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\pccswpddriver.inf_a419b392\pccswpddriver.inf
Windows Driver Package - Nokia Modem (02/15/2007 3.1) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\pccs_bluetooth.inf_48f6f624\pccs_bluetooth.inf
Windows Driver Package - Nokia Modem (02/15/2007 3.1) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\pccs_bluetooth.inf_51d2d3e1\pccs_bluetooth.inf
Windows Driver Package - Nokia Modem (05/24/2007 6.84.0.1) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokbtmdm.inf_e5643fdd\nokbtmdm.inf
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Encoder 9 Series --> msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series --> MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
WinDVD for TOSHIBA --> C:\Program Files\InstallShield Installation Information\{20471B27-D702-4FE8-8DEC-0702CC8C0A85}\setup.exe -runfromtemp -l0x0409
-- Application Event Log -------------------------------------------------------
Event Record #/Type48953 / Success
Event Submitted/Written: 05/30/2008 05:11:50 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.
Event Record #/Type48920 / Success
Event Submitted/Written: 05/30/2008 04:54:29 PM
Event ID/Source: 5617 / WinMgmt
Event Description:
Event Record #/Type48919 / Success
Event Submitted/Written: 05/30/2008 04:54:28 PM
Event ID/Source: 5615 / WinMgmt
Event Description:
Event Record #/Type48911 / Success
Event Submitted/Written: 05/30/2008 04:53:50 PM
Event ID/Source: 902 / Software Licensing Service
Event Description:
The Software Licensing service has started.
Event Record #/Type48888 / Warning
Event Submitted/Written: 05/30/2008 01:34:16 PM
Event ID/Source: 1530 / profsvc
Event Description:
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.
DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-3992167956-3564777354-167308282-1000_Classes:
Process 1024 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3992167956-3564777354-167308282-1000_CLASSES
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type122792 / Warning
Event Submitted/Written: 05/30/2008 04:54:15 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0013E82434CF. The following error occurred:
%%121. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
Event Record #/Type122783 / Warning
Event Submitted/Written: 05/30/2008 04:53:23 PM
Event ID/Source: 5014 / NETw4v32
Event Description:
Intel(R) Wireless WiFi Link 4965AGN : The driver cannot function because the network adapter is disabled.
Event Record #/Type122778 / Warning
Event Submitted/Written: 05/30/2008 01:34:17 PM
Event ID/Source: 4001 / Microsoft-Windows-WLAN-AutoConfig
Event Description:
Event Record #/Type122728 / Error
Event Submitted/Written: 05/30/2008 00:28:46 PM
Event ID/Source: 10010 / DCOM
Event Description:
{60C70E11-2B08-4798-B366-C8450CDA7B1A}
Event Record #/Type122617 / Warning
Event Submitted/Written: 05/30/2008 00:25:04 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0013E82434CF. The following error occurred:
%%121. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
-- End of Deckard's System Scanner: finished at 2008-05-30 19:46:25 ------------
here you go, thank you :)
Hi
Is Norton Internet Security outdated?
helpmuchappreciated!
2008-05-31, 22:39
hi,
yep, it is, about 4 months i think.
Hi
Thanks for the info.
We'll replace it then a bit later.
Please post next spybot report :)
helpmuchappreciated!
2008-06-01, 20:23
--- Search result list ---
Smitfraud-C.gp: [SBI $225AF6A8] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{19A236AD-F37B-40A8-A11A-7E9ABFD56CB0}
Smitfraud-C.gp: [SBI $239C8A88] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{8955B427-6C0C-413E-A0A7-0DC2948ADA3D}
Smitfraud-C.gp: [SBI $4C9A9310] Type library (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{BE1A8EBF-5AC3-488E-8226-F38C167B6C5F}
Smitfraud-C.gp: [SBI $1D8C0231] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{A0E1B3BA-3D8E-456B-BCC5-163B09308240}
Smitfraud-C.gp: [SBI $287118A1] Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{7586FC82-2EF8-4731-BAE1-22607AC0CC4A}
Smitfraud-C.gp: [SBI $332EA017] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{02A78E77-525D-4AF0-A822-CD04678CD638}
Smitfraud-C.gp: [SBI $87A65E00] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{0B141181-E967-42FD-AD64-52F283E12AAB}
Smitfraud-C.gp: [SBI $DB7C55CC] Type library (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{7B0446D3-68BB-4A03-B907-EEE372655460}
MediaPlex: Tracking cookie (Internet Explorer: Sam) (Cookie, nothing done)
DoubleClick: Tracking cookie (Internet Explorer: Sam) (Cookie, nothing done)
--- Spybot - Search & Destroy version: 1.5.2 (build: 20080128) ---
2008-01-28 blindman.exe (1.0.0.7)
2008-01-28 SDDelFile.exe (1.0.2.4)
2008-01-28 SDMain.exe (1.0.0.5)
2008-01-28 SDUpdate.exe (1.0.8.8)
2008-01-28 SDWinSec.exe (1.0.0.11)
2008-01-28 SpybotSD.exe (1.5.2.20)
2008-01-28 TeaTimer.exe (1.5.2.16)
2008-02-15 unins000.exe (51.49.0.0)
2008-01-28 Update.exe (1.4.0.6)
2008-01-28 advcheck.dll (1.5.4.5)
2007-04-02 aports.dll (2.1.0.0)
2007-11-17 DelZip179.dll (1.79.7.4)
2008-01-28 SDFiles.dll (1.5.1.19)
2008-01-28 SDHelper.dll (1.5.0.11)
2008-01-28 Tools.dll (2.1.3.3)
2008-04-16 Includes\Adware.sbi (*)
2008-05-28 Includes\AdwareC.sbi (*)
2008-05-28 Includes\Cookies.sbi (*)
2007-12-26 Includes\Dialer.sbi (*)
2008-05-28 Includes\DialerC.sbi (*)
2008-05-28 Includes\HeavyDuty.sbi (*)
2008-05-28 Includes\Hijackers.sbi (*)
2008-05-28 Includes\HijackersC.sbi (*)
2008-04-30 Includes\Keyloggers.sbi (*)
2008-05-28 Includes\KeyloggersC.sbi (*)
2008-05-28 Includes\Malware.sbi (*)
2008-05-28 Includes\MalwareC.sbi (*)
2008-03-26 Includes\PUPS.sbi (*)
2008-05-28 Includes\PUPSC.sbi (*)
2008-05-28 Includes\Revision.sbi (*)
2008-01-09 Includes\Security.sbi (*)
2008-05-28 Includes\SecurityC.sbi (*)
2008-04-16 Includes\Spybots.sbi (*)
2008-05-28 Includes\SpybotsC.sbi (*)
2008-04-16 Includes\Spyware.sbi (*)
2008-05-28 Includes\SpywareC.sbi (*)
2007-11-06 Includes\Tracks.uti
2008-05-28 Includes\Trojans.sbi (*)
2008-05-28 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2008-12-24 Plugins\TCPIPAddress.dll
--- System information ---
Windows Vista (Build: 6000) (6.0.6000)
--- Startup entries list ---
Located: HK_LM:Run, 00TCrdMain
command: %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
file: C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
size: 534648
MD5: A84D5D03F00577E511A79C6AA4207C7E
Located: HK_LM:Run, 4oD
command: "C:\Program Files\Kontiki\KHost.exe" -all
file: C:\Program Files\Kontiki\KHost.exe
size: 1032640
MD5: B5569B12E8FF9A71837C57E7C195169F
Located: HK_LM:Run, Adobe Photo Downloader
command: "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
file: C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
size: 63712
MD5: FC9E59FE8BC4FE05382CFF5C8FC59DE1
Located: HK_LM:Run, Adobe Reader Speed Launcher
command: "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
file: C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
size: 39792
MD5: 8B9145D229D4E89D15ACB820D4A3A90F
Located: HK_LM:Run, ALUAlert
command: C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe
file: C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe
size: 492912
MD5: AE75328877578EABA536C9A7AEDAFFB3
Located: HK_LM:Run, Camera Assistant Software
command: "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe"
file: C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
size: 405504
MD5: 1A9D08B7017D50CC1A1E285C25FC1BD4
Located: HK_LM:Run, ccApp
command: "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
file: C:\Program Files\Common Files\Symantec Shared\ccApp.exe
size: 107112
MD5: D12509C433C20D2818E8C03C401A256F
Located: HK_LM:Run, Desktop SMS
command: C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe /auto
file: C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe
size: 1507328
MD5: 3002FD13C829CE65E75451516EA12312
Located: HK_LM:Run, HP Software Update
command: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
file: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
size: 49152
MD5: B93C4070F24E46B0097648C276B5039E
Located: HK_LM:Run, HSON
command: %ProgramFiles%\TOSHIBA\TBS\HSON.exe
file: C:\Program Files\TOSHIBA\TBS\HSON.exe
size: 55416
MD5: 15058804D8A48C67C007DD1D797CC72A
Located: HK_LM:Run, HWSetup
command: C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
file: C:\Program Files\TOSHIBA\Utilities\HWSetup.exe
size: 413696
MD5: 910B7CFD6E23D6E0A7370525B5AE5B7A
Located: HK_LM:Run, iTunesHelper
command: "C:\Program Files\iTunes\iTunesHelper.exe"
file: C:\Program Files\iTunes\iTunesHelper.exe
size: 267064
MD5: 7BD9F0839E7F55DD66D3F9CE9C61D810
Located: HK_LM:Run, KeNotify
command: C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
file: C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
size: 34352
MD5: AFD400AEBCAB252C99E60991FF00D9D2
Located: HK_LM:Run, NDSTray.exe
command: NDSTray.exe
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, NvCplDaemon
command: RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, NvMediaCenter
command: RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, NvSvc
command: RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, osCheck
command: "C:\Program Files\Norton Internet Security\osCheck.exe"
file: C:\Program Files\Norton Internet Security\osCheck.exe
size: 22696
MD5: 9F9169BA9B0E44B6C86A5247CEC2CDEE
Located: HK_LM:Run, PCSuiteTrayApplication
command: C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
file: C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
size: 271360
MD5: BC41EF142D76F423CF1CF261201D5623
Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
file: C:\Program Files\QuickTime\QTTask.exe
size: 286720
MD5: 49CCFBE5D5225B9D3CC78C09DEE147D0
Located: HK_LM:Run, RtHDVCpl
command: RtHDVCpl.exe
file: C:\Windows\RtHDVCpl.exe
size: 4349952
MD5: 5AA97A008CD2509C73A45AF6ACE95BF4
Located: HK_LM:Run, SmoothView
command: %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
file: C:\Program Files\Toshiba\SmoothView\SmoothView.exe
size: 509496
MD5: 67832E5A6C71FB1073FE81A9E98C6547
Located: HK_LM:Run, SVPWUTIL
command: C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
file: C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe
size: 438272
MD5: 91B08AF242B44CD46F15C96AE3354145
Located: HK_LM:Run, Symantec PIF AlertEng
command: "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
file: C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
size: 517768
MD5: C837D17DE0B349539AA527EE750EBE2A
Located: HK_LM:Run, SynTPEnh
command: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
file: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
size: 835584
MD5: 50FF5BE3A2CDB6F11378307C2F732CBA
Located: HK_LM:Run, topi
command: C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
file: C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe
size: 577536
MD5: 9210416290A8DAAF11F66D4118F83FD4
Located: HK_LM:Run, Toshiba Registration
command: C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
file: C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
size: 571024
MD5: F466CA13D7025A3D53AB2A905D345819
Located: HK_LM:Run, TPwrMain
command: %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
file: C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE
size: 411768
MD5: 424C1ADB34F9F1B2BC947D8BF0D5FBE3
Located: HK_LM:Run, Windows Defender
command: %ProgramFiles%\Windows Defender\MSASCui.exe -hide
file: C:\Program Files\Windows Defender\MSASCui.exe
size: 1006264
MD5: 9AD9E2FB2811123DA13DE84CC154AB77
Located: HK_CU:Run, Nokia.PCSync
where: .DEFAULT...
command: C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
file: C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
size: 1241088
MD5: 9D7EEE677B52A04A536481AD2CBEAA61
Located: HK_CU:Run,
where: S-1-5-21-3992167956-3564777354-167308282-1000...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:Run, ehTray.exe
where: S-1-5-21-3992167956-3564777354-167308282-1000...
command: C:\Windows\ehome\ehTray.exe
file: C:\Windows\ehome\ehTray.exe
size: 125440
MD5: 2E0953919779A44BF9DFB7B07C58535A
Located: HK_CU:Run, ISUSPM
where: S-1-5-21-3992167956-3564777354-167308282-1000...
command: "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
file: C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
size: 218032
MD5: 43D083268A0919F3527A2837390BAF63
Located: HK_CU:Run, kdx
where: S-1-5-21-3992167956-3564777354-167308282-1000...
command: C:\Program Files\Kontiki\KHost.exe -all
file: C:\Program Files\Kontiki\KHost.exe
size: 1032640
MD5: B5569B12E8FF9A71837C57E7C195169F
Located: HK_CU:Run, MsnMsgr
where: S-1-5-21-3992167956-3564777354-167308282-1000...
command: "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
file: C:\Program Files\MSN Messenger\MsnMsgr.Exe
size: 5674352
MD5: C4281AD865739E71FD1E4DAC19A68D60
Located: HK_CU:Run, Sidebar
where: S-1-5-21-3992167956-3564777354-167308282-1000...
command: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
file: C:\Program Files\Windows Sidebar\sidebar.exe
size: 1232896
MD5: 582F3A0BA61D8F0D50C66B592808B6D6
Located: HK_CU:Run, swg
where: S-1-5-21-3992167956-3564777354-167308282-1000...
command: C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
file: C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
size: 171448
MD5: 0FA44EA8B03ABA3E1D240B5A333D8E6A
Located: HK_CU:Run, TOSCDSPD
where: S-1-5-21-3992167956-3564777354-167308282-1000...
command: C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
file: C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
size: 413696
MD5: C26941848B7BA93ED276325D55F18E26
Located: HK_CU:Run, WMPNSCFG
where: S-1-5-21-3992167956-3564777354-167308282-1000...
command: C:\Program Files\Windows Media Player\WMPNSCFG.exe
file: C:\Program Files\Windows Media Player\WMPNSCFG.exe
size: 201728
MD5: 20EF9002CFF89C4C1077E4415EC7297B
Located: HK_CU:Run, Nokia.PCSync
where: S-1-5-18...
command: C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
file: C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
size: 1241088
MD5: 9D7EEE677B52A04A536481AD2CBEAA61
Located: Startup (common), Bluetooth Monitor.lnk
where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files\TOSHIBA\Bluetooth Monitor\BtMon2.exe
file: C:\Program Files\TOSHIBA\Bluetooth Monitor\BtMon2.exe
size: 69632
MD5: C1B9C6E5C85727DE313636956CBF25DE
Located: Startup (common), HP Digital Imaging Monitor.lnk
where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
file: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
size: 210520
MD5: 1BA45CDEF852381DA4A95D056DDB4B48
Located: WinLogon, !SASWinLogon
command: C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
file: C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
--- Browser helper object list ---
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Adobe PDF Reader Link Helper
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll
info link: http://www.adobe.com/products/acrobat/readstep2.html
info source: TonyKlein
Path: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\
Long name: AcroIEHelper.dll
Short name: ACROIE~1.DLL
Date (created): 22/10/2006 23:08:42
Date (last access): 29/05/2008 14:39:12
Date (last write): 22/10/2006 23:08:42
Filesize: 62080
Attributes: archive
MD5: C11F6A1F61481E24BE3FDC06EA6F7D2A
CRC32: E388508F
Version: 8.0.0.456
{1E8A6170-7264-4D0F-BEAE-D42A53123C75} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:
Path: C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\
Long name: NppBHO.dll
Short name:
Date (created): 23/10/2006 21:34:00
Date (last access): 07/03/2007 18:26:20
Date (last write): 23/10/2006 21:34:00
Filesize: 96984
Attributes: readonly archive
MD5: 57E8CF524AFF1D945AABD65B9AAA8075
CRC32: EA607DA7
Version: 2007.1.3.6
{53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Spybot-S&D IE Protection
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\PROGRA~1\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 15/02/2008 21:18:08
Date (last access): 15/02/2008 21:18:08
Date (last write): 28/01/2008 12:43:28
Filesize: 1554256
Attributes: archive
MD5: 5248E02EFBCB64D328647CD00E384B85
CRC32: C1B426A9
Version: 1.5.0.11
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: SSVHelper Class
Path: C:\Program Files\Java\jre1.6.0\bin\
Long name: ssv.dll
Short name:
Date (created): 07/03/2007 17:33:00
Date (last access): 07/03/2007 17:33:00
Date (last write): 07/03/2007 17:33:00
Filesize: 501384
Attributes: archive
MD5: C647547F1BB66FA0BE237CAFC49EA5F9
CRC32: C4215F57
Version: 6.0.0.104
{7E853D72-626A-48EC-A868-BA8D5E23E045} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:
{AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Google Toolbar Helper
description: Google toolbar
classification: Open for discussion
known filename: googletoolbar.dll<br>googletoolbar*.dll<br>(* = number)<br>googletoolbar_en_*.**-big.dll<br>Googletoolbar_en_*.*.**-deleon.dll
info link: http://toolbar.google.com/
info source: TonyKlein
Path: c:\program files\google\
Long name: GoogleToolbar1.dll
Short name: GOOGLE~1.DLL
Date (created): 29/09/2007 09:09:24
Date (last access): 29/09/2007 09:09:24
Date (last write): 29/09/2007 09:09:22
Filesize: 2403392
Attributes: readonly archive
MD5: 52DEC141D5FF9A4DD7843C7D4414E4A6
CRC32: 34C22780
Version: 4.0.1601.4978
--- ActiveX list ---
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object)
DPF name:
CLSID name: CKAVWebScan Object
Installer: C:\Windows\Downloaded Program Files\kavwebscan.inf
Codebase: http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
description:
classification: Legitimate
known filename:
info link:
info source: Safer Networking Ltd.
Path: C:\Windows\system32\Kaspersky Lab\Kaspersky Online Scanner\
Long name: kavwebscan.dll
Short name: KAVWEB~1.DLL
Date (created): 29/08/2007 15:49:54
Date (last access): 29/08/2007 15:49:54
Date (last write): 29/08/2007 15:49:54
Filesize: 950272
Attributes: archive
MD5: BC915C49931CE46222F9B0A7EFB56CEE
CRC32: 11048171
Version: 5.0.98.0
{166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control)
DPF name:
CLSID name: Shockwave ActiveX Control
Installer: C:\Windows\Downloaded Program Files\setup.inf
Codebase: http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
description: Macromedia ShockWave Flash Player 7
classification: Legitimate
known filename: SWDIR.DLL
info link:
info source: Patrick M. Kolla
Path: C:\Windows\system32\Adobe\Director\
Long name: SwDir.dll
Short name:
Date (created): 29/05/2008 14:35:10
Date (last access): 29/05/2008 14:35:10
Date (last write): 19/03/2008 19:36:22
Filesize: 202168
Attributes: archive
MD5: 284259B6EB9901B8978B78AFC5514627
CRC32: 6C37B749
Version: 11.0.0.429
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool)
DPF name:
CLSID name: MSN Photo Upload Tool
Installer: C:\Windows\Downloaded Program Files\MSNPUpld.inf
Codebase: http://gfx1.hotmail.com/mail/w2/resources/VistaMSNPUplden-gb.cab
description:
classification: Legitimate
known filename: MsnPUpld.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Windows\Downloaded Program Files\
Long name: MsnPUpld.dll
{5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control)
DPF name:
CLSID name: Facebook Photo Uploader 4 Control
Installer: C:\Windows\Downloaded Program Files\ImageUploader4.inf
Codebase: http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
Path: C:\Windows\Downloaded Program Files\
Long name: ImageUploader4.ocx
{6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager)
DPF name:
CLSID name: HP Download Manager
Installer: C:\Windows\Downloaded Program Files\HPDEXAXO.inf
Codebase: https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
Path: C:\Windows\Downloaded Program Files\
Long name: HPDEXAXO.dll
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} ()
DPF name:
CLSID name:
Installer: C:\Windows\Downloaded Program Files\erma.inf
Codebase: http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
description:
classification: Open for discussion
known filename:
info link:
info source: Safer Networking Ltd.
{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class)
DPF name:
CLSID name: get_atlcom Class
Installer: C:\Windows\Downloaded Program Files\gp.inf
Codebase: http://www.adobe.com/products/acrobat/nos/gp.cab
Path: C:\Windows\Downloaded Program Files\
Long name: gp.ocx
--- Process list ---
PID: 2092 (1160) C:\Windows\system32\Dwm.exe
size: 83456
MD5: E87B968F3D49117445893EB0503FE34F
PID: 2124 (1176) C:\Windows\system32\taskeng.exe
size: 166400
MD5: 1226E9FAE5B8508801EC974E3C9D9C14
PID: 2152 (2076) C:\Windows\Explorer.EXE
size: 2923520
MD5: 6D06CD98D954FE87FB2DB8108793B399
PID: 2344 (2152) C:\Program Files\Windows Defender\MSASCui.exe
size: 1006264
MD5: 9AD9E2FB2811123DA13DE84CC154AB77
PID: 2356 (2152) C:\Windows\RtHDVCpl.exe
size: 4349952
MD5: 5AA97A008CD2509C73A45AF6ACE95BF4
PID: 2364 (2152) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
size: 411768
MD5: 424C1ADB34F9F1B2BC947D8BF0D5FBE3
PID: 2380 (2152) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
size: 509496
MD5: 67832E5A6C71FB1073FE81A9E98C6547
PID: 2388 (2152) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
size: 534648
MD5: A84D5D03F00577E511A79C6AA4207C7E
PID: 1700 (2152) C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
size: 1372160
MD5: 93225E495B790822039F561839529B0B
PID: 2056 (2152) C:\Program Files\Common Files\Symantec Shared\ccApp.exe
size: 107112
MD5: D12509C433C20D2818E8C03C401A256F
PID: 1868 (2152) C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe
size: 1507328
MD5: 3002FD13C829CE65E75451516EA12312
PID: 2332 (2152) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
size: 835584
MD5: 50FF5BE3A2CDB6F11378307C2F732CBA
PID: 2404 (2152) C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe
size: 571024
MD5: F466CA13D7025A3D53AB2A905D345819
PID: 1436 (2152) C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
size: 405504
MD5: 1A9D08B7017D50CC1A1E285C25FC1BD4
PID: 2528 (2152) C:\Program Files\iTunes\iTunesHelper.exe
size: 267064
MD5: 7BD9F0839E7F55DD66D3F9CE9C61D810
PID: 2828 (2152) C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
size: 271360
MD5: BC41EF142D76F423CF1CF261201D5623
PID: 2068 (2152) C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
size: 63712
MD5: FC9E59FE8BC4FE05382CFF5C8FC59DE1
PID: 984 (2152) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
size: 49152
MD5: B93C4070F24E46B0097648C276B5039E
PID: 2452 (2152) C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE
size: 492912
MD5: AE75328877578EABA536C9A7AEDAFFB3
PID: 2876 (2152) C:\Program Files\Windows Sidebar\sidebar.exe
size: 1232896
MD5: 582F3A0BA61D8F0D50C66B592808B6D6
PID: 3044 (2152) C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
size: 413696
MD5: C26941848B7BA93ED276325D55F18E26
PID: 3224 (2152) C:\Windows\ehome\ehtray.exe
size: 125440
MD5: 2E0953919779A44BF9DFB7B07C58535A
PID: 2552 (2152) C:\Program Files\MSN Messenger\msnmsgr.exe
size: 5674352
MD5: C4281AD865739E71FD1E4DAC19A68D60
PID: 1808 (2152) C:\Program Files\Kontiki\KHost.exe
size: 1032640
MD5: B5569B12E8FF9A71837C57E7C195169F
PID: 3844 (2152) C:\Program Files\Windows Media Player\wmpnscfg.exe
size: 201728
MD5: 20EF9002CFF89C4C1077E4415EC7297B
PID: 3852 (2152) C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
size: 171448
MD5: 0FA44EA8B03ABA3E1D240B5A333D8E6A
PID: 2252 (2152) C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
size: 218032
MD5: 43D083268A0919F3527A2837390BAF63
PID: 764 (2152) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
size: 210520
MD5: 1BA45CDEF852381DA4A95D056DDB4B48
PID: 4504 ( 916) C:\Windows\ehome\ehmsas.exe
size: 37376
MD5: 693E4C15CEE5D6487D7913A2701B5E40
PID: 4556 (2260) C:\Windows\System32\rundll32.exe
size: 44544
MD5: 4B555106290BD117334E9A08761C035A
PID: 4732 (2332) C:\Program Files\Synaptics\SynTP\SynToshiba.exe
size: 192512
MD5: 0D94E281607A8FC33FD11AA91270C86A
PID: 4796 (1436) C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
size: 4411392
MD5: 27FDCD6A199E028CB04DEAD27E45C4B3
PID: 5688 (1700) C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
size: 405504
MD5: AB7EB5E27E9F18698B9B6CB6F56E6745
PID: 4528 ( 916) C:\Program Files\Windows Mail\WinMail.exe
size: 397312
MD5: AE2E36868172164EAD298DFC6051E5C3
PID: 4156 (4700) C:\Program Files\Internet Explorer\ieuser.exe
size: 301568
MD5: C7E9042E06D75A70DEA2AA86C39907CB
PID: 5068 (4700) C:\Program Files\Internet Explorer\iexplore.exe
size: 625664
MD5: 9437CA21CD48C9B6BFD6F5AC0143D251
PID: 5844 ( 916) C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
size: 218496
MD5: 5ABE08EEB790D2322565DBD11BF70A19
PID: 1364 (2152) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 5146448
MD5: 2ECA8CDEED7C82F879E766DA92A3561A
PID: 0 ( 0) [System Process]
PID: 4 ( 0) System
PID: 472 ( 4) smss.exe
size: 62976
PID: 612 ( 600) csrss.exe
size: 7680
PID: 664 ( 600) wininit.exe
size: 95744
PID: 676 ( 656) csrss.exe
size: 7680
PID: 708 ( 664) services.exe
size: 279552
PID: 720 ( 664) lsass.exe
size: 7680
PID: 728 ( 664) lsm.exe
size: 210944
PID: 828 ( 656) winlogon.exe
size: 308224
PID: 916 ( 708) svchost.exe
size: 22016
PID: 956 ( 708) PresentationFontCache.exe
PID: 1000 ( 708) svchost.exe
size: 22016
PID: 1036 ( 708) svchost.exe
size: 22016
PID: 1124 ( 708) svchost.exe
size: 22016
PID: 1160 ( 708) svchost.exe
size: 22016
PID: 1176 ( 708) svchost.exe
size: 22016
PID: 1292 (1124) audiodg.exe
size: 88064
PID: 1328 ( 708) SLsvc.exe
size: 2605568
PID: 1372 ( 708) svchost.exe
size: 22016
PID: 1552 ( 708) svchost.exe
size: 22016
PID: 1676 ( 708) ccSvcHst.exe
PID: 1772 ( 708) AppSvc32.exe
PID: 1828 ( 708) aawservice.exe
PID: 1944 ( 708) spoolsv.exe
size: 124928
PID: 1968 ( 708) svchost.exe
size: 22016
PID: 2896 ( 708) AppleMobileDeviceService.exe
PID: 2916 ( 708) AluSchedulerSvc.exe
PID: 2952 ( 708) svchost.exe
size: 22016
PID: 2968 ( 708) CFSvcs.exe
PID: 3036 ( 708) svchost.exe
size: 22016
PID: 3096 ( 708) KService.exe
PID: 3248 ( 708) svchost.exe
size: 22016
PID: 3272 ( 708) svchost.exe
size: 22016
PID: 3316 ( 708) TODDSrv.exe
size: 114688
PID: 3336 ( 708) TosCoSrv.exe
PID: 3404 ( 708) ULCDRSvr.exe
PID: 3476 ( 708) svchost.exe
size: 22016
PID: 3508 ( 708) SearchIndexer.exe
size: 287744
PID: 3888 (1176) taskeng.exe
size: 166400
PID: 1428 (2152) KeNotify.exe
PID: 4288 ( 708) wmpnetwk.exe
PID: 4852 ( 708) ServiceLayer.exe
PID: 4588 ( 708) iPodService.exe
PID: 4804 ( 708) symlcsvc.exe
PID: 4176 ( 708) usnsvc.exe
--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 01/06/2008 18:20:58
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\Windows\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.sky.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
http://home.microsoft.com/access/autosearch.asp?p=%s
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
C:\windows\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 3: MSAFD Tcpip [TCP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 4: MSAFD Tcpip [UDP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 5: MSAFD Tcpip [RAW/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 6: RSVP TCPv6 Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 7: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 8: RSVP UDPv6 Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 9: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 10: MSAFD RfComm [Bluetooth]
GUID: {9FC48064-7298-43E4-B7BD-181F2089792A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Bluetooth
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD RfComm [Bluetooth]
Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F0C0A81E-2473-41A6-8CC7-BAB129A2E4D8}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F0C0A81E-2473-41A6-8CC7-BAB129A2E4D8}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{1E5EDC64-C1D2-4D25-A080-BAB32C1B60D4}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{1E5EDC64-C1D2-4D25-A080-BAB32C1B60D4}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{33A7B3F6-103D-4360-AB2C-46D0E0A505EA}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{33A7B3F6-103D-4360-AB2C-46D0E0A505EA}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{F0C0A81E-2473-41A6-8CC7-BAB129A2E4D8}] SEQPACKET 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 18: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{F0C0A81E-2473-41A6-8CC7-BAB129A2E4D8}] DATAGRAM 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 19: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{1E5EDC64-C1D2-4D25-A080-BAB32C1B60D4}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 20: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{1E5EDC64-C1D2-4D25-A080-BAB32C1B60D4}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 21: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{33A7B3F6-103D-4360-AB2C-46D0E0A505EA}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 22: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{33A7B3F6-103D-4360-AB2C-46D0E0A505EA}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Namespace Provider 0: Network Location Awareness Legacy (NLAv1) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename:
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace
Namespace Provider 1: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename:
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP
Namespace Provider 2: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS
Namespace Provider 3: E-mail Naming Shim Provider
GUID: {964ACBA2-B2BC-40EB-8C6A-A6DB40161CAE}
Filename:
Namespace Provider 4: PNRP Cloud Namespace Provider
GUID: {03FE89CE-766D-4976-B9C1-BB9BC42C7B4D}
Filename:
Namespace Provider 5: PNRP Name Namespace Provider
GUID: {03FE89CD-766D-4976-B9C1-BB9BC42C7B4D}
Filename:
Namespace Provider 6: Bluetooth Namespace
GUID: {06AA63E0-7D60-41FF-AFB2-3EE6D2D9392D}
Filename: %SystemRoot%\system32\wshbth.dll
Description: Bluetooth
DB filename: %SystemRoot%\system32\wshbth.dll
DB protocol: Bluetooth-Namespace
thank you :)
Hi
Go to Start > Run
Type regedit and click OK.
On the leftside, click to highlight My Computer at the top.
Go up to "File > Export"
Make sure in that window there is a tick next to "All" under Export Branch.
Leave the "Save As Type" as "Registration Files".
Under "Filename" put backup
Choose to save it to C:\ or in somewhere else safe location so that you will remember where you put it (don't put it on the Desktop!)
Click Save and then go to File > Exit.
Open Notepad and copy the contents of the following box to a new file.
Windows Registry Editor Version 5.00
[-HKEY_CLASSES_ROOT\Interface\{19A236AD-F37B-40A8-A11A-7E9ABFD56CB0}]
[-HKEY_CLASSES_ROOT\Interface\{8955B427-6C0C-413E-A0A7-0DC2948ADA3D}]
[-HKEY_CLASSES_ROOT\TypeLib\{BE1A8EBF-5AC3-488E-8226-F38C167B6C5F}]
[-HKEY_CLASSES_ROOT\Interface\{A0E1B3BA-3D8E-456B-BCC5-163B09308240}]
[-HKEY_CLASSES_ROOT\CLSID\{7586FC82-2EF8-4731-BAE1-22607AC0CC4A}]
[-HKEY_CLASSES_ROOT\Interface\{02A78E77-525D-4AF0-A822-CD04678CD638}]
[-HKEY_CLASSES_ROOT\Interface\{0B141181-E967-42FD-AD64-52F283E12AAB}]
[-HKEY_CLASSES_ROOT\TypeLib\{7B0446D3-68BB-4A03-B907-EEE372655460}]
Save it as fix.reg (save type: "All files" (*.*)) to your desktop.
It should look like this -> http://users.telenet.be/bluepatchy/miekiemoes/images/reg.gif
Go to Desktop, double-click fix.reg and merge the infomation with the registry.
(In case you are unsure how to create a reg file, take a look here (http://www.nellie2.co.uk/file.htm#How_to_Make_a_.Reg_File_) with screenshots.)
Reboot.
Re-scan with spybot and tell me if it still finds something?
helpmuchappreciated!
2008-06-06, 01:50
hi, sorry for the delay in replying. i followed your instructions...
it didn't find anything, only three tracking cookies...but no smitfraud. Can you explain to me what happened? i have no idea! i'd just quite like to know for information's sake!
thank you so much for your help!
Hi
Well we removed some bad registry keys :)
Any other issues left?
Due to the lack of feedback this Topic is closed.
If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than five days since your last response and you need the thread re-opened, please send a private message (pm). A valid, working link to the closed topic is required.
Everyone else please begin a New Topic.