adware troubles - gamevance

alutz · Jan 25, 2009

Hi,

OK. The Kodak error messages are gone at startup.

I ran search and destroy after restarting just out curiosity and 3 enrtries were not allowed to be fixed.

It said: Unexpected error in fixing problem (cannot create file "C:\windows\wininit.ini". Access is denied.)

Here's the latest HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:13:54 AM, on 1/25/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Utilities\KeNotify.exe
C:\Program Files\ltmoh\ltmoh.exe
C:\Toshiba\IVP\ISM\pinger.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [PINGER] C:\TOSHIBA\IVP\ISM\pinger.exe /run
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [PCLEUSBTip] C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\Windows\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [USBToolTip] "C:\Program Files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/OnlineScanner.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://cvs.pnimedia.com/upload/activex/v2_0_0_10/PCAXSetupv2.0.0.10.cab?
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6066\SAService.exe (file missing)
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 8942 bytes

Blade81 · Jan 25, 2009

Hi

The log looks good after all. How's the system running?

alutz · Jan 25, 2009

Hi,

Both of our email accounts are slower than normal. Especially the yahoo account - it takes along time to bring up the inbox and a long time to go from one message to another.

Do you know why S&D can't fix those problems that it found?

Blade81 · Jan 25, 2009

Hi Andy

Could you post report of those unfixable Spybot findings back here?

alutz · Jan 25, 2009

Hi,

Here's the complete scan from the latest scan:

--- Spybot - Search & Destroy version: 1.6.0 (build: 20080707) ---

2008-07-07 blindman.exe (1.0.0.8)
2008-07-07 SDFiles.exe (1.6.0.4)
2008-07-07 SDMain.exe (1.0.0.6)
2008-07-07 SDShred.exe (1.0.2.3)
2008-07-07 SDUpdate.exe (1.6.0.8)
2008-07-07 SDWinSec.exe (1.0.0.12)
2008-07-07 SpybotSD.exe (1.6.0.30)
2008-07-07 TeaTimer.exe (1.6.0.20)
2009-01-17 unins000.exe (51.49.0.0)
2008-07-07 Update.exe (1.6.0.7)
2008-07-07 advcheck.dll (1.6.1.12)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2008-07-07 SDHelper.dll (1.6.0.12)
2008-06-19 sqlite3.dll
2008-07-07 Tools.dll (2.1.5.7)
2008-11-04 Includes\Adware.sbi
2009-01-13 Includes\AdwareC.sbi
2009-01-08 Includes\Cookies.sbi
2009-01-06 Includes\Dialer.sbi
2009-01-13 Includes\DialerC.sbi
2009-01-13 Includes\HeavyDuty.sbi
2008-11-18 Includes\Hijackers.sbi
2009-01-13 Includes\HijackersC.sbi
2008-12-09 Includes\Keyloggers.sbi
2009-01-13 Includes\KeyloggersC.sbi
2004-11-29 Includes\LSP.sbi
2008-11-18 Includes\Malware.sbi
2009-01-14 Includes\MalwareC.sbi
2008-12-16 Includes\PUPS.sbi
2009-01-13 Includes\PUPSC.sbi
2009-01-13 Includes\Revision.sbi
2009-01-13 Includes\Security.sbi
2009-01-13 Includes\SecurityC.sbi
2008-06-03 Includes\Spybots.sbi
2008-06-03 Includes\SpybotsC.sbi
2008-12-10 Includes\Spyware.sbi
2009-01-13 Includes\SpywareC.sbi
2008-06-03 Includes\Tracks.uti
2009-01-05 Includes\Trojans.sbi
2009-01-14 Includes\TrojansC.sbi
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

--- System information ---
Windows Vista (Build: 6001) Service Pack 1 (6.0.6001)

--- Startup entries list ---
Located: HK_LM:Run, Adobe Photo Downloader
command: "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
file: C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
size: 63712
MD5: FC9E59FE8BC4FE05382CFF5C8FC59DE1

Located: HK_LM:Run, Adobe Reader Speed Launcher
command: "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
file: C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
size: 34672
MD5: 69B16C7B7746BA5C642FC05B3561FC73

Located: HK_LM:Run, HotKeysCmds
command: C:\Windows\system32\hkcmd.exe
file: C:\Windows\system32\hkcmd.exe
size: 106496
MD5: BF3E01C18CE6CDEF16B0DF23E1DCF376

Located: HK_LM:Run, HWSetup
command: C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
file: C:\Program Files\TOSHIBA\Utilities\HWSetup.exe
size: 413696
MD5: 910B7CFD6E23D6E0A7370525B5AE5B7A

Located: HK_LM:Run, IgfxTray
command: C:\Windows\system32\igfxtray.exe
file: C:\Windows\system32\igfxtray.exe
size: 98304
MD5: 1C64DD02FDE078608549C62398DE2FEF

Located: HK_LM:Run, KeNotify
command: C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
file: C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
size: 34352
MD5: AFD400AEBCAB252C99E60991FF00D9D2

Located: HK_LM:Run, LtMoh
command: C:\Program Files\ltmoh\Ltmoh.exe
file: C:\Program Files\ltmoh\Ltmoh.exe
size: 188416
MD5: 7DC4E93F9BE692E29B1E1D27B6A389DC

Located: HK_LM:Run, mcagent_exe
command: C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
file: C:\Program Files\McAfee.com\Agent\mcagent.exe
size: 582992
MD5: 9405B452064BFA6A0F78E2F177A988A4

Located: HK_LM:Run, PCLEUSBTip
command: C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
file: C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
size: 199752
MD5: F7D68D8E70EA376713A39395664793CA

Located: HK_LM:Run, Persistence
command: C:\Windows\system32\igfxpers.exe
file: C:\Windows\system32\igfxpers.exe
size: 81920
MD5: 8E899A1A7C4670CE4EC1337CBF989787

Located: HK_LM:Run, PINGER
command: C:\TOSHIBA\IVP\ISM\pinger.exe /run
file: C:\TOSHIBA\IVP\ISM\pinger.exe
size: 151552
MD5: FF0727AB2E7B019026D9034F643752B0

Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
file: C:\Program Files\QuickTime\qttask.exe
size: 282624
MD5: CAF03357DE72F8F19FA099581A685C1A

Located: HK_LM:Run, RtHDVCpl
command: RtHDVCpl.exe
file: C:\Windows\RtHDVCpl.exe
size: 3784704
MD5: A503A47A5E7EA8024379A8CC6059B74A

Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files\Java\jre6\bin\jusched.exe"
file: C:\Program Files\Java\jre6\bin\jusched.exe
size: 136600
MD5: B98FFA8288EFAABC436C30D198608345

Located: HK_LM:Run, SVPWUTIL
command: C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
file: C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe
size: 421888
MD5: 104B2D030A592D4B2FC87D49B3ED62D6

Located: HK_LM:Run, SynTPEnh
command: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
file: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
size: 815104
MD5: F98281EF23616F751FABE97A6EC5DBE6

Located: HK_LM:Run, USB2Check
command: RUNDLL32.EXE "C:\Windows\system32\PCLECoInst.dll",CheckUSBController
file: C:\Windows\system32\PCLECoInst.dll
size: 73728
MD5: CCE33B78B948290126D154E81995C2C9

Located: HK_LM:Run, USBToolTip
command: "C:\Program Files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe"
file: C:\Program Files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe
size: 199752
MD5: F7D68D8E70EA376713A39395664793CA

Located: HK_CU:Run, ehTray.exe
where: S-1-5-21-3483987635-1627718444-571352747-1001...
command: C:\Windows\ehome\ehTray.exe
file: C:\Windows\ehome\ehTray.exe
size: 125952
MD5: BF08674925F151BD4537B89A493E3E0C

Located: HK_CU:Run, TOSCDSPD
where: S-1-5-21-3483987635-1627718444-571352747-1001...
command: C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
file: C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
size: 417792
MD5: 997EEC696414961A32EF7E884B80C965

Located: HK_CU:Run, WMPNSCFG
where: S-1-5-21-3483987635-1627718444-571352747-1001...
command: C:\Program Files\Windows Media Player\WMPNSCFG.exe
file: C:\Program Files\Windows Media Player\WMPNSCFG.exe
size: 202240
MD5: 35937EAD711207544E219C2A19A78A7D

Located: Startup (common), Adobe Gamma Loader.exe.lnk
where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
file: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
size: 113664
MD5: C2FF17734176CD15221C10044EF0BA1A

Located: Startup (common), Microsoft Office.lnk
where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files\Microsoft Office\Office10\OSA.EXE
file: C:\Program Files\Microsoft Office\Office10\OSA.EXE
size: 83360
MD5: 5BC65464354A9FD3BEAA28E18839734A

Located: Startup (user), Picture Motion Browser Media Check Tool.lnk
where: C:\Users\ERIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
file: C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
size: 385024
MD5: D86E9B861F686BEBA746BCDF5E5C55DA

Located: WinLogon, igfxcui
command: igfxdev.dll
file: igfxdev.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

--- Browser helper object list ---
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (AcroIEHelperStub)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: AcroIEHelperStub
CLSID name: Adobe PDF Link Helper
Path: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\
Long name: AcroIEHelperShim.dll
Short name: ACROIE~2.DLL
Date (created): 6/11/2008 10:33:16 PM
Date (last access): 11/18/2008 2:31:42 PM
Date (last write): 6/11/2008 10:33:16 PM
Filesize: 75128
Attributes: archive
MD5: E96C752BBA0E22330A43258FC800200E
CRC32: E5D72083
Version: 9.0.0.332

{53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Spybot-S&D IE Protection
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\Program Files\Spybot - Search & Destroy\
Long name: SDHelper.dll
Short name:
Date (created): 1/17/2009 1:57:18 PM
Date (last access): 1/17/2009 1:57:18 PM
Date (last write): 7/7/2008 9:41:58 AM
Filesize: 1562448
Attributes: archive
MD5: 32981ADE44D01EC2A9EBC2E311291707
CRC32: C2F522E6
Version: 1.6.0.12

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (Java(tm) Plug-In SSV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Java(tm) Plug-In SSV Helper
Path: C:\Program Files\Java\jre6\bin\
Long name: ssv.dll
Short name:
Date (created): 1/23/2009 6:46:38 PM
Date (last access): 1/23/2009 6:46:38 PM
Date (last write): 1/23/2009 6:46:38 PM
Filesize: 320920
Attributes: archive
MD5: 35E6FB6E6003BD54A5D69C9C1C762192
CRC32: 9699660C
Version: 6.0.110.3

{7DB2D5A0-7241-4E79-B68D-6309F01C5231} (scriptproxy)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: scriptproxy
CLSID name: scriptproxy
Path: C:\Program Files\McAfee\VirusScan\
Long name: scriptsn.dll
Short name:
Date (created): 1/18/2008 5:48:10 AM
Date (last access): 10/24/2007 5:51:28 AM
Date (last write): 10/24/2007 5:51:28 AM
Filesize: 58688
Attributes: archive
MD5: 5B9FCB73F5A4A000C55AFF08B639A07C
CRC32: C78C7E89
Version: 14.0.0.366

{AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Google Toolbar Helper
description: Google toolbar
classification: Open for discussion
known filename: googletoolbar.dll<br>googletoolbar*.dll<br>(* = number)<br>googletoolbar_en_*.**-big.dll<br>Googletoolbar_en_*.*.**-deleon.dll
info link: http://toolbar.google.com/
info source: TonyKlein
Path: c:\program files\google\
Long name: GoogleToolbar2.dll
Short name: GOOGLE~2.DLL
Date (created): 4/28/2007 8:36:06 AM
Date (last access): 4/28/2007 8:36:06 AM
Date (last write): 4/28/2007 8:36:06 AM
Filesize: 2403392
Attributes: readonly archive
MD5: 6319F2D4708DBCAE37CFA03DA10782C0
CRC32: D51D8296
Version: 4.0.1601.4978

{DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Java(tm) Plug-In 2 SSV Helper
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2ssv.dll
Short name:
Date (created): 1/23/2009 6:46:38 PM
Date (last access): 1/23/2009 6:46:38 PM
Date (last write): 1/23/2009 6:46:38 PM
Filesize: 34816
Attributes: archive
MD5: 5D57FD3DF32DC69CEC3D1D54B4C43162
CRC32: D7C13FB2
Version: 6.0.110.3

--- ActiveX list ---
{0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control)
DPF name:
CLSID name: Facebook Photo Uploader 5 Control
Installer: C:\Windows\Downloaded Program Files\PhotoUploader5.inf
Codebase: http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
Path: C:\Windows\Downloaded Program Files\
Long name: PhotoUploader5.ocx
Short name: PHOTOU~1.OCX
Date (created): 10/10/2008 2:44:58 PM
Date (last access): 10/10/2008 2:44:58 PM
Date (last write): 10/10/2008 2:44:58 PM
Filesize: 3536384
Attributes: archive
MD5: 3F703EC5DB5638C08008132A78430136
CRC32: AB0E6745
Version: 5.5.8.0

{193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control)
DPF name:
CLSID name: ewidoOnlineScan Control
Installer:
Codebase: http://downloads.ewido.net/ewidoOnlineScan.cab
Path: C:\Windows\DOWNLO~1\
Long name: ewidoOnlineScan.dll
Short name: EWIDOO~1.DLL
Date (created): 7/11/2006 9:41:36 AM
Date (last access): 7/11/2006 9:41:36 AM
Date (last write): 7/11/2006 9:41:36 AM
Filesize: 345656
Attributes: archive
MD5: B284992540E0FA2B76DEA56F93D49A16
CRC32: FD2E709C
Version: 1.0.0.4

{56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control)
DPF name:
CLSID name: OnlineScanner Control
Installer: C:\Windows\Downloaded Program Files\OnlineScanner.inf
Codebase: http://www.eset.eu/OnlineScanner.cab
Path: C:\Windows\system32\
Long name: OnlineScanner.ocx
Short name: ONLINE~1.OCX
Date (created): 8/6/2007 1:18:16 PM
Date (last access): 8/6/2007 1:18:16 PM
Date (last write): 8/6/2007 1:18:16 PM
Filesize: 2707456
Attributes: archive
MD5: 41B8A44F69C6C5C2F9DAFEA1ED184D20
CRC32: E1F281AC
Version: 1.0.0.337

{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_11
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 1/23/2009 6:46:36 PM
Date (last access): 1/23/2009 6:46:36 PM
Date (last write): 1/23/2009 6:46:36 PM
Filesize: 94208
Attributes: archive
MD5: 3DA696FCE470365F830726A5DB33733F
CRC32: F0FC81C2
Version: 6.0.110.3

{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} ()
DPF name:
CLSID name:
Installer: C:\Windows\Downloaded Program Files\erma.inf
Codebase: http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_11
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 1/23/2009 6:46:36 PM
Date (last access): 1/23/2009 6:46:36 PM
Date (last write): 1/23/2009 6:46:36 PM
Filesize: 94208
Attributes: archive
MD5: 3DA696FCE470365F830726A5DB33733F
CRC32: F0FC81C2
Version: 6.0.110.3

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_11
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Path: C:\Program Files\Java\jre6\bin\
Long name: npjpi160_11.dll
Short name: NPJPI1~1.DLL
Date (created): 1/23/2009 6:46:38 PM
Date (last access): 1/23/2009 6:46:38 PM
Date (last write): 1/23/2009 6:46:38 PM
Filesize: 132504
Attributes: archive
MD5: D400116F6776ACB6EDB6B1F5EEB9F92D
CRC32: CECB5751
Version: 6.0.110.3

{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class)
DPF name:
CLSID name: get_atlcom Class
Installer: C:\Windows\Downloaded Program Files\gp.inf
Codebase: http://www.adobe.com/products/acrobat/nos/gp.cab
Path: C:\Windows\Downloaded Program Files\
Long name: gp.ocx
Short name:
Date (created): 5/16/2007 8:22:06 AM
Date (last access): 5/16/2007 8:22:06 AM
Date (last write): 5/16/2007 8:22:06 AM
Filesize: 166512
Attributes: archive
MD5: 9BCFC46ECA1BF28E039ECCE2D331086E
CRC32: A9C6ED85
Version: 1.2.2.50

{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\Windows\Downloaded Program Files\swflash.inf
Codebase: http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\Windows\system32\Macromed\Flash\
Long name: Flash9f.ocx
Short name:
Date (created): 3/24/2008 8:32:42 PM
Date (last access): 6/20/2008 1:32:34 PM
Date (last write): 3/24/2008 8:32:42 PM
Filesize: 2991488
Attributes: readonly archive
MD5: 48FDF435B8595604E54125B321924510
CRC32: 12335E29
Version: 9.0.124.0

{F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class)
DPF name:
CLSID name: Photo Upload Plugin Class
Installer: C:\Windows\Downloaded Program Files\PCAXSetup.inf
Codebase: http://cvs.pnimedia.com/upload/activex/v2_0_0_10/PCAXSetupv2.0.0.10.cab?
Path: C:\Windows\Downloaded Program Files\
Long name: Photochannel.dll
Short name: PHOTOC~1.DLL
Date (created): 5/15/2007 7:27:48 AM
Date (last access): 5/15/2007 7:27:48 AM
Date (last write): 5/15/2007 7:27:48 AM
Filesize: 290816
Attributes: archive
MD5: 4F5B494D4AC0D06BE28775A8EE17E4CE
CRC32: 47538ECC
Version: 2.0.0.10

--- Process list ---
PID: 5724 ( 940) C:\Program Files\McAfee.com\Agent\mcagent.exe
size: 582992
MD5: 9405B452064BFA6A0F78E2F177A988A4
PID: 2748 (1204) C:\Windows\system32\Dwm.exe
size: 81920
MD5: 59903071D7ACE6A02093C47E9E38AF97
PID: 5484 (6136) C:\Windows\Explorer.EXE
size: 2927104
MD5: 4F554999D7D5F05DAAEBBA7B5BA1089D
PID: 5160 (1232) C:\Windows\system32\taskeng.exe
size: 169472
MD5: 5F109032CE46B7184ED9E50F9FE8489E
PID: 4896 (5484) C:\Windows\System32\igfxtray.exe
size: 98304
MD5: 1C64DD02FDE078608549C62398DE2FEF
PID: 3676 (5484) C:\Windows\System32\hkcmd.exe
size: 106496
MD5: BF3E01C18CE6CDEF16B0DF23E1DCF376
PID: 5836 (5484) C:\Windows\System32\igfxpers.exe
size: 81920
MD5: 8E899A1A7C4670CE4EC1337CBF989787
PID: 2688 (5484) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
size: 815104
MD5: F98281EF23616F751FABE97A6EC5DBE6
PID: 5192 (5484) C:\Program Files\ltmoh\ltmoh.exe
size: 188416
MD5: 7DC4E93F9BE692E29B1E1D27B6A389DC
PID: 5388 (5484) C:\Toshiba\IVP\ISM\pinger.exe
size: 151552
MD5: FF0727AB2E7B019026D9034F643752B0
PID: 5880 (5484) C:\Windows\RtHDVCpl.exe
size: 3784704
MD5: A503A47A5E7EA8024379A8CC6059B74A
PID: 4796 (5484) C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
size: 199752
MD5: F7D68D8E70EA376713A39395664793CA
PID: 916 (5484) C:\Program Files\QuickTime\qttask.exe
size: 282624
MD5: CAF03357DE72F8F19FA099581A685C1A
PID: 4432 (2688) C:\Program Files\Synaptics\SynTP\SynToshiba.exe
size: 192512
MD5: FD0B9CFB4F7CFD3F364123F241C553C4
PID: 5396 (5484) C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
size: 63712
MD5: FC9E59FE8BC4FE05382CFF5C8FC59DE1
PID: 5612 (5484) C:\Program Files\Java\jre6\bin\jusched.exe
size: 136600
MD5: B98FFA8288EFAABC436C30D198608345
PID: 5244 (5484) C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
size: 417792
MD5: 997EEC696414961A32EF7E884B80C965
PID: 2084 (5484) C:\Program Files\Windows Media Player\wmpnscfg.exe
size: 202240
MD5: 35937EAD711207544E219C2A19A78A7D
PID: 4468 (5484) C:\Windows\ehome\ehtray.exe
size: 125952
MD5: BF08674925F151BD4537B89A493E3E0C
PID: 4644 (5484) C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
size: 385024
MD5: D86E9B861F686BEBA746BCDF5E5C55DA
PID: 5472 ( 940) C:\Windows\ehome\ehmsas.exe
size: 37376
MD5: 0F4195B9B348DE5CF9B822F81704B20E
PID: 4456 (5484) C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
size: 10577312
MD5: CF5FAAE47BD45081EBD2B4732A866B64
PID: 5488 ( 940) C:\Windows\MSAgent\agentsvr.exe
size: 292864
MD5: 507168176FAD8AE1E065DB34A034FE58
PID: 4516 (4632) C:\Program Files\Internet Explorer\ieuser.exe
size: 299520
MD5: 5B2E1C16A2C420F60CD391B666003F14
PID: 416 (4632) C:\Program Files\Internet Explorer\iexplore.exe
size: 625664
MD5: 5B92133D3E7FB2644677686305E29E81
PID: 4408 ( 940) C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
size: 218496
MD5: 5ABE08EEB790D2322565DBD11BF70A19
PID: 1276 (5484) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4891472
MD5: 3B1B5D09D3C9C4CD39D4DB06ED7A0855
PID: 0 ( 0) [System Process]
PID: 4 ( 0) System
PID: 492 ( 4) smss.exe
size: 64000
PID: 624 ( 612) csrss.exe
size: 6144
PID: 668 ( 612) wininit.exe
size: 96768
PID: 712 ( 668) services.exe
size: 279040
PID: 724 ( 668) lsass.exe
size: 9728
PID: 732 ( 668) lsm.exe
size: 229888
PID: 940 ( 712) svchost.exe
size: 21504
PID: 1000 ( 712) svchost.exe
size: 21504
PID: 1036 ( 712) svchost.exe
size: 21504
PID: 1104 ( 712) svchost.exe
size: 21504
PID: 1204 ( 712) svchost.exe
size: 21504
PID: 1232 ( 712) svchost.exe
size: 21504
PID: 1292 (1104) audiodg.exe
size: 88064
PID: 1320 ( 712) SLsvc.exe
size: 2623488
PID: 1340 ( 712) svchost.exe
size: 21504
PID: 1480 ( 712) svchost.exe
size: 21504
PID: 1712 ( 712) spoolsv.exe
size: 125952
PID: 1736 ( 712) svchost.exe
size: 21504
PID: 1972 ( 712) agrsmsvc.exe
size: 9216
PID: 1988 ( 712) CFSvcs.exe
PID: 2028 ( 712) McProxy.exe
PID: 280 ( 712) Mcshield.exe
PID: 632 ( 712) MpfSrv.exe
PID: 1412 ( 712) svchost.exe
size: 21504
PID: 1488 ( 712) svchost.exe
size: 21504
PID: 1920 ( 712) swupdtmr.exe
PID: 2004 ( 712) TODDSrv.exe
size: 114688
PID: 1448 ( 712) TosCoSrv.exe
PID: 2148 ( 712) TosBtSrv.exe
PID: 2172 ( 712) ULCDRSvr.exe
PID: 2204 ( 712) svchost.exe
size: 21504
PID: 2228 ( 712) SearchIndexer.exe
size: 439808
PID: 2672 ( 712) mcmscsvc.exe
PID: 3116 (1232) taskeng.exe
size: 169472
PID: 3484 ( 712) mcsysmon.exe
PID: 3628 ( 712) McNASvc.exe
PID: 2372 ( 712) wmpnetwk.exe
PID: 4568 ( 712) svchost.exe
size: 21504
PID: 3968 (6096) csrss.exe
size: 6144
PID: 5888 (6096) winlogon.exe
size: 314880
PID: 4692 (5484) KeNotify.exe
PID: 5780 (1232) taskeng.exe
size: 169472
PID: 5360 (5780) sdclt.exe
size: 1169408

--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 1/25/2009 2:16:30 PM

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\Windows\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.yahoo.com/
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

--- Winsock Layered Service Provider list ---
Protocol 0: Parental Controls LSP over [MSAFD Tcpip [TCP/IP]]
GUID: {9279739D-E21F-4C5D-9AA3-0D75B01E090E}
Filename: C:\Windows\system32\wpclsp.dll

Protocol 1: Parental Controls LSP over [MSAFD Tcpip [UDP/IP]]
GUID: {E9BCDF01-99F2-41B9-82C8-4C460CA5DA95}
Filename: C:\Windows\system32\wpclsp.dll

Protocol 2: Parental Controls LSP over [MSAFD Tcpip [TCP/IPv6]]
GUID: {91C0CF8A-9396-4431-99C4-53AF9C9B0018}
Filename: C:\Windows\system32\wpclsp.dll

Protocol 3: Parental Controls LSP over [MSAFD Tcpip [UDP/IPv6]]
GUID: {9DEDB74A-F0AD-4835-A72E-DC0D42444B20}
Filename: C:\Windows\system32\wpclsp.dll

Protocol 4: Parental Controls LSP over [RSVP TCPv6 Service Provider]
GUID: {84B0727D-2BA5-4D82-9F23-24617D2B41CA}
Filename: C:\Windows\system32\wpclsp.dll

Protocol 5: Parental Controls LSP over [RSVP TCP Service Provider]
GUID: {61363A44-9CF9-48AE-89FD-6BD23B5B231D}
Filename: C:\Windows\system32\wpclsp.dll

Protocol 6: Parental Controls LSP over [RSVP UDPv6 Service Provider]
GUID: {46ABE2B0-1662-4B06-B476-E8A0A51A7DCE}
Filename: C:\Windows\system32\wpclsp.dll

Protocol 7: Parental Controls LSP over [RSVP UDP Service Provider]
GUID: {7CBF99A5-C3B2-433E-82C4-AE14B8A11C35}
Filename: C:\Windows\system32\wpclsp.dll

Protocol 8: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 9: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 10: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 11: MSAFD Tcpip [TCP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 12: MSAFD Tcpip [UDP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 13: MSAFD Tcpip [RAW/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 14: RSVP TCPv6 Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 15: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 16: RSVP UDPv6 Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 17: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 18: Parental Controls LSP
GUID: {572F18CF-62F6-4456-BE0E-AF2D8FDBCE0B}
Filename: C:\Windows\system32\wpclsp.dll

Protocol 19: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E7C3AF48-5EBF-4CED-80B9-7E31E34512D8}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 20: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E7C3AF48-5EBF-4CED-80B9-7E31E34512D8}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 21: MSAFD NetBIOS [\Device\NetBT_Tcpip_{10AF5EA0-9FCE-4A12-9804-A190E771AED7}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 22: MSAFD NetBIOS [\Device\NetBT_Tcpip_{10AF5EA0-9FCE-4A12-9804-A190E771AED7}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 23: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{A2369114-E667-40EB-91E3-B7282F699BFE}] SEQPACKET 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 24: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{A2369114-E667-40EB-91E3-B7282F699BFE}] DATAGRAM 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 25: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{6513EED8-3EC4-497B-B06C-5E63FE1A7848}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 26: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{6513EED8-3EC4-497B-B06C-5E63FE1A7848}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 27: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{4D72C92C-EA31-42DD-96DA-E1D7E2D04410}] SEQPACKET 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 28: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{4D72C92C-EA31-42DD-96DA-E1D7E2D04410}] DATAGRAM 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 29: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{A171CEDB-16A9-455A-9FF5-1E51F0ECB0C9}] SEQPACKET 7
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 30: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{A171CEDB-16A9-455A-9FF5-1E51F0ECB0C9}] DATAGRAM 7
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 31: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{E7C3AF48-5EBF-4CED-80B9-7E31E34512D8}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 32: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{E7C3AF48-5EBF-4CED-80B9-7E31E34512D8}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 33: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{10AF5EA0-9FCE-4A12-9804-A190E771AED7}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 34: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{10AF5EA0-9FCE-4A12-9804-A190E771AED7}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Namespace Provider 0: Network Location Awareness Legacy (NLAv1) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename:
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace

Namespace Provider 1: E-mail Naming Shim Provider
GUID: {964ACBA2-B2BC-40EB-8C6A-A6DB40161CAE}
Filename:

Namespace Provider 2: PNRP Cloud Namespace Provider
GUID: {03FE89CE-766D-4976-B9C1-BB9BC42C7B4D}
Filename:

Namespace Provider 3: PNRP Name Namespace Provider
GUID: {03FE89CD-766D-4976-B9C1-BB9BC42C7B4D}
Filename:

Namespace Provider 4: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename:
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 5: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS

alutz · Jan 26, 2009

Hi Blade,

I was able to get S&D to fix those last problems and lastest scan was clean. I kept forgetting to right click when opening these programs (even if I did the command prompt) and log as admin.

We're still slow.

-Andy

Blade81 · Jan 26, 2009

Hi

To troubleshoot that slowness issue could you please try Firefox browser to see if those sites you have problems with open quicker with it?

alutz · Jan 27, 2009

Hi Blade,

I can't believe how much faster firefox is. We're right back to our speed at day one. Amazing.

I've also switched to online armor for firewall and will follow the other recommendations at the beginning of the forum.

Thank you so much for all your help and patience.

-Andy

Blade81 · Jan 27, 2009

Hi Andy

Good to hear that helped

Finally, let's reset system restore & uninstall ComboFix.

THESE STEPS ARE VERY IMPORTANT

Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.

A To disable the System Restore feature:

1. Click on the Start button.
2. Hover over the Computer option, right click on it and then click Properties.
3. On the left hand side, click Advanced Settings.
4. If asked to permit the action, click on Allow.
5. Click on the System Protection tab.
6. Uncheck any checkboxes listed for your hard drives.
7. Press OK.

B. Reboot.

C Turn ON System Restore.
Follow the steps like you did when disabling system restore but on step 6. check any checkboxes listed for your hard drives.

Now lets uninstall ComboFix:

Click START then RUN
Now type Combofix /u in the runbox and click OK

alutz · Jan 28, 2009

Hi Blade81

I've reset system restore and uninstalled combofix. Again, thanks so much for your help. And firefox is awesome.

-Andy

Blade81 · Jan 28, 2009

Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.

Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.

adware troubles - gamevance

alutz

New member

Blade81

Security Expert: Emeritus

alutz

New member

Blade81

Security Expert: Emeritus

alutz

New member

alutz

New member

Blade81

Security Expert: Emeritus

alutz

New member

Blade81

Security Expert: Emeritus

alutz

New member

Blade81

Security Expert: Emeritus