Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help! Win32.vb.jl


  • Please log in to reply
8 replies to this topic

#1 dynamic25

dynamic25

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:19 PM

Posted 04 April 2008 - 09:10 PM

Hi, my computer seems to be infected with Win32.vb.jl. I'm afraid I don't know much at all about computers or viruses so i'm not sure where to start. I tried spybot and it found Win32.vb.jl but it wouldnt let me delete it, it said I needed administrator access, I am the only administrator on this computer so I dont know what to do about that. I'm now trying to run superantispyware.

My computer keeps freezing, and it is also very slow. When I try to use internet explorer it often freezes and won't let me go to certain web pages. It also sometimes freezes and then loads the browser up massively inflated. Help! :thumbsup:

BC AdBot (Login to Remove)

 


m

#2 dynamic25

dynamic25
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:19 PM

Posted 04 April 2008 - 09:42 PM

Some more info, I think the virus also affected the website that I run. It corrupted the groups section and added a link to www.nmidahena.com, and also got into our backoffice admin section and deleted all ofthe data in 2 sections.

#3 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,722 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:01:19 PM

Posted 07 April 2008 - 11:17 PM

Hello dynamic25 and welcome to BC :thumbsup:

In order to provide you with proper disinfection instructions, we need additional information.

What is your operating system: Windows XP, Vista, etc.?

What security programs, besides SUPERAntiSpyware and Spybot, do you have installed? Please name them.

Is the computer a standalone computer or is it part of a network?

Were you able to run a scan with SUPERAntiSpyware?

Orange Blossom :flowers:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#4 dynamic25

dynamic25
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:19 PM

Posted 08 April 2008 - 11:14 PM

Hi, thank you :thumbsup:

What is your operating system: Windows XP, Vista, etc.? VISTA

What security programs, besides SUPERAntiSpyware and Spybot, do you have installed? Please name them. - AVG FREE EDITION

Is the computer a standalone computer or is it part of a network? STAND ALONE

Were you able to run a scan with SUPERAntiSpyware? YES, BUT IT DIDN'T FIND THE SAME PROBLEM THAT SPYBOT DID (WIN32.VB.JL). IT ONLY FOUND ADWARE TRACKING COOKIES.

#5 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,722 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:01:19 PM

Posted 08 April 2008 - 11:40 PM

Hello dynamic25,

Let's try this:

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Please post the MalwareBytes log in your next reply.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#6 dynamic25

dynamic25
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:19 PM

Posted 09 April 2008 - 12:28 AM

Hi, when I tried to update the programme it said updates failed - internet cant connect and make sure your firewall allows the programme access. I tried the other link to get the updates but for some reason that page won't load up (it just says loading but no page appears, i'm having this problem recently - some webpages load fine but others wont load and then it asks me to connect to the internet. It's normally just some websites when this occurs, for example http://www.tour2korea.com).

Anyway I ran the programme and it came up with the following:

Malwarebytes' Anti-Malware 1.11
Database version: 599

Scan type: Quick Scan
Objects scanned: 35753
Time elapsed: 6 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\WakeNet (Trojan.Adware) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Jon\Local Settings\Temp\_check32.bat (Malware.Trace) -> Quarantined and deleted successfully.

Do I need to get the updates somehow and then run the scan again? Any ideas?

Edited by dynamic25, 09 April 2008 - 12:29 AM.


#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,240 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:19 PM

Posted 09 April 2008 - 09:19 PM

Hello are you running thea apps as an Administrator?
See How to Run as administrator
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 dynamic25

dynamic25
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:19 PM

Posted 12 April 2008 - 03:46 AM

Hi, I am now and it let me run the updates. I have run the scan again on Malwarebytes' Anti-Malware and nothing was found.

I did the same with spybot (set myself to administrator) and then ran the scan, it found Win32.vb.jl again and it said that it fixed it. I think the following is the log of the scan. Is it all fixed?


--- Search result list ---
Win32.VB.jl: [SBI $4A7DE52E] Settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Partizan

Win32.VB.jl: [SBI $A7EB36C7] Settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Partizan


--- Spybot - Search & Destroy version: 1.5.2 (build: 20080128) ---

2008-01-28 blindman.exe (1.0.0.7)
2008-01-28 SDDelFile.exe (1.0.2.4)
2008-01-28 SDMain.exe (1.0.0.5)
2007-10-07 SDShred.exe (1.0.1.2)
2008-01-28 SDUpdate.exe (1.0.8.8)
2008-01-28 SDWinSec.exe (1.0.0.11)
2008-01-28 SpybotSD.exe (1.5.2.20)
2008-01-28 TeaTimer.exe (1.5.2.16)
2008-04-04 unins000.exe (51.49.0.0)
2008-01-28 Update.exe (1.4.0.6)
2008-01-28 advcheck.dll (1.5.4.5)
2007-04-02 aports.dll (2.1.0.0)
2007-11-17 DelZip179.dll (1.79.7.4)
2008-01-28 SDFiles.dll (1.5.1.19)
2008-01-28 SDHelper.dll (1.5.0.11)
2008-01-28 Tools.dll (2.1.3.3)
2008-04-09 Includes\Cookies.sbi (*)
2007-12-26 Includes\Dialer.sbi (*)
2008-04-09 Includes\DialerC.sbi (*)
2008-04-09 Includes\HeavyDuty.sbi (*)
2008-03-19 Includes\Hijackers.sbi (*)
2008-04-09 Includes\HijackersC.sbi (*)
2008-02-27 Includes\Keyloggers.sbi (*)
2008-04-09 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2008-03-26 Includes\Malware.sbi (*)
2008-04-09 Includes\MalwareC.sbi (*)
2008-03-26 Includes\PUPS.sbi (*)
2008-04-09 Includes\PUPSC.sbi (*)
2008-04-09 Includes\Revision.sbi (*)
2008-01-09 Includes\Security.sbi (*)
2008-04-09 Includes\SecurityC.sbi (*)
2008-04-02 Includes\Spybots.sbi (*)
2008-04-09 Includes\SpybotsC.sbi (*)
2007-11-06 Includes\Tracks.uti
2008-04-02 Includes\Trojans.sbi (*)
2008-04-09 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2008-12-24 Plugins\TCPIPAddress.dll



--- System information ---
Windows Vista (Build: 6000) (6.0.6000)
/ MSXML4SP2: FIX: ASP stops responding when calling Response.Redirect to another server using msxml4 sp2
/ MSXML4SP2: Security update for MSXML4 SP2 (KB936181)
/ MSXML4SP2: Security update for MSXML4 SP2 (KB941833)


--- Startup entries list ---
Located: HK_LM:Run, 00TCrdMain
command: %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
file: C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
size: 530552
MD5: E57A49BC4C21C2F2EA5403626EFC6DF0

Located: HK_LM:Run, AVG7_CC
command: C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
file: C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
size: 579072
MD5: 76CD8B6DBB4B8A984193AD07ADC1BD3A

Located: HK_LM:Run, GrooveMonitor
command: "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
file: C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
size: 31016
MD5: 38D198A2DD54A67120040566A38103BA

Located: HK_LM:Run, HotKeysCmds
command: C:\Windows\system32\hkcmd.exe
file: C:\Windows\system32\hkcmd.exe
size: 106496
MD5: BF3E01C18CE6CDEF16B0DF23E1DCF376

Located: HK_LM:Run, HSON
command: %ProgramFiles%\TOSHIBA\TBS\HSON.exe
file: C:\Program Files\TOSHIBA\TBS\HSON.exe
size: 55416
MD5: 15058804D8A48C67C007DD1D797CC72A

Located: HK_LM:Run, IgfxTray
command: C:\Windows\system32\igfxtray.exe
file: C:\Windows\system32\igfxtray.exe
size: 98304
MD5: 1C64DD02FDE078608549C62398DE2FEF

Located: HK_LM:Run, iTunesHelper
command: "C:\Program Files\iTunes\iTunesHelper.exe"
file: C:\Program Files\iTunes\iTunesHelper.exe
size: 267048
MD5: 6F6493A929BC9B5762035940E825B840

Located: HK_LM:Run, NDSTray.exe
command: NDSTray.exe
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, NvCplDaemon
command: RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, NvMediaCenter
command: RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, NvSvc
command: RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, Persistence
command: C:\Windows\system32\igfxpers.exe
file: C:\Windows\system32\igfxpers.exe
size: 81920
MD5: 8E899A1A7C4670CE4EC1337CBF989787

Located: HK_LM:Run, Prefs
command: C:\Program Files\oDesk\oDeskLaunch.exe
file: C:\Program Files\oDesk\oDeskLaunch.exe
size: 348160
MD5: 78C586F1D8EFDDA8E0D60B516859AFEB

Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
file: C:\Program Files\QuickTime\QTTask.exe
size: 385024
MD5: BAFCF6CF19CE4882039C52DFA17BE35F

Located: HK_LM:Run, RtHDVCpl
command: RtHDVCpl.exe
file: C:\Windows\RtHDVCpl.exe
size: 3772416
MD5: 3C22BCD6CCF216D642C9BAFACFFA8E24

Located: HK_LM:Run, SmoothView
command: %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
file: C:\Program Files\Toshiba\SmoothView\SmoothView.exe
size: 493688
MD5: 1ED780F9C470D4F22D9EF29A3082B0F4

Located: HK_LM:Run, SynTPEnh
command: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
file: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
size: 815104
MD5: F98281EF23616F751FABE97A6EC5DBE6

Located: HK_LM:Run, TkBellExe
command: "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
file: C:\Program Files\Common Files\Real\Update_OB\realsched.exe
size: 185896
MD5: 74BC945EB2584E90619A56EF5028AB0F

Located: HK_LM:Run, topi
command: C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
file: C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe
size: 577536
MD5: B7A199DD944A74B59642C431A5CA4C4B

Located: HK_LM:Run, TPwrMain
command: %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
file: C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE
size: 411768
MD5: 878CA2665DBBE3D45874347B88E27244

Located: HK_LM:Run, Windows Defender
command: %ProgramFiles%\Windows Defender\MSASCui.exe -hide
file: C:\Program Files\Windows Defender\MSASCui.exe
size: 1006264
MD5: 9AD9E2FB2811123DA13DE84CC154AB77

Located: HK_CU:Run, AVG7_Run
where: .DEFAULT...
command: C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE
file: C:\PROGRA~1\Grisoft\AVG7\avgw.exe
size: 219136
MD5: B331EF4C7437F5093D703340678469EB

Located: HK_CU:Run, msnmsgr
where: PE_C_CHRISTY...
command: "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
file: C:\Program Files\MSN Messenger\msnmsgr.exe
size: 5674352
MD5: C4281AD865739E71FD1E4DAC19A68D60

Located: HK_CU:Run, Sidebar
where: PE_C_CHRISTY...
command: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
file: C:\Program Files\Windows Sidebar\sidebar.exe
size: 1232896
MD5: 582F3A0BA61D8F0D50C66B592808B6D6

Located: HK_CU:Run, TOSCDSPD
where: PE_C_CHRISTY...
command: C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
file: C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
size: 413696
MD5: C26941848B7BA93ED276325D55F18E26

Located: HK_CU:Run, WindowsWelcomeCenter
where: PE_C_CHRISTY...
command: rundll32.exe oobefldr.dll,ShowWelcomeCenter
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, AVG7_Run
where: S-1-5-19...
command: C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE
file: C:\PROGRA~1\Grisoft\AVG7\avgw.exe
size: 219136
MD5: B331EF4C7437F5093D703340678469EB

Located: HK_CU:Run, Sidebar
where: S-1-5-19...
command: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
file: C:\Program Files\Windows Sidebar\Sidebar.exe
size: 1232896
MD5: 582F3A0BA61D8F0D50C66B592808B6D6

Located: HK_CU:Run, WindowsWelcomeCenter
where: S-1-5-19...
command: rundll32.exe oobefldr.dll,ShowWelcomeCenter
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, AVG7_Run
where: S-1-5-20...
command: C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE
file: C:\PROGRA~1\Grisoft\AVG7\avgw.exe
size: 219136
MD5: B331EF4C7437F5093D703340678469EB

Located: HK_CU:Run, Sidebar
where: S-1-5-20...
command: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
file: C:\Program Files\Windows Sidebar\Sidebar.exe
size: 1232896
MD5: 582F3A0BA61D8F0D50C66B592808B6D6

Located: HK_CU:Run, WindowsWelcomeCenter
where: S-1-5-20...
command: rundll32.exe oobefldr.dll,ShowWelcomeCenter
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, ehTray.exe
where: S-1-5-21-1942000303-2759388617-2824975894-1000...
command: C:\Windows\ehome\ehTray.exe
file: C:\Windows\ehome\ehTray.exe
size: 125440
MD5: 2E0953919779A44BF9DFB7B07C58535A

Located: HK_CU:Run, msnmsgr
where: S-1-5-21-1942000303-2759388617-2824975894-1000...
command: "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
file: C:\Program Files\MSN Messenger\msnmsgr.exe
size: 5674352
MD5: C4281AD865739E71FD1E4DAC19A68D60

Located: HK_CU:Run, SpybotSD TeaTimer
where: S-1-5-21-1942000303-2759388617-2824975894-1000...
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 2097488
MD5: A9A5DB6AC3721BE698B996913693D73F

Located: HK_CU:Run, SUPERAntiSpyware
where: S-1-5-21-1942000303-2759388617-2824975894-1000...
command: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
file: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
size: 1481968
MD5: 658A81BD5930FB5A67F874E6E6C31DF8

Located: HK_CU:Run, swg
where: S-1-5-21-1942000303-2759388617-2824975894-1000...
command: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
file: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
size: 68856
MD5: E616A6A6E91B0A86F2F6217CDE835FFE

Located: HK_CU:Run, AVG7_Run
where: S-1-5-18...
command: C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE
file: C:\PROGRA~1\Grisoft\AVG7\avgw.exe
size: 219136
MD5: B331EF4C7437F5093D703340678469EB

Located: Startup (common), Google Updater.lnk
where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files\Google\Google Updater\GoogleUpdater.exe
file: C:\Program Files\Google\Google Updater\GoogleUpdater.exe
size: 124400
MD5: 56041BEB0AA58927BFF3FD4A00D28663

Located: WinLogon, !SASWinLogon
command: C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
file: C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, avgwlntf
command: avgwlntf.dll
file: avgwlntf.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, igfxcui
command: igfxdev.dll
file: igfxdev.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!



--- Browser helper object list ---
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Adobe PDF Reader Link Helper
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll
info link: http://www.adobe.com/products/acrobat/readstep2.html
info source: TonyKlein
Path: C:\Program Files\Adobe\Acrobat 7.0\ActiveX\
Long name: AcroIEHelper.dll
Short name: ACROIE~1.DLL
Date (created): 13/01/2006 05:38:22
Date (last access): 15/12/2006 21:15:22
Date (last write): 13/01/2006 05:38:22
Filesize: 63128
Attributes: archive
MD5: F17B2B264072B921FC66A0BE16626BAB
CRC32: 5184CFEA
Version: 7.0.7.142

{53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Spybot-S&D IE Protection
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\Program Files\Spybot - Search & Destroy\
Long name: SDHelper.dll
Short name:
Date (created): 04/04/2008 17:22:40
Date (last access): 04/04/2008 17:22:40
Date (last write): 28/01/2008 11:43:28
Filesize: 1554256
Attributes: archive
MD5: 5248E02EFBCB64D328647CD00E384B85
CRC32: C1B426A9
Version: 1.5.0.11

{72853161-30C5-4D22-B7F9-0BBC1D38A37E} (Groove GFS Browser Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Groove GFS Browser Helper
Path: C:\PROGRA~1\MICROS~3\Office12\
Long name: GrooveShellExtensions.dll
Short name: GRA8E1~1.DLL
Date (created): 27/10/2006 08:48:42
Date (last access): 19/04/2007 03:19:46
Date (last write): 27/10/2006 08:48:42
Filesize: 2210608
Attributes: archive
MD5: 786DD1892B553EFE5A004AC39775C851
CRC32: AAD965C9
Version: 12.0.4518.1014

{7E853D72-626A-48EC-A868-BA8D5E23E045} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Google Toolbar Notifier BHO
Path: C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\
Long name: swg.dll
Short name:
Date (created): 03/04/2008 17:59:00
Date (last access): 03/04/2008 17:59:00
Date (last write): 03/04/2008 17:59:00
Filesize: 654320
Attributes: archive
MD5: 72D6804DC43CC0CF4F10E699D7738138
CRC32: ABF4BA3E
Version: 2.1.1119.1736



--- ActiveX list ---
{406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia)
DPF name:
CLSID name: Snapfish Activia
Installer: C:\Windows\Downloaded Program Files\SnapfishActivia1000.inf
Codebase: http://www1.snapfish.co.uk/SnapfishUKActivia.cab
description:
classification: Legitimate
known filename: SnapfishActivia1000.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\Windows\Downloaded Program Files\
Long name: SnapfishActivia1000.ocx
Short name: SNAPFI~1.OCX
Date (created): 03/06/2005 20:24:32
Date (last access): 03/06/2005 20:24:32
Date (last write): 03/06/2005 20:24:32
Filesize: 286720
Attributes: archive
MD5: F5C79C45F1ADF877DC3AFDFF3565AE7B
CRC32: F118547A
Version: 1.0.0.10

{4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool)
DPF name:
CLSID name: MSN Photo Upload Tool
Installer: C:\Windows\Downloaded Program Files\MSNPUpld.inf
Codebase: http://gfx2.hotmail.com/mail/w2/resources/...NPUplden-gb.cab
description:
classification: Legitimate
known filename: MsnPUpld.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Windows\Downloaded Program Files\
Long name: MsnPUpld.dll
Short name:
Date (created): 20/11/2006 11:04:16
Date (last access): 20/11/2006 11:04:16
Date (last write): 20/11/2006 11:04:16
Filesize: 543544
Attributes: archive
MD5: A0F541D9D2CACEEC7A4A378CD0C31626
CRC32: 035C591F
Version: 10.0.914.0

{5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control)
DPF name:
CLSID name: Facebook Photo Uploader 4 Control
Installer: C:\Windows\Downloaded Program Files\ImageUploader4.inf
Codebase: http://upload.facebook.com/controls/Facebo...toUploader3.cab
Path: C:\Windows\Downloaded Program Files\
Long name: ImageUploader4.ocx

{5CA5E00D-80A8-475A-BF08-816FD56DBC38} (KTCtrl Class)
DPF name:
CLSID name: KTCtrl Class
Installer:
Codebase: http://support.kornet.net/sw5/order/Speed/...peedNewCtrl.cab
Path: C:\Windows\DOWNLO~1\
Long name: KTSpeedTest_new.dll
Short name: KTSPEE~1.DLL
Date (created): 11/07/2007 13:06:20
Date (last access): 11/07/2007 13:06:20
Date (last write): 11/07/2007 13:06:20
Filesize: 1470464
Attributes: archive
MD5: FF94825B404AA48AE9FEE36381B25926
CRC32: 4847963F
Version: 2.2.1.21

{70EE0AA4-5A3A-4052-8FFA-2EEDA43F7942} (Innotive Cibrowser Control 1.2)
DPF name:
CLSID name: Innotive Cibrowser Control 1.2
Installer: C:\Windows\Downloaded Program Files\cibrowser12.inf
Codebase: http://211.233.36.135/cab/cibrowser12.cab
Path: C:\Windows\system32\
Long name: cibrowser12.ocx
Short name: CIBROW~1.OCX
Date (created): 18/01/2007 11:48:46
Date (last access): 18/01/2007 11:48:46
Date (last write): 18/01/2007 11:48:46
Filesize: 2494464
Attributes: archive
MD5: 5F6EA04331B9E3C425FC504B4828C5A9
CRC32: 99DF7B29
Version: 1.2.1.9

{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.2)
DPF name: Java Runtime Environment 1.4.2
CLSID name: Java Plug-in 1.4.2
Installer:
Codebase: http://java.sun.com/update/1.4.2/jinstall-...indows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\j2re1.4.2\bin\
Long name: NPJPI142.dll
Short name:
Date (created): 02/01/2008 17:42:06
Date (last access): 02/01/2008 17:42:06
Date (last write): 02/01/2008 17:42:06
Filesize: 65636
Attributes: archive
MD5: 4ACFBF6AB1BBE79DBD665C186B3B5AFD
CRC32: BE89D675
Version: 1.4.2.0

{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} ()
DPF name:
CLSID name:
Installer: C:\Windows\Downloaded Program Files\erma.inf
Codebase: http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab
description:
classification: Open for discussion
known filename:
info link:
info source: Safer Networking Ltd.

{917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class)
DPF name:
CLSID name: CamImage Class
Installer: C:\Windows\Downloaded Program Files\AxisCamControl.inf
Codebase: http://www.mujuresort.com/activex/AxisCamControl.cab
description:
classification: Legitimate
known filename: AxisCamControl.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\Windows\Downloaded Program Files\
Long name: AxisCamControl.ocx
Short name: AXISCA~1.OCX
Date (created): 15/11/2001 17:40:14
Date (last access): 15/11/2001 17:40:14
Date (last write): 15/11/2001 17:40:14
Filesize: 221184
Attributes: archive
MD5: 4EC07858F27286B9F6B9CDC687126FA1
CRC32: C7EF57E7
Version: 1.0.2.15

{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.2)
DPF name: Java Runtime Environment 1.4.2
CLSID name: Java Plug-in 1.4.2
Installer:
Codebase: http://java.sun.com/update/1.4.2/jinstall-...indows-i586.cab
description:
classification: Legitimate
known filename: npjpi142.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\j2re1.4.2\bin\
Long name: NPJPI142.dll
Short name:
Date (created): 02/01/2008 17:42:06
Date (last access): 02/01/2008 17:42:06
Date (last write): 02/01/2008 17:42:06
Filesize: 65636
Attributes: archive
MD5: 4ACFBF6AB1BBE79DBD665C186B3B5AFD
CRC32: BE89D675
Version: 1.4.2.0

{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\Windows\Downloaded Program Files\swflash.inf
Codebase: http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\Windows\system32\Macromed\Flash\
Long name: Flash9e.ocx
Short name:
Date (created): 21/11/2007 09:04:14
Date (last access): 06/12/2007 16:19:50
Date (last write): 21/11/2007 09:04:14
Filesize: 2987392
Attributes: readonly archive
MD5: D3C50535C26190FEAD7785A03499C0AC
CRC32: A77C3E92
Version: 9.0.115.0

{D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4)
DPF name:
CLSID name: Facebook Photo Uploader 4
Installer: C:\Windows\Downloaded Program Files\ImageUploader4_5.inf
Codebase: http://upload.facebook.com/controls/Facebo...Uploader4_5.cab
Path: C:\Windows\Downloaded Program Files\
Long name: ImageUploader4_5.ocx
Short name: IMAGEU~3.OCX
Date (created): 20/03/2008 18:10:34
Date (last access): 20/03/2008 18:10:34
Date (last write): 20/03/2008 18:10:34
Filesize: 2672136
Attributes: archive
MD5: AF52969832631A3645156FCCA5DB75A9
CRC32: F21C131B
Version: 4.5.57.2

{E3EAC26D-891F-499A-9C38-D8F165DE02B8} (SsoAccess Class)
DPF name:
CLSID name: SsoAccess Class
Installer: C:\Windows\Downloaded Program Files\SsoAccess.inf
Codebase: http://www.daegu.go.kr/SSODemo/ssoObject/SsoAccess.cab
Path: C:\Program Files\SoftForum\SafeSignOn\
Long name: SsoAccess.dll
Short name: SSOACC~1.DLL
Date (created): 14/05/2007 03:07:10
Date (last access): 14/05/2007 03:07:10
Date (last write): 06/08/2003 01:52:06
Filesize: 122880
Attributes: archive
MD5: A33FFDCA20589ACE4F5CF2263748C8DE
CRC32: 901F38E1
Version: 1.1.0.0

{E3FA6DAA-04BF-4AEF-9612-341B2B7A25FC} (Payplus Client Control)
DPF name:
CLSID name: Payplus Client Control
Installer: C:\Windows\Downloaded Program Files\payplus.inf
Codebase: https://pay.kcp.co.kr/plugin/file_vista/payplus.cab
Path: C:\Windows\system32\
Long name: PayplusPlugin.dll
Short name: PAYPLU~2.DLL
Date (created): 27/07/2007 17:17:04
Date (last access): 27/07/2007 17:17:04
Date (last write): 27/07/2007 17:17:04
Filesize: 73728
Attributes: archive
MD5: 037A482B4AABF1B790A1DBDA0F363F82
CRC32: 1D29DFED
Version: 3.0.16196.0

{E78928A6-3D2A-4BF7-A100-F3FBAA351B49} (KvpIspCtlD Control)
DPF name:
CLSID name: KvpIspCtlD Control
Installer: C:\Windows\Downloaded Program Files\IspVcd.inf
Codebase: https://www.vpay.co.kr/kvpfiles_vista/KVPISPCTLD_VISTA.cab
description:
classification: Open for discussion
known filename: KVPISP~1.OCX
info link:
info source: Safer Networking Ltd.
Path: C:\Windows\DOWNLO~1\
Long name: KvpIspCtlD.ocx
Short name: KVPISP~1.OCX
Date (created): 05/10/2007 16:22:46
Date (last access): 05/10/2007 16:22:46
Date (last write): 05/10/2007 16:22:46
Filesize: 36864
Attributes: archive
MD5: 3BD08245130C6AD8815C17E10B74BF38
CRC32: 718DFE6F
Version: 1.0.2.0

{E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload)
DPF name:
CLSID name: Persits Software XUpload
Installer:
Codebase: http://www.ukcd.com/ImageManager/XUpload.ocx
description:
classification: Legitimate
known filename: XUpload.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\Windows\Downloaded Program Files\
Long name: XUpload.ocx
Short name:
Date (created): 27/02/2008 17:52:26
Date (last access): 27/02/2008 17:52:26
Date (last write): 27/02/2008 17:52:22
Filesize: 243488
Attributes: archive
MD5: 06C907DE234988C37B2C591351C989D0
CRC32: 10188606
Version: 2.1.0.1

{FD18DD5E-B398-452A-B22A-B54636BA9F0D} (Aurigma Image Uploader 2.5)
DPF name:
CLSID name: Aurigma Image Uploader 2.5
Installer: C:\Windows\Downloaded Program Files\ImageUploader2.inf
Codebase: http://www.getjealous.com/ImageUploader2.cab
Path: C:\Windows\DOWNLO~1\
Long name: ImageUploader2.ocx
Short name: IMAGEU~1.OCX
Date (created): 08/06/2004 02:14:38
Date (last access): 08/06/2004 02:14:38
Date (last write): 08/06/2004 02:14:38
Filesize: 425984
Attributes: archive
MD5: 68D9DC1CD21C8B13D973EE6B366B6A0B
CRC32: 27341767
Version: 2.5.0.22



--- Process list ---
PID: 2832 ( 996) C:\Windows\system32\taskeng.exe
size: 166400
MD5: 1226E9FAE5B8508801EC974E3C9D9C14
PID: 2916 ( 972) C:\Windows\system32\Dwm.exe
size: 83456
MD5: E87B968F3D49117445893EB0503FE34F
PID: 2976 (2892) C:\Windows\Explorer.EXE
size: 2923520
MD5: 6D06CD98D954FE87FB2DB8108793B399
PID: 3304 (2976) C:\Program Files\Windows Defender\MSASCui.exe
size: 1006264
MD5: 9AD9E2FB2811123DA13DE84CC154AB77
PID: 3340 (2976) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
size: 411768
MD5: 878CA2665DBBE3D45874347B88E27244
PID: 3356 (2976) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
size: 493688
MD5: 1ED780F9C470D4F22D9EF29A3082B0F4
PID: 3368 (2976) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
size: 530552
MD5: E57A49BC4C21C2F2EA5403626EFC6DF0
PID: 3412 (2976) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
size: 815104
MD5: F98281EF23616F751FABE97A6EC5DBE6
PID: 3420 (2976) C:\Windows\RtHDVCpl.exe
size: 3772416
MD5: 3C22BCD6CCF216D642C9BAFACFFA8E24
PID: 3436 (2976) C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
size: 1372160
MD5: 93225E495B790822039F561839529B0B
PID: 3444 (3412) C:\Program Files\Synaptics\SynTP\SynToshiba.exe
size: 192512
MD5: FD0B9CFB4F7CFD3F364123F241C553C4
PID: 3464 (2976) C:\Windows\System32\igfxtray.exe
size: 98304
MD5: 1C64DD02FDE078608549C62398DE2FEF
PID: 3484 (3376) C:\Windows\System32\rundll32.exe
size: 44544
MD5: 4B555106290BD117334E9A08761C035A
PID: 3492 (2976) C:\Windows\System32\hkcmd.exe
size: 106496
MD5: BF3E01C18CE6CDEF16B0DF23E1DCF376
PID: 3500 (2976) C:\Windows\System32\igfxpers.exe
size: 81920
MD5: 8E899A1A7C4670CE4EC1337CBF989787
PID: 3524 (2976) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
size: 31016
MD5: 38D198A2DD54A67120040566A38103BA
PID: 3536 (2976) C:\Program Files\Grisoft\AVG7\avgcc.exe
size: 579072
MD5: 76CD8B6DBB4B8A984193AD07ADC1BD3A
PID: 3544 (2976) C:\Program Files\Common Files\Real\Update_OB\realsched.exe
size: 185896
MD5: 74BC945EB2584E90619A56EF5028AB0F
PID: 3648 (2976) C:\Program Files\iTunes\iTunesHelper.exe
size: 267048
MD5: 6F6493A929BC9B5762035940E825B840
PID: 3720 (2976) C:\Windows\ehome\ehtray.exe
size: 125440
MD5: 2E0953919779A44BF9DFB7B07C58535A
PID: 3732 (2976) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 2097488
MD5: A9A5DB6AC3721BE698B996913693D73F
PID: 3756 (2976) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
size: 1481968
MD5: 658A81BD5930FB5A67F874E6E6C31DF8
PID: 3800 ( 752) C:\Windows\ehome\ehmsas.exe
size: 37376
MD5: 693E4C15CEE5D6487D7913A2701B5E40
PID: 2108 ( 752) C:\Windows\system32\wbem\unsecapp.exe
size: 37376
MD5: E19C7BCE081B85F86F03AE9D82FFA77B
PID: 1800 (2976) C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
size: 12829216
MD5: 0F96A34D03D6DE3A4EBF5E34A4F71DD7
PID: 2348 (3436) C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
size: 405504
MD5: AB7EB5E27E9F18698B9B6CB6F56E6745
PID: 3032 (2976) C:\Malwarebytes' Anti-Malware\mbam.exe
size: 1175160
MD5: 28A11B95A6CC02A757A2BB60C0541410
PID: 2064 ( 752) C:\Windows\System32\mobsync.exe
size: 95232
MD5: 9C632DC0F1B6D79B05F46A4A5349CEF4
PID: 2668 (2976) C:\Program Files\Mozilla Firefox\firefox.exe
size: 7660656
MD5: 219A68C62FDB872FD65E85B4AF1A0E8A
PID: 3892 (2976) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 5146448
MD5: 2ECA8CDEED7C82F879E766DA92A3561A
PID: 0 ( 0) [System Process]
PID: 4 ( 0) System
PID: 396 ( 4) smss.exe
size: 62976
PID: 464 ( 452) csrss.exe
size: 7680
PID: 504 ( 452) wininit.exe
size: 95744
PID: 516 ( 496) csrss.exe
size: 7680
PID: 548 ( 504) services.exe
size: 279552
PID: 560 ( 504) lsass.exe
size: 7680
PID: 568 ( 504) lsm.exe
size: 210944
PID: 668 ( 496) winlogon.exe
size: 308224
PID: 752 ( 548) svchost.exe
size: 22016
PID: 812 ( 548) svchost.exe
size: 22016
PID: 848 ( 548) svchost.exe
size: 22016
PID: 940 ( 548) svchost.exe
size: 22016
PID: 972 ( 548) svchost.exe
size: 22016
PID: 996 ( 548) svchost.exe
size: 22016
PID: 1128 ( 940) audiodg.exe
size: 88064
PID: 1160 ( 548) SLsvc.exe
size: 2605568
PID: 1188 ( 548) svchost.exe
size: 22016
PID: 1336 ( 548) svchost.exe
size: 22016
PID: 1540 ( 548) spoolsv.exe
size: 124928
PID: 1564 ( 548) svchost.exe
size: 22016
PID: 1812 ( 548) agrsmsvc.exe
size: 9216
PID: 1840 ( 548) AppleMobileDeviceService.exe
PID: 1856 ( 548) avgamsvr.exe
PID: 1876 ( 548) avgupsvc.exe
PID: 1916 ( 548) avgrssvc.exe
PID: 1936 ( 548) CFSvcs.exe
PID: 1944 (1916) avgrssvc.exe
PID: 2008 ( 548) GoogleUpdaterService.exe
PID: 2040 ( 548) svchost.exe
size: 22016
PID: 248 ( 548) svchost.exe
size: 22016
PID: 340 ( 548) TODDSrv.exe
size: 114688
PID: 420 ( 548) TosCoSrv.exe
PID: 388 ( 548) TosBtSrv.exe
PID: 564 ( 548) ULCDRSvr.exe
PID: 908 ( 548) svchost.exe
size: 22016
PID: 1120 ( 548) SearchIndexer.exe
size: 287744
PID: 808 ( 548) SDWinSec.exe
PID: 2352 ( 996) taskeng.exe
size: 166400
PID: 2276 ( 752) WmiPrvSE.exe
PID: 3248 ( 548) iPodService.exe
PID: 2256 ( 548) PresentationFontCache.exe
PID: 2612 ( 548) usnsvc.exe


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 12/04/2008 17:43:27

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\Windows\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.google.co.uk/ig?hl=en
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://go.microsoft.com/fwlink/?LinkId=54896


--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 3: MSAFD Tcpip [TCP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 4: MSAFD Tcpip [UDP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 5: MSAFD Tcpip [RAW/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 6: RSVP TCPv6 Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 7: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 8: RSVP UDPv6 Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 9: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{4E9F4F12-2F02-493F-AED7-E6310C7514AE}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{4E9F4F12-2F02-493F-AED7-E6310C7514AE}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{5291AF49-A5C9-4154-90AC-597BAF10F533}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{5291AF49-A5C9-4154-90AC-597BAF10F533}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{4E9F4F12-2F02-493F-AED7-E6310C7514AE}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{4E9F4F12-2F02-493F-AED7-E6310C7514AE}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{5291AF49-A5C9-4154-90AC-597BAF10F533}] SEQPACKET 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{5291AF49-A5C9-4154-90AC-597BAF10F533}] DATAGRAM 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Namespace Provider 0: Network Location Awareness Legacy (NLAv1) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename:
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace

Namespace Provider 1: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename:
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 2: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS

Namespace Provider 3: E-mail Naming Shim Provider
GUID: {964ACBA2-B2BC-40EB-8C6A-A6DB40161CAE}
Filename:

Namespace Provider 4: PNRP Cloud Namespace Provider
GUID: {03FE89CE-766D-4976-B9C1-BB9BC42C7B4D}
Filename:

Namespace Provider 5: PNRP Name Namespace Provider
GUID: {03FE89CD-766D-4976-B9C1-BB9BC42C7B4D}
Filename:

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,240 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:19 PM

Posted 12 April 2008 - 01:00 PM

Hello again, looks like you got it. Is all running well?
A couple of things to do though as clean/clear up.

First:
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 5...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "English".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u5-windows-i586-p.exe to install the newest version.
Second:
Now you should Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.
Go to the BC tutorial, Windows Vista System Restore Guide Full Tuorial

Create the new Restore Point...see>>Manually Creating Restore Points
Delete the old Restore Points....see>>Deleting Restore Points

Edited by boopme, 12 April 2008 - 01:05 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users