My favourite search redirects to advertisements [Archive]

View Full Version : My favourite search redirects to advertisements

Raymondo

2010-07-09, 20:30

I have just started with Hijack this and have a log I have used many different virus detectors up to today I am not sure if my last attempt has removed them so if someone can check out these logs for me with some advice in reply:bigthumb:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4296

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

10/07/2010 1:21:39 AM
mbam-log-2010-07-10 (01-21-39).txt

Scan type: Quick scan
Objects scanned: 63613
Time elapsed: 4 minute(s), 46 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 11
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 10
Files Infected: 52

Memory Processes Infected:
C:\Program Files\Spyware Cease\SpywareCease.exe (Rogue.SpywareCease) -> Not selected for removal.

Memory Modules Infected:
C:\Program Files\Spyware Cease\md5.dll (Rogue.SpywareCease) -> Not selected for removal.
C:\Program Files\Spyware Cease\mtools.dll (Rogue.SpywareCease) -> Not selected for removal.
C:\Program Files\Spyware Cease\networkdll.dll (Rogue.SpywareCease) -> Not selected for removal.
C:\Program Files\Spyware Cease\opfile.dll (Rogue.SpywareCease) -> Not selected for removal.
C:\Program Files\Spyware Cease\QAreaDLL.dll (Rogue.SpywareCease) -> Not selected for removal.
C:\Program Files\Spyware Cease\RkHitApi.dll (Rogue.SpywareCease) -> Not selected for removal.
C:\Program Files\Spyware Cease\sctdll.dll (Rogue.SpywareCease) -> Not selected for removal.
C:\Program Files\Spyware Cease\spkdll.dll (Rogue.SpywareCease) -> Not selected for removal.
C:\Program Files\Spyware Cease\udefend.dll (Rogue.SpywareCease) -> Not selected for removal.
C:\Program Files\Spyware Cease\ussafe.dll (Rogue.SpywareCease) -> Not selected for removal.
C:\Program Files\Spyware Cease\zlib1.dll (Rogue.SpywareCease) -> Not selected for removal.

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Spyware Cease (Rogue.SpywareCease) -> Not selected for removal.
C:\Program Files\Spyware Cease\RepairBackup (Rogue.SpywareCease) -> Not selected for removal.
C:\Program Files\Spyware Cease\RepairBackup\del (Rogue.SpywareCease) -> Not selected for removal.
C:\Program Files\Spyware Cease\update (Rogue.SpywareCease) -> Not selected for removal.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Cease (Rogue.SpywareCease) -> Not selected for removal.
C:\Program Files\Error Repair Professional (Rogue.ErrorRepairProfessional) -> Not selected for removal.
C:\Program Files\Error Repair Professional\Backups (Rogue.ErrorRepairProfessional) -> Not selected for removal.
C:\Program Files\Error Repair Professional\startbug (Rogue.ErrorRepairProfessional) -> Not selected for removal.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Registry Cleaner For Vista (Rogue.FreeRegistryCleanerForVista) -> Not selected for removal.
C:\Program Files\Free Registry Cleaner For Vista (Rogue.FreeRegistryCleanerForVista) -> Not selected for removal.

Files Infected:
C:\Windows\System32\drivers\RKHit.sys (Rogue.Spywarecease) -> Not selected for removal.
C:\Program Files\Spyware Cease\AutoUpdate.exe (Rogue.SpywareCease) -> Not selected for removal.
C:\Program Files\Spyware Cease\bcfile.lst (Rogue.SpywareCease) -> Not selected for removal.
C:\Program Files\Spyware Cease\bmgac (Rogue.SpywareCease) -> Not selected for removal.
C:\Program Files\Spyware Cease\dxddd (Rogue.SpywareCease) -> Not selected for removal.
C:\Program Files\Spyware Cease\fp.fpl (Rogue.SpywareCease) -> Not selected for removal.
C:\Program Files\Spyware Cease\hrdb.hrl (Rogue.SpywareCease) -> Not selected for removal.
C:\Program Files\Spyware Cease\idamx (Rogue.SpywareCease) -> Not selected for removal.
C:\Program Files\Spyware Cease\iflee (Rogue.SpywareCease) -> Not selected for removal.
C:\Program Files\Spyware Cease\license.key (Rogue.SpywareCease) -> Not selected for removal.
C:\Program Files\Spyware Cease\LSR.lsr (Rogue.SpywareCease) -> Not selected for removal.
C:\Program Files\Spyware Cease\md5.dll (Rogue.SpywareCease) -> Not selected for removal.
C:\Program Files\Spyware Cease\mtools.dll (Rogue.SpywareCease) -> Not selected for removal.
C:\Program Files\Spyware Cease\networkdll.dll (Rogue.SpywareCease) -> Not selected for removal.
C:\Program Files\Spyware Cease\opfile.dll (Rogue.SpywareCease) -> Not selected for removal.
C:\Program Files\Spyware Cease\QAreaDLL.dll (Rogue.SpywareCease) -> Not selected for removal.
C:\Program Files\Spyware Cease\rgp.tmp (Rogue.SpywareCease) -> Not selected for removal.
C:\Program Files\Spyware Cease\RkHitApi.dll (Rogue.SpywareCease) -> Not selected for removal.
C:\Program Files\Spyware Cease\sctdll.dll (Rogue.SpywareCease) -> Not selected for removal.
C:\Program Files\Spyware Cease\spkdll.dll (Rogue.SpywareCease) -> Not selected for removal.
C:\Program Files\Spyware Cease\SpywareCease.chm (Rogue.SpywareCease) -> Not selected for removal.
C:\Program Files\Spyware Cease\SpywareCease.exe (Rogue.SpywareCease) -> Not selected for removal.
C:\Program Files\Spyware Cease\SpywareCease.url (Rogue.SpywareCease) -> Not selected for removal.
C:\Program Files\Spyware Cease\tmp5 (Rogue.SpywareCease) -> Not selected for removal.
C:\Program Files\Spyware Cease\twcfile.lst (Rogue.SpywareCease) -> Not selected for removal.
C:\Program Files\Spyware Cease\udefend.dll (Rogue.SpywareCease) -> Not selected for removal.
C:\Program Files\Spyware Cease\unins000.dat (Rogue.SpywareCease) -> Not selected for removal.
C:\Program Files\Spyware Cease\unins000.exe (Rogue.SpywareCease) -> Not selected for removal.
C:\Program Files\Spyware Cease\update1 (Rogue.SpywareCease) -> Not selected for removal.
C:\Program Files\Spyware Cease\update2 (Rogue.SpywareCease) -> Not selected for removal.
C:\Program Files\Spyware Cease\update3 (Rogue.SpywareCease) -> Not selected for removal.
C:\Program Files\Spyware Cease\ussafe.dll (Rogue.SpywareCease) -> Not selected for removal.
C:\Program Files\Spyware Cease\vf (Rogue.SpywareCease) -> Not selected for removal.
C:\Program Files\Spyware Cease\wcfile.lst (Rogue.SpywareCease) -> Not selected for removal.
C:\Program Files\Spyware Cease\xxcum (Rogue.SpywareCease) -> Not selected for removal.
C:\Program Files\Spyware Cease\zlib1.dll (Rogue.SpywareCease) -> Not selected for removal.
C:\Program Files\Spyware Cease\RepairBackup\del.txt (Rogue.SpywareCease) -> Not selected for removal.
C:\Program Files\Spyware Cease\RepairBackup\removestartup.dat (Rogue.SpywareCease) -> Not selected for removal.
C:\Program Files\Spyware Cease\RepairBackup\startup.dat (Rogue.SpywareCease) -> Not selected for removal.
C:\Program Files\Spyware Cease\update\Update_a.ini (Rogue.SpywareCease) -> Not selected for removal.
C:\Program Files\Spyware Cease\update\uplist.up (Rogue.SpywareCease) -> Not selected for removal.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Cease\Spyware Cease on the Web.lnk (Rogue.SpywareCease) -> Not selected for removal.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Cease\Spyware Cease.lnk (Rogue.SpywareCease) -> Not selected for removal.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Cease\Uninstall Spyware Cease.lnk (Rogue.SpywareCease) -> Not selected for removal.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Registry Cleaner For Vista\Free Registry Cleaner for Vista.lnk (Rogue.FreeRegistryCleanerForVista) -> Not selected for removal.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Registry Cleaner For Vista\Uninstall Free Registry Cleaner for Vista.lnk (Rogue.FreeRegistryCleanerForVista) -> Not selected for removal.
C:\Program Files\Free Registry Cleaner For Vista\backuphkcu.REG (Rogue.FreeRegistryCleanerForVista) -> Not selected for removal.
C:\Program Files\Free Registry Cleaner For Vista\RegCleanerForVista.exe (Rogue.FreeRegistryCleanerForVista) -> Not selected for removal.
C:\Program Files\Free Registry Cleaner For Vista\unins000.dat (Rogue.FreeRegistryCleanerForVista) -> Not selected for removal.
C:\Program Files\Free Registry Cleaner For Vista\unins000.exe (Rogue.FreeRegistryCleanerForVista) -> Not selected for removal.
C:\Users\hare\AppData\Roaming\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\hare\AppData\Roaming\fvgqad.dat (Malware.Trace) -> Quarantined and deleted successfully.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:28:31 AM, on 10/07/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Toshiba\Utilities\KeNotify.exe
C:\Program Files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe
C:\Program Files\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spyware Cease\SpywareCease.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\ctfmon.exe
C:\Downloads\HiJackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\KeePass Password Safe\KeePass.exe
C:\Windows\System32\notepad.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - (no file)
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [PCMAgent] "C:\Program Files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe"
O4 - HKLM\..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe /hide:60
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1670725582-812871076-957031153-1002\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'USER')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk.disabled
O4 - Global Startup: Bluetooth Manager.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://oas.support.microsoft.com/ActiveX/MSDcode.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 10333 bytes
==========================
"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)

Raymondo

2010-07-09, 21:29

:eek:
--- Search result list ---
Clickbank: Tracking cookie (Internet Explorer: RAY THE ADMIN) (Cookie, fixed)

DoubleClick: Tracking cookie (Internet Explorer: RAY THE ADMIN) (Cookie, fixed)

--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2010-03-14 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2010-02-17 Includes\Adware.sbi (*)
2010-05-18 Includes\AdwareC.sbi (*)
2010-01-25 Includes\Cookies.sbi (*)
2009-11-03 Includes\Dialer.sbi (*)
2010-05-18 Includes\DialerC.sbi (*)
2010-01-25 Includes\HeavyDuty.sbi (*)
2009-05-27 Includes\Hijackers.sbi (*)
2010-05-18 Includes\HijackersC.sbi (*)
2010-01-20 Includes\Keyloggers.sbi (*)
2010-05-18 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2010-05-05 Includes\Malware.sbi (*)
2010-05-19 Includes\MalwareC.sbi (*)
2010-05-18 Includes\PUPS.sbi (*)
2010-05-18 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2009-01-14 Includes\Security.sbi (*)
2010-05-18 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2010-03-02 Includes\Spyware.sbi (*)
2010-05-19 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2010-04-27 Includes\Trojans.sbi (*)
2010-05-18 Includes\TrojansC-02.sbi (*)
2010-05-18 Includes\TrojansC-03.sbi (*)
2010-05-18 Includes\TrojansC-04.sbi (*)
2010-05-19 Includes\TrojansC-05.sbi (*)
2010-05-18 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

--- System information ---
Windows Vista (Build: 6002) Service Pack 2 (6.0.6002)
/ MSXML4SP2: Security update for MSXML4 SP2 (KB941833)
/ MSXML4SP2: Security update for MSXML4 SP2 (KB954430)
/ MSXML4SP2: Security update for MSXML4 SP2 (KB973688)

--- Startup entries list ---
Located: HK_LM:Run, 00TCrdMain
command: %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
file: C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
size: 716800
MD5: EF1464C1F3334F65F55943BFDA45C519

Located: HK_LM:Run, Adobe ARM
command: "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
file: C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
size: 976832
MD5: 0B232C77D822983397674AEEC9AB59DC

Located: HK_LM:Run, Adobe Photo Downloader
command: "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
file: C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
size: 57344
MD5: 617FA5BE646B5E8D6670FD4710ACD2D3

Located: HK_LM:Run, Adobe Reader Speed Launcher
command: "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
file: C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
size: 40368
MD5: E079513490C1DA5B1516AF9C0E97618F

Located: HK_LM:Run, Apoint
command: C:\Program Files\Apoint2K\Apoint.exe
file: C:\Program Files\Apoint2K\Apoint.exe
size: 184320
MD5: A4A14FADDE82F30A4BDAFE5C65CB8ABC

Located: HK_LM:Run, AVG9_TRAY
command: C:\PROGRA~1\AVG\AVG9\avgtray.exe
file: C:\PROGRA~1\AVG\AVG9\avgtray.exe
size: 2065760
MD5: E9B04FD2921ACE22CA17FA7D5131F491

Located: HK_LM:Run, Camera Assistant Software
command: "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
file: C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
size: 417792
MD5: 4F9EE379B4B5685A5B68982200D0394C

Located: HK_LM:Run, HSON
command: %ProgramFiles%\TOSHIBA\TBS\HSON.exe
file: C:\Program Files\TOSHIBA\TBS\HSON.exe
size: 54608
MD5: 5F0D3BD87EA98332B5B1D5B86C40FBF9

Located: HK_LM:Run, ITSecMng
command: %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
file: C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
size: 83336
MD5: B8C0A05D1DB0B01DE92D62825E9B5FC5

Located: HK_LM:Run, KeNotify
command: C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
file: C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
size: 34352
MD5: AFD400AEBCAB252C99E60991FF00D9D2

Located: HK_LM:Run, Malwarebytes Anti-Malware (reboot)
command: "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
file: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
size: 1090952
MD5: D594EA4AC1C0E4675EF2F0063950ABEF

Located: HK_LM:Run, NvMediaCenter
command: RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
file: C:\Windows\system32\NvMcTray.dll
size: 92704
MD5: DC6E5D936786E3FD79342E2E82C99E38

Located: HK_LM:Run, PCMAgent
command: "C:\Program Files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe"
file: C:\Program Files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe
size: 143360
MD5: 9B271EAD0AE5907EABC3A7BE072C323E

Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
file: C:\Program Files\QuickTime\QTTask.exe
size: 421888
MD5: ED7A6D40B20DC34BE06F4AE196AE7D50

Located: HK_LM:Run, RtHDVCpl
command: RtHDVCpl.exe
file: C:\Windows\RtHDVCpl.exe
size: 6144000
MD5: 84B0BE89BF1155CD2498780C9D55BEB5

Located: HK_LM:Run, SmoothView
command: %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
file: C:\Program Files\Toshiba\SmoothView\SmoothView.exe
size: 448080
MD5: 4E72F2DC0A0B2D48C70F7EE5D3B84B93

Located: HK_LM:Run, SVPWUTIL
command: C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
file: C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe
size: 438272
MD5: A7E2FF99E82ECA03A16F5D31C820F697

Located: HK_LM:Run, ToshibaServiceStation
command: C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe /hide:60
file: C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
size: 1283384
MD5: 33E636E9CDF2B12AF756F4410622918B

Located: HK_LM:Run, TPwrMain
command: %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
file: C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE
size: 431456
MD5: 8A75C36EEE9BA57FBE09F6DCB8FC8D10

Located: HK_LM:Run, UVS10 Preload
command: C:\Program Files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe
file: C:\Program Files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe
size: 36864
MD5: 951024D91F4C3B95ED8D521F06FBFB00

Located: HK_LM:Run, Windows Defender
command: %ProgramFiles%\Windows Defender\MSASCui.exe
file: C:\Program Files\Windows Defender\MSASCui.exe
size: 1008184
MD5: 0D392EDE3B97E0B3131B2F63EF1DB94E

Located: HK_LM:RunOnce, Malwarebytes' Anti-Malware
command: C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
file: C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
size: 437584
MD5: 5F0388038E7355982FE50B039D10315C

Located: HK_LM:Run, Adobe Photo Downloader (DISABLED)
command: "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
file: C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
size: 57344
MD5: 617FA5BE646B5E8D6670FD4710ACD2D3

Located: HK_LM:Run, CanonMyPrinter (DISABLED)
command: C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
file: C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, CanonSolutionMenu (DISABLED)
command: C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
file: C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, CLMLServer (DISABLED)
command: "C:\Program Files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe"
file: C:\Program Files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe
size: 188416
MD5: 800EC812A834E8BD2D54C28C470BC145

Located: HK_LM:Run, DropBoxUtility (DISABLED)
command: "C:\Program Files\DropBox\DropBox\DropBox.exe" /s
file: C:\Program Files\DropBox\DropBox\DropBox.exe
size: 405504
MD5: 8578C54D653C5A2C23E2857BD6E34C71

Located: HK_LM:Run, GrooveMonitor (DISABLED)
command: "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
file: C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
size: 31072
MD5: 644795F6985C740F5E36E9336B837D0B

Located: HK_LM:Run, NvCplDaemon (DISABLED)
command: RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
file: C:\Windows\system32\NvCpl.dll
size: 13543968
MD5: ED7F0419292D22B5253028D1A6E62804

Located: HK_CU:Run, Sidebar
where: S-1-5-19...
command: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
file: C:\Program Files\Windows Sidebar\Sidebar.exe
size: 1233920
MD5: 9E35FF7F943AE0FB89192BFE058B7FD4

Located: HK_CU:Run, WindowsWelcomeCenter
where: S-1-5-19...
command: rundll32.exe oobefldr.dll,ShowWelcomeCenter
file: C:\Windows\system32\oobefldr.dll
size: 2153472
MD5: 16FC5B430123238E522B18E63C257AF8

Located: HK_CU:Run, Sidebar
where: S-1-5-20...
command: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
file: C:\Program Files\Windows Sidebar\Sidebar.exe
size: 1233920
MD5: 9E35FF7F943AE0FB89192BFE058B7FD4

Located: HK_CU:Run, WindowsWelcomeCenter
where: S-1-5-20...
command: rundll32.exe oobefldr.dll,ShowWelcomeCenter
file: C:\Windows\system32\oobefldr.dll
size: 2153472
MD5: 16FC5B430123238E522B18E63C257AF8

Located: HK_CU:Run, ehTray.exe
where: S-1-5-21-1670725582-812871076-957031153-1001...
command: C:\Windows\ehome\ehTray.exe
file: C:\Windows\ehome\ehTray.exe
size: 125952
MD5: BF08674925F151BD4537B89A493E3E0C

Located: HK_CU:Run, fsm
where: S-1-5-21-1670725582-812871076-957031153-1001...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, PC Suite Tray
where: S-1-5-21-1670725582-812871076-957031153-1001...
command: "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
file: C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
size: 1451520
MD5: CC0D9AC0AD3AA394BBA42B0B304BCF13

Located: HK_CU:Run, TOSCDSPD
where: S-1-5-21-1670725582-812871076-957031153-1001...
command: C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
file: C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
size: 430080
MD5: 5D29764082133F302126C85AB96ACB80

Located: HK_CU:Run, PC Suite Tray
where: S-1-5-21-1670725582-812871076-957031153-1002...
command: "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
file: C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
size: 1451520
MD5: CC0D9AC0AD3AA394BBA42B0B304BCF13

Located: HK_CU:Run, QuickTime Task
where: S-1-5-21-1670725582-812871076-957031153-1002...
command: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
file: C:\Program Files\QuickTime\QTTask.exe
size: 421888
MD5: ED7A6D40B20DC34BE06F4AE196AE7D50

Located: HK_CU:Run, TOSCDSPD
where: S-1-5-21-1670725582-812871076-957031153-1002...
command: C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
file: C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
size: 430080
MD5: 5D29764082133F302126C85AB96ACB80

Located: HK_CU:Run, WindowsWelcomeCenter
where: S-1-5-21-1670725582-812871076-957031153-1002...
command: rundll32.exe oobefldr.dll,ShowWelcomeCenter
file: C:\Windows\system32\oobefldr.dll
size: 2153472
MD5: 16FC5B430123238E522B18E63C257AF8

Located: Startup (common), Bluetooth Manager.lnk
where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe
file: C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe
size: 427336
MD5: B826F35E311A6AE70179DF218295231A

Located: Startup (user), OneNote 2007 Screen Clipper and Launcher.lnk (DISABLED)
where: C:\Users\RAY THE ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
file: C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
size: 97680
MD5: 32C26797AB646074A2BB562F9D10ADB5

--- Browser helper object list ---
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Adobe PDF Reader Link Helper
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll
info link: http://www.adobe.com/products/acrobat/readstep2.html
info source: TonyKlein
Path: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\
Long name: AcroIEHelper.dll
Short name: ACROIE~1.DLL
Date (created): 2/04/2010 10:03:56 PM
Date (last access): 17/04/2010 11:53:22 AM
Date (last write): 2/04/2010 10:03:56 PM
Filesize: 61888
Attributes: archive
MD5: FDE2DAF73EDA35BA399E2E19544B850F
CRC32: BF43E387
Version: 8.2.2.217

{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (WormRadar.com IESiteBlocker.NavFilter)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: WormRadar.com IESiteBlocker.NavFilter
CLSID name: AVG Safe Search
Path: C:\Program Files\AVG\AVG9\
Long name: avgssie.dll
Short name:
Date (created): 22/06/2010 10:45:22 AM
Date (last access): 22/06/2010 10:45:22 AM
Date (last write): 22/06/2010 10:45:22 AM
Filesize: 1615200
Attributes: archive
MD5: 2075B5CACD945850DDCE4705D7FCFD73
CRC32: 8E612078
Version: 9.0.0.832

{53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Spybot-S&D IE Protection
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\PROGRA~1\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 14/03/2010 2:03:08 PM
Date (last access): 14/03/2010 2:03:08 PM
Date (last write): 26/01/2009 2:31:02 PM
Filesize: 1879896
Attributes: archive
MD5: 022C2F6DCCDFA0AD73024D254E62AFAC
CRC32: 5BA24007
Version: 1.6.2.14

{72853161-30C5-4D22-B7F9-0BBC1D38A37E} (Groove GFS Browser Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Groove GFS Browser Helper
Path: C:\Program Files\Microsoft Office\Office12\
Long name: GrooveShellExtensions.dll
Short name: GRA8E1~1.DLL
Date (created): 12/02/2009 3:19:32 PM
Date (last access): 8/09/2009 6:01:04 AM
Date (last write): 12/02/2009 3:19:32 PM
Filesize: 2217848
Attributes: archive
MD5: A6B5A41C0ED007AB6C43CAD899E533D8
CRC32: BA078F79
Version: 12.0.6421.1000

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: SSVHelper Class
Path: C:\Program Files\Java\jre1.6.0_06\bin\
Long name: ssv.dll
Short name:
Date (created): 26/08/2008 11:49:22 AM
Date (last access): 25/03/2008 7:37:02 PM
Date (last write): 25/03/2008 9:28:02 PM
Filesize: 509328
Attributes: archive
MD5: CA1E733B9B003530C38390EDF7E05B61
CRC32: 980493E3
Version: 6.0.60.2

{9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Windows Live Sign-in Helper
Path: C:\Program Files\Common Files\Microsoft Shared\Windows Live\
Long name: WindowsLiveLogin.dll
Short name: WINDOW~1.DLL
Date (created): 17/02/2009 4:11:04 PM
Date (last access): 3/09/2009 1:57:30 PM
Date (last write): 17/02/2009 4:11:04 PM
Filesize: 408440
Attributes: archive
MD5: 1A82C1B9BB43385695EFC3A84F6756A2
CRC32: 75E558CA
Version: 5.0.818.6

{A3BC75A2-1F87-4686-AA43-5347D756017C} (AVG Security Toolbar BHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: AVG Security Toolbar BHO
Path: C:\Program Files\AVG\AVG9\Toolbar\
Long name: IEToolbar.dll
Short name: IETOOL~1.DLL
Date (created): 26/04/2010 10:43:38 PM
Date (last access): 22/05/2010 5:34:20 PM
Date (last write): 19/04/2010 10:25:40 AM
Filesize: 2117704
Attributes: archive
MD5: CCD8E59F6205FF9338C564C0C4403E0E
CRC32: 60967730
Version: 4.504.19.2

{C84D72FE-E17D-4195-BB24-76C02E2E7C4E} (Google Dictionary Compression sdch)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: Google Dictionary Compression sdch
CLSID name: Google Dictionary Compression sdch

--- ActiveX list ---
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object)
DPF name:
CLSID name: QuickTime Object
Installer: C:\Windows\Downloaded Program Files\QTPlugin.inf
Codebase: http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
description: Apple Quicktime
classification: Legitimate
known filename: QTPLUGIN.OCX
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\QuickTime\
Long name: QTPlugin.ocx
Short name:
Date (created): 17/03/2010 11:28:24 PM
Date (last access): 7/05/2010 7:52:34 PM
Date (last write): 17/03/2010 11:28:24 PM
Filesize: 800048
Attributes: archive
MD5: AD99EC8908185A02307CF071EF7BD9CF
CRC32: D29F3B77
Version: 7.6.6.0

{0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control)
DPF name:
CLSID name: Microsoft Data Collection Control
Installer:
Codebase: https://oas.support.microsoft.com/ActiveX/MSDcode.cab
Path: C:\Windows\Downloaded Program Files\
Long name: MSDcode.dll
Short name:
Date (created): 12/05/2009 1:26:56 PM
Date (last access): 12/05/2009 1:26:56 PM
Date (last write): 12/05/2009 1:26:56 PM
Filesize: 560544
Attributes: archive
MD5: CC2CF44DB093645AF539D6F70C411827
CRC32: 998ACDA4
Version: 2.7.206.1

{1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer)
DPF name:
CLSID name: Musicnotes Viewer
Installer: C:\Windows\Downloaded Program Files\Mnviewer.inf
Codebase: http://www.musicnotes.com/download/mnviewer.cab
description:
classification: Legitimate
known filename: mnviewer.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Musicnotes\
Long name: mnviewer.dll
Short name:
Date (created): 11/09/2009 9:06:22 PM
Date (last access): 11/09/2009 9:06:22 PM
Date (last write): 7/05/2009 5:27:30 PM
Filesize: 296240
Attributes: archive
MD5: F538D536299F47079EE05417AC4C20A2
CRC32: 5EDC9E28
Version: 1.17.3.0

{8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control)
DPF name:
CLSID name: Facebook Photo Uploader 5 Control
Installer: C:\Windows\Downloaded Program Files\PhotoUploader55.inf
Codebase: http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
Path: C:\Windows\Downloaded Program Files\
Long name: PhotoUploader55.ocx
Short name: PHOTOU~1.OCX
Date (created): 29/07/2009 8:21:24 PM
Date (last access): 29/07/2009 8:21:24 PM
Date (last write): 29/07/2009 8:21:24 PM
Filesize: 3540488
Attributes: archive
MD5: B36353934BB8B0E7CC8557AC5143EF41
CRC32: 3AC3C312
Version: 5.5.8.1

{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_06
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre1.6.0_06\bin\
Long name: npjpi160_06.dll
Short name: NPJPI1~1.DLL
Date (created): 25/03/2008 7:37:02 PM
Date (last access): 25/03/2008 7:37:02 PM
Date (last write): 25/03/2008 9:28:02 PM
Filesize: 132496
Attributes: archive
MD5: 5522AFEAB77DD6D401F3FE5C0A46122E
CRC32: F643B062
Version: 6.0.60.2

{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_06
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
Path: C:\Program Files\Java\jre1.6.0_06\bin\
Long name: ssv.dll
Short name:
Date (created): 26/08/2008 11:49:22 AM
Date (last access): 25/03/2008 7:37:02 PM
Date (last write): 25/03/2008 9:28:02 PM
Filesize: 509328
Attributes: archive
MD5: CA1E733B9B003530C38390EDF7E05B61
CRC32: 980493E3
Version: 6.0.60.2

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_06
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.6.0_06\bin\
Long name: npjpi160_06.dll
Short name: NPJPI1~1.DLL
Date (created): 25/03/2008 7:37:02 PM
Date (last access): 25/03/2008 7:37:02 PM
Date (last write): 25/03/2008 9:28:02 PM
Filesize: 132496
Attributes: archive
MD5: 5522AFEAB77DD6D401F3FE5C0A46122E
CRC32: F643B062
Version: 6.0.60.2

{E2883E8F-472F-4FB0-9522-AC9BF37916A7} ()
DPF name:
CLSID name:
Installer: C:\Windows\Downloaded Program Files\gp.inf
Codebase: http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

--- Process list ---
PID: 2244 (1576) C:\Windows\system32\taskeng.exe
size: 169984
MD5: E5BBFC283D6F5D69B41E464676361020
PID: 1372 (1532) C:\Windows\system32\Dwm.exe
size: 81920
MD5: 01DD1004181FD46ECDC3628228EB269D
PID: 3728 (3212) C:\Windows\Explorer.EXE
size: 2926592
MD5: D07D4C3038F3578FFCE1C0237F2A1253
PID: 3576 (3728) C:\Program Files\Apoint2K\Apoint.exe
size: 184320
MD5: A4A14FADDE82F30A4BDAFE5C65CB8ABC
PID: 3332 (3728) C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
size: 431456
MD5: 8A75C36EEE9BA57FBE09F6DCB8FC8D10
PID: 1140 (3576) C:\Program Files\Apoint2K\ApMsgFwd.exe
size: 50472
MD5: 99E45FCB96AC7A8F437C9EF7F4BC36E8
PID: 3364 (3728) C:\Program Files\Toshiba\SmoothView\SmoothView.exe
size: 448080
MD5: 4E72F2DC0A0B2D48C70F7EE5D3B84B93
PID: 3776 (3728) C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
size: 716800
MD5: EF1464C1F3334F65F55943BFDA45C519
PID: 2156 (3728) C:\Windows\RtHDVCpl.exe
size: 6144000
MD5: 84B0BE89BF1155CD2498780C9D55BEB5
PID: 3384 (3728) C:\Program Files\Toshiba\Utilities\KeNotify.exe
size: 34352
MD5: AFD400AEBCAB252C99E60991FF00D9D2
PID: 2584 (3728) C:\Program Files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe
size: 143360
MD5: 9B271EAD0AE5907EABC3A7BE072C323E
PID: 1472 (3728) C:\Program Files\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
size: 1283384
MD5: 33E636E9CDF2B12AF756F4410622918B
PID: 156 (3728) C:\Windows\System32\rundll32.exe
size: 44544
MD5: 4B555106290BD117334E9A08761C035A
PID: 3848 (3728) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
size: 976832
MD5: 0B232C77D822983397674AEEC9AB59DC
PID: 2136 (3728) C:\Program Files\AVG\AVG9\avgtray.exe
size: 2065760
MD5: E9B04FD2921ACE22CA17FA7D5131F491
PID: 1748 (3636) C:\Program Files\Apoint2K\Apntex.exe
size: 49152
MD5: 359937EFD1763DF9F8B8D166BD4CC022
PID: 3880 (3728) C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
size: 57344
MD5: 617FA5BE646B5E8D6670FD4710ACD2D3
PID: 1972 (3728) C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
size: 430080
MD5: 5D29764082133F302126C85AB96ACB80
PID: 1888 (3728) C:\Windows\ehome\ehtray.exe
size: 125952
MD5: BF08674925F151BD4537B89A493E3E0C
PID: 3732 (3728) C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
size: 1451520
MD5: CC0D9AC0AD3AA394BBA42B0B304BCF13
PID: 1440 (3728) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe
size: 427336
MD5: B826F35E311A6AE70179DF218295231A
PID: 3376 (1220) C:\Windows\ehome\ehmsas.exe
size: 37376
MD5: 0F4195B9B348DE5CF9B822F81704B20E
PID: 4232 (1220) C:\Windows\system32\wbem\unsecapp.exe
size: 37888
MD5: 8274C87726D4561EE8750D883764ACC1
PID: 5384 (3728) C:\Program Files\Spyware Cease\SpywareCease.exe
size: 7215920
MD5: A3BD9414AB4F03E54AAF9D59A205F7A1
PID: 5924 (2124) C:\Windows\system32\ctfmon.exe
size: 8704
MD5: 22BFD03DF51065A9ED8D17F8FB72296B
PID: 4260 (3728) C:\Program Files\KeePass Password Safe\KeePass.exe
size: 377856
MD5: F3A032512C063BD0F59BAE90DE1ABFF5
PID: 4792 (3728) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 5365592
MD5: 0477C2F9171599CA5BC3307FDFBA8D89
PID: 5964 (3728) C:\Program Files\Windows Defender\MSASCui.exe
size: 1008184
MD5: 0D392EDE3B97E0B3131B2F63EF1DB94E
PID: 0 ( 0) [System Process]
PID: 4 ( 0) System
PID: 652 ( 4) smss.exe
size: 64000
PID: 720 ( 708) csrss.exe
size: 6144
PID: 772 ( 708) wininit.exe
size: 96768
PID: 780 ( 764) csrss.exe
size: 6144
PID: 792 ( 772) avgchsvx.exe
PID: 800 ( 772) avgrsx.exe
PID: 832 ( 772) services.exe
size: 279552
PID: 844 ( 772) lsass.exe
size: 9728
PID: 852 ( 772) lsm.exe
size: 229888
PID: 892 ( 764) winlogon.exe
size: 314368
PID: 932 ( 800) avgcsrvx.exe
PID: 1220 ( 832) svchost.exe
size: 21504
PID: 1300 ( 832) nvvsvc.exe
size: 196608
PID: 1316 ( 832) PresentationFontCache.exe
PID: 1364 ( 832) svchost.exe
size: 21504
PID: 1408 ( 832) svchost.exe
size: 21504
PID: 1496 ( 832) svchost.exe
size: 21504
PID: 1532 ( 832) svchost.exe
size: 21504
PID: 1576 ( 832) svchost.exe
size: 21504
PID: 1676 (1496) audiodg.exe
size: 88576
PID: 1716 ( 832) SLsvc.exe
size: 3408896
PID: 1768 ( 832) svchost.exe
size: 21504
PID: 1860 (1300) rundll32.exe
size: 44544
PID: 2012 ( 832) svchost.exe
size: 21504
PID: 724 (1532) wlanext.exe
size: 74240
PID: 2004 ( 832) spoolsv.exe
size: 127488
PID: 2000 ( 832) svchost.exe
size: 21504
PID: 2248 ( 832) agrsmsvc.exe
size: 9216
PID: 2260 ( 832) avgwdsvc.exe
PID: 2272 ( 832) CFSvcs.exe
PID: 2320 ( 832) EvtEng.exe
PID: 2444 (2260) avgam.exe
PID: 2468 (2260) avgnsx.exe
PID: 2612 ( 832) svchost.exe
size: 21504
PID: 2776 ( 832) RegSrvc.exe
PID: 2864 ( 832) svchost.exe
size: 21504
PID: 2940 ( 832) TMachInfo.exe
PID: 2988 ( 832) TNaviSrv.exe
PID: 3036 ( 832) TODDSrv.exe
size: 129632
PID: 3064 ( 832) TosCoSrv.exe
PID: 3124 ( 832) TosBtSrv.exe
PID: 3148 ( 832) TosIPCSrv.exe
PID: 3172 ( 832) ULCDRSvr.exe
PID: 3188 ( 832) svchost.exe
size: 21504
PID: 3264 ( 832) SDWinSec.exe
PID: 3492 (1576) taskeng.exe
size: 169984
PID: 3664 (1220) WmiPrvSE.exe
PID: 1844 (2468) avgcsrvx.exe
PID: 4672 ( 832) ServiceLayer.exe
PID: 4732 (4672) NclUSBSrv.exe
PID: 4760 (4672) NclRSSrv.exe
PID: 4972 (1220) WmiPrvSE.exe
PID: 1548 (1532) WUDFHost.exe
size: 142336
PID: 3888 (4792) C:\Program Files\Internet Explorer\IEXPLORE.EXE
size: 636080
MD5: 2C5168C856455CC43C4B4E1CC1920001

--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 10/07/2010 4:28:35 AM

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.toshibadirect.com/dpdstart
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.toshibadirect.com/dpdstart
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
about:blank
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\SearchAssistant
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 1: MSAFD Tcpip [UDP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 2: MSAFD Tcpip [RAW/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 3: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 4: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 5: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 6: RSVP TCPv6 Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 7: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 8: RSVP UDPv6 Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 9: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E00D6C9F-8215-49F2-95FE-7B7B2B2B072C}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E00D6C9F-8215-49F2-95FE-7B7B2B2B072C}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{34D75D5E-C968-43B8-BCD8-8679D6C19336}] SEQPACKET 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{34D75D5E-C968-43B8-BCD8-8679D6C19336}] DATAGRAM 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{180AB3D3-15F1-44D7-99B4-F3C9C97E2346}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{180AB3D3-15F1-44D7-99B4-F3C9C97E2346}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{70230555-2281-46B0-B9EC-F65FD4F3B3F7}] SEQPACKET 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{70230555-2281-46B0-B9EC-F65FD4F3B3F7}] DATAGRAM 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 18: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{E00D6C9F-8215-49F2-95FE-7B7B2B2B072C}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 19: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{E00D6C9F-8215-49F2-95FE-7B7B2B2B072C}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 20: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{54F462C0-76C6-46AD-9874-B9FCD2A8CBAC}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 21: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{54F462C0-76C6-46AD-9874-B9FCD2A8CBAC}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 22: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{34D75D5E-C968-43B8-BCD8-8679D6C19336}] SEQPACKET 7
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 23: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{34D75D5E-C968-43B8-BCD8-8679D6C19336}] DATAGRAM 7
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Namespace Provider 0: Network Location Awareness Legacy (NLAv1) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename:
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace

Namespace Provider 1: E-mail Naming Shim Provider
GUID: {964ACBA2-B2BC-40EB-8C6A-A6DB40161CAE}
Filename:

Namespace Provider 2: PNRP Cloud Namespace Provider
GUID: {03FE89CE-766D-4976-B9C1-BB9BC42C7B4D}
Filename:

Namespace Provider 3: PNRP Name Namespace Provider
GUID: {03FE89CD-766D-4976-B9C1-BB9BC42C7B4D}
Filename:

Namespace Provider 4: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename:
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 5: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS:confused:

tashi

2010-07-09, 21:57

Hello Raymondo,

Please read the link that I edited into your first post.
"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)

Then start a new topic providing only the DDS log and no additional posts.

Best regards. :)