BleepingComputer.com: Trojan-adware rolled into one?

Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Forum Guidelines

Posted Image Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help


Posted Image Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.


Posted Image DO NOT RUN ComboFix unless requested to.


Posted Image Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.


Posted Image When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.


Posted Image Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  • 2 Pages +
  • 1
  • 2
  • You cannot start a new topic
  • This topic is locked

Trojan-adware rolled into one? Help on how to remove it

#1 User is offline   docleng 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 15
  • Joined: 02-June 09

Posted 25 June 2009 - 05:28 AM

The first time I opened my laptop, SOLO ANTIVIRUS SCANNER was installed and i discovered a virus called TROJAN.ADWARE.GEN. This virus infected a DLL file. My friend then installed Trojan Remover but still it doesn't go away. The Windows defender did not detect the virus as well. Have searched for this virus but can't find this specific one. What can it do to my laptop? My friend already installed the ff: Solo Antivirus remover, Trojan remover. Are all these ok? Really at a loss. I have heard of the UnDLL, infected dll remover- is this ok? My OS is Windows Vista Home premium. I tried to follow the prep guide but wasn't able to get DDS to run, when I tried it, the feedback was THIS TOOL DOES NOT SUPPORT YOUR OPERATING SYSTEM. Thanks in advance.


Logfile of random's system information tool 1.06 (written by random/random)
Run by chinchin at 2009-06-25 17:34:14
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 239 GB (81%) free of 295 GB
Total RAM: 3963 MB (56% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:34:16 PM, on 6/25/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18248)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Internet Explorer\ieuser.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Users\chinchin\Desktop\RSIT.exe
C:\Program Files (x86)\trend micro\chinchin.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ph.yahoo.com/?fr=fp-tyc7
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [cfFncEnabler.exe] cfFncEnabler.exe
O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TSS.exe" /hide
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TrojanScanner] "C:\Program Files (x86)\Trojan Remover\Trjscan.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [cdloader] "C:\Users\chinchin\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [Search Protection] C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~2\Office12\GR99D3~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Unknown owner - C:\Windows\system32\agr64svc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: ConfigFree Gadget Service - TOSHIBA Corporation. - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: SmartFaceVWatchSrv - Toshiba - C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 12229 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll [2009-03-13 908528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll [2009-05-30 62728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files (x86)\Java\jre1.6.0_06\bin\ssv.dll [2008-03-25 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll [2009-06-12 259696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-04-24 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-04-24 470512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2009-03-13 165616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2008-10-16 505136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll [2009-03-13 908528]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll [2009-06-12 259696]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NDSTray.exe"=NDSTray.exe []
"cfFncEnabler.exe"=cfFncEnabler.exe []
"ToshibaServiceStation"=C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TSS.exe [2008-08-04 1242424]
"Camera Assistant Software"=C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe [2008-04-29 417792]
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"TrojanScanner"=C:\Program Files (x86)\Trojan Remover\Trjscan.exe [2008-02-29 866384]
"AVP"=C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe [2009-05-30 201992]
"YSearchProtection"=C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe [2009-02-03 111856]
"hpqSRMon"=C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [2008-08-20 150016]
"HP Software Update"=C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"=C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [2008-05-19 432640]
"swg"=C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-08-18 68856]
"cdloader"=C:\Users\chinchin\AppData\Roaming\mjusbsp\cdloader2.exe [2009-04-10 50520]
"Search Protection"=C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe [2009-02-03 111856]
"YSearchProtection"=C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe [2009-02-03 111856]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"ForceActiveDesktopOn"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
shell\AutoRun\command - F:\autorun.exe
shell\phone\command - F:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ea090f22-3239-11de-8c33-001e3399ee74}]
shell\AutoRun\command - F:\autorun.exe
shell\phone\command - F:\autorun.exe


======List of files/folders created in the last 1 months======

2009-06-25 16:22:37 ----D---- C:\Program Files (x86)\trend micro
2009-06-25 16:22:36 ----D---- C:\rsit
2009-06-14 12:52:00 ----A---- C:\Windows\system32\psisdecd.dll
2009-06-14 12:52:00 ----A---- C:\Windows\system32\EncDec.dll
2009-06-11 08:19:49 ----A---- C:\Windows\system32\localspl.dll
2009-06-11 08:19:48 ----A---- C:\Windows\system32\rpcrt4.dll
2009-06-11 08:19:36 ----A---- C:\Windows\system32\mshtml.dll
2009-06-11 08:19:32 ----A---- C:\Windows\system32\ieframe.dll
2009-06-11 08:19:31 ----A---- C:\Windows\system32\wininet.dll
2009-06-11 08:19:31 ----A---- C:\Windows\system32\urlmon.dll
2009-06-11 08:19:31 ----A---- C:\Windows\system32\iertutil.dll
2009-06-11 08:19:30 ----A---- C:\Windows\system32\msfeeds.dll
2009-06-11 08:19:30 ----A---- C:\Windows\system32\iedkcs32.dll
2009-06-11 08:19:28 ----A---- C:\Windows\system32\occache.dll
2009-06-11 08:19:28 ----A---- C:\Windows\system32\ieUnatt.exe
2009-06-11 08:19:28 ----A---- C:\Windows\system32\ieaksie.dll
2009-06-11 08:19:27 ----A---- C:\Windows\system32\mstime.dll
2009-06-11 08:19:27 ----A---- C:\Windows\system32\jsproxy.dll
2009-06-11 08:19:27 ----A---- C:\Windows\system32\ieencode.dll
2009-06-06 14:24:27 ----D---- C:\ProgramData\WEBREG
2009-06-06 14:12:11 ----D---- C:\Users\chinchin\AppData\Roaming\HP
2009-06-06 14:09:51 ----D---- C:\ProgramData\HP Product Assistant
2009-06-06 14:01:06 ----D---- C:\Program Files (x86)\Common Files\HP
2009-06-06 14:01:04 ----D---- C:\Program Files (x86)\Hewlett-Packard
2009-06-06 14:00:07 ----HD---- C:\Config.Msi
2009-06-04 22:29:52 ----D---- C:\ProgramData\Yahoo!
2009-06-04 22:29:50 ----D---- C:\Users\chinchin\AppData\Roaming\Yahoo!
2009-06-04 22:29:50 ----D---- C:\ProgramData\Yahoo! Companion
2009-06-04 22:26:59 ----D---- C:\Program Files (x86)\Yahoo!
2009-05-30 18:59:09 ----D---- C:\ProgramData\Kaspersky Lab
2009-05-30 18:59:09 ----D---- C:\Program Files (x86)\Kaspersky Lab
2009-05-30 18:57:59 ----D---- C:\ProgramData\Kaspersky Lab Setup Files
2009-05-30 18:22:31 ----D---- C:\ProgramData\TEMP
2009-05-30 18:21:57 ----A---- C:\Windows\system32\ztvunrar36.dll
2009-05-30 18:21:57 ----A---- C:\Windows\system32\ztvunace26.dll
2009-05-30 18:21:57 ----A---- C:\Windows\system32\ztvcabinet.dll
2009-05-30 18:21:57 ----A---- C:\Windows\system32\UNRAR3.dll
2009-05-30 18:21:57 ----A---- C:\Windows\system32\unacev2.dll
2009-05-30 18:21:56 ----D---- C:\Users\chinchin\AppData\Roaming\Simply Super Software
2009-05-30 18:21:56 ----D---- C:\ProgramData\Simply Super Software
2009-05-30 18:21:56 ----D---- C:\Program Files (x86)\Trojan Remover
2009-05-30 18:04:48 ----A---- C:\AUTOEXEC.BAT
2009-05-30 18:04:47 ----D---- C:\SRN Micro
2009-05-30 13:00:01 ----D---- C:\Anuman Interactive
2009-05-30 12:55:47 ----D---- C:\Program Files (x86)\Anuman Interactive
2009-05-30 12:14:23 ----D---- C:\Program Files (x86)\Microsoft Visual Studio
2009-05-30 12:11:38 ----D---- C:\Program Files (x86)\Microsoft Visual Studio 8
2009-05-30 07:04:30 ----D---- C:\Users\chinchin\AppData\Roaming\WildTangent

======List of files/folders modified in the last 1 months======

2009-06-25 17:34:05 ----D---- C:\Windows\Temp
2009-06-25 16:22:37 ----RD---- C:\Program Files (x86)
2009-06-25 15:02:32 ----D---- C:\Windows\System32
2009-06-25 15:02:31 ----D---- C:\Windows\inf
2009-06-25 14:57:56 ----SHD---- C:\Windows\Installer
2009-06-23 18:25:05 ----SHD---- C:\System Volume Information
2009-06-22 06:14:50 ----D---- C:\Users\chinchin\AppData\Roaming\mjusbsp
2009-06-15 21:31:21 ----D---- C:\Windows\Microsoft.NET
2009-06-15 21:30:54 ----D---- C:\Windows\winsxs
2009-06-15 21:30:52 ----D---- C:\Windows\ehome
2009-06-15 21:30:49 ----D---- C:\Windows\SysWOW64
2009-06-15 21:29:33 ----D---- C:\ProgramData\Microsoft Help
2009-06-12 10:00:09 ----SD---- C:\Users\chinchin\AppData\Roaming\Microsoft
2009-06-12 07:47:51 ----D---- C:\Program Files (x86)\Internet Explorer
2009-06-12 07:45:49 ----D---- C:\Program Files (x86)\Microsoft Works
2009-06-07 13:48:16 ----D---- C:\ProgramData\WildTangent
2009-06-06 15:51:42 ----D---- C:\Windows
2009-06-06 14:24:27 ----HD---- C:\ProgramData
2009-06-06 14:12:11 ----D---- C:\ProgramData\HP
2009-06-06 14:12:07 ----A---- C:\Windows\win.ini
2009-06-06 14:11:18 ----D---- C:\Program Files (x86)\HP
2009-06-06 14:04:45 ----D---- C:\Windows\twain_32
2009-06-06 14:01:06 ----D---- C:\Program Files (x86)\Common Files
2009-06-04 12:39:13 ----D---- C:\Program Files (x86)\TOSHIBA Games
2009-06-04 08:16:41 ----D---- C:\Users\chinchin\AppData\Roaming\Adobe
2009-06-02 21:07:34 ----D---- C:\Windows\Logs
2009-05-31 06:06:07 ----D---- C:\Program Files (x86)\Windows Mail
2009-05-31 06:04:02 ----RSD---- C:\Windows\assembly
2009-05-30 18:29:28 ----SD---- C:\ProgramData\Microsoft
2009-05-30 12:14:38 ----D---- C:\Program Files (x86)\Common Files\microsoft shared
2009-05-30 12:14:36 ----D---- C:\Program Files (x86)\MSBuild
2009-05-30 12:14:21 ----D---- C:\Windows\ShellNew
2009-05-30 12:14:13 ----RSD---- C:\Windows\Fonts
2009-05-30 12:14:13 ----D---- C:\Program Files (x86)\Microsoft Office
2009-05-30 12:11:05 ----D---- C:\Program Files (x86)\Common Files\System
2009-05-30 09:47:28 ----D---- C:\Users\chinchin\AppData\Roaming\Macromedia
2009-05-30 06:48:09 ----D---- C:\Windows\Prefetch

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 kl1;kl1; C:\Windows\system32\DRIVERS\kl1.sys []
R1 KLIF;Kaspersky Lab Driver; C:\Windows\system32\DRIVERS\klif.sys []
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter; C:\Windows\system32\DRIVERS\klim6.sys []
R3 AgereSoftModem;TOSHIBA Software Modem; C:\Windows\system32\DRIVERS\agrsm64.sys []
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys []
R3 FwLnk;FwLnk Driver; C:\Windows\system32\DRIVERS\FwLnk.sys []
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys []
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []
R3 ksthunk;Kernel Streaming Thunks; C:\Windows\system32\drivers\ksthunk.sys []
R3 NETw5v64;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 64 Bit ; C:\Windows\system32\DRIVERS\NETw5v64.sys []
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh64.sys []
R3 RTSTOR;Realtek USB 2.0 Card Reader; C:\Windows\system32\drivers\RTSTOR64.SYS []
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys []
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\Windows\system32\DRIVERS\tdcmdpst.sys []
R3 usbvideo;Chicony USB 2.0 Camera; C:\Windows\System32\Drivers\usbvideo.sys []
R3 UVCFTR;UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS []
S3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\DRIVERS\BthEnum.sys []
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys []
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys []
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys []
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys []
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys []
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys []
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys []
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys []
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys []
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys []
S3 SVRPEDRV;SVRPEDRV; C:\Windows\system32\drivers\SVRPEDRV.sys []
S3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys []
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys []
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys []
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys []
S4 KR10I64;KR10I64; C:\Windows\system32\drivers\kr10i64.sys []
S4 KR10N64;KR10N64; C:\Windows\system32\drivers\kr10n64.sys []
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys []
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agr64svc.exe []
R2 AVP;Kaspersky Anti-Virus; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe [2009-05-30 201992]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R2 ConfigFree Gadget Service;ConfigFree Gadget Service; C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2008-04-03 36864]
R2 ConfigFree Service;ConfigFree Service; C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2008-04-17 40960]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2008-04-30 1371136]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R2 HPSLPSVC;HP Network Devices Support; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R2 IAANTMON;Intel® Matrix Storage Event Monitor; C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2008-04-15 354840]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-20 21504]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-20 21504]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2008-04-30 826368]
R2 TMachInfo;TMachInfo; C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2008-08-04 46392]
R2 TNaviSrv;TOSHIBA Navi Support Service; C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe [2008-07-18 83312]
R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe []
R2 TosCoSrv;TOSHIBA Power Saver; C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe [2008-02-06 434016]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service; C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-03 175104]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2006-08-23 49152]
R2 YahooAUService;Yahoo! Updater; C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv; C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [2008-04-24 84992]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2008-01-20 93696]
S3 GameConsoleService;GameConsoleService; C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe [2008-05-28 164600]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-24 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-20 19968]

-----------------EOF-----------------

Quote

"If GOD brings you to it, He will bring you THROUGH it."

#2 User is offline   suebaby41 

  • W.A.M. (Women Against Malware)
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 6,247
  • Joined: 03-January 05
  • Location:South Carolina, USA

Posted 29 June 2009 - 01:27 PM

Welcome to the BleepingComputer Forums.

Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Please post the contents of log.txt.
Thank you for your patience.

Please see Preparation Guide for use before posting about your potential Malware problem.

If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped.

Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so.

While we are working on your HijackThis log, please:
  • Reply to this thread; do not start another!
  • Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so.
  • Do not run any other tool until instructed to do so!
  • Let me know if any of the links do not work or if any of the tools do not work.
  • Tell me about problems or symptoms that occur during the fix.
  • Do not run any other programs or open any other windows while doing a fix.
  • Ask any questions that you have regarding the fix(es), the infection(s), the performance of your computer, etc.
Thanks.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate
Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#3 User is offline   docleng 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 15
  • Joined: 02-June 09

Posted 04 July 2009 - 02:53 AM

Good day!

I don't really know if my topic has been closed already (Ireally hope not). I just opened my laptop now, and it's the sixth day now. I don't really know what to do. but still I will follow your instructions after this post. Sorry for my ignorance, after viewing the forums, I haven't found anything with the same infection as mine, nor in the web when i searched it. What can TROJAN.ADWARE.GEN do to my computer? so far the only odd thing I noticed now is that when i open my computer, a window appears saying: from solution center THE FEATURE YOU ARE TRYING TO USE IS ON A cd-rOM OR OTHER REMOVABLE DISK THAT IS NOT AVAILABLE. INSERT THE 'SOLUTION CENTER' DISK AND CLICK OK. I don't have a disk so I clicked CANCEL. Another window appears: AN INSTALLATION PACKAGE FOR THE SOLUTION CENTER CANNOT BE FOUND. TRY THE INSTALLATION AGAIN USING A VALID COPY OF THE INSTALLATION PACKAGE 'SOLUTION CENTER'.MSI . when I clicked OK, Windows starts. Is this in any way related to infection I have? Thank you so much.
Attached is the updated log. After attaching this log, what should I do next? Can I now check if the trojan is gone? Is it now safe to download antiviruses or any other programs? the only ones I have are SOLO ANTIVIRUS, TROJAN REMOVER. Thanks again

Logfile of random's system information tool 1.06 (written by random/random)
Run by chinchin at 2009-07-04 16:26:30
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 235 GB (80%) free of 295 GB
Total RAM: 3963 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:26:31 PM, on 7/4/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18248)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Internet Explorer\ieuser.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\chinchin\Desktop\RSIT.exe
C:\Program Files (x86)\trend micro\chinchin.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ph.yahoo.com/?fr=fp-tyc7
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [cfFncEnabler.exe] cfFncEnabler.exe
O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TSS.exe" /hide
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TrojanScanner] "C:\Program Files (x86)\Trojan Remover\Trjscan.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [cdloader] "C:\Users\chinchin\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [Search Protection] C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~2\Office12\GR99D3~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Unknown owner - C:\Windows\system32\agr64svc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: ConfigFree Gadget Service - TOSHIBA Corporation. - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: SmartFaceVWatchSrv - Toshiba - C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 12228 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll [2009-03-13 908528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll [2009-05-30 62728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files (x86)\Java\jre1.6.0_06\bin\ssv.dll [2008-03-25 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll [2009-06-12 259696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-04-24 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-04-24 470512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2009-03-13 165616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2008-10-16 505136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll [2009-03-13 908528]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll [2009-06-12 259696]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NDSTray.exe"=NDSTray.exe []
"cfFncEnabler.exe"=cfFncEnabler.exe []
"ToshibaServiceStation"=C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TSS.exe [2008-08-04 1242424]
"Camera Assistant Software"=C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe [2008-04-29 417792]
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"TrojanScanner"=C:\Program Files (x86)\Trojan Remover\Trjscan.exe [2008-02-29 866384]
"AVP"=C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe [2009-05-30 201992]
"YSearchProtection"=C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe [2009-02-03 111856]
"hpqSRMon"=C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [2008-08-20 150016]
"HP Software Update"=C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"=C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [2008-05-19 432640]
"swg"=C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-08-18 68856]
"cdloader"=C:\Users\chinchin\AppData\Roaming\mjusbsp\cdloader2.exe [2009-04-10 50520]
"Search Protection"=C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe [2009-02-03 111856]
"YSearchProtection"=C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe [2009-02-03 111856]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"ForceActiveDesktopOn"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
shell\AutoRun\command - F:\autorun.exe
shell\phone\command - F:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ea090f22-3239-11de-8c33-001e3399ee74}]
shell\AutoRun\command - F:\autorun.exe
shell\phone\command - F:\autorun.exe


======List of files/folders created in the last 1 months======

2009-06-25 16:22:37 ----D---- C:\Program Files (x86)\trend micro
2009-06-25 16:22:36 ----D---- C:\rsit
2009-06-14 12:52:00 ----A---- C:\Windows\system32\psisdecd.dll
2009-06-14 12:52:00 ----A---- C:\Windows\system32\EncDec.dll
2009-06-11 08:19:49 ----A---- C:\Windows\system32\localspl.dll
2009-06-11 08:19:48 ----A---- C:\Windows\system32\rpcrt4.dll
2009-06-11 08:19:36 ----A---- C:\Windows\system32\mshtml.dll
2009-06-11 08:19:32 ----A---- C:\Windows\system32\ieframe.dll
2009-06-11 08:19:31 ----A---- C:\Windows\system32\wininet.dll
2009-06-11 08:19:31 ----A---- C:\Windows\system32\urlmon.dll
2009-06-11 08:19:31 ----A---- C:\Windows\system32\iertutil.dll
2009-06-11 08:19:30 ----A---- C:\Windows\system32\msfeeds.dll
2009-06-11 08:19:30 ----A---- C:\Windows\system32\iedkcs32.dll
2009-06-11 08:19:28 ----A---- C:\Windows\system32\occache.dll
2009-06-11 08:19:28 ----A---- C:\Windows\system32\ieUnatt.exe
2009-06-11 08:19:28 ----A---- C:\Windows\system32\ieaksie.dll
2009-06-11 08:19:27 ----A---- C:\Windows\system32\mstime.dll
2009-06-11 08:19:27 ----A---- C:\Windows\system32\jsproxy.dll
2009-06-11 08:19:27 ----A---- C:\Windows\system32\ieencode.dll
2009-06-06 14:24:27 ----D---- C:\ProgramData\WEBREG
2009-06-06 14:12:11 ----D---- C:\Users\chinchin\AppData\Roaming\HP
2009-06-06 14:09:51 ----D---- C:\ProgramData\HP Product Assistant
2009-06-06 14:01:06 ----D---- C:\Program Files (x86)\Common Files\HP
2009-06-06 14:01:04 ----D---- C:\Program Files (x86)\Hewlett-Packard
2009-06-06 14:00:07 ----HD---- C:\Config.Msi

======List of files/folders modified in the last 1 months======

2009-07-04 16:26:19 ----D---- C:\Windows\Temp
2009-07-04 16:00:35 ----D---- C:\Windows\inf
2009-07-04 16:00:11 ----SHD---- C:\System Volume Information
2009-07-04 16:00:11 ----D---- C:\Windows\System32
2009-07-04 15:55:58 ----SHD---- C:\Windows\Installer
2009-07-04 15:54:37 ----D---- C:\ProgramData\Kaspersky Lab
2009-06-25 16:22:37 ----RD---- C:\Program Files (x86)
2009-06-22 06:14:50 ----D---- C:\Users\chinchin\AppData\Roaming\mjusbsp
2009-06-15 21:31:21 ----D---- C:\Windows\Microsoft.NET
2009-06-15 21:30:54 ----D---- C:\Windows\winsxs
2009-06-15 21:30:52 ----D---- C:\Windows\ehome
2009-06-15 21:30:49 ----D---- C:\Windows\SysWOW64
2009-06-15 21:29:33 ----D---- C:\ProgramData\Microsoft Help
2009-06-12 10:00:09 ----SD---- C:\Users\chinchin\AppData\Roaming\Microsoft
2009-06-12 07:47:51 ----D---- C:\Program Files (x86)\Internet Explorer
2009-06-12 07:45:49 ----D---- C:\Program Files (x86)\Microsoft Works
2009-06-07 13:48:16 ----D---- C:\ProgramData\WildTangent
2009-06-07 13:08:16 ----D---- C:\SRN Micro
2009-06-06 15:51:42 ----D---- C:\Windows
2009-06-06 14:24:27 ----HD---- C:\ProgramData
2009-06-06 14:12:11 ----D---- C:\ProgramData\HP
2009-06-06 14:12:07 ----A---- C:\Windows\win.ini
2009-06-06 14:11:18 ----D---- C:\Program Files (x86)\HP
2009-06-06 14:04:45 ----D---- C:\Windows\twain_32
2009-06-06 14:01:06 ----D---- C:\Program Files (x86)\Common Files

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 kl1;kl1; C:\Windows\system32\DRIVERS\kl1.sys []
R1 KLIF;Kaspersky Lab Driver; C:\Windows\system32\DRIVERS\klif.sys []
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter; C:\Windows\system32\DRIVERS\klim6.sys []
R3 AgereSoftModem;TOSHIBA Software Modem; C:\Windows\system32\DRIVERS\agrsm64.sys []
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys []
R3 FwLnk;FwLnk Driver; C:\Windows\system32\DRIVERS\FwLnk.sys []
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys []
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []
R3 ksthunk;Kernel Streaming Thunks; C:\Windows\system32\drivers\ksthunk.sys []
R3 NETw5v64;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 64 Bit ; C:\Windows\system32\DRIVERS\NETw5v64.sys []
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh64.sys []
R3 RTSTOR;Realtek USB 2.0 Card Reader; C:\Windows\system32\drivers\RTSTOR64.SYS []
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys []
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\Windows\system32\DRIVERS\tdcmdpst.sys []
R3 usbvideo;Chicony USB 2.0 Camera; C:\Windows\System32\Drivers\usbvideo.sys []
R3 UVCFTR;UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS []
S3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\DRIVERS\BthEnum.sys []
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys []
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys []
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys []
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys []
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys []
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys []
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys []
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys []
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys []
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys []
S3 SVRPEDRV;SVRPEDRV; C:\Windows\system32\drivers\SVRPEDRV.sys []
S3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys []
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys []
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys []
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys []
S4 KR10I64;KR10I64; C:\Windows\system32\drivers\kr10i64.sys []
S4 KR10N64;KR10N64; C:\Windows\system32\drivers\kr10n64.sys []
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys []
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agr64svc.exe []
R2 AVP;Kaspersky Anti-Virus; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe [2009-05-30 201992]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R2 ConfigFree Gadget Service;ConfigFree Gadget Service; C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2008-04-03 36864]
R2 ConfigFree Service;ConfigFree Service; C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2008-04-17 40960]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2008-04-30 1371136]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R2 HPSLPSVC;HP Network Devices Support; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R2 IAANTMON;Intel® Matrix Storage Event Monitor; C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2008-04-15 354840]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-20 21504]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-20 21504]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2008-04-30 826368]
R2 TMachInfo;TMachInfo; C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2008-08-04 46392]
R2 TNaviSrv;TOSHIBA Navi Support Service; C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe [2008-07-18 83312]
R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe []
R2 TosCoSrv;TOSHIBA Power Saver; C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe [2008-02-06 434016]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service; C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-03 175104]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2006-08-23 49152]
R2 YahooAUService;Yahoo! Updater; C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv; C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [2008-04-24 84992]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2008-01-20 93696]
S3 GameConsoleService;GameConsoleService; C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe [2008-05-28 164600]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-24 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-20 19968]

-----------------EOF-----------------

This post has been edited by docleng: 04 July 2009 - 04:03 AM

Quote

"If GOD brings you to it, He will bring you THROUGH it."

#4 User is offline   suebaby41 

  • W.A.M. (Women Against Malware)
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 6,247
  • Joined: 03-January 05
  • Location:South Carolina, USA

Posted 04 July 2009 - 11:06 AM

You say that you have Solo Antivirus remover installed and the entries below indicate that you have Kaspersky Lab Antivirus installed which indicates that you may have more than one antivirus programs on your computer.

Kaspersky Lab

C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O20 - AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd.dll

Multiple antivirus programs can interfere with one another and actually allow MORE viruses to get through. Running two antivirus programs at the same time could lead to both of them trying to scan the same file at the same time, scan the same email at the same time and so on which could lead to conflicts.

Most of the popular antivirus products, when running together, will "fight for control" over the user's machine. It is this conflict that will slow down the system speed and cause various serious compatibility problems. This can also create registry conflicts as well as causing false virus alerts - or worse, missing alerts entirely! Having more than one antivirus program running and "active in memory" will use more resources which will adversely affect your access to files and cause overall system slowdowns.

Quote

Symantec strongly recommends that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts.

See Should you run more than one antivirus program at the same time?

Quote

Kaspersky Lab experts do not recommend using more that one antivirus package on the computer as the co-work of two different Antivirus programs may lead to computer productivity and operating system fall. And to solve the problem of Antivirus applications you will need to reinstall the operating system.
See Co-use of Kaspersky AntiVirus 5.0 and Antivirus packages of other vendors

Ask Leo said:

Quote

Real time monitoring, on the other hand, is another story. When you install most anti-virus programs they often automatically install and enable their real-time monitors. Running two or more real-time anti-virus monitors at the same time is very likely to cause a conflict. That conflict could result in error messages, crashes of the anti-virus programs, or other types of failure.
See Can I run more than one anti-virus program? Anti-spyware program? Firewall? Should I?

Types Of Antivirus Programs:

There are basically two types of antivirus programs: On-Access and On-Demand

On-Access Scanners, as the name implies, run in the background all the time the PC is turned on and running. The main function of an on-access scanner is to monitor activity on your machine.

On-Demand Scanners, such as Online Scans and scanners that run on your machine but are not actively scanning your machine, as the name implies, are scanners that only run when you ask them to run.

Antivirus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two antivirus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash. I notice that you are using more than one antivirus program. This is very dangerous, as multiple antivirus programs can interfere with one another and actually allow MORE viruses to get through. Running two antivirus programs at the same time could lead to both of them trying to scan the same file at the same time, scan the same email at the same time and so on which could lead to conflicts.
I strongly suggest you do one of the following:
  • Configure only one antivirus program to enable automatic realtime scanning and leave the rest disabled most of the time.
  • Go to "Start -> Control Panel -> Add/Remove Programs" and uninstall all but one antivirus program.
Please post a new HijackThis log.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate
Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#5 User is offline   docleng 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 15
  • Joined: 02-June 09

Posted 05 July 2009 - 04:06 AM

I am sorry I wasn't able to include Kaspersky as one of my anti-virus. I thought I didn't have to because I just installed a 1 month trial package and it expired last june 30,2009. As instructed, I uninstalled Kaspersky already as well as Trojan remover. Actually I don't have any idea on which is better than the other, I just randomly chose to retain Solo Anti-virus Remover. Is this a wise decision? I would appreciate it very much if you can please give me some suggestions on which antivirus is the best to be installed for windows vista. thank you so much. Included is my updated log.


Logfile of random's system information tool 1.06 (written by random/random)
Run by chinchin at 2009-07-05 17:23:57
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 235 GB (80%) free of 295 GB
Total RAM: 3963 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:23:58 PM, on 7/5/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18248)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Internet Explorer\ieuser.exe
C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\chinchin\Desktop\RSIT.exe
C:\Program Files (x86)\trend micro\chinchin.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ph.yahoo.com/?fr=fp-tyc7
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [cfFncEnabler.exe] cfFncEnabler.exe
O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TSS.exe" /hide
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [cdloader] "C:\Users\chinchin\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [Search Protection] C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~2\Office12\GR99D3~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Unknown owner - C:\Windows\system32\agr64svc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ConfigFree Gadget Service - TOSHIBA Corporation. - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: SmartFaceVWatchSrv - Toshiba - C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 11467 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll [2009-03-13 908528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files (x86)\Java\jre1.6.0_06\bin\ssv.dll [2008-03-25 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll [2009-06-12 259696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll [2009-07-05 669168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-04-24 470512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2009-03-13 165616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2008-10-16 505136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll [2009-03-13 908528]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll [2009-06-12 259696]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NDSTray.exe"=NDSTray.exe []
"cfFncEnabler.exe"=cfFncEnabler.exe []
"ToshibaServiceStation"=C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TSS.exe [2008-08-04 1242424]
"Camera Assistant Software"=C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe [2008-04-29 417792]
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"YSearchProtection"=C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe [2009-02-03 111856]
"hpqSRMon"=C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [2008-08-20 150016]
"HP Software Update"=C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"=C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [2008-05-19 432640]
"swg"=C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-08-18 68856]
"cdloader"=C:\Users\chinchin\AppData\Roaming\mjusbsp\cdloader2.exe [2009-04-10 50520]
"Search Protection"=C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe [2009-02-03 111856]
"YSearchProtection"=C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe [2009-02-03 111856]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"ForceActiveDesktopOn"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
shell\AutoRun\command - F:\autorun.exe
shell\phone\command - F:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ea090f22-3239-11de-8c33-001e3399ee74}]
shell\AutoRun\command - F:\autorun.exe
shell\phone\command - F:\autorun.exe


======List of files/folders created in the last 1 months======

2009-06-25 16:22:37 ----D---- C:\Program Files (x86)\trend micro
2009-06-25 16:22:36 ----D---- C:\rsit
2009-06-14 12:52:00 ----A---- C:\Windows\system32\psisdecd.dll
2009-06-14 12:52:00 ----A---- C:\Windows\system32\EncDec.dll
2009-06-11 08:19:49 ----A---- C:\Windows\system32\localspl.dll
2009-06-11 08:19:48 ----A---- C:\Windows\system32\rpcrt4.dll
2009-06-11 08:19:36 ----A---- C:\Windows\system32\mshtml.dll
2009-06-11 08:19:32 ----A---- C:\Windows\system32\ieframe.dll
2009-06-11 08:19:31 ----A---- C:\Windows\system32\wininet.dll
2009-06-11 08:19:31 ----A---- C:\Windows\system32\urlmon.dll
2009-06-11 08:19:31 ----A---- C:\Windows\system32\iertutil.dll
2009-06-11 08:19:30 ----A---- C:\Windows\system32\msfeeds.dll
2009-06-11 08:19:30 ----A---- C:\Windows\system32\iedkcs32.dll
2009-06-11 08:19:28 ----A---- C:\Windows\system32\occache.dll
2009-06-11 08:19:28 ----A---- C:\Windows\system32\ieUnatt.exe
2009-06-11 08:19:28 ----A---- C:\Windows\system32\ieaksie.dll
2009-06-11 08:19:27 ----A---- C:\Windows\system32\mstime.dll
2009-06-11 08:19:27 ----A---- C:\Windows\system32\jsproxy.dll
2009-06-11 08:19:27 ----A---- C:\Windows\system32\ieencode.dll
2009-06-06 14:24:27 ----D---- C:\ProgramData\WEBREG
2009-06-06 14:12:11 ----D---- C:\Users\chinchin\AppData\Roaming\HP
2009-06-06 14:09:51 ----D---- C:\ProgramData\HP Product Assistant
2009-06-06 14:01:06 ----D---- C:\Program Files (x86)\Common Files\HP
2009-06-06 14:01:04 ----D---- C:\Program Files (x86)\Hewlett-Packard
2009-06-06 14:00:07 ----HD---- C:\Config.Msi

======List of files/folders modified in the last 1 months======

2009-07-05 17:23:52 ----D---- C:\Windows\Temp
2009-07-05 17:04:20 ----D---- C:\Program Files (x86)\Trojan Remover
2009-07-05 17:04:19 ----HD---- C:\ProgramData
2009-07-05 17:04:19 ----D---- C:\Windows\SysWOW64
2009-07-05 17:00:23 ----D---- C:\Windows\System32
2009-07-05 17:00:23 ----D---- C:\Windows\inf
2009-07-05 16:56:50 ----SHD---- C:\Windows\Installer
2009-07-04 16:00:11 ----SHD---- C:\System Volume Information
2009-06-25 16:22:37 ----RD---- C:\Program Files (x86)
2009-06-22 06:14:50 ----D---- C:\Users\chinchin\AppData\Roaming\mjusbsp
2009-06-15 21:31:21 ----D---- C:\Windows\Microsoft.NET
2009-06-15 21:30:54 ----D---- C:\Windows\winsxs
2009-06-15 21:30:52 ----D---- C:\Windows\ehome
2009-06-15 21:29:33 ----D---- C:\ProgramData\Microsoft Help
2009-06-12 10:00:09 ----SD---- C:\Users\chinchin\AppData\Roaming\Microsoft
2009-06-12 07:47:51 ----D---- C:\Program Files (x86)\Internet Explorer
2009-06-12 07:45:49 ----D---- C:\Program Files (x86)\Microsoft Works
2009-06-07 13:48:16 ----D---- C:\ProgramData\WildTangent
2009-06-07 13:08:16 ----D---- C:\SRN Micro
2009-06-06 15:51:42 ----D---- C:\Windows
2009-06-06 14:12:11 ----D---- C:\ProgramData\HP
2009-06-06 14:12:07 ----A---- C:\Windows\win.ini
2009-06-06 14:11:18 ----D---- C:\Program Files (x86)\HP
2009-06-06 14:04:45 ----D---- C:\Windows\twain_32
2009-06-06 14:01:06 ----D---- C:\Program Files (x86)\Common Files

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R3 AgereSoftModem;TOSHIBA Software Modem; C:\Windows\system32\DRIVERS\agrsm64.sys []
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys []
R3 FwLnk;FwLnk Driver; C:\Windows\system32\DRIVERS\FwLnk.sys []
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys []
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []
R3 ksthunk;Kernel Streaming Thunks; C:\Windows\system32\drivers\ksthunk.sys []
R3 NETw5v64;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 64 Bit ; C:\Windows\system32\DRIVERS\NETw5v64.sys []
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh64.sys []
R3 RTSTOR;Realtek USB 2.0 Card Reader; C:\Windows\system32\drivers\RTSTOR64.SYS []
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys []
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\Windows\system32\DRIVERS\tdcmdpst.sys []
R3 usbvideo;Chicony USB 2.0 Camera; C:\Windows\System32\Drivers\usbvideo.sys []
R3 UVCFTR;UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS []
S3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\DRIVERS\BthEnum.sys []
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys []
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys []
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys []
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys []
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys []
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys []
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys []
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys []
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys []
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys []
S3 SVRPEDRV;SVRPEDRV; C:\Windows\system32\drivers\SVRPEDRV.sys []
S3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys []
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys []
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys []
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys []
S4 KR10I64;KR10I64; C:\Windows\system32\drivers\kr10i64.sys []
S4 KR10N64;KR10N64; C:\Windows\system32\drivers\kr10n64.sys []
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys []
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agr64svc.exe []
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R2 ConfigFree Gadget Service;ConfigFree Gadget Service; C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2008-04-03 36864]
R2 ConfigFree Service;ConfigFree Service; C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2008-04-17 40960]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2008-04-30 1371136]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R2 HPSLPSVC;HP Network Devices Support; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R2 IAANTMON;Intel® Matrix Storage Event Monitor; C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2008-04-15 354840]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-20 21504]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-20 21504]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2008-04-30 826368]
R2 TMachInfo;TMachInfo; C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2008-08-04 46392]
R2 TNaviSrv;TOSHIBA Navi Support Service; C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe [2008-07-18 83312]
R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe []
R2 TosCoSrv;TOSHIBA Power Saver; C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe [2008-02-06 434016]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service; C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-03 175104]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2006-08-23 49152]
R2 YahooAUService;Yahoo! Updater; C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv; C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [2008-04-24 84992]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2008-01-20 93696]
S3 GameConsoleService;GameConsoleService; C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe [2008-05-28 164600]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-24 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-20 19968]

-----------------EOF-----------------

Quote

"If GOD brings you to it, He will bring you THROUGH it."

#6 User is offline   suebaby41 

  • W.A.M. (Women Against Malware)
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 6,247
  • Joined: 03-January 05
  • Location:South Carolina, USA

Posted 05 July 2009 - 12:44 PM

Quote

I am sorry I wasn't able to include Kaspersky as one of my anti-virus. I thought I didn't have to because I just installed a 1 month trial package and it expired last june 30,2009. As instructed, I uninstalled Kaspersky already as well as Trojan remover. Actually I don't have any idea on which is better than the other, I just randomly chose to retain Solo Anti-virus Remover. Is this a wise decision? I would appreciate it very much if you can please give me some suggestions on which antivirus is the best to be installed for windows vista. thank you so much. Included is my updated log.


Solo Anti-virus Remover is not one of the more popular antivirus programs so I really do not know much about it. Since you paid for the program subscription, you will need to try it for some time to decide if it is doing what you want it to do. I use Avast4 which is a free antivirus program. Just remember, use only one antivirus program.

NOTE: If for some reason you are unable to complete a step(s), skip that step and continue with the rest of the steps. Please describe your problem with the step in your next reply.

Step 1

You may want to print this page. Make sure to work through the fixes in the order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Step 2

Ensure that you have the latest version of Java Runtime Environment which is currently Java Runtime Environment Version 6 Update 12 (jre-6u12. If you do not have the latest version, follow the instructions below.

Remove the older versions of Java Runtime Environment. Older versions have vulnerabilities that malware can use to infect your system.
  • Close any programs you may have running, ESPECIALLY your web browser
  • Click Start > Control Panel.
  • Click Add/Remove Programs.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove all versions of Java.
  • Reboot your computer after all Java components are removed.
Download the latest version.
  • Click java.com download page.
  • Under

    Quote

    Java Downloads for All Operating Systems
    Recommended Version 6 Update 12
    scroll down to Windows and click on Windows XP/Vista/2000/2003 Offline.
  • NOTE: This page offers files for different platforms - please be sure to download the proper file(s) for your platform.
  • The File Download dialog box appears. Choose the folder location. (Save the file to a known location on your computer, for example, to your desktop).
  • Click Save.
  • If you have previously downloaded this version of JRE, you may be prompted:

    Quote

    File jre-6ux-windows-i586.exe already exists. Do you want to replace it?

  • Click Yes to replace.
  • Verify that the:

    Quote

    Name of the file is jre-6u12-windows-i586.exe
    Size is approximately 13.8 MB

  • Close all applications including the browser.
  • Double-click on the saved file icon to start the installation process.
    The installer unpacks the files needed for the installation, which takes less than a minute. After unpacking the installation files, a welcome screen is displayed, the installer presents an option to view the license agreement. Choose Accept the license agreement to continue the installation process
  • Note: Sun Microsystems has partnered with companies that offer various products. The installer may present you with option to install these programs when you install JRE. Make your selections by clicking on the check box next to programs that interest you.
  • Click on Next to continue the installation.
  • The installer displays a Custom Setup screen that allows you to choose program features to set up. We recommend that you keep the default settings unless you are an advanced user who wants more precise control over the components that will be installed.
  • After ensuring that the desired program features are selected, click the Next button to continue with the installation.
  • To test that the JRE is installed, enabled and working properly on your computer, run this test applet from our web site: verify Java has been installed correctly..
Step 3

TFC (Temp File Cleaner) will clear out all temp folders for all user accounts (temp, IE temp, java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder. It also cleans out the %systemroot%\temp folder and checks for .tmp files in the %systemdrive% root folder, %systemroot%, and the system32 folder (both 32bit and 64bit on 64bit OSs). It shows the amount removed for each location found (in bytes) and the total removed (in MB). Before running, it will stop Explorer and all other running apps. When finished, if a reboot is required the user must reboot to finish clearing any in-use temp files.

TFC only cleans temp folders. TFC will not clean URL history, prefetch, or cookies. Depending on how often someone cleans their temp folders, their system hardware, and how many accounts are present, it can take anywhere from a few seconds to a minute or more. TFC will completely clear all temp files where other temp file cleaners may fail. TFC requires a reboot immediately after running. Be sure to save any unsaved work before running TFC.
  • Please download TFC by OldTimer to your desktop.
  • Open the file and close any other windows.
  • It will close all programs itself when run; make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job.
  • After it is finished, it should reboot your machine, if not, do this yourself to ensure a complete clean.
Step 4

In normal mode, run an online antivirus check from at least two and preferably three of the following sites
BitDefender
Computer Associates Online Virus Scan
Panda's ActiveScan
Trend Micro Housecall
Windows Live Safety Center Free Online Scan
This scanner from Trend does not require an Active X to run.
  • Detects and removes malware ( viruses, worms, trojans, etc. )
  • Detects and removes grayware and spyware
  • Restores damage caused by malware to your system.
  • Notifies about vulnerabilities in installed programs and connected network services.
  • Multi-platform support for: Windows, Linux, Solaris.
  • Easy-to-use with the Microsoft Internet Explorer and Mozilla Firefox.
When you have completed the scans, if you get a report of files that can’t be cleaned / deleted, make a note of the file location of anything that cannot be deleted so you can delete it yourself. Please post that list in your next reply.

Step 5

Please download Spybot-S&D©® and install Spybot-S&D©® .
  • Be sure to UNCHECK TeaTimer when presented with the option to install. You can enable it after you are clean.
  • Run Spybot-S&D©® , go to the Menu Bar at the top choose Mode and make certain that "Default mode" has a check mark beside it.
  • Click the button "Search for Updates".
  • If any updates are found, install them by placing a check mark next to each one and clicking "Download Updates".
  • If you encounter any error messages while downloading the updates, manually download them from here.
  • Click on "Immunize". When it detects what has or has not been blocked, block all remaining items by clicking the green plus sign next to immunize at the top.
  • Click the button "Check for Problems".
  • When Spybot-S&D©® is complete, it will be showing RED entries, bold BLACK entries and GREEN entries in the window.
  • Make certain there is a check mark beside all of the RED entries ONLY.
  • Choose "Fix Selected Problems" and allow Spybot-S&D©® to fix the RED entries.
  • REBOOT to complete the scan and clear memory.
Note: After Windows loads, Spybot-S&D©® may run again to clean some files that it could not clean during the prior session. Follow the same procedure.

Step 6
  • Please download Ad-Aware Free - Anniversary Edition to your desktop. The Ad-Aware Free - Anniversary Edition installation file will be Ad-AwareAE.exe.
  • Double-click the file and follow the on-screen instructions in the Installation Wizard to install.
  • When the Please Enter Your License Information screen appears, click Cancel and Ad-Aware Free - Anniversary Edition will be installed.
  • When the Ad-Aware Free - Anniversary Edition Has Been Successfully Installed Screen appears, click Finish to complete the installation and to launch Ad-Aware Free - Anniversary Edition.
  • The Status screen will appear. You will see four sections.
    • System Protection Status section where you will see Real Time Protection with a check in the Off dialog box and Automatic Updates with a check in the On dialog box.
    • Update Status section
    • System Scan section
    • License Status section where you will see that the Type: will be Free Edition and License Expires in: Never.

  • In the list on the left of the screen, click Scan. You will be given a choice of Smart Scan, Full Scan, and Custom Scan. (Scheduler on the right of the screen is only available in Ad-Aware 2008 Plus and Ad-Aware Pro.)
  • In the list on the left of the screen, click Settings > Scanning tab. Use the default settings unless you see some changes that you want to make.
  • In the list on the left of the screen, click Status. In the System Scan section, click Scan Now.
  • When the scan finishes, the Critical Objects tab window appears.
  • Under Scan Results, you will see the list of Critical Objects that Ad-Aware Free - Anniversary Edition found. You are given three choices, Add to ignore, Quarantine, Remove, and System Restore. You may choose to create a System Restore Point prior to removing any objects that you are unsure of removing or after a scan when you know the system is clean. If Critical Objects are found, select all objects found (right click anywhere in the list of found objects and click "Select All Objects").
  • Click Remove.
  • If no Critical Objects are found, click the Privacy Objects tab.
  • If there are Privacy Objects listed, select all objects found (right click anywhere in the list of found objects and click "Select All Objects"). Select Add to ignore or Remove..
  • Click Remove.
  • If no Privacy Objects are found, click the Log File tab to see the statistics of the Ad-Aware Free - Anniversary Edition scan.
  • Click Finish.
  • The next screen shows you the Scan Summary in the left panel and System Restore in the right panel.
    • You may choose to create a System Restore Point prior to removing any objects that you are unsure of removing or after a scan when you know the system is clean. If you choose to create a System Restore Point, click Set.
    • You may want to export the results Click Export and save the log on your computer .
    • Click Scan Again to repeat the scan.

  • You will be returned to the Status screen. Click on the X in the upper right corner to exit Ad-Aware Free - Anniversary Edition.
Step 7

I recommend using Spyware Blaster.
  • Please download SpywareBlaster and save it to your desktop.
  • Double click on it to install the program.
  • Follow the prompts and choose the default locations when installing the program.
  • When the program is installed, it will place an icon on your desktop.
  • Double click on the SpywareBlaster icon and you will be presented with a brief tutorial. On the first page of this tutorial, you will see some of the SpywareBlaster features
  • Click on the Next button to proceed to the second page of the tutorial.
  • If you want to purchase the software, then you should select Automatic Updating. If you do not plan on purchasing the software, then you should select the option for Manual Updating. Press the Next button.
  • At the next screen, click Finish.
  • At the next screen, Protection Status, click Enable All Protection.
  • Click Download Latest Protection Updates. This will ensure that SpywareBlaster has the latest definitions so that it can protect your browser more efficiently. You should update SpywareBlaster regularly, as much as every few days, in order to provide the best protection. Each time you update, be sure to click Enable All Protection.
Step 8

Malwarebytes' Anti-Malware is FREEWARE, however you may upgrade to the PRO version which contains realtime protection, scheduled scanning and updating.
  • Please download Malwarebytes Anti-Malware (MBAM). Alternate download link
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware

  • Click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing scan. If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from the Malware Bytes Web site. Scroll down the page until you see Latest Database; click Download from GT500.org
  • Double-click on mbam-rules.exe to install.
  • On the Scanner tab, make sure the Perform Quick Scan option is selected.
  • Click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and Scan in progress will show at the top. It may take some time to complete; please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully.
  • At the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
  • Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
Step 9
  • Please download SUPERAntiSpyware (SAS) - SUPERAntiSpyware Free Version For Home Users
  • Install it and double-click the icon on your desktop to run it.
  • It will ask if you want to update the program definitions, click Yes.
  • Under Configuration and Preferences, click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options, make sure the following are checked:
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
    • Please leave the others unchecked.

  • Click the Close button to leave the control center screen.
  • On the main screen, under Scan for Harmful Software, click Scan your computer.
  • On the left, check C:\Fixed Drive.
  • On the right, under Complete Scan, choose Perform Complete Scan.
  • Click Next to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a summary box will appear. Click OK.
  • Make sure everything in the white box has a check next to it, then click Next.
  • It will quarantine what it found and if it asks if you want to reboot, click Yes.
  • To retrieve the removal information, please do the following:
    • After reboot, double-click the SUPERAntispyware icon on your desktop.
    • Click Preferences. Click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • It will open in your default text editor (such as Notepad/Wordpad).
    • Please highlight everything in the notepad, then right-click and choose Copy.
    • Click Close and Close again to exit the program.

  • Please post that information with a new HijackThis log.

SUPERAntiSpyware Advice:

CAUTION: SuperAntiSpyware comes with a program called Bootsafe, do not for any reason use this program, if used on an infected computer, it could render it UNBOOTABLE.

Step 10

We need to disconnect your computer from the Internet. By doing this, it prevents any further Internet activity until the removal of malware is complete. You need to make it impossible for viruses, trojan horses, worms and spyware to call for backup once you start to dismantle them. They will continue to infect your computer with new variants while you are connected to the Internet. We also need to prevent hackers from controlling your system and they will try to prevent you from removing the pests they installed on your computer.

Close ALL browser windows (including this one). Exit all processes and items in your System tray.

According to how your computer connects to the Internet, please disconnect your computer from the Internet. Possible means of disconnecting your computer from the Internet include:
  • Physically remove the cable for your broadband Internet service “Always On” Connection from your computer.
  • Turn your modem off.
  • Disconnect your modem cable from your computer.
  • Turn the device off for Hand-held wireless connections.
  • Some laptops have a switch that will disconnect the laptop from the Internet.
Step 11

During the process of removing malware from your computer, there are times you may need to use specialized fix tools. Certain embedded files that are part of these specialized fix tools may be detected by your antivirus or anti-malware scanner as a RiskTool, Hacking tool, Potentially unwanted tool, a virus or a Trojan when that is not the case.
These tools have been carefully created and tested by security experts so if your antivirus or anti-malware program flags them as malware, then it is a False Positive. Antivirus scanners cannot distinguish between good and malicious use of such programs; therefore, they may alert you or even automatically remove them. In these cases, the removal of these files can have unpredictable results and unintentional results.
To avoid any problems while using a specialized fix tool, it is very important that you temporarily disable your antivirus and/or anti-malware programs before using the specialized fix tool.
When your system has been cleaned, it is important that you enable your security programs to avoid reinfection.
Please disable the following program(s):

SUPERAntiSpyware

We need to disable SUPERAntiSpyware as it may interfere with the fixes that we need to make.
  • Right click on the icon in your System Tray.
  • Click Exit
  • Make sure that the program, SUPERAntiSpyware itself, is also closed/not running.
Step 12

Optional Fixes is the name that we use for fixes for unnecessary programs that load during startup and run in the background. These programs are not required to start automatically as you can start them manually if you need them. You would be removing the program from your startup but you would not be removing the program itself.

Your computer may be sluggish due to the many programs loading during startup and running in the background that are not necessary. Windows has a facility for starting programs at startup time. Some of these programs are required for your computer and the applications installed on it to run correctly. A good example of such a program is a virus-checking application that must always run, constantly checking for and isolating or removing files with viruses. Other such programs are not strictly required, or are optional. In some cases, you can gain significant performance enhancements by disabling the automatic startup of these programs. In many cases, the functionality offered by the programs is still available by starting the programs manually by, for example, starting the program from the Windows Start->Programs menu. Media players and instant messaging programs often fall into this category. In fact, it is common for many modern software applications, when installed, to add programs at startup that add items to the system tray or shortcut (context) menus in Windows Explorer to provide quick access to the features and functions of these applications. While they may be useful, they do increase boot time and consume system resources. It is advised that you disable these programs so that they do not take up necessary resources or slow the boot time.

Other than ScanRegistry, SystemTray, StateMgr, antivirus program entries, and firewall program entries, very few others need to load and run.

Read the articles below to see if it applies to your computer problem with being slow to respond.
Slow Computer/browser? Check Here First; It May Not Be Malware
What to do if your Computer is running slowly
Help! My computer is slow!
50 Tips for a Super Fast PC
4 Ways to Speed Up Your Computer's Performance
It's not always malware: How to fix the top 10 Internet Explorer issues

If you decide that you want to stop the Optional Fixes in your startup, let me know and I will give you a list with instructions. You would be removing the program from your startup but you would not be removing the program itself.

Step 13

Check your computer with anti-rootkit applications. I recommend avast! antirootkit or Trend Micro RootkitBuster.

Step 14

Check to see if you have insecure applications with
Secunia Software Inspector. Secunia Software Inspector:
  • Detects insecure versions of common/popular programs installed on your computer.
  • Verifies that all Microsoft patches are applied.
  • Assists you in updating, patching, and protecting your computer.
  • Activates additional security features in Sun Java.
  • Runs through your browser. No installation or download is required.
Step 15

Please run HijackThis in Normal Mode and post a new HijackThis log so I can make sure that all the malware was deleted according to plan.

Please post:
  • the list of file names and locations for any files that cannot be cleaned / deleted that were reported after you completed the online scans.
  • the log from MalwareBytes
  • a new HijackThis log
Please advise me of any problems you still have.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate
Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#7 User is offline   docleng 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 15
  • Joined: 02-June 09

Posted 06 July 2009 - 08:12 AM

Thank you. I will try to do all the steps and finish them the soonest time possible so that I can post my reply asap. but I think, for this topic not to be closed, I need more time time-more than 5days before I can finish and reply again. Thank you for your patience.

Quote

"If GOD brings you to it, He will bring you THROUGH it."

#8 User is offline   suebaby41 

  • W.A.M. (Women Against Malware)
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 6,247
  • Joined: 03-January 05
  • Location:South Carolina, USA

Posted 06 July 2009 - 08:17 AM

I will keep your topic open. Let me know if you have any questions.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate
Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#9 User is offline   docleng 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 15
  • Joined: 02-June 09

Posted 10 July 2009 - 07:25 AM

Greetings!
Beginning to get frustrated :thumbup2:
I started with step 2- deleted my older Java Runtime Environment (jre-6u6), then rebooted. Downloaded latest version which is Version 6 update 14 for windows vista 64-BIT and saved it on the desktop. I then verified that the name of file jre-6u14-windows-x64.exe. started installing and has been completed. In the website, after verifying, the prompt stated that: YOU DON'T HAVE JAVA INSTALLED OR YOU HAVE A VERSION LESS THAN 1.4.2. The version of the java that was installed is 1.6.0_14-b08. Tried to reinstall, but the prompt said: HAS BEEN INSTALLED. And when we checked through the control panel, under programs, we found it there as well. So we continued with step 3. There were no evident problems running TFC, it showed the number of files cleaned.

Tried doing step 4. Started with Bitdefender- a prompt stated that: IE IS NOT RUNNING WITH ADMINISTRATIVE PRIVILEDGES SO BITDEFENDER ONLINE SCANNER WILL NOT WORK PROPERLY. PLEASE RUN AS ADMINISTRATOR. Went to IE and clicked on RUN AS ADMINISTRATOR, nothing happened. Scanned again - SCAN FAILED then on a separate window: NO VIRUSES WERE FOUND

Then tried Panda Active Scan 2.0. Prompt said: SORRY, UPDATING IS INCOMPLETE DUE TO AN ERROR.

Tried Trend Micro Housecall. The prompt says: JAVA SUPPORT IS DISABLED ON YOUR SYSTEM OR NO JAVA RUNTIME ENVIRONMENT IS INSTALLED. We then verified if java is running, prompt said: OOPS, WE HAVE DETECTED YOU MAY BE VIEWING THIS IN A 32-BIT BROWSER. IF YOU USE 32 AND 64-BIT BROWSER INTERCHANGEABLY, YOU WILL NEED TO INSTALL BOTH 32 AND 64-BIT JAVA IN ORDER TO HAVE THE JAVA PLUG IN FOR BOTH BROWSERS. I then downloaded v6u14 for 32-bit browser with file name jre-6u14-windows-i586-s.exe. when I verified prompt was CONGRATULATIONS! THE LATEST VERSION OF JRE IS INSTALLED & RUNNING CORRECTLY ON YOUR SYSTEM We tried scanning again but still to no avail. We downloaded the previous version that you mentioned (jre-6u12-windows-i586-p.exe), successfully but when verified through java.com, the 6u14 is still the one installed and running but all the downloaded java can't be found in the control panel>programs & in the TOOLS>INTERNET OPTIONS>ADVANCED. We searched TOOLS>INTERNET OPTIONS>PROGRAMS, we found 3 enabled java 6u14 64 bit applications, we deleted all of these so that only update 12 remains. We're currently doing a scan using WINDOWS LIVE. we'll give you an update on its progress.

:) Thanks again. Please do't get tired of my ignorance, really don't know how to do this without your help.

My recent log:

Logfile of random's system information tool 1.06 (written by random/random)
Run by chinchin at 2009-07-11 01:02:09
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 228 GB (77%) free of 295 GB
Total RAM: 3963 MB (68% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:02:10 AM, on 7/11/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18248)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Users\chinchin\Desktop\RSIT.exe
C:\Program Files (x86)\trend micro\chinchin.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ph.yahoo.com/?fr=fp-tyc7
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [cfFncEnabler.exe] cfFncEnabler.exe
O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TSS.exe" /hide
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [cdloader] "C:\Users\chinchin\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [Search Protection] C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix:
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/...S/wlscctrl2.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/...can8/oscan8.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~2\Office12\GR99D3~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Unknown owner - C:\Windows\system32\agr64svc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ConfigFree Gadget Service - TOSHIBA Corporation. - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: SmartFaceVWatchSrv - Toshiba - C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 11529 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll [2009-03-13 908528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll [2009-06-12 259696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll [2009-07-05 669168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-04-24 470512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2009-07-10 41368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2009-03-13 165616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2008-10-16 505136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll [2009-03-13 908528]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll [2009-06-12 259696]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NDSTray.exe"=NDSTray.exe []
"cfFncEnabler.exe"=cfFncEnabler.exe []
"ToshibaServiceStation"=C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TSS.exe [2008-08-04 1242424]
"Camera Assistant Software"=C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe [2008-04-29 417792]
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"YSearchProtection"=C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe [2009-02-03 111856]
"hpqSRMon"=C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [2008-08-20 150016]
"HP Software Update"=C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"=C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [2008-05-19 432640]
"swg"=C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-08-18 68856]
"cdloader"=C:\Users\chinchin\AppData\Roaming\mjusbsp\cdloader2.exe [2009-04-10 50520]
"Search Protection"=C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe [2009-02-03 111856]
"YSearchProtection"=C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe [2009-02-03 111856]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"ForceActiveDesktopOn"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
shell\AutoRun\command - F:\autorun.exe
shell\phone\command - F:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ea090f22-3239-11de-8c33-001e3399ee74}]
shell\AutoRun\command - F:\autorun.exe
shell\phone\command - F:\autorun.exe


======List of files/folders created in the last 1 months======

2009-07-11 00:03:52 ----D---- C:\Program Files (x86)\Windows Installer Clean Up
2009-07-11 00:03:14 ----D---- C:\Program Files (x86)\MSECACHE
2009-07-10 23:20:00 ----D---- C:\Windows\Sun
2009-07-10 22:57:28 ----A---- C:\Windows\system32\javaws.exe
2009-07-10 22:57:28 ----A---- C:\Windows\system32\javaw.exe
2009-07-10 22:57:28 ----A---- C:\Windows\system32\java.exe
2009-07-10 22:57:03 ----D---- C:\Program Files (x86)\Java
2009-07-10 21:34:57 ----D---- C:\Program Files (x86)\Windows Live Safety Center
2009-07-10 20:06:32 ----D---- C:\Program Files (x86)\Panda Security
2009-07-10 19:49:27 ----D---- C:\Windows\BDOSCAN8
2009-07-10 18:51:57 ----A---- C:\Windows\system32\deploytk.dll
2009-06-25 16:22:37 ----D---- C:\Program Files (x86)\trend micro
2009-06-25 16:22:36 ----D---- C:\rsit
2009-06-14 12:52:00 ----A---- C:\Windows\system32\psisdecd.dll
2009-06-14 12:52:00 ----A---- C:\Windows\system32\EncDec.dll

======List of files/folders modified in the last 1 months======

2009-07-11 01:02:05 ----D---- C:\Windows\Temp
2009-07-11 00:57:41 ----SHD---- C:\Windows\Installer
2009-07-11 00:57:41 ----HD---- C:\Config.Msi
2009-07-11 00:46:55 ----D---- C:\Windows\System32
2009-07-11 00:46:55 ----D---- C:\Windows\inf
2009-07-11 00:05:22 ----SHD---- C:\System Volume Information
2009-07-11 00:03:53 ----SD---- C:\Users\chinchin\AppData\Roaming\Microsoft
2009-07-11 00:03:52 ----RD---- C:\Program Files (x86)
2009-07-10 23:20:00 ----D---- C:\Windows
2009-07-10 22:57:28 ----D---- C:\Windows\SysWOW64
2009-07-10 21:56:20 ----RD---- C:\Program Files
2009-07-10 21:34:57 ----SD---- C:\Windows\Downloaded Program Files
2009-07-10 19:54:06 ----D---- C:\Windows\Prefetch
2009-07-10 18:56:47 ----D---- C:\Program Files (x86)\Common Files
2009-07-06 21:44:03 ----D---- C:\SRN Micro
2009-07-06 20:19:27 ----D---- C:\Users\chinchin\AppData\Roaming\mjusbsp
2009-07-05 17:04:20 ----D---- C:\Program Files (x86)\Trojan Remover
2009-07-05 17:04:19 ----HD---- C:\ProgramData
2009-06-15 21:31:21 ----D---- C:\Windows\Microsoft.NET
2009-06-15 21:30:54 ----D---- C:\Windows\winsxs
2009-06-15 21:30:52 ----D---- C:\Windows\ehome
2009-06-15 21:29:33 ----D---- C:\ProgramData\Microsoft Help
2009-06-12 07:47:51 ----D---- C:\Program Files (x86)\Internet Explorer
2009-06-12 07:45:49 ----D---- C:\Program Files (x86)\Microsoft Works

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R3 AgereSoftModem;TOSHIBA Software Modem; C:\Windows\system32\DRIVERS\agrsm64.sys []
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys []
R3 FwLnk;FwLnk Driver; C:\Windows\system32\DRIVERS\FwLnk.sys []
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys []
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []
R3 ksthunk;Kernel Streaming Thunks; C:\Windows\system32\drivers\ksthunk.sys []
R3 NETw5v64;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 64 Bit ; C:\Windows\system32\DRIVERS\NETw5v64.sys []
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh64.sys []
R3 RTSTOR;Realtek USB 2.0 Card Reader; C:\Windows\system32\drivers\RTSTOR64.SYS []
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys []
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\Windows\system32\DRIVERS\tdcmdpst.sys []
R3 usbvideo;Chicony USB 2.0 Camera; C:\Windows\System32\Drivers\usbvideo.sys []
R3 UVCFTR;UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS []
S3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\DRIVERS\BthEnum.sys []
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys []
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys []
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys []
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys []
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys []
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys []
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys []
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys []
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys []
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys []
S3 SVRPEDRV;SVRPEDRV; C:\Windows\system32\drivers\SVRPEDRV.sys []
S3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys []
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys []
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys []
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys []
S4 KR10I64;KR10I64; C:\Windows\system32\drivers\kr10i64.sys []
S4 KR10N64;KR10N64; C:\Windows\system32\drivers\kr10n64.sys []
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys []
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agr64svc.exe []
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R2 ConfigFree Gadget Service;ConfigFree Gadget Service; C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2008-04-03 36864]
R2 ConfigFree Service;ConfigFree Service; C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2008-04-17 40960]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2008-04-30 1371136]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R2 HPSLPSVC;HP Network Devices Support; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R2 IAANTMON;Intel® Matrix Storage Event Monitor; C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2008-04-15 354840]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-20 21504]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-20 21504]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2008-04-30 826368]
R2 TMachInfo;TMachInfo; C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2008-08-04 46392]
R2 TNaviSrv;TOSHIBA Navi Support Service; C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe [2008-07-18 83312]
R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe []
R2 TosCoSrv;TOSHIBA Power Saver; C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe [2008-02-06 434016]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service; C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-03 175104]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2006-08-23 49152]
R2 YahooAUService;Yahoo! Updater; C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv; C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [2008-04-24 84992]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2008-01-20 93696]
S3 GameConsoleService;GameConsoleService; C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe [2008-05-28 164600]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-24 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-20 19968]

-----------------EOF-----------------

This post has been edited by docleng: 10 July 2009 - 01:27 PM

Quote

"If GOD brings you to it, He will bring you THROUGH it."

#10 User is offline   docleng 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 15
  • Joined: 02-June 09

Posted 11 July 2009 - 06:45 AM

From my last last post, Online scan of WINDOWS LIVE revealed 96% SCANNED AND COMPLETE > VIRUS AND SPYWARE SCAN revealed 0 items detected, 0 issues found. The next parameter scanned is REGISTRY CLEANER SCAN- System Software but the scan was incomplete, there the other parameters were not scanned anymore- DISK CLEAN UP, DISK FRAGMENTATION, OPEN PARTS SCAN, COMPUTER INFORMATION.
Tried BITDEFENDER AGAIN, went on with the scan- the 2 parameters ANTIVIRUS ENGINE & VIRUS SIGNATURE-scanned 100% then was still updating , I waited for an hour but there was no feedback. This is also what happened when I tried TREND MICRO again. So I just omitted this step and went on with the other steps. which went on smoothly.

Problems Encountered:
1. first download of MBAM resulted to ERROR-THE SETUP FILES ARE CORRUPTED. PLEASE OBTAIN A NEW COPY OF THE PROGRAM (from
ALTERNATE DOWNLOAD LINK) which successfully downloaded MBAM. During rebooting, before closing, a window appears FILE hpqgpc01.exe
APPLICATION ERROR saying: THE EXCEPTION UNKNOWN SOFTWARE EXCEPTION 0XC0000005 OCCURED IN THE APPLICATION AT
LOCATION 0X7535be16 -CLICK OK TO TERMINATE THE PROGRAM

2. want to stop Optional fixes, please send me list with instructions, thanks.

3. When SECUNIA SOFTWARE INSPECTOR was run, 5 patched version detected and the 2 insecure programs found are ADOBE READER
8.x (8.1.2) (latest should be 8.1.6 but when I downloaded, prompt appeared: THE UPGRADE PATCH CANNOT BE INSTALLED BY THE
WINDOWS INSTALLER SERVICE BECAUSE THE PROGRAM TO BE UPGRADED MAY BE MISSING, OR THE UPGRADE PATH UPGRADED EXISTS IN
YOUR COMPUTER AND THAT YOU HAVE THE CORRECT UPGRADE PATH ;and SUN JAVA 6u12 ( latest should be 6.0.130.0

4. Do I need to remove some of the programs in the desktop? if yes which ones? Because I noticed that browser is slightly slower than before, are
they related?

5. Please advice if I can now download antivirus software for my computer there's none in my computer. A friend also recommended AVAST. And
if I can already, correct me if I'm wrong, I have to uninstall SOLO antivirus?

THANKS FOR ALL THE HELP. I really appreciate it.

Logfile of random's system information tool 1.06 (written by random/random)
Run by chinchin at 2009-07-11 20:12:35
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 226 GB (76%) free of 295 GB
Total RAM: 3963 MB (62% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:12:43 PM, on 7/11/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18248)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Internet Explorer\ieuser.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Users\chinchin\Desktop\RSIT.exe
C:\Program Files (x86)\trend micro\chinchin.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ph.yahoo.com/?fr=fp-tyc7
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [cfFncEnabler.exe] cfFncEnabler.exe
O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TSS.exe" /hide
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [cdloader] "C:\Users\chinchin\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [Search Protection] C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/...S/wlscctrl2.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/...can8/oscan8.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~2\Office12\GR99D3~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Unknown owner - C:\Windows\system32\agr64svc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ConfigFree Gadget Service - TOSHIBA Corporation. - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: SmartFaceVWatchSrv - Toshiba - C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 12764 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Ad-Aware Update (Weekly).job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll [2009-03-13 908528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~2\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll [2009-06-12 259696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll [2009-07-05 669168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-04-24 470512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2009-07-10 41368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2009-03-13 165616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2008-10-16 505136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll [2009-03-13 908528]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll [2009-06-12 259696]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NDSTray.exe"=NDSTray.exe []
"cfFncEnabler.exe"=cfFncEnabler.exe []
"ToshibaServiceStation"=C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TSS.exe [2008-08-04 1242424]
"Camera Assistant Software"=C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe [2008-04-29 417792]
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"YSearchProtection"=C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe [2009-02-03 111856]
"hpqSRMon"=C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [2008-08-20 150016]
"HP Software Update"=C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"SunJavaUpdateSched"=C:\Program Files (x86)\Java\jre6\bin\jusched.exe [2009-07-10 148888]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"=C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [2008-05-19 432640]
"swg"=C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-08-18 68856]
"cdloader"=C:\Users\chinchin\AppData\Roaming\mjusbsp\cdloader2.exe [2009-04-10 50520]
"Search Protection"=C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe [2009-02-03 111856]
"YSearchProtection"=C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe [2009-02-03 111856]
"SUPERAntiSpyware"=C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-06-23 1830128]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"ForceActiveDesktopOn"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
shell\AutoRun\command - F:\autorun.exe
shell\phone\command - F:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ea090f22-3239-11de-8c33-001e3399ee74}]
shell\AutoRun\command - F:\autorun.exe
shell\phone\command - F:\autorun.exe


======List of files/folders created in the last 1 months======

2009-07-11 10:27:51 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2009-07-11 10:27:20 ----D---- C:\Users\chinchin\AppData\Roaming\SUPERAntiSpyware.com
2009-07-11 10:27:20 ----D---- C:\Program Files (x86)\SUPERAntiSpyware
2009-07-11 10:25:22 ----D---- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2009-07-11 10:05:20 ----D---- C:\Users\chinchin\AppData\Roaming\Malwarebytes
2009-07-11 10:05:16 ----D---- C:\ProgramData\Malwarebytes
2009-07-11 10:05:16 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2009-07-11 09:46:29 ----D---- C:\Program Files (x86)\SpywareBlaster
2009-07-11 08:13:27 ----HDC---- C:\ProgramData\{EF63305C-BAD7-4144-9208-D65528260864}
2009-07-11 08:13:23 ----D---- C:\ProgramData\Lavasoft
2009-07-11 08:13:23 ----D---- C:\Program Files (x86)\Lavasoft
2009-07-11 07:19:04 ----D---- C:\ProgramData\Spybot - Search & Destroy
2009-07-11 07:19:04 ----D---- C:\Program Files (x86)\Spybot - Search & Destroy
2009-07-11 04:52:46 ----A---- C:\Windows\system32\javaws.exe
2009-07-11 04:52:46 ----A---- C:\Windows\system32\javaw.exe
2009-07-11 04:52:46 ----A---- C:\Windows\system32\java.exe
2009-07-11 00:03:52 ----D---- C:\Program Files (x86)\Windows Installer Clean Up
2009-07-11 00:03:14 ----D---- C:\Program Files (x86)\MSECACHE
2009-07-10 23:20:00 ----D---- C:\Windows\Sun
2009-07-10 22:57:03 ----D---- C:\Program Files (x86)\Java
2009-07-10 21:34:57 ----D---- C:\Program Files (x86)\Windows Live Safety Center
2009-07-10 20:06:32 ----D---- C:\Program Files (x86)\Panda Security
2009-07-10 19:49:27 ----D---- C:\Windows\BDOSCAN8
2009-07-10 18:51:57 ----A---- C:\Windows\system32\deploytk.dll
2009-06-25 16:22:37 ----D---- C:\Program Files (x86)\trend micro
2009-06-25 16:22:36 ----D---- C:\rsit
2009-06-14 12:52:00 ----A---- C:\Windows\system32\psisdecd.dll
2009-06-14 12:52:00 ----A---- C:\Windows\system32\EncDec.dll

======List of files/folders modified in the last 1 months======

2009-07-11 20:12:38 ----D---- C:\Windows\Temp
2009-07-11 20:09:47 ----SHD---- C:\Windows\Installer
2009-07-11 20:09:47 ----HD---- C:\Config.Msi
2009-07-11 19:23:04 ----SD---- C:\Windows\Downloaded Program Files
2009-07-11 17:55:36 ----D---- C:\Windows\System32
2009-07-11 17:55:36 ----D---- C:\Windows\inf
2009-07-11 10:27:51 ----HD---- C:\ProgramData
2009-07-11 10:27:20 ----RD---- C:\Program Files (x86)
2009-07-11 10:26:48 ----SHD---- C:\System Volume Information
2009-07-11 10:25:22 ----D---- C:\Program Files (x86)\Common Files
2009-07-11 10:05:17 ----D---- C:\Windows\system32\drivers
2009-07-11 09:46:30 ----D---- C:\Windows\SysWOW64
2009-07-11 08:14:29 ----D---- C:\Windows\Tasks
2009-07-11 08:13:22 ----D---- C:\Windows\winsxs
2009-07-11 00:03:53 ----SD---- C:\Users\chinchin\AppData\Roaming\Microsoft
2009-07-10 23:20:00 ----D---- C:\Windows
2009-07-10 21:56:20 ----RD---- C:\Program Files
2009-07-10 19:54:06 ----D---- C:\Windows\Prefetch
2009-07-06 21:44:03 ----D---- C:\SRN Micro
2009-07-06 20:19:27 ----D---- C:\Users\chinchin\AppData\Roaming\mjusbsp
2009-07-05 17:04:20 ----D---- C:\Program Files (x86)\Trojan Remover
2009-06-15 21:31:21 ----D---- C:\Windows\Microsoft.NET
2009-06-15 21:30:52 ----D---- C:\Windows\ehome
2009-06-15 21:29:33 ----D---- C:\ProgramData\Microsoft Help
2009-06-12 07:47:51 ----D---- C:\Program Files (x86)\Internet Explorer
2009-06-12 07:45:49 ----D---- C:\Program Files (x86)\Microsoft Works

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R3 AgereSoftModem;TOSHIBA Software Modem; C:\Windows\system32\DRIVERS\agrsm64.sys []
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys []
R3 FwLnk;FwLnk Driver; C:\Windows\system32\DRIVERS\FwLnk.sys []
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys []
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []
R3 ksthunk;Kernel Streaming Thunks; C:\Windows\system32\drivers\ksthunk.sys []
R3 NETw5v64;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 64 Bit ; C:\Windows\system32\DRIVERS\NETw5v64.sys []
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh64.sys []
R3 RTSTOR;Realtek USB 2.0 Card Reader; C:\Windows\system32\drivers\RTSTOR64.SYS []
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys []
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\Windows\system32\DRIVERS\tdcmdpst.sys []
R3 usbvideo;Chicony USB 2.0 Camera; C:\Windows\System32\Drivers\usbvideo.sys []
R3 UVCFTR;UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS []
S1 SASDIFSV;SASDIFSV; \??\C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS [2009-06-23 9968]
S1 SASKUTIL;SASKUTIL; \??\C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys [2009-06-23 72944]
S3 aswArKrn;aswArKrn; \??\C:\Users\chinchin\AppData\Local\Temp\aswArKrn.sys []
S3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\DRIVERS\BthEnum.sys []
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys []
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys []
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys []
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys []
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys []
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys []
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys []
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys []
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys []
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys []
S3 SASENUM;SASENUM; \??\C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS [2009-06-23 7408]
S3 SVRPEDRV;SVRPEDRV; C:\Windows\system32\drivers\SVRPEDRV.sys []
S3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys []
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys []
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys []
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys []
S4 KR10I64;KR10I64; C:\Windows\system32\drivers\kr10i64.sys []
S4 KR10N64;KR10N64; C:\Windows\system32\drivers\kr10n64.sys []
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys []
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agr64svc.exe []
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R2 ConfigFree Gadget Service;ConfigFree Gadget Service; C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2008-04-03 36864]
R2 ConfigFree Service;ConfigFree Service; C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2008-04-17 40960]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2008-04-30 1371136]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R2 HPSLPSVC;HP Network Devices Support; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R2 IAANTMON;Intel® Matrix Storage Event Monitor; C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2008-04-15 354840]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-20 21504]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-20 21504]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2008-04-30 826368]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 TMachInfo;TMachInfo; C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2008-08-04 46392]
R2 TNaviSrv;TOSHIBA Navi Support Service; C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe [2008-07-18 83312]
R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe []
R2 TosCoSrv;TOSHIBA Power Saver; C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe [2008-02-06 434016]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service; C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-03 175104]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2006-08-23 49152]
R2 YahooAUService;Yahoo! Updater; C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv; C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [2008-04-24 84992]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2008-01-20 93696]
S3 GameConsoleService;GameConsoleService; C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe [2008-05-28 164600]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-24 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2009-07-03 1029456]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-20 19968]

-----------------EOF-----------------


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/11/2009 at 11:40 AM

Application Version : 4.26.1006

Core Rules Database Version : 3986
Trace Rules Database Version: 1926

Scan type : Complete Scan
Total Scan Time : 00:59:17

Memory items scanned : 471
Memory threats detected : 0
Registry items scanned : 6905
Registry threats detected : 0
File items scanned : 135940
File threats detected : 18

Adware.Tracking Cookie
C:\Users\chinchin\AppData\Roaming\Microsoft\Windows\Cookies\chinchin@microsoftwindows.112.2o7[1].txt
C:\Users\chinchin\AppData\Roaming\Microsoft\Windows\Cookies\chinchin@msnportal.112.2o7[1].txt
C:\Users\chinchin\AppData\Roaming\Microsoft\Windows\Cookies\chinchin@ads.sun[2].txt
C:\Users\chinchin\AppData\Roaming\Microsoft\Windows\Cookies\chinchin@msnservices.112.2o7[1].txt
C:\Users\chinchin\AppData\Roaming\Microsoft\Windows\Cookies\chinchin@2o7[2].txt
C:\Users\chinchin\AppData\Roaming\Microsoft\Windows\Cookies\chinchin@atdmt[1].txt
C:\Users\chinchin\AppData\Roaming\Microsoft\Windows\Cookies\chinchin@server.iad.liveperson[3].txt
C:\Users\chinchin\AppData\Roaming\Microsoft\Windows\Cookies\chinchin@tribalfusion[1].txt
C:\Users\chinchin\AppData\Roaming\Microsoft\Windows\Cookies\chinchin@server.iad.liveperson[2].txt
C:\Users\chinchin\AppData\Roaming\Microsoft\Windows\Cookies\chinchin@overture[1].txt
C:\Users\chinchin\AppData\Roaming\Microsoft\Windows\Cookies\Low\chinchin@ad.yieldmanager[1].txt
C:\Users\chinchin\AppData\Roaming\Microsoft\Windows\Cookies\Low\chinchin@adinterax[2].txt
C:\Users\chinchin\AppData\Roaming\Microsoft\Windows\Cookies\Low\chinchin@ads.bleepingcomputer[1].txt
C:\Users\chinchin\AppData\Roaming\Microsoft\Windows\Cookies\Low\chinchin@ads.sun[1].txt
C:\Users\chinchin\AppData\Roaming\Microsoft\Windows\Cookies\Low\chinchin@overture[1].txt
C:\Users\chinchin\AppData\Roaming\Microsoft\Windows\Cookies\Low\chinchin@revsci[2].txt
C:\Users\chinchin\AppData\Roaming\Microsoft\Windows\Cookies\Low\chinchin@richmedia.yahoo[1].txt
C:\Users\chinchin\AppData\Roaming\Microsoft\Windows\Cookies\Low\chinchin@socialmedia[2].txt


Malwarebytes' Anti-Malware 1.38
Database version: 2405
Windows 6.0.6001 Service Pack 1

7/11/2009 10:11:56 AM
mbam-log-2009-07-11 (10-11-56).txt

Scan type: Quick Scan
Objects scanned: 78274
Time elapsed: 1 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

This post has been edited by docleng: 11 July 2009 - 07:22 AM

Quote

"If GOD brings you to it, He will bring you THROUGH it."

#11 User is offline   suebaby41 

  • W.A.M. (Women Against Malware)
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 6,247
  • Joined: 03-January 05
  • Location:South Carolina, USA

Posted 11 July 2009 - 06:26 PM

Quote

1. first download of MBAM resulted to ERROR-THE SETUP FILES ARE CORRUPTED. PLEASE OBTAIN A NEW COPY OF THE PROGRAM (from
ALTERNATE DOWNLOAD LINK) which successfully downloaded MBAM. During rebooting, before closing, a window appears FILE hpqgpc01.exe
APPLICATION ERROR saying: THE EXCEPTION UNKNOWN SOFTWARE EXCEPTION 0XC0000005 OCCURED IN THE APPLICATION AT
LOCATION 0X7535be16 -CLICK OK TO TERMINATE THE PROGRAM

I assume you solved this problem since you posted a MBAM log.

Quote

2. want to stop Optional fixes, please send me list with instructions, thanks.

By fixing the "Optional Fixes", you will remove the program from your startup but you will not remove the program itself. Note the large number of startup items. This adversely affects the bootup time and computer speed with this large amount of unnecessary programs loading at startup and then running in the background.

Please run HijackThis and click Scan. Place checks next to the HijackThis entries that are Optional Fixes that you have chosen to remove from your startup list.

NDSTray.exe (ConfigFreeT Tray) process can be removed to free up resources without compromising system performance. ConfigFreeT Tray on a Toshiba laptop. Tray utility for their network switching application which permits switching network devices and settings with a click on the tray icon. While it is not required, for people who span multiple networks and want an easy way to go from wired to wireless and change addresses and other network settings, it is necessary. This is a valid program but it is not required to run on startup. Whether or not you need to run this program on startup must be decided by you. If you feel that you want this program starting automatically so that you have it available as needed, then do not disable it. This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis:

O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe

SearchProtection.exe (Yahoo) process can be removed to free up resources without compromising system performance. Related to Yahoo_Search protection will alert you if an attempt is made to change your default browser search engine from Yahoo!. Note: Located in \%Program Files%\Yahoo!\Search Protection\. This is a valid program but it is not required to run on startup. This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis:

O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe"

O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe

HPWuSchd2.exe and HPWuSchd.exe (HP software updates) process can be removed to free up resources without compromising system performance. This is the HP software updates. If a shortcut doesn't exist, create your own and run it manually. This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis:

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

You have jusched.exe running at Startup. It checks with Sun's Java updates site to see if newer Java versions are available. This program is not required to start automatically. You can do this manually by visiting http://java.sun.com or just run the Java Plug-In Control Panel. It is advised that you disable this program so that it does not take up necessary resources. It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis:

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"

googletoolbarnotifier.exe process can be removed to free up resources without compromising system performance. googletoolbarnotifier or googletoolbarnotifier.exe is a process associated with the GoogleToolbarNotifier from Google Inc.. Disabling or enabling it is down to user preference. This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. This is the item to fix in HijackThis:

O4 - HKCU\..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

sidebar.exe (Windows Vista Sidebar) process can be removed to free up resources without compromising system performance. sidebar.exe belongs to Windows Sidebar on the Windows Desktop. Windows desktop sidebar is the best alternative for Longhorn desktop. Whether or not you need to run this program on startup must be decided by you. If you feel that you want this program starting automatically so that you have it available as needed, then do not disable it. This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis:

O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

oobefldr.dll (WindowsWelcomeCenter) process can be removed to free up resources without compromising system performance. oobefldr.dll is a Welcome Center from Microsoft Corporation belonging to Microsoft® Windows® Operating System. WindowsWelcomeCenter is not necessary for startup. It is usually run infrequently and can be started manually if needed. This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis:

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

hpqtra08.exe (Hewlett Packard Imaging) process can be removed to free up resources without compromising system performance. hpqtra08.exe is installed alongside the drivers for Hewlett Packard Imaging devices and installs an easy-to-use tray bar icon for quick access to diagnostics. This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis:

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

I see you are using Wild Tangent. It is not malware, but is sometimes thought to bring malware along. Wild Tangent is a video game software company specializing in online games. It has even made a partnership with AOL to include itself as part of the AOL Instant Messenger for their AIM games section. The WildTangent Web Driver is their technology that allows you to play 3D games over the Internet. Although it’s not technically considered spyware, it does have built in components to update itself and gather information about the computer system including
  • Operating System Version
  • CPU Type and Speed
  • Memory Amount
    Video Card type and Driver Version
  • Sound Card type and Driver Version
  • DirectX Version
    Location that the Web Driver was installed from
  • It is also a MAJOR resource hog.
For more information, see WildTangent Removal Instructions and Help and Inside Wild Tangent-Delivering High-End 3-D Content To A Web Site Near You.
Unless you are an extremely avid games player, I recommend you uninstall Wild Tangent: To uninstall Wild Tangent:
  • Click Start, point to Settings, and then click Control Panel.
  • In Control Panel, double-click Add or Remove Programs.
  • In Add or Remove Programs, highlight Wild Tangent, click Remove.
  • Close the Add or Remove Programs and the Control Panel windows.
Item(s) to fix in HijackThis:

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe

GoogleUpdaterService.exe (Google Updater) process can be removed to free up resources without compromising system performance. Used to update Google programs such as Google Toolbar. This is a valid program but it is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. To change the service to Manual or Disable.
  • Right-click on My Computer and choose Manage.
  • Expand the Services and Applications section and click on Services.
  • On the right-side of the screen, find the entry for Google Updater Service and double-click on it.
  • Change the Startup Type: to Manual or Disable.
  • Hit the OK button and close the Computer Management screen.
Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis:

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

IDriverT.exe (InstallDriver Table Manager) process can be removed to free up resources without compromising system performance. IDriverT.exe is a process which belongs to the InstallShield product installation service which should only appear when you are installing a new piece of software. This program is not required to start automatically as you can start it manually if you need it. To change to Manual:
  • Right-click on My Computer and choose Manage.
  • Expand the Services and Applications section and click on Services.
  • On the right-side of the screen, find the entry for InstallDriver Table Manager and double-click on it.
  • Change the Startup Type: to Manual.
  • Hit the OK button and close the Computer Management screen.
Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis:

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

Close all browsers and other windows except for HijackThis, and click Fix Checked to have HijackThis fix the entries you checked.

Quote

3. When SECUNIA SOFTWARE INSPECTOR was run, 5 patched version detected and the 2 insecure programs found are ADOBE READER
8.x (8.1.2) (latest should be 8.1.6 but when I downloaded, prompt appeared: THE UPGRADE PATCH CANNOT BE INSTALLED BY THE
WINDOWS INSTALLER SERVICE BECAUSE THE PROGRAM TO BE UPGRADED MAY BE MISSING, OR THE UPGRADE PATH UPGRADED EXISTS IN YOUR COMPUTER AND THAT YOU HAVE THE CORRECT UPGRADE PATH ;and SUN JAVA 6u12 ( latest should be 6.0.130.0

Uninstall all versions of Java. Reboot. Download and install the latest version of Java.

Quote

4. Do I need to remove some of the programs in the desktop? if yes which ones? Because I noticed that browser is slightly slower than before, are they related?

Doing the Optional Fixes should speed up your computer.

Quote

5. Please advice if I can now download antivirus software for my computer there's none in my computer. A friend also recommended AVAST. And
if I can already, correct me if I'm wrong, I have to uninstall SOLO antivirus?
  • Please download Avast! 4 Home Edition.
  • We need to disconnect your computer from the Internet. By doing this, it prevents any further Internet activity until the removal of malware is complete. You need to make it impossible for viruses, trojan horses, worms and spyware to call for backup once you start to dismantle them. They will continue to infect your computer with new variants while you are connected to the Internet. We also need to prevent hackers from controlling your system and they will try to prevent you from removing the pests they installed on your computer.

    Close ALL browser windows (including this one). Exit all processes and items in your System tray.

    According to how your computer connects to the Internet, please disconnect your computer from the Internet. Possible means of disconnecting your computer from the Internet include:
    • Physically remove the cable for your broadband Internet service “Always On” Connection from your computer.
    • Turn your modem off.
    • Disconnect your modem cable from your computer.
    • Turn the device off for Hand-held wireless connections.
    • Some laptops have a switch that will disconnect the laptop from the Internet.

  • Uninstall SOLO antivirus. Install Avast4. If needed, see How to Install, Configure, and Use Avast Antivirus
Please post a new HijackThis log.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate
Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#12 User is offline   docleng 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 15
  • Joined: 02-June 09

Posted 12 July 2009 - 09:46 AM

Quote

Please run HijackThis and click Scan. Place checks next to the HijackThis entries that are Optional Fixes that you have chosen to remove from your startup list.


Was able to run Hijackthis but I don't know where to to find and CLICK SCAN. And unfortunately, I don't know also how to PLACE CHECKS NEXT TO THE HIJACK THIS ENTRIES. Sorry but all of these are quite new to me, really outdated when it comes to technologies :thumbup2: .
I just hope you won't get tired of me :)

Quote

"If GOD brings you to it, He will bring you THROUGH it."

#13 User is offline   suebaby41 

  • W.A.M. (Women Against Malware)
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 6,247
  • Joined: 03-January 05
  • Location:South Carolina, USA

Posted 12 July 2009 - 11:23 AM

  • If you have not already done so, please download Trend Micro - HijackThis.
  • Double click HJTInstall.exe to begin installation.
  • Accept the installation location, which by default is C:\Program Files\Trend Micro\HijackThis or click the Browse... button if you want to save it in another location.
  • Click Install.
  • A shortcut will be created on your Desktop and HijackThis will run automatically.
  • Click the button labeled Do a system scan only.
  • Click the Scan button in the lower left hand corner of the interface and HijackThis will quickly scan your system.

You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate
Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#14 User is offline   docleng 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 15
  • Joined: 02-June 09

Posted 13 July 2009 - 12:27 PM

Greetings! :thumbup2:
Uninstalled all javas, then rebooted. After which I checked in Control panel>Programs uninstallation was successful. but when I checked in Java.com, if I have jre, this appeared:

Verifying Java Version
Congratulations!
You have the recommended Java installed (Version 6 Update 14).
The latest version of JRE is installed and running correctly on your system.
OS architecture: x86

I checked in TOOLS>INTERNET OPTIONS>PROGRAMS>MANAGE ADD ONS, There is an item: Java™Plug-in 1.6.0_14-b08 - disabled[. So I enabled it.
I checked in TOOLS>INTERNET OPTIONS>ADVANCED, there's still no java (sun) item.

Found the java program in CONTROL PANEL>ADDITIONAL OPTIONS>VIEW 32-BIT> JAVA CONTROL PANEL. Is it just a temporary files that's why it doesn't appear in my control panel? How can I make it visible?

Thanks.

Logfile of random's system information tool 1.06 (written by random/random)
Run by chinchin at 2009-07-14 01:29:18
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 223 GB (75%) free of 295 GB
Total RAM: 3963 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:29:26 AM, on 7/14/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18248)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files (x86)\Internet Explorer\ieuser.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Users\chinchin\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\chinchin.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ph.yahoo.com/?fr=fp-tyc7
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [cfFncEnabler.exe] cfFncEnabler.exe
O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TSS.exe" /hide
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [cdloader] "C:\Users\chinchin\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [Search Protection] C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/...S/wlscctrl2.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/...can8/oscan8.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~2\Office12\GR99D3~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Unknown owner - C:\Windows\system32\agr64svc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ConfigFree Gadget Service - TOSHIBA Corporation. - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: SmartFaceVWatchSrv - Toshiba - C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 12138 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Ad-Aware Update (Weekly).job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll [2009-03-13 908528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~2\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll [2009-06-12 259696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll [2009-07-05 669168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-04-24 470512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2009-07-10 41368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2009-03-13 165616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2008-10-16 505136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll [2009-03-13 908528]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll [2009-06-12 259696]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"cfFncEnabler.exe"=cfFncEnabler.exe []
"ToshibaServiceStation"=C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TSS.exe [2008-08-04 1242424]
"Camera Assistant Software"=C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe [2008-04-29 417792]
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"hpqSRMon"=C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [2008-08-20 150016]
"SunJavaUpdateSched"=C:\Program Files (x86)\Java\jre6\bin\jusched.exe [2009-07-10 148888]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"=C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [2008-05-19 432640]
"cdloader"=C:\Users\chinchin\AppData\Roaming\mjusbsp\cdloader2.exe [2009-04-10 50520]
"Search Protection"=C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe [2009-02-03 111856]
"SUPERAntiSpyware"=C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-06-23 1830128]
"swg"=C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-08-18 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"ForceActiveDesktopOn"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
shell\AutoRun\command - F:\autorun.exe
shell\phone\command - F:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ea090f22-3239-11de-8c33-001e3399ee74}]
shell\AutoRun\command - F:\autorun.exe
shell\phone\command - F:\autorun.exe


======List of files/folders created in the last 1 months======

2009-07-13 23:38:41 ----A---- C:\Windows\system32\MFC71.dll
2009-07-13 23:38:41 ----A---- C:\Windows\system32\aswBoot.exe
2009-07-11 10:27:51 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2009-07-11 10:27:20 ----D---- C:\Users\chinchin\AppData\Roaming\SUPERAntiSpyware.com
2009-07-11 10:27:20 ----D---- C:\Program Files (x86)\SUPERAntiSpyware
2009-07-11 10:25:22 ----D---- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2009-07-11 10:05:20 ----D---- C:\Users\chinchin\AppData\Roaming\Malwarebytes
2009-07-11 10:05:16 ----D---- C:\ProgramData\Malwarebytes
2009-07-11 10:05:16 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2009-07-11 09:46:29 ----D---- C:\Program Files (x86)\SpywareBlaster
2009-07-11 08:13:27 ----HDC---- C:\ProgramData\{EF63305C-BAD7-4144-9208-D65528260864}
2009-07-11 08:13:23 ----D---- C:\ProgramData\Lavasoft
2009-07-11 08:13:23 ----D---- C:\Program Files (x86)\Lavasoft
2009-07-11 07:19:04 ----D---- C:\ProgramData\Spybot - Search & Destroy
2009-07-11 07:19:04 ----D---- C:\Program Files (x86)\Spybot - Search & Destroy
2009-07-11 04:52:46 ----A---- C:\Windows\system32\javaws.exe
2009-07-11 04:52:46 ----A---- C:\Windows\system32\javaw.exe
2009-07-11 04:52:46 ----A---- C:\Windows\system32\java.exe
2009-07-11 00:03:52 ----D---- C:\Program Files (x86)\Windows Installer Clean Up
2009-07-11 00:03:14 ----D---- C:\Program Files (x86)\MSECACHE
2009-07-10 23:20:00 ----D---- C:\Windows\Sun
2009-07-10 22:57:03 ----D---- C:\Program Files (x86)\Java
2009-07-10 21:34:57 ----D---- C:\Program Files (x86)\Windows Live Safety Center
2009-07-10 20:06:32 ----D---- C:\Program Files (x86)\Panda Security
2009-07-10 19:49:27 ----D---- C:\Windows\BDOSCAN8
2009-07-10 18:51:57 ----A---- C:\Windows\system32\deploytk.dll
2009-06-25 16:22:37 ----D---- C:\Program Files (x86)\trend micro
2009-06-25 16:22:36 ----D---- C:\rsit

======List of files/folders modified in the last 1 months======

2009-07-14 01:29:21 ----D---- C:\Windows\Temp
2009-07-14 01:06:59 ----D---- C:\Windows\System32
2009-07-14 01:06:59 ----D---- C:\Windows\inf
2009-07-14 00:05:15 ----SHD---- C:\Windows\Installer
2009-07-14 00:05:15 ----HD---- C:\Config.Msi
2009-07-14 00:05:12 ----D---- C:\Program Files (x86)
2009-07-14 00:04:02 ----SHD---- C:\System Volume Information
2009-07-13 23:49:58 ----AD---- C:\ProgramData\TEMP
2009-07-13 23:38:54 ----D---- C:\Windows\system32\drivers
2009-07-13 23:38:53 ----D---- C:\Windows\SysWOW64
2009-07-13 23:38:39 ----RD---- C:\Program Files
2009-07-13 23:26:11 ----D---- C:\SRN Micro
2009-07-13 23:26:10 ----A---- C:\AUTOEXEC.BAT
2009-07-13 21:41:06 ----SD---- C:\Users\chinchin\AppData\Roaming\Microsoft
2009-07-13 21:38:41 ----D---- C:\Program Files (x86)\TOSHIBA Games
2009-07-13 21:37:36 ----D---- C:\ProgramData\WildTangent
2009-07-11 19:23:04 ----SD---- C:\Windows\Downloaded Program Files
2009-07-11 10:27:51 ----HD---- C:\ProgramData
2009-07-11 10:25:22 ----D---- C:\Program Files (x86)\Common Files
2009-07-11 08:14:29 ----D---- C:\Windows\Tasks
2009-07-11 08:13:22 ----D---- C:\Windows\winsxs
2009-07-10 23:20:00 ----D---- C:\Windows
2009-07-10 19:54:06 ----D---- C:\Windows\Prefetch
2009-07-06 20:19:27 ----D---- C:\Users\chinchin\AppData\Roaming\mjusbsp
2009-07-05 17:04:20 ----D---- C:\Program Files (x86)\Trojan Remover
2009-06-15 21:31:21 ----D---- C:\Windows\Microsoft.NET
2009-06-15 21:30:52 ----D---- C:\Windows\ehome
2009-06-15 21:29:33 ----D---- C:\ProgramData\Microsoft Help

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys []
R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys []
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys []
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys []
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys []
R3 AgereSoftModem;TOSHIBA Software Modem; C:\Windows\system32\DRIVERS\agrsm64.sys []
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys []
R3 FwLnk;FwLnk Driver; C:\Windows\system32\DRIVERS\FwLnk.sys []
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys []
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []
R3 ksthunk;Kernel Streaming Thunks; C:\Windows\system32\drivers\ksthunk.sys []
R3 NETw5v64;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 64 Bit ; C:\Windows\system32\DRIVERS\NETw5v64.sys []
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh64.sys []
R3 RTSTOR;Realtek USB 2.0 Card Reader; C:\Windows\system32\drivers\RTSTOR64.SYS []
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys []
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\Windows\system32\DRIVERS\tdcmdpst.sys []
R3 usbvideo;Chicony USB 2.0 Camera; C:\Windows\System32\Drivers\usbvideo.sys []
R3 UVCFTR;UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS []
S1 SASDIFSV;SASDIFSV; \??\C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS [2009-06-23 9968]
S1 SASKUTIL;SASKUTIL; \??\C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys [2009-06-23 72944]
S3 aswArKrn;aswArKrn; \??\C:\Users\chinchin\AppData\Local\Temp\aswArKrn.sys []
S3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\DRIVERS\BthEnum.sys []
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys []
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys []
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys []
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys []
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys []
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys []
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys []
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys []
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys []
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys []
S3 SASENUM;SASENUM; \??\C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS [2009-06-23 7408]
S3 SVRPEDRV;SVRPEDRV; C:\Windows\system32\drivers\SVRPEDRV.sys []
S3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys []
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys []
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys []
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys []
S4 KR10I64;KR10I64; C:\Windows\system32\drivers\kr10i64.sys []
S4 KR10N64;KR10N64; C:\Windows\system32\drivers\kr10n64.sys []
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys []
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agr64svc.exe []
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R2 ConfigFree Gadget Service;ConfigFree Gadget Service; C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2008-04-03 36864]
R2 ConfigFree Service;ConfigFree Service; C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2008-04-17 40960]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2008-04-30 1371136]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R2 HPSLPSVC;HP Network Devices Support; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R2 IAANTMON;Intel® Matrix Storage Event Monitor; C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2008-04-15 354840]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-20 21504]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-20 21504]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2008-04-30 826368]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 TMachInfo;TMachInfo; C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2008-08-04 46392]
R2 TNaviSrv;TOSHIBA Navi Support Service; C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe [2008-07-18 83312]
R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe []
R2 TosCoSrv;TOSHIBA Power Saver; C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe [2008-02-06 434016]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service; C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-03 175104]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2006-08-23 49152]
R2 YahooAUService;Yahoo! Updater; C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv; C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [2008-04-24 84992]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2008-01-20 93696]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-24 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2009-07-03 1029456]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-20 19968]

-----------------EOF-----------------

Quote

"If GOD brings you to it, He will bring you THROUGH it."

#15 User is offline   suebaby41 

  • W.A.M. (Women Against Malware)
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 6,247
  • Joined: 03-January 05
  • Location:South Carolina, USA

Posted 13 July 2009 - 01:06 PM

Great job! Your HijackThis log appears to be clean.

Tips To Protect Your Computer
  • Avoid clicking on links in instant messages.
  • Avoid opening email attachments.
  • Avoid visiting every poker site on the net.
  • Avoid downloading all that free cute junk.
  • Avoid using the peer-to-peer file sharing.
  • Avoid getting those handy toolbar doodads for your browsers.
  • Malware is out there just waiting to pounce on your system if you only pass by where they are lurking which may be at some seemingly innocent web site. Be careful because some of the malware are so vicious that no one can possibly save you once you let them in.
  • Remember that new malware emerges every week of the year. Take responsibility for protecting your system because you are its first and best defense.

Tools Downloaded To Clean Your Computer

I may have asked you to install some tools. Some need to be removed; others may be left to your decision. Whether or not you need to keep these programs must be decided by you. If you choose to uninstall them, follow these directions:
  • Click Start > Control Panel.
  • In Control Panel, double-click Add or Remove Programs.
  • In Add or Remove Programs, highlight the program, click Remove.
  • Close the Add or Remove Programs and the Control Panel windows.
Optional Tools:
  • Ad-Aware 2008 scans, detects, and removes spyware on your computer.
  • ATF-Cleaner cleans all user temp folders, Java cache, (which seems to be harboring more and more malware), the cache, cookies, history, download history, visited links and saved passwords. Scan weekly if you have high Internet use.
  • Trend Micro's HijackThis or random's System Information Tool (RSIT) may be uninstalled; however, if you should ever encounter another problem and seek help in this forum or others like it, you will need to download this application.
  • SUPERAntiSpyware scans, detects, and removes spyware on your computer.
  • Malwarebytes ' Anti-Malware scans, detects, and removes malware on your computer.
  • a-squared Free scans, detects, and removes trojans, worms, spyware on your computer.
  • Spybot S&D scans, detects, and removes malware on your computer.
Restore the default settings for files/folders..
  • Go to My Computer.
  • Select the Tools menu and click Folder Options.
  • Click the View tab.
  • Under Advanced Settings, click the Restore Defaults button in the lower right corner.
  • Click Apply and then the OK and close My Computer.
Please take the time to read the "Steps To Keep Your Computer Clean And Secure" below.

Steps To Keep Your Computer Clean And Secure:
Please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. After cleaning, you will need to disable the System Restore function for files placed in the System volume information folder are source files for the System Restore function that is available in Windows VISTA operating system. Files that were healed were moved in their original INFECTED state into this folder and it is necessary to DELETE them by following these steps:
    For more information, see Windows Vista System Restore Guide. Disabling System Restore
    It is advised that you do not turn off System Restore unless you have specific need to do so.
    WARNING: By disabling system restore you will delete all stored restore points and shadow copies of documents on your computer.
    To disable System Restore you would follow these steps:
    • Click on the Start button to open your Start Menu. The Start button looks like Vista Start Button.
    • Click on the Control Panel menu option.
    • Click on the System and Maintenance menu option.
    • Click on the System menu option.
    • Click on System Protection in the left-hand task list.
    • Uncheck the check boxes next to each hard drive listed under the Create restore points automatically on the selected disks: section. When you uncheck a disk you will be presented with the screen, Turn off System Restore confirmation.
    • You should click on the Turn System Protection Off button.
    • Press the Apply button and then the OK button.
    • System Restore is now disabled on your computer.
    Enabling System Restore
    By default System Restore is enabled on Windows Vista computers so you will only need to enable it if you have previously disabled it. To enable System Restoredo the following:
    • Click on the Start button to open your Start Menu. The Start button looks like the Vista Start Button.
    • Click on the Control Panel menu option.
    • Click on the System and Maintenance menu option.
    • Click on the System menu option.
    • Click on System Protection in the left-hand task list.
    • Put a check mark in the check boxes next to each hard drive listed under the Create restore points automatically on the selected disks: section.
    • Press the Apply button and then the OK button.
    • System Restore is now enabled on your computer.

  • Make your Internet Explorer more secure: This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub frames across different domains to Prompt

    • When all these settings have been made, click on the OK button.
    • If it asks you if you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.

  • Use a Firewall: - I cannot stress how important it is that you use a Firewall on your computer.  Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. For an article on Firewalls and a listing of some available ones see the link below:
    Computer Safety On line - Software Firewalls For more information about firewalls, and why a two-way firewall is better than the Windows XP one-way firewall, please read Understanding and Using Firewalls.
  • Use An Antivirus Software and Keep It Updated: - It is very important that your computer has an antivirus software running on your machine.  This alone can save you a lot of trouble with malware in the future.  It is imperative that you update your antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software, then it will not be able to catch any of the new variants that may come out. For an article on antivirus programs and a listing of some available ones see the link below:
    Computer Safety On line - Anti-Virus
  • Visit Microsoft's Windows Update Site Frequently: It is important that you visit Microsoft Windows Update regularly. This will ensure your computer has the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
  • You should scan your computer with Spybot S&D on a regular basis just as you would an anti- virus software. A tutorial on installing & using this product can be found here:
    Using Spybot - Search & Destroy to remove Spyware from Your Computer
  • You should scan your computer with Ad-Aware 2008 as well as Spybot S&D and your anti-virus program on a regular basis. A tutorial on installing & using this product can be found here:
    Ad-Aware 2007/2008.
  • Install SpywareBlaster: SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. An article on anti-malware products with links for this program and others can be found here:
    Computer Safety on line Anti Malware
  • Use the hosts file: Every version of windows has a hosts file as part of them. In a very basic sense, they are used to locate web pages. We can customize a hosts file so that it blocks certain web pages. However, it can slow down certain computers. This is why using a hosts file is optional. Download mvps hosts file Make sure you read the instructions on how to install the hosts file. There is a good tutorial HERE If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:
    • Click the start button on the task bar at the bottom of your screen
    • Click run
    • In the dialog box, type services.msc
    • hit enter, then locate dns client
    • Highlight it, then doubleclick it.
    • On the dropdown box, change the setting from automatic to manual.
    • Click OK.

  • Use an alternative instant messenger program:.Trillian and Miranda IM These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
  • Please read Tony Klein's excellent article: How I got Infected in the First Place
  • Please read Understanding Spyware, Browser Hijackers, and Dialers
  • Please read Simple and easy ways to keep your computer safe and secure on the Internet.
  • If you are using Internet Explorer, please consider using an alternate browser: Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built in popup blocker (as an added benefit!) that I have ever seen.
    Another good browser is Opera . Opera 9 comes loaded with the tools to keep you productive and safe. Try it today, it's absolutely free. Some of the Opera features are: Customization, BitTorrent, Content blocker, Add your favorite search engines, Thumbnail preview of tabs, Widgets, Transfer manager, Tabbed browsing, Password manager, Sessions (You can save a collection of open tabs as a session, for later retrieval, or start with the pages you had open when Opera was last closed.), Keyboard Shortcuts, Cookie control, a multitude of languages, Validate code, Toggle graphics and style sheets, and Special features such as Full-screen mode, Kiosk mode.
  • Update all these programs regularly: Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
  • If your computer was infected by a website, a program, IM, MSN, or p2p, check this site because it is Time To Fight Back.
Follow these steps and your potential for being infected again will reduce dramatically.
Good luck!
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate
Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

Share this topic:


  • 2 Pages +
  • 1
  • 2
  • You cannot start a new topic
  • This topic is locked

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users