View Full Version : Registry Helper Malware
Hello,
I have downloaded the program "Registry Helper". Fortunately I did not load the software. But now I can not remove 9 files that Spybot found. Here is the HJT log:
Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 2:53:07 PM, on 07/01/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Windows\System32\ThpSrv.exe
C:\Program Files\TOSHIBA\TECO\TEco.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.ca/welcome
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.ca/welcome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshiba.ca/welcome
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Presented by TOSHIBA Leading Innovation >>>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [TOSDCR] %ProgramFiles%\TOSHIBA\PasswordUtility\TOSDCR.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [NDSTray.exe] "C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe"
O4 - HKLM\..\Run: [cfFncEnabler.exe] "C:\Program Files\TOSHIBA\ConfigFree\cfFncEnabler.exe"
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
O4 - HKLM\..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
O4 - HKLM\..\Run: [ThpSrv] C:\Windows\system32\thpsrv /logon
O4 - HKLM\..\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
O4 - HKLM\..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe /hide:60
O4 - HKLM\..\Run: [TPCHWMsg] %ProgramFiles%\TOSHIBA\TPHM\TPCHWMsg.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\Jumpstart\jswpsapi.exe
O23 - Service: TOSHIBA Modem region select service (RSELSVC) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\Windows\system32\ThpSrv.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
--
End of file - 9556 bytes
*** Any help would be greatly appreciated
Greg
Hi,
But now I can not remove 9 files that Spybot found.
Do you have Spybot results handy?
Download DDS and save it to your desktop from here (http://www.techsupportforum.com/sectools/sUBs/dds) or here (http://download.bleepingcomputer.com/sUBs/dds.scr) or here (http://www.forospyware.com/sUBs/dds).
Disable any script blocker, and then double click dds.scr to run the tool.
When done, DDS will open two (2) logs:
DDS.txt
Attach.txt
Save both reports to your desktop. Post them back to your topic.
Thank you for your help. I have generated the two documents and copied and pasted them. I hope this is how I should post them.
Here is the DDS document:
DDS (Ver_09-12-01.01) - NTFSx86
Run by Evolution at 9:24:19.87 on 14/01/2010
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Business 6.0.6001.1.1252.2.1033.18.1912.1087 [GMT -8:00]
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\ThpSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Windows\System32\ThpSrv.exe
C:\Program Files\TOSHIBA\TECO\TEco.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Evolution\Desktop\dds.pif
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.ca/
uWindow Title = Presented by TOSHIBA Leading Innovation >>>
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.toshiba.ca/welcome
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://www.toshiba.ca/welcome
mDefault_Page_URL = hxxp://www.toshiba.ca/welcome
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [<NO NAME>]
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [TOSDCR] %ProgramFiles%\TOSHIBA\PasswordUtility\TOSDCR.exe
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [NDSTray.exe] "c:\program files\toshiba\configfree\NDSTray.exe"
mRun: [cfFncEnabler.exe] "c:\program files\toshiba\configfree\cfFncEnabler.exe"
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe" /start
mRun: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
mRun: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosSENotify.exe
mRun: [ThpSrv] c:\windows\system32\thpsrv /logon
mRun: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
mRun: [ToshibaServiceStation] c:\program files\toshiba\toshiba service station\ToshibaServiceStation.exe /hide:60
mRun: [TPCHWMsg] %ProgramFiles%\TOSHIBA\TPHM\TPCHWMsg.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\users\evolut~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: avgrsstx.dll
Hosts: 127.0.0.1 www.spywareinfo.com
============= SERVICES / DRIVERS ===============
R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [2009-3-25 30272]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [2007-9-4 13336]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-1-6 333192]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-1-6 28424]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-1-6 360584]
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2009-9-12 20384]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-1-6 285392]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-10 46448]
R2 RSELSVC;TOSHIBA Modem region select service;c:\program files\toshiba\rselect\RSelSvc.exe [2009-2-19 57344]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-1-6 1153368]
R2 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2009-9-12 62776]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\toshiba\teco\TecoService.exe [2009-5-8 176128]
R2 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2009-5-11 73728]
R2 TPCHSrv;TPCH Service;c:\program files\toshiba\tphm\TPCHSrv.exe [2009-5-8 656752]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\drivers\TVALZFL.sys [2009-3-20 12920]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\jumpstart\jswpsapi.exe [2009-9-12 954368]
=============== Created Last 30 ================
2010-01-07 22:52:17 0 d-----w- c:\program files\TrendMicro
2010-01-06 20:28:54 195456 ------w- c:\windows\system32\MpSigStub.exe
2010-01-06 17:45:26 0 d--h--w- C:\$AVG
2010-01-06 17:45:24 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-01-06 17:45:24 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-01-06 17:45:15 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-01-06 17:45:14 0 d-----w- c:\windows\system32\drivers\Avg
2010-01-06 17:45:09 0 d-----w- c:\programdata\AVG Security Toolbar
2010-01-06 17:44:27 0 d-----w- c:\program files\AVG
2010-01-06 17:44:20 0 d-----w- c:\programdata\avg9
2010-01-06 17:20:27 0 d-----w- c:\windows\system32\Adobe
2010-01-06 16:41:24 819200 ----a-w- c:\windows\system32\xvidcore.dll
2010-01-06 16:41:24 77824 ----a-w- c:\windows\system32\xvid.ax
2010-01-06 16:41:24 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2010-01-06 16:41:24 0 d-----w- c:\program files\Xvid
2010-01-06 16:35:05 0 d-----w- c:\programdata\Registry Helper
2010-01-06 16:34:16 0 d-----w- c:\program files\ffdshow
2010-01-06 16:21:50 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-01-06 16:21:50 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-01-06 15:52:59 0 d-----w- c:\program files\Audacity
2010-01-04 23:50:39 0 d-----w- c:\windows\system32\appmgmt
==================== Find3M ====================
2010-01-04 23:46:19 51200 ----a-w- c:\windows\inf\infpub.dat
2010-01-04 23:46:18 86016 ----a-w- c:\windows\inf\infstrng.dat
2010-01-04 23:46:18 86016 ----a-w- c:\windows\inf\infstor.dat
2009-10-29 04:48:52 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-10-29 04:48:52 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-06-12 12:51:54 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 02:43:58 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:07 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:07 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:07 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:07 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
============= FINISH: 9:24:54.91 ===============
Here is the Attach Document
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-12-01.01)
Microsoft® Windows Vista™ Business
Boot Device: \Device\HarddiskVolume2
Install Date: 12/09/2009 11:28:15 PM
System Uptime: 14/01/2010 6:41:18 AM (3 hours ago)
Motherboard: TOSHIBA | | Portable PC
Processor: Intel(R) Core(TM)2 Duo CPU T5870 @ 2.00GHz | uFC-PGA Socket | 2001/200mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 133 GiB total, 96.278 GiB free.
E: is FIXED (NTFS) - 7 GiB total, 7.145 GiB free.
F: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
==== Installed Programs ======================
2007 Microsoft Office system
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.1
Adobe Shockwave Player 11.5
ALPS Touch Pad Driver
Apple Application Support
Apple Software Update
Atheros Client Utility
Atheros Driver Installation Program
Atheros Wi-Fi Protected Setup Library
Audacity 1.2.6
AVG Free 9.0
Business Contact Manager for Outlook 2007 SP1
Camera Assistant Software for Toshiba
CD/DVD Drive Acoustic Silencer
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
ERUNT 1.1j
Google Toolbar for Internet Explorer
HiJackThis
Intel(R) Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
Java(TM) 6 Update 17
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Word MUI (English) 2007
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 Redistributable
MSXML 4.0 SP2 (KB941833)
My TOSHIBA
QuickTime
Realtek 8136 8168 8169 Ethernet Driver
Realtek High Definition Audio Driver
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.05
Spybot - Search & Destroy
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA eco Utility
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Face Recognition
TOSHIBA HDD Protection
TOSHIBA HDD/SSD Alert
TOSHIBA Internal Modem Region Select Utility
TOSHIBA PC Health Monitor
TOSHIBA Recovery Disc Creator
TOSHIBA SD Memory Boot Utility
TOSHIBA SD Memory Utilities
TOSHIBA Security Assist
TOSHIBA Service Station
TOSHIBA Software Modem
TOSHIBA Value Added Package
Update for Office 2007 (KB934528)
Update for Office System 2007 Setup (KB929722)
VLC media player 1.0.3
Xvid 1.2.2 final uninstall
==== End Of File ===========================
Yes, that's correct way to do the log posting :)
Do you have Spybot results of that earlier scan handy? I'd like to see which items were flagged.
I had to regenate the Spybot results but the 9 files that I could not remove are still there. I know that I am not supposed to re-generate a report but I did not have one to give. Here it is
Spybot results:
--- Search result list ---
RegistryHelper: [SBI $87692939] Text file (File, nothing done)
C:\ProgramData\Registry Helper\Registry Helper Log.txt
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Properties.filedate=1262795712
Properties.filedatetext=2010-01-06 08:35:11
RegistryHelper: [SBI $513F8570] Data (File, nothing done)
C:\ProgramData\Registry Helper\Settings\BackupOptions.efs
Properties.size=14
Properties.md5=2D8E2A5C80EE0C5C6A754F1836B200B0
Properties.filedate=1262795907
Properties.filedatetext=2010-01-06 08:38:27
RegistryHelper: [SBI $2C592478] Data (File, nothing done)
C:\ProgramData\Registry Helper\Settings\Ignored.efs
Properties.size=17
Properties.md5=E46A33E0C737F0422B6A1C56F00523FF
Properties.filedate=1262795907
Properties.filedatetext=2010-01-06 08:38:27
RegistryHelper: [SBI $EE389774] Data (File, nothing done)
C:\ProgramData\Registry Helper\Settings\Options.efs
Properties.size=22
Properties.md5=C809EC6C369C5F13E2293B0F6C18D988
Properties.filedate=1262795907
Properties.filedatetext=2010-01-06 08:38:27
RegistryHelper: [SBI $EA83A308] Data (File, nothing done)
C:\ProgramData\Registry Helper\Settings\Settings.efs
Properties.size=37
Properties.md5=7AA43D6BFC3E4469F58AAC4C90A44F1A
Properties.filedate=1262795907
Properties.filedatetext=2010-01-06 08:38:27
RegistryHelper: [SBI $14F30AAA] Program directory (Directory, nothing done)
C:\ProgramData\Registry Helper\Item Backups\
RegistryHelper: [SBI $E87A79A8] Program directory (Directory, nothing done)
C:\ProgramData\Registry Helper\Settings\
RegistryHelper: [SBI $D92E5773] Program directory (Directory, nothing done)
C:\ProgramData\Registry Helper\Startup Manager\
RegistryHelper: [SBI $AAD70E5F] Program directory (Directory, nothing done)
C:\ProgramData\Registry Helper\
Right Media: Tracking cookie (Internet Explorer: Evolution) (Cookie, nothing done)
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2010-01-06 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-01-26 advcheck.dll (1.6.2.15)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2009-10-08 Includes\Adware.sbi (*)
2010-01-05 Includes\AdwareC.sbi (*)
2009-01-22 Includes\Cookies.sbi (*)
2009-11-03 Includes\Dialer.sbi (*)
2010-01-05 Includes\DialerC.sbi (*)
2009-01-22 Includes\HeavyDuty.sbi (*)
2009-05-26 Includes\Hijackers.sbi (*)
2010-01-05 Includes\HijackersC.sbi (*)
2009-12-15 Includes\Keyloggers.sbi (*)
2010-01-05 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2009-12-30 Includes\Malware.sbi (*)
2010-01-05 Includes\MalwareC.sbi (*)
2009-03-25 Includes\PUPS.sbi (*)
2010-01-05 Includes\PUPSC.sbi (*)
2009-01-22 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2010-01-05 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2009-11-03 Includes\Spyware.sbi (*)
2010-01-05 Includes\SpywareC.sbi (*)
2009-06-08 Includes\Tracks.uti
2009-12-08 Includes\Trojans.sbi (*)
2010-01-05 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
--- System information ---
Windows Vista (Build: 6001) Service Pack 1 (6.0.6001)
/ MSXML4SP2: Security update for MSXML4 SP2 (KB941833)
--- Startup entries list ---
Located: HK_LM:Run,
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, 00TCrdMain
command: %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
file: C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
size: 729088
MD5: 543E009B1465864D9AE7C6F25DCFA83A
Located: HK_LM:Run, Adobe Reader Speed Launcher
command: "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
file: C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
size: 35696
MD5: 452FA961163EF4AEE4815796A13AB2CF
Located: HK_LM:Run, Apoint
command: C:\Program Files\Apoint2K\Apoint.exe
file: C:\Program Files\Apoint2K\Apoint.exe
size: 188416
MD5: DD558F9E0E9C0C26D5AF8271EEDDC953
Located: HK_LM:Run, AVG9_TRAY
command: C:\PROGRA~1\AVG\AVG9\avgtray.exe
file: C:\PROGRA~1\AVG\AVG9\avgtray.exe
size: 2033432
MD5: 72A7A352072EB6EC4953F9F580463B0D
Located: HK_LM:Run, Camera Assistant Software
command: "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
file: C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
size: 417792
MD5: FB642F641AB3C7A973CCB9B07350486D
Located: HK_LM:Run, cfFncEnabler.exe
command: "C:\Program Files\TOSHIBA\ConfigFree\cfFncEnabler.exe"
file: C:\Program Files\TOSHIBA\ConfigFree\cfFncEnabler.exe
size: 21840
MD5: ABF7873B0BC9F5CFEFC791A55B29EF02
Located: HK_LM:Run, HotKeysCmds
command: C:\Windows\system32\hkcmd.exe
file: C:\Windows\system32\hkcmd.exe
size: 178712
MD5: A2A5A671D9C62B1487463C04626C3730
Located: HK_LM:Run, IgfxTray
command: C:\Windows\system32\igfxtray.exe
file: C:\Windows\system32\igfxtray.exe
size: 150040
MD5: 2AA25C751B2FBFBC1C5F161C990C6C41
Located: HK_LM:Run, NDSTray.exe
command: "C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe"
file: C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
size: 304496
MD5: FB485F5E021DDFE9996CFE48FCF9FBA1
Located: HK_LM:Run, Persistence
command: C:\Windows\system32\igfxpers.exe
file: C:\Windows\system32\igfxpers.exe
size: 154136
MD5: F7AE7EF8692DC97AFE6463183563D119
Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
file: C:\Program Files\QuickTime\QTTask.exe
size: 417792
MD5: 8CBD57D84729DEBEE1E83CB5FA3E3D7A
Located: HK_LM:Run, RtHDVCpl
command: C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
file: C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
size: 7514656
MD5: D8039D9D877710CCE2C1125FE23010D2
Located: HK_LM:Run, SmartFaceVWatcher
command: %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
file: C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
size: 163840
MD5: 532CBBE5848770281CF40909DD06C752
Located: HK_LM:Run, SmoothView
command: %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
file: C:\Program Files\Toshiba\SmoothView\SmoothView.exe
size: 448376
MD5: F5655BCEA5D36D439BA85512E7A0FF88
Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files\Java\jre6\bin\jusched.exe"
file: C:\Program Files\Java\jre6\bin\jusched.exe
size: 149280
MD5: 3A0647BDED81DBE0BCBB51D70B22C9E0
Located: HK_LM:Run, Teco
command: "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
file: C:\Program Files\TOSHIBA\TECO\Teco.exe
size: 1323008
MD5: 3FF523EBA73D4F0F21A43EE231911D1F
Located: HK_LM:Run, ThpSrv
command: C:\Windows\system32\thpsrv /logon
file: C:\Windows\system32\thpsrv /logon
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, TOSDCR
command: %ProgramFiles%\TOSHIBA\PasswordUtility\TOSDCR.exe
file: C:\Program Files\TOSHIBA\PasswordUtility\TOSDCR.exe
size: 169296
MD5: CE7648AF53E26CEB484F54866F195328
Located: HK_LM:Run, ToshibaServiceStation
command: C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe /hide:60
file: C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
size: 1283384
MD5: 33E636E9CDF2B12AF756F4410622918B
Located: HK_LM:Run, TosSENotify
command: C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
file: C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
size: 1011712
MD5: 338C433110FC7524E5FD702D6B61F9F4
Located: HK_LM:Run, TPCHWMsg
command: %ProgramFiles%\TOSHIBA\TPHM\TPCHWMsg.exe
file: C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
size: 570736
MD5: CE2B35ECAD658CA297BDCB24AD47A24E
Located: HK_LM:Run, TPwrMain
command: %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
file: C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE
size: 468320
MD5: 91F4CDB6AE8F978EFCE5DDE4264BEB79
Located: HK_LM:Run, Windows Defender
command: %ProgramFiles%\Windows Defender\MSASCui.exe -hide
file: C:\Program Files\Windows Defender\MSASCui.exe
size: 1008184
MD5: 0D392EDE3B97E0B3131B2F63EF1DB94E
Located: HK_CU:Run, Sidebar
where: S-1-5-19...
command: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
file: C:\Program Files\Windows Sidebar\Sidebar.exe
size: 1233920
MD5: FD278E51A7D6F52D22FCE6C67E037AD6
Located: HK_CU:Run, WindowsWelcomeCenter
where: S-1-5-19...
command: rundll32.exe oobefldr.dll,ShowWelcomeCenter
file: C:\Windows\system32\oobefldr.dll
size: 2153472
MD5: 83E4A5435B0FA6AD0166722621A04725
Located: HK_CU:Run, Sidebar
where: S-1-5-20...
command: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
file: C:\Program Files\Windows Sidebar\Sidebar.exe
size: 1233920
MD5: FD278E51A7D6F52D22FCE6C67E037AD6
Located: HK_CU:Run, WindowsWelcomeCenter
where: S-1-5-20...
command: rundll32.exe oobefldr.dll,ShowWelcomeCenter
file: C:\Windows\system32\oobefldr.dll
size: 2153472
MD5: 83E4A5435B0FA6AD0166722621A04725
Located: HK_CU:Run, swg
where: S-1-5-21-3906785556-2790156832-2602993341-1004...
command: "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
file: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
size: 39408
MD5: 5D61BE7DB55B026A5D61A3EED09D0EAD
Located: HK_CU:Run, TOSCDSPD
where: S-1-5-21-3906785556-2790156832-2602993341-1004...
command: C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
file: C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
size: 435512
MD5: 1E164CF26C71C5648A3FFECAA18BBF59
Located: HK_CU:Run, WMPNSCFG
where: S-1-5-21-3906785556-2790156832-2602993341-1004...
command: C:\Program Files\Windows Media Player\WMPNSCFG.exe
file: C:\Program Files\Windows Media Player\WMPNSCFG.exe
size: 202240
MD5: 35937EAD711207544E219C2A19A78A7D
Located: Startup (user), ERUNT AutoBackup.lnk
where: C:\Users\Evolution\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files\ERUNT\AUTOBACK.EXE
file: C:\Program Files\ERUNT\AUTOBACK.EXE
size: 38912
MD5: E00DE20F0F6BED5CD2160247DDC9443B
Located: WinLogon, igfxcui
command: igfxdev.dll
file: igfxdev.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
--- Browser helper object list ---
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (AcroIEHelperStub)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: AcroIEHelperStub
CLSID name: Adobe PDF Link Helper
Path: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\
Long name: AcroIEHelperShim.dll
Short name: ACROIE~2.DLL
Date (created): 27/02/2009 11:07:26 AM
Date (last access): 12/06/2009 5:40:06 AM
Date (last write): 27/02/2009 11:07:26 AM
Filesize: 75128
Attributes: archive
MD5: 5CF6190CD875DA6B35256FEE573E7908
CRC32: 764BA81B
Version: 9.1.0.163
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (WormRadar.com IESiteBlocker.NavFilter)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: WormRadar.com IESiteBlocker.NavFilter
CLSID name: AVG Safe Search
Path: C:\Program Files\AVG\AVG9\
Long name: avgssie.dll
Short name:
Date (created): 06/01/2010 9:44:46 AM
Date (last access): 06/01/2010 9:44:46 AM
Date (last write): 06/01/2010 9:44:46 AM
Filesize: 1484056
Attributes: archive
MD5: F7CC657F40C56C9BA7C189066D259F9E
CRC32: DBEFFA87
Version: 9.0.0.713
{53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Spybot-S&D IE Protection
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\Program Files\Spybot - Search & Destroy\
Long name: SDHelper.dll
Short name:
Date (created): 06/01/2010 8:21:52 AM
Date (last access): 06/01/2010 8:21:52 AM
Date (last write): 26/01/2009 3:31:02 PM
Filesize: 1879896
Attributes: archive
MD5: 022C2F6DCCDFA0AD73024D254E62AFAC
CRC32: 5BA24007
Version: 1.6.2.14
{A3BC75A2-1F87-4686-AA43-5347D756017C} (AVG Security Toolbar BHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: AVG Security Toolbar BHO
Path: C:\Program Files\AVG\AVG9\Toolbar\
Long name: IEToolbar.dll
Short name: IETOOL~1.DLL
Date (created): 06/01/2010 9:44:58 AM
Date (last access): 06/01/2010 9:44:58 AM
Date (last write): 25/11/2009 1:01:54 PM
Filesize: 1230080
Attributes: archive
MD5: DE43790FC3902557ABFDDE1E155FA116
CRC32: 60A56646
Version: 3.11.25.5
{AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Google Toolbar Helper
description: Google toolbar
classification: Open for discussion
known filename: googletoolbar.dll<br>googletoolbar*.dll<br>(* = number)<br>googletoolbar_en_*.**-big.dll<br>Googletoolbar_en_*.*.**-deleon.dll
info link: http://toolbar.google.com/
info source: TonyKlein
Path: C:\Program Files\Google\Google Toolbar\
Long name: GoogleToolbar_32.dll
Short name: GOOGLE~2.DLL
Date (created): 14/11/2009 3:20:44 PM
Date (last access): 14/11/2009 3:20:44 PM
Date (last write): 06/01/2010 9:19:18 AM
Filesize: 263280
Attributes: archive
MD5: 6CAC864C230B5E520AD054CF2DD66D59
CRC32: 7E94DC92
Version: 6.3.1014.1517
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Google Toolbar Notifier BHO
Path: C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\
Long name: swg.dll
Short name:
Date (created): 06/01/2010 9:22:14 AM
Date (last access): 06/01/2010 9:22:14 AM
Date (last write): 06/01/2010 9:22:14 AM
Filesize: 764912
Attributes: archive
MD5: CD91E666B2446530583FBFFCF537BE4C
CRC32: 34534F50
Version: 5.4.4525.1752
{DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Java(tm) Plug-In 2 SSV Helper
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2ssv.dll
Short name:
Date (created): 12/06/2009 5:30:30 AM
Date (last access): 11/10/2009 4:18:20 AM
Date (last write): 11/10/2009 4:17:30 AM
Filesize: 41760
Attributes: archive
MD5: C9EDE29F223A27873E187D9FB6045EA6
CRC32: 5951C3E0
Version: 6.0.170.4
--- ActiveX list ---
{166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control)
DPF name:
CLSID name: Shockwave ActiveX Control
Installer: C:\Windows\Downloaded Program Files\swdir.inf
Codebase: http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
description: Macromedia ShockWave Flash Player 7
classification: Legitimate
known filename: SWDIR.DLL
info link:
info source: Patrick M. Kolla
Path: C:\Windows\system32\Adobe\Director\
Long name: SwDir.dll
Short name:
Date (created): 28/10/2009 9:44:46 PM
Date (last access): 06/01/2010 9:20:28 AM
Date (last write): 28/10/2009 9:44:46 PM
Filesize: 210360
Attributes: archive
MD5: 435EA0E65D591E9F1DAC1C586C28745B
CRC32: 7CED2E73
Version: 11.5.2.602
{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_17
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 12/06/2009 5:30:30 AM
Date (last access): 11/10/2073 4:18:18 AM
Date (last write): 11/10/2009 4:17:30 AM
Filesize: 100128
Attributes: archive
MD5: 048369C957BCE15E4628FDEB65820BE8
CRC32: C8C19051
Version: 6.0.170.4
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_17
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 12/06/2009 5:30:30 AM
Date (last access): 11/10/2073 4:18:18 AM
Date (last write): 11/10/2009 4:17:30 AM
Filesize: 100128
Attributes: archive
MD5: 048369C957BCE15E4628FDEB65820BE8
CRC32: C8C19051
Version: 6.0.170.4
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_17
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre6\bin\
Long name: npjpi160_17.dll
Short name: NPJPI1~1.DLL
Date (created): 11/10/2009 2:14:36 AM
Date (last access): 11/10/2073 4:18:30 AM
Date (last write): 11/10/2009 4:17:30 AM
Filesize: 136992
Attributes: archive
MD5: 3D58770680F268A23A8CE1F14B49AA2F
CRC32: 6091A816
Version: 6.0.170.4
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} ()
DPF name:
CLSID name:
Installer: C:\Windows\Downloaded Program Files\gp.inf
Codebase: http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
--- Process list ---
PID: 576 (1368) C:\Windows\system32\taskeng.exe
size: 169472
MD5: 5F109032CE46B7184ED9E50F9FE8489E
PID: 884 (1352) C:\Windows\system32\Dwm.exe
size: 81920
MD5: 59903071D7ACE6A02093C47E9E38AF97
PID: 1644 ( 548) C:\Windows\Explorer.EXE
size: 2927104
MD5: 4F554999D7D5F05DAAEBBA7B5BA1089D
PID: 2460 (1644) C:\Windows\System32\hkcmd.exe
size: 178712
MD5: A2A5A671D9C62B1487463C04626C3730
PID: 2488 (1644) C:\Windows\System32\igfxpers.exe
size: 154136
MD5: F7AE7EF8692DC97AFE6463183563D119
PID: 2544 (1088) C:\Windows\system32\igfxsrvc.exe
size: 256536
MD5: A407699F104287DA6C2117B3C005649F
PID: 2596 (1644) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
size: 468320
MD5: 91F4CDB6AE8F978EFCE5DDE4264BEB79
PID: 2944 (1644) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
size: 448376
MD5: F5655BCEA5D36D439BA85512E7A0FF88
PID: 3044 (1644) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
size: 729088
MD5: 543E009B1465864D9AE7C6F25DCFA83A
PID: 3060 (1088) C:\Windows\System32\mobsync.exe
size: 95744
MD5: 9B89B3BB79EA1ACF041F40A7B6FC5827
PID: 3084 (1644) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
size: 7514656
MD5: D8039D9D877710CCE2C1125FE23010D2
PID: 3648 (1644) C:\Program Files\Apoint2K\Apoint.exe
size: 188416
MD5: DD558F9E0E9C0C26D5AF8271EEDDC953
PID: 3672 (1644) C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
size: 304496
MD5: FB485F5E021DDFE9996CFE48FCF9FBA1
PID: 3728 (1644) C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
size: 417792
MD5: FB642F641AB3C7A973CCB9B07350486D
PID: 3796 (1644) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
size: 1011712
MD5: 338C433110FC7524E5FD702D6B61F9F4
PID: 3876 (1644) C:\Windows\System32\ThpSrv.exe
size: 523320
MD5: A2B6029763F7C7D340AEA8A0B1D44306
PID: 3904 (1644) C:\Program Files\TOSHIBA\TECO\TEco.exe
size: 1323008
MD5: 3FF523EBA73D4F0F21A43EE231911D1F
PID: 3916 (1644) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
size: 1283384
MD5: 33E636E9CDF2B12AF756F4410622918B
PID: 372 (1644) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
size: 570736
MD5: CE2B35ECAD658CA297BDCB24AD47A24E
PID: 1472 (1644) C:\Program Files\AVG\AVG9\avgtray.exe
size: 2033432
MD5: 72A7A352072EB6EC4953F9F580463B0D
PID: 1276 (1644) C:\Program Files\Java\jre6\bin\jusched.exe
size: 149280
MD5: 3A0647BDED81DBE0BCBB51D70B22C9E0
PID: 1188 (1644) C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
size: 435512
MD5: 1E164CF26C71C5648A3FFECAA18BBF59
PID: 1032 (3648) C:\Program Files\Apoint2K\ApMsgFwd.exe
size: 50472
MD5: 9BB3ABB7F670E8AA75D21AC3B3AFCF74
PID: 1620 (1088) C:\Windows\system32\igfxext.exe
size: 178712
MD5: 99DBE7F1487BBD9CBDE4E7BDC48C0021
PID: 4328 (4320) C:\Program Files\Apoint2K\Apntex.exe
size: 49152
MD5: 359937EFD1763DF9F8B8D166BD4CC022
PID: 4376 (3648) C:\Program Files\Apoint2K\HidFind.exe
size: 40960
MD5: B3F1E7ED7AECB1D4B8D24A3734B2C641
PID: 4400 (1644) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
size: 39408
MD5: 5D61BE7DB55B026A5D61A3EED09D0EAD
PID: 4420 (1644) C:\Program Files\Windows Media Player\wmpnscfg.exe
size: 202240
MD5: 35937EAD711207544E219C2A19A78A7D
PID: 4728 (3672) C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
size: 62848
MD5: EFEF12A9393C54BCD9D31AFEBB7FDB83
PID: 5176 (1644) C:\Windows\System32\mstsc.exe
size: 677888
MD5: 120E90A942008A9DDE28F25EB85C7053
PID: 5524 (5512) C:\Windows\system32\conime.exe
size: 69120
MD5: F96EBC5A624349D81DCC7600A3C5DC43
PID: 3688 (1368) C:\Windows\system32\wuauclt.exe
size: 43008
MD5: 8E93CDF0EA8EDBA63F07E2898A9B2147
PID: 4428 (1644) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 5365592
MD5: 0477C2F9171599CA5BC3307FDFBA8D89
PID: 0 ( 0) [System Process]
PID: 4 ( 0) System
PID: 516 ( 4) smss.exe
size: 64000
PID: 584 ( 572) csrss.exe
size: 6144
PID: 628 ( 572) wininit.exe
size: 96768
PID: 640 ( 620) csrss.exe
size: 6144
PID: 648 ( 628) avgchsvx.exe
PID: 656 ( 628) avgrsx.exe
PID: 696 ( 656) avgcsrvx.exe
PID: 704 ( 628) services.exe
size: 279040
PID: 728 ( 628) lsass.exe
size: 9728
PID: 744 ( 628) lsm.exe
size: 229888
PID: 1088 ( 704) svchost.exe
size: 21504
PID: 1120 ( 620) winlogon.exe
size: 314880
PID: 1192 ( 704) svchost.exe
size: 21504
PID: 1328 ( 704) svchost.exe
size: 21504
PID: 1352 ( 704) svchost.exe
size: 21504
PID: 1368 ( 704) svchost.exe
size: 21504
PID: 1428 (1328) audiodg.exe
size: 88064
PID: 1508 ( 704) SLsvc.exe
size: 2623488
PID: 1552 ( 704) svchost.exe
size: 21504
PID: 1712 ( 704) svchost.exe
size: 21504
PID: 1912 (1352) wlanext.exe
size: 74240
PID: 224 ( 704) spoolsv.exe
size: 125952
PID: 360 ( 704) svchost.exe
size: 21504
PID: 2072 ( 704) agrsmsvc.exe
size: 9216
PID: 2124 ( 704) avgwdsvc.exe
PID: 2136 ( 704) BcmSqlStartupSvc.exe
PID: 2148 ( 704) CFSvcs.exe
PID: 2220 (1368) taskeng.exe
size: 169472
PID: 2376 (2124) avgnsx.exe
PID: 2416 ( 704) sqlservr.exe
PID: 2588 ( 704) svchost.exe
size: 21504
PID: 2692 ( 704) RSelSvc.exe
PID: 2728 ( 704) sqlwriter.exe
PID: 2764 ( 704) svchost.exe
size: 21504
PID: 2828 ( 704) ThpSrv.exe
size: 523320
PID: 2864 ( 704) TMachInfo.exe
PID: 3028 ( 704) TNaviSrv.exe
PID: 3124 ( 704) TODDSrv.exe
size: 129632
PID: 3172 ( 704) TosCoSrv.exe
PID: 3188 ( 704) TecoService.exe
PID: 3300 ( 704) TosSmartSrv.exe
PID: 3324 ( 704) svchost.exe
size: 21504
PID: 3348 ( 704) SearchIndexer.exe
size: 439808
PID: 3404 ( 704) TPCHSrv.exe
PID: 3588 ( 704) SDWinSec.exe
MD5: 794D4B48DFB6E999537C7C3947863463
PID: 4532 ( 704) wmpnetwk.exe
--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 14/01/2010 12:02:55 PM
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\Windows\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.google.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
http://www.google.com/ie
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.google.ca/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.toshiba.ca/welcome
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
http://www.google.com/search/?q=%s
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.toshiba.ca/welcome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.toshiba.ca/welcome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://go.microsoft.com/fwlink/?LinkId=54896
--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 3: MSAFD Tcpip [TCP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 4: MSAFD Tcpip [UDP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 5: MSAFD Tcpip [RAW/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 6: RSVP TCPv6 Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 7: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 8: RSVP UDPv6 Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 9: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{9D8A9CE6-B09B-41EE-AB9C-F4D3CC49A7AF}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{9D8A9CE6-B09B-41EE-AB9C-F4D3CC49A7AF}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{244591AE-1D63-47E5-9DE7-A3614118C1C6}] SEQPACKET 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{244591AE-1D63-47E5-9DE7-A3614118C1C6}] DATAGRAM 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{15C2EE0B-CDFA-4212-86E3-77ED015D1D27}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{15C2EE0B-CDFA-4212-86E3-77ED015D1D27}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{CE80E3C8-36C4-4713-8781-7FF3CB78D01A}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{CE80E3C8-36C4-4713-8781-7FF3CB78D01A}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 18: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{9D8A9CE6-B09B-41EE-AB9C-F4D3CC49A7AF}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 19: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{9D8A9CE6-B09B-41EE-AB9C-F4D3CC49A7AF}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 20: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{6B2ECEE7-5510-4CBB-8434-D17AEEEB0C3E}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 21: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{6B2ECEE7-5510-4CBB-8434-D17AEEEB0C3E}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 22: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{244591AE-1D63-47E5-9DE7-A3614118C1C6}] SEQPACKET 7
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 23: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{244591AE-1D63-47E5-9DE7-A3614118C1C6}] DATAGRAM 7
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Namespace Provider 0: Network Location Awareness Legacy (NLAv1) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename:
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace
Namespace Provider 1: E-mail Naming Shim Provider
GUID: {964ACBA2-B2BC-40EB-8C6A-A6DB40161CAE}
Filename:
Namespace Provider 2: PNRP Cloud Namespace Provider
GUID: {03FE89CE-766D-4976-B9C1-BB9BC42C7B4D}
Filename:
Namespace Provider 3: PNRP Name Namespace Provider
GUID: {03FE89CD-766D-4976-B9C1-BB9BC42C7B4D}
Filename:
Namespace Provider 4: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename:
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP
Namespace Provider 5: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS
Thanks again,
Greg
Hi Greg,
Delete C:\ProgramData\Registry Helper folder manually.
Uninstall old Adobe Reader versions and get the latest one (9.3) here (http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows) or get Foxit Reader here (http://www.foxitsoftware.com/pdf/reader_2/down_reader.htm). Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here (http://pdfreaders.org/).
Check here (http://www.adobe.com/software/flash/about/) to see if your Flash is up-to-date (do it separately with each of your browsers). If not, uninstall vulnerable versions by following instructions here (http://kb2.adobe.com/cps/141/tn_14157.html). Fresh version can be obtained here (http://get.adobe.com/flashplayer/).
Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.
Double-click ATF Cleaner.exe to open it
Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.
If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
Click Exit on the Main menu to close the program.
Please run an online scan with Kaspersky Online Scanner (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) as instructed in the screenshot here (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif).
Post back its report. Does Spybot still find those items?
Hello Blade 81,
It seems that your instructions were perfect. The registry helper files are gone. Thank you for all of your help. I understand that you volunteer your time. I appreciate your invaluable assistance.
Here are the reports from Kaspersky and SpyBot just to be sure:
Kaspersky report
Friday, January 15, 2010
Operating system: Microsoft Windows Vista Business Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Friday, January 15, 2010 16:36:57
Records in database: 3317482
Scan settings
scan using the following database extended
Scan archives yes
Scan e-mail databases yes
Scan area My Computer
C:\
E:\
F:\
Scan statistics
Objects scanned 74703
Threats found 0
Infected objects found 0
Suspicious objects found 0
Scan duration 01:34:57
No threats found. Scanned area is clean.
Selected area has been scanned.
SpyBot report
--- Search result list ---
Right Media: Tracking cookie (Internet Explorer: Evolution) (Cookie, nothing done)
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2010-01-06 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-01-26 advcheck.dll (1.6.2.15)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2009-10-08 Includes\Adware.sbi (*)
2010-01-05 Includes\AdwareC.sbi (*)
2009-01-22 Includes\Cookies.sbi (*)
2009-11-03 Includes\Dialer.sbi (*)
2010-01-05 Includes\DialerC.sbi (*)
2009-01-22 Includes\HeavyDuty.sbi (*)
2009-05-26 Includes\Hijackers.sbi (*)
2010-01-05 Includes\HijackersC.sbi (*)
2009-12-15 Includes\Keyloggers.sbi (*)
2010-01-05 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2009-12-30 Includes\Malware.sbi (*)
2010-01-05 Includes\MalwareC.sbi (*)
2009-03-25 Includes\PUPS.sbi (*)
2010-01-05 Includes\PUPSC.sbi (*)
2009-01-22 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2010-01-05 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2009-11-03 Includes\Spyware.sbi (*)
2010-01-05 Includes\SpywareC.sbi (*)
2009-06-08 Includes\Tracks.uti
2009-12-08 Includes\Trojans.sbi (*)
2010-01-05 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
--- System information ---
Windows Vista (Build: 6001) Service Pack 1 (6.0.6001)
/ MSXML4SP2: Security update for MSXML4 SP2 (KB941833)
--- Startup entries list ---
Located: HK_LM:Run,
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, 00TCrdMain
command: %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
file: C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
size: 729088
MD5: 543E009B1465864D9AE7C6F25DCFA83A
Located: HK_LM:Run, Adobe ARM
command: "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
file: C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
size: 948672
MD5: 73BB442A717B9BB0097C243374C14A3E
Located: HK_LM:Run, Adobe Reader Speed Launcher
command: "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
file: C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
size: 35760
MD5: 466CE40EAA865752F4930A472563E4E1
Located: HK_LM:Run, Apoint
command: C:\Program Files\Apoint2K\Apoint.exe
file: C:\Program Files\Apoint2K\Apoint.exe
size: 188416
MD5: DD558F9E0E9C0C26D5AF8271EEDDC953
Located: HK_LM:Run, AVG9_TRAY
command: C:\PROGRA~1\AVG\AVG9\avgtray.exe
file: C:\PROGRA~1\AVG\AVG9\avgtray.exe
size: 2033432
MD5: 72A7A352072EB6EC4953F9F580463B0D
Located: HK_LM:Run, Camera Assistant Software
command: "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
file: C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
size: 417792
MD5: FB642F641AB3C7A973CCB9B07350486D
Located: HK_LM:Run, cfFncEnabler.exe
command: "C:\Program Files\TOSHIBA\ConfigFree\cfFncEnabler.exe"
file: C:\Program Files\TOSHIBA\ConfigFree\cfFncEnabler.exe
size: 21840
MD5: ABF7873B0BC9F5CFEFC791A55B29EF02
Located: HK_LM:Run, HotKeysCmds
command: C:\Windows\system32\hkcmd.exe
file: C:\Windows\system32\hkcmd.exe
size: 178712
MD5: A2A5A671D9C62B1487463C04626C3730
Located: HK_LM:Run, IgfxTray
command: C:\Windows\system32\igfxtray.exe
file: C:\Windows\system32\igfxtray.exe
size: 150040
MD5: 2AA25C751B2FBFBC1C5F161C990C6C41
Located: HK_LM:Run, NDSTray.exe
command: "C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe"
file: C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
size: 304496
MD5: FB485F5E021DDFE9996CFE48FCF9FBA1
Located: HK_LM:Run, Persistence
command: C:\Windows\system32\igfxpers.exe
file: C:\Windows\system32\igfxpers.exe
size: 154136
MD5: F7AE7EF8692DC97AFE6463183563D119
Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
file: C:\Program Files\QuickTime\QTTask.exe
size: 417792
MD5: 8CBD57D84729DEBEE1E83CB5FA3E3D7A
Located: HK_LM:Run, RtHDVCpl
command: C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
file: C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
size: 7514656
MD5: D8039D9D877710CCE2C1125FE23010D2
Located: HK_LM:Run, SmartFaceVWatcher
command: %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
file: C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
size: 163840
MD5: 532CBBE5848770281CF40909DD06C752
Located: HK_LM:Run, SmoothView
command: %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
file: C:\Program Files\Toshiba\SmoothView\SmoothView.exe
size: 448376
MD5: F5655BCEA5D36D439BA85512E7A0FF88
Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files\Java\jre6\bin\jusched.exe"
file: C:\Program Files\Java\jre6\bin\jusched.exe
size: 149280
MD5: 3A0647BDED81DBE0BCBB51D70B22C9E0
Located: HK_LM:Run, Teco
command: "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
file: C:\Program Files\TOSHIBA\TECO\Teco.exe
size: 1323008
MD5: 3FF523EBA73D4F0F21A43EE231911D1F
Located: HK_LM:Run, ThpSrv
command: C:\Windows\system32\thpsrv /logon
file: C:\Windows\system32\thpsrv /logon
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, TOSDCR
command: %ProgramFiles%\TOSHIBA\PasswordUtility\TOSDCR.exe
file: C:\Program Files\TOSHIBA\PasswordUtility\TOSDCR.exe
size: 169296
MD5: CE7648AF53E26CEB484F54866F195328
Located: HK_LM:Run, ToshibaServiceStation
command: C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe /hide:60
file: C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
size: 1283384
MD5: 33E636E9CDF2B12AF756F4410622918B
Located: HK_LM:Run, TosSENotify
command: C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
file: C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
size: 1011712
MD5: 338C433110FC7524E5FD702D6B61F9F4
Located: HK_LM:Run, TPCHWMsg
command: %ProgramFiles%\TOSHIBA\TPHM\TPCHWMsg.exe
file: C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
size: 570736
MD5: CE2B35ECAD658CA297BDCB24AD47A24E
Located: HK_LM:Run, TPwrMain
command: %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
file: C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE
size: 468320
MD5: 91F4CDB6AE8F978EFCE5DDE4264BEB79
Located: HK_LM:Run, Windows Defender
command: %ProgramFiles%\Windows Defender\MSASCui.exe -hide
file: C:\Program Files\Windows Defender\MSASCui.exe
size: 1008184
MD5: 0D392EDE3B97E0B3131B2F63EF1DB94E
Located: HK_LM:RunOnce, Uninstall Adobe Download Manager
command: "C:\Windows\system32\rundll32.exe" "C:\Program Files\NOS\bin\getPlus_Helper.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1noarp
file: C:\Windows\system32\rundll32.exe
size: 44544
MD5: 4B555106290BD117334E9A08761C035A
Located: HK_CU:Run, Sidebar
where: S-1-5-19...
command: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
file: C:\Program Files\Windows Sidebar\Sidebar.exe
size: 1233920
MD5: FD278E51A7D6F52D22FCE6C67E037AD6
Located: HK_CU:Run, WindowsWelcomeCenter
where: S-1-5-19...
command: rundll32.exe oobefldr.dll,ShowWelcomeCenter
file: C:\Windows\system32\oobefldr.dll
size: 2153472
MD5: 83E4A5435B0FA6AD0166722621A04725
Located: HK_CU:Run, Sidebar
where: S-1-5-20...
command: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
file: C:\Program Files\Windows Sidebar\Sidebar.exe
size: 1233920
MD5: FD278E51A7D6F52D22FCE6C67E037AD6
Located: HK_CU:Run, WindowsWelcomeCenter
where: S-1-5-20...
command: rundll32.exe oobefldr.dll,ShowWelcomeCenter
file: C:\Windows\system32\oobefldr.dll
size: 2153472
MD5: 83E4A5435B0FA6AD0166722621A04725
Located: HK_CU:Run, swg
where: S-1-5-21-3906785556-2790156832-2602993341-1004...
command: "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
file: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
size: 39408
MD5: 5D61BE7DB55B026A5D61A3EED09D0EAD
Located: HK_CU:Run, TOSCDSPD
where: S-1-5-21-3906785556-2790156832-2602993341-1004...
command: C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
file: C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
size: 435512
MD5: 1E164CF26C71C5648A3FFECAA18BBF59
Located: HK_CU:Run, WMPNSCFG
where: S-1-5-21-3906785556-2790156832-2602993341-1004...
command: C:\Program Files\Windows Media Player\WMPNSCFG.exe
file: C:\Program Files\Windows Media Player\WMPNSCFG.exe
size: 202240
MD5: 35937EAD711207544E219C2A19A78A7D
Located: Startup (user), ERUNT AutoBackup.lnk
where: C:\Users\Evolution\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files\ERUNT\AUTOBACK.EXE
file: C:\Program Files\ERUNT\AUTOBACK.EXE
size: 38912
MD5: E00DE20F0F6BED5CD2160247DDC9443B
Located: WinLogon, igfxcui
command: igfxdev.dll
file: igfxdev.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
--- Browser helper object list ---
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (AcroIEHelperStub)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: AcroIEHelperStub
CLSID name: Adobe PDF Link Helper
Path: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\
Long name: AcroIEHelperShim.dll
Short name: ACROIE~2.DLL
Date (created): 21/12/2009 6:27:44 PM
Date (last access): 15/01/2010 7:56:50 AM
Date (last write): 21/12/2009 6:27:44 PM
Filesize: 75200
Attributes: archive
MD5: DC1E56092CC57FB4605B088D3DCCBF7A
CRC32: FF82C62B
Version: 9.3.0.148
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (WormRadar.com IESiteBlocker.NavFilter)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: WormRadar.com IESiteBlocker.NavFilter
CLSID name: AVG Safe Search
Path: C:\Program Files\AVG\AVG9\
Long name: avgssie.dll
Short name:
Date (created): 06/01/2010 9:44:46 AM
Date (last access): 06/01/2010 9:44:46 AM
Date (last write): 06/01/2010 9:44:46 AM
Filesize: 1484056
Attributes: archive
MD5: F7CC657F40C56C9BA7C189066D259F9E
CRC32: DBEFFA87
Version: 9.0.0.713
{53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Spybot-S&D IE Protection
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\Program Files\Spybot - Search & Destroy\
Long name: SDHelper.dll
Short name:
Date (created): 06/01/2010 8:21:52 AM
Date (last access): 06/01/2010 8:21:52 AM
Date (last write): 26/01/2009 3:31:02 PM
Filesize: 1879896
Attributes: archive
MD5: 022C2F6DCCDFA0AD73024D254E62AFAC
CRC32: 5BA24007
Version: 1.6.2.14
{A3BC75A2-1F87-4686-AA43-5347D756017C} (AVG Security Toolbar BHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: AVG Security Toolbar BHO
Path: C:\Program Files\AVG\AVG9\Toolbar\
Long name: IEToolbar.dll
Short name: IETOOL~1.DLL
Date (created): 06/01/2010 9:44:58 AM
Date (last access): 06/01/2010 9:44:58 AM
Date (last write): 25/11/2009 1:01:54 PM
Filesize: 1230080
Attributes: archive
MD5: DE43790FC3902557ABFDDE1E155FA116
CRC32: 60A56646
Version: 3.11.25.5
{AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Google Toolbar Helper
description: Google toolbar
classification: Open for discussion
known filename: googletoolbar.dll<br>googletoolbar*.dll<br>(* = number)<br>googletoolbar_en_*.**-big.dll<br>Googletoolbar_en_*.*.**-deleon.dll
info link: http://toolbar.google.com/
info source: TonyKlein
Path: C:\Program Files\Google\Google Toolbar\
Long name: GoogleToolbar_32.dll
Short name: GOOGLE~2.DLL
Date (created): 14/11/2009 3:20:44 PM
Date (last access): 14/11/2009 3:20:44 PM
Date (last write): 06/01/2010 9:19:18 AM
Filesize: 263280
Attributes: archive
MD5: 6CAC864C230B5E520AD054CF2DD66D59
CRC32: 7E94DC92
Version: 6.3.1014.1517
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Google Toolbar Notifier BHO
Path: C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\
Long name: swg.dll
Short name:
Date (created): 06/01/2010 9:22:14 AM
Date (last access): 06/01/2010 9:22:14 AM
Date (last write): 06/01/2010 9:22:14 AM
Filesize: 764912
Attributes: archive
MD5: CD91E666B2446530583FBFFCF537BE4C
CRC32: 34534F50
Version: 5.4.4525.1752
{DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Java(tm) Plug-In 2 SSV Helper
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2ssv.dll
Short name:
Date (created): 12/06/2009 5:30:30 AM
Date (last access): 11/10/2009 4:18:20 AM
Date (last write): 11/10/2009 4:17:30 AM
Filesize: 41760
Attributes: archive
MD5: C9EDE29F223A27873E187D9FB6045EA6
CRC32: 5951C3E0
Version: 6.0.170.4
--- ActiveX list ---
{166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control)
DPF name:
CLSID name: Shockwave ActiveX Control
Installer: C:\Windows\Downloaded Program Files\swdir.inf
Codebase: http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
description: Macromedia ShockWave Flash Player 7
classification: Legitimate
known filename: SWDIR.DLL
info link:
info source: Patrick M. Kolla
Path: C:\Windows\system32\Adobe\Director\
Long name: SwDir.dll
Short name:
Date (created): 28/10/2009 9:44:46 PM
Date (last access): 06/01/2010 9:20:28 AM
Date (last write): 28/10/2009 9:44:46 PM
Filesize: 210360
Attributes: archive
MD5: 435EA0E65D591E9F1DAC1C586C28745B
CRC32: 7CED2E73
Version: 11.5.2.602
{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_17
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 12/06/2009 5:30:30 AM
Date (last access): 11/10/2073 4:18:18 AM
Date (last write): 11/10/2009 4:17:30 AM
Filesize: 100128
Attributes: archive
MD5: 048369C957BCE15E4628FDEB65820BE8
CRC32: C8C19051
Version: 6.0.170.4
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_17
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 12/06/2009 5:30:30 AM
Date (last access): 11/10/2073 4:18:18 AM
Date (last write): 11/10/2009 4:17:30 AM
Filesize: 100128
Attributes: archive
MD5: 048369C957BCE15E4628FDEB65820BE8
CRC32: C8C19051
Version: 6.0.170.4
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_17
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre6\bin\
Long name: npjpi160_17.dll
Short name: NPJPI1~1.DLL
Date (created): 11/10/2009 2:14:36 AM
Date (last access): 11/10/2073 4:18:30 AM
Date (last write): 11/10/2009 4:17:30 AM
Filesize: 136992
Attributes: archive
MD5: 3D58770680F268A23A8CE1F14B49AA2F
CRC32: 6091A816
Version: 6.0.170.4
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class)
DPF name:
CLSID name: get_atlcom Class
Installer: C:\Windows\Downloaded Program Files\gp.inf
Codebase: http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Path: C:\Windows\Downloaded Program Files\
Long name: gp.ocx
Short name:
Date (created): 17/12/2009 4:37:08 PM
Date (last access): 17/12/2009 4:37:08 PM
Date (last write): 17/12/2009 4:37:08 PM
Filesize: 72488
Attributes: archive
MD5: 962A4E0B66CF53019F8C8DF234792A45
CRC32: DFBB0393
Version: 1.6.2.60
--- Process list ---
PID: 576 (1368) C:\Windows\system32\taskeng.exe
size: 169472
MD5: 5F109032CE46B7184ED9E50F9FE8489E
PID: 884 (1352) C:\Windows\system32\Dwm.exe
size: 81920
MD5: 59903071D7ACE6A02093C47E9E38AF97
PID: 1644 ( 548) C:\Windows\Explorer.EXE
size: 2927104
MD5: 4F554999D7D5F05DAAEBBA7B5BA1089D
PID: 2460 (1644) C:\Windows\System32\hkcmd.exe
size: 178712
MD5: A2A5A671D9C62B1487463C04626C3730
PID: 2488 (1644) C:\Windows\System32\igfxpers.exe
size: 154136
MD5: F7AE7EF8692DC97AFE6463183563D119
PID: 2544 (1088) C:\Windows\system32\igfxsrvc.exe
size: 256536
MD5: A407699F104287DA6C2117B3C005649F
PID: 2596 (1644) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
size: 468320
MD5: 91F4CDB6AE8F978EFCE5DDE4264BEB79
PID: 2944 (1644) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
size: 448376
MD5: F5655BCEA5D36D439BA85512E7A0FF88
PID: 3044 (1644) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
size: 729088
MD5: 543E009B1465864D9AE7C6F25DCFA83A
PID: 3084 (1644) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
size: 7514656
MD5: D8039D9D877710CCE2C1125FE23010D2
PID: 3648 (1644) C:\Program Files\Apoint2K\Apoint.exe
size: 188416
MD5: DD558F9E0E9C0C26D5AF8271EEDDC953
PID: 3672 (1644) C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
size: 304496
MD5: FB485F5E021DDFE9996CFE48FCF9FBA1
PID: 3728 (1644) C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
size: 417792
MD5: FB642F641AB3C7A973CCB9B07350486D
PID: 3796 (1644) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
size: 1011712
MD5: 338C433110FC7524E5FD702D6B61F9F4
PID: 3876 (1644) C:\Windows\System32\ThpSrv.exe
size: 523320
MD5: A2B6029763F7C7D340AEA8A0B1D44306
PID: 3904 (1644) C:\Program Files\TOSHIBA\TECO\TEco.exe
size: 1323008
MD5: 3FF523EBA73D4F0F21A43EE231911D1F
PID: 3916 (1644) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
size: 1283384
MD5: 33E636E9CDF2B12AF756F4410622918B
PID: 372 (1644) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
size: 570736
MD5: CE2B35ECAD658CA297BDCB24AD47A24E
PID: 1472 (1644) C:\Program Files\AVG\AVG9\avgtray.exe
size: 2033432
MD5: 72A7A352072EB6EC4953F9F580463B0D
PID: 1276 (1644) C:\Program Files\Java\jre6\bin\jusched.exe
size: 149280
MD5: 3A0647BDED81DBE0BCBB51D70B22C9E0
PID: 1188 (1644) C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
size: 435512
MD5: 1E164CF26C71C5648A3FFECAA18BBF59
PID: 1032 (3648) C:\Program Files\Apoint2K\ApMsgFwd.exe
size: 50472
MD5: 9BB3ABB7F670E8AA75D21AC3B3AFCF74
PID: 1620 (1088) C:\Windows\system32\igfxext.exe
size: 178712
MD5: 99DBE7F1487BBD9CBDE4E7BDC48C0021
PID: 4328 (4320) C:\Program Files\Apoint2K\Apntex.exe
size: 49152
MD5: 359937EFD1763DF9F8B8D166BD4CC022
PID: 4376 (3648) C:\Program Files\Apoint2K\HidFind.exe
size: 40960
MD5: B3F1E7ED7AECB1D4B8D24A3734B2C641
PID: 4400 (1644) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
size: 39408
MD5: 5D61BE7DB55B026A5D61A3EED09D0EAD
PID: 4420 (1644) C:\Program Files\Windows Media Player\wmpnscfg.exe
size: 202240
MD5: 35937EAD711207544E219C2A19A78A7D
PID: 4728 (3672) C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
size: 62848
MD5: EFEF12A9393C54BCD9D31AFEBB7FDB83
PID: 5524 (5512) C:\Windows\system32\conime.exe
size: 69120
MD5: F96EBC5A624349D81DCC7600A3C5DC43
PID: 3688 (1368) C:\Windows\system32\wuauclt.exe
size: 43008
MD5: 8E93CDF0EA8EDBA63F07E2898A9B2147
PID: 5300 (1088) C:\Program Files\Internet Explorer\iexplore.exe
size: 636072
MD5: 9E6C1527D9A2C64BFD780AA23075380F
PID: 2884 (5300) C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe
size: 22816
MD5: 35C4B2DD8BB7B018F158AA90A374670E
PID: 6028 (2884) C:\Program Files\Java\jre6\bin\java.exe
size: 145184
MD5: 7F1875210672BB9338B0F86955948ECB
PID: 2096 (1644) C:\Windows\System32\mstsc.exe
size: 677888
MD5: 120E90A942008A9DDE28F25EB85C7053
PID: 3924 (1644) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 5365592
MD5: 0477C2F9171599CA5BC3307FDFBA8D89
PID: 0 ( 0) [System Process]
PID: 4 ( 0) System
PID: 516 ( 4) smss.exe
size: 64000
PID: 584 ( 572) csrss.exe
size: 6144
PID: 628 ( 572) wininit.exe
size: 96768
PID: 640 ( 620) csrss.exe
size: 6144
PID: 648 ( 628) avgchsvx.exe
PID: 656 ( 628) avgrsx.exe
PID: 696 ( 656) avgcsrvx.exe
PID: 704 ( 628) services.exe
size: 279040
PID: 728 ( 628) lsass.exe
size: 9728
PID: 744 ( 628) lsm.exe
size: 229888
PID: 1088 ( 704) svchost.exe
size: 21504
PID: 1120 ( 620) winlogon.exe
size: 314880
PID: 1192 ( 704) svchost.exe
size: 21504
PID: 1328 ( 704) svchost.exe
size: 21504
PID: 1352 ( 704) svchost.exe
size: 21504
PID: 1368 ( 704) svchost.exe
size: 21504
PID: 1428 (1328) audiodg.exe
size: 88064
PID: 1508 ( 704) SLsvc.exe
size: 2623488
PID: 1552 ( 704) svchost.exe
size: 21504
PID: 1712 ( 704) svchost.exe
size: 21504
PID: 1912 (1352) wlanext.exe
size: 74240
PID: 224 ( 704) spoolsv.exe
size: 125952
PID: 360 ( 704) svchost.exe
size: 21504
PID: 2072 ( 704) agrsmsvc.exe
size: 9216
PID: 2124 ( 704) avgwdsvc.exe
PID: 2136 ( 704) BcmSqlStartupSvc.exe
PID: 2148 ( 704) CFSvcs.exe
PID: 2220 (1368) taskeng.exe
size: 169472
PID: 2376 (2124) avgnsx.exe
PID: 2416 ( 704) sqlservr.exe
PID: 2588 ( 704) svchost.exe
size: 21504
PID: 2692 ( 704) RSelSvc.exe
PID: 2728 ( 704) sqlwriter.exe
PID: 2764 ( 704) svchost.exe
size: 21504
PID: 2828 ( 704) ThpSrv.exe
size: 523320
PID: 2864 ( 704) TMachInfo.exe
PID: 3028 ( 704) TNaviSrv.exe
PID: 3124 ( 704) TODDSrv.exe
size: 129632
PID: 3172 ( 704) TosCoSrv.exe
PID: 3188 ( 704) TecoService.exe
PID: 3300 ( 704) TosSmartSrv.exe
PID: 3324 ( 704) svchost.exe
size: 21504
PID: 3404 ( 704) TPCHSrv.exe
PID: 3588 ( 704) SDWinSec.exe
size: 1153368
MD5: 794D4B48DFB6E999537C7C3947863463
PID: 4532 ( 704) wmpnetwk.exe
PID: 5988 (6028) ScanningProcess.exe
PID: 6016 (6028) ScanningProcess.exe
--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 15/01/2010 12:51:15 PM
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\Windows\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.google.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
http://www.google.com/ie
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.google.ca/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.toshiba.ca/welcome
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
http://www.google.com/search/?q=%s
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.toshiba.ca/welcome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.toshiba.ca/welcome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://go.microsoft.com/fwlink/?LinkId=54896
--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 3: MSAFD Tcpip [TCP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 4: MSAFD Tcpip [UDP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 5: MSAFD Tcpip [RAW/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 6: RSVP TCPv6 Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 7: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 8: RSVP UDPv6 Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 9: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{9D8A9CE6-B09B-41EE-AB9C-F4D3CC49A7AF}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{9D8A9CE6-B09B-41EE-AB9C-F4D3CC49A7AF}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{244591AE-1D63-47E5-9DE7-A3614118C1C6}] SEQPACKET 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{244591AE-1D63-47E5-9DE7-A3614118C1C6}] DATAGRAM 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{15C2EE0B-CDFA-4212-86E3-77ED015D1D27}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{15C2EE0B-CDFA-4212-86E3-77ED015D1D27}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{CE80E3C8-36C4-4713-8781-7FF3CB78D01A}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{CE80E3C8-36C4-4713-8781-7FF3CB78D01A}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 18: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{9D8A9CE6-B09B-41EE-AB9C-F4D3CC49A7AF}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 19: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{9D8A9CE6-B09B-41EE-AB9C-F4D3CC49A7AF}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 20: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{6B2ECEE7-5510-4CBB-8434-D17AEEEB0C3E}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 21: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{6B2ECEE7-5510-4CBB-8434-D17AEEEB0C3E}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 22: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{244591AE-1D63-47E5-9DE7-A3614118C1C6}] SEQPACKET 7
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 23: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{244591AE-1D63-47E5-9DE7-A3614118C1C6}] DATAGRAM 7
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Namespace Provider 0: Network Location Awareness Legacy (NLAv1) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename:
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace
Namespace Provider 1: E-mail Naming Shim Provider
GUID: {964ACBA2-B2BC-40EB-8C6A-A6DB40161CAE}
Filename:
Namespace Provider 2: PNRP Cloud Namespace Provider
GUID: {03FE89CE-766D-4976-B9C1-BB9BC42C7B4D}
Filename:
Namespace Provider 3: PNRP Name Namespace Provider
GUID: {03FE89CD-766D-4976-B9C1-BB9BC42C7B4D}
Filename:
Namespace Provider 4: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename:
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP
Namespace Provider 5: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS
Good. Some final steps next :)
THESE STEPS ARE VERY IMPORTANT
Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.
A To disable the System Restore feature:
1. Click on the Start button.
2. Hover over the Computer option, right click on it and then click Properties.
3. On the left hand side, click Advanced Settings.
4. If asked to permit the action, click on Allow.
5. Click on the System Protection tab.
6. Uncheck any checkboxes listed for your hard drives.
7. Press OK.
B. Reboot.
C Turn ON System Restore.
Follow the steps like you did when disabling system restore but on step 6. check any checkboxes listed for your hard drives.
UPDATING WINDOWS AND INTERNET EXPLORER
IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site (http://windowsupdate.microsoft.com/) to get the critical updates.
If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.
Make your Internet Explorer more secure
This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Once again, please post and tell me how things are going with your system... problems etc.
Have a great day,
Blade :cool:
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help. :)
Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.