1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

dbghlp.dll is infected

Discussion in 'Virus & Other Malware Removal' started by siljo, Apr 18, 2010.

Thread Status:
Not open for further replies.
  1. siljo

    siljo Thread Starter

    Joined:
    Apr 18, 2010
    Messages:
    1
    Hi,
    couple days ago I noted that my notebook runs somewhat slower, specially internet explorer. I run ComboFix and Hijackthis and got following logs.
    I have some suspicions about dbghlp.dll but I'm not an expert.
    Any help (CFscript for ComboFix or an advice) about removing possible virus/malware and making my notebook faster is appreciated.
    Thx

    COMBOFIX LOG

    ComboFix 10-04-17.05 - ksikic 18.04.2010 15:49:19.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.417 [GMT 2:00]
    Running from: c:\documents and settings\ksikic\Desktop\ComboFix.exe
    AV: Sophos Anti-Virus *On-access scanning enabled* (Updated) {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    C:\install.exe
    c:\recycler\S-1-5-21-2878024557-1559567514-844644617-0532
    c:\windows\system32\dbghlp.dll . . . is infected!!
    .
    ((((((((((((((((((((((((( Files Created from 2010-03-18 to 2010-04-18 )))))))))))))))))))))))))))))))
    .
    2010-04-16 19:40 . 2010-04-16 19:40 -------- d-----w- c:\documents and settings\ksikic\Application Data\Malwarebytes
    2010-04-16 19:40 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-04-16 19:40 . 2010-04-16 19:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-04-16 19:40 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-04-16 19:40 . 2010-04-16 19:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-03-20 07:26 . 2010-03-20 07:26 -------- d-----w- c:\documents and settings\ksikic\Application Data\Vodafone
    2010-03-20 07:26 . 2010-03-20 07:26 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
    2010-03-20 07:26 . 2010-03-20 07:26 -------- d-----w- c:\documents and settings\LocalService\Application Data\Vodafone
    2010-03-20 07:26 . 2010-03-20 07:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Vodafone
    2010-03-20 07:17 . 2010-03-20 07:17 -------- d-----w- c:\documents and settings\ksikic\Local Settings\Application Data\{DA6A30CA-2668-4F5F-93A5-9BDA19E3CCC4}
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-04-18 14:07 . 2007-12-14 14:05 -------- d-----w- c:\documents and settings\ksikic\Application Data\Skype
    2010-04-18 10:28 . 2007-12-14 14:06 -------- d-----w- c:\documents and settings\ksikic\Application Data\skypePM
    2010-04-18 10:25 . 2009-12-30 20:19 22528 ----a-w- c:\windows\system32\drivers\nhcDriver.sys
    2010-04-16 22:04 . 2008-01-18 18:54 -------- d-----w- c:\documents and settings\ksikic\Application Data\uTorrent
    2010-03-20 07:26 . 2007-12-14 10:06 -------- d-----w- c:\program files\Common Files\InstallShield
    2010-02-12 10:03 . 2010-03-17 17:24 293376 ------w- c:\windows\system32\browserchoice.exe
    2010-02-04 19:46 . 2010-02-04 19:46 95232 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\pcswpcsi.exe
    2010-02-04 19:46 . 2010-02-04 19:46 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\UninstCCD.exe
    2010-02-04 19:46 . 2010-02-04 19:46 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
    2010-02-04 19:46 . 2010-02-04 19:46 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\UninstPCS.exe
    2010-02-04 19:18 . 2010-02-04 19:18 3351812 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\msxml6Exec.exe
    2010-02-04 19:18 . 2010-02-04 19:18 36864 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\Sleep.exe
    2010-02-04 19:18 . 2010-02-04 19:18 3203453 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\vcredistExec.exe
    2010-02-04 19:17 . 2010-02-04 19:19 24403616 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\NokiaSoftwareUpdaterSetup_1.8.10EN.exe
    2010-02-03 19:17 . 2010-02-04 19:46 34399664 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Nokia_PC_Suite_eng_web.exe
    2010-01-29 17:57 . 2007-12-14 08:17 42560 ----a-w- c:\documents and settings\ksikic\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
    2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 65536]
    "LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
    "12Voip"="c:\program files\12Voip.com\12Voip\12Voip.exe" [2009-12-28 9069864]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
    "PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
    "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
    "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
    "igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
    "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
    "igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
    "TPSMain"="TPSMain.exe" [2005-08-03 266240]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-03 110592]
    "THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 352256]
    "RTHDCPL"="RTHDCPL.EXE" [2006-12-19 16062464]
    "SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
    "Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
    "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
    "LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
    "LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
    "LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-06 198160]
    "NotebookHardwareControl"="c:\program files\Notebook Hardware Control\nhc.exe" [2007-05-04 2629632]
    "ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]
    "MobileConnect"="c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2008-03-13 2060288]
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2007-12-14 25214]
    AutoUpdate Monitor.lnk - c:\program files\Sophos\AutoUpdate\ALMon.exe [2009-7-2 245760]
    Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2009-12-8 2717024]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
    @="service"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
    "DisableMonitoring"=dword:00000001
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "c:\\Program Files\\Super Internet TV\\OnlineTV.exe"=
    "c:\\WINDOWS\\system32\\dpvsetup.exe"=
    "c:\\Program Files\\eMule\\emule.exe"=
    "c:\\Program Files\\VoipCheapCom\\VoipCheapCom.exe"=
    "c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
    "c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
    "c:\\Program Files\\12Voip.com\\12Voip\\12Voip.exe"=
    "c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
    "c:\\Program Files\\SopCast\\SopCast.exe"=
    "c:\\Program Files\\TVAnts\\Tvants.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    R1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\drivers\savonaccesscontrol.sys [14.12.2007 11:27 110848]
    R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\drivers\savonaccessfilter.sys [14.12.2007 11:27 38528]
    R2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [28.10.2009 21:56 80936]
    R2 SAVService;Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SavService.exe [1.10.2008 20:13 98304]
    R2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [13.3.2008 20:08 24576]
    S3 G3GCUMDM;G3G C USB Modem;c:\windows\system32\drivers\g3gcumdm.sys [15.12.2007 3:06 25856]
    S3 G3GCUSER;G3G C USB Serial;c:\windows\system32\drivers\g3gcuser.sys [15.12.2007 3:06 22656]
    S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [4.2.2010 21:48 136704]
    S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [4.2.2010 21:48 8320]
    S3 PRODIGY;PRODIGY;c:\windows\system32\drivers\prodigy.sys [6.12.2009 23:01 32377]
    S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [1.10.2008 20:15 14976]
    .
    Contents of the 'Scheduled Tasks' folder
    2010-04-18 c:\windows\Tasks\WGASetup.job
    - c:\windows\system32\KB905474\wgasetup.exe [2009-04-09 20:18]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = about:blank
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    FF - ProfilePath - c:\documents and settings\ksikic\Application Data\Mozilla\Firefox\Profiles\z76ywr02.default\
    FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
    FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
    FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
    FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
    FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    .
    **************************************************************************
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-04-18 16:14
    Windows 5.1.2600 Service Pack 2 NTFS
    scanning hidden processes ...
    scanning hidden autostart entries ...
    scanning hidden files ...
    scan completed successfully
    hidden files: 0
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6ED57E20-CE2D-6F7D-D2E7-463111BEFA8A}\InProcServer32*]
    "jaimmmonlfkfjkkaclcb"=hex:6a,61,70,6e,6e,6a,69,6b,66,6c,6e,6d,69,68,63,63,6c,
    6a,63,62,00,fa
    "iaimolemdaolncceen"=hex:6a,61,70,6e,6e,6a,69,6b,66,6c,6e,6d,69,68,63,63,6c,6a,
    63,62,00,bb
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    - - - - - - - > 'explorer.exe'(4320)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
    c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
    c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
    c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
    c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
    c:\windows\system32\TPwrCfg.DLL
    c:\windows\system32\TPwrReg.dll
    c:\windows\system32\TPSTrace.DLL
    c:\program files\WinSCP\DragExt.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Sophos\AutoUpdate\ALsvc.exe
    c:\program files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
    c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    c:\windows\system32\wscntfy.exe
    c:\windows\system32\TPSMain.exe
    c:\windows\system32\rundll32.exe
    c:\windows\system32\TPSBattM.exe
    c:\windows\RTHDCPL.EXE
    c:\program files\Logitech\Video\FxSvr2.exe
    c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    c:\windows\system32\rundll32.exe
    c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    c:\program files\Java\jre1.6.0_05\bin\jucheck.exe
    c:\program files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
    c:\program files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
    c:\program files\Skype\Plugin Manager\skypePM.exe
    c:\program files\Toshiba\Bluetooth Toshiba Stack\TosSkypeApl.exe
    c:\program files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
    c:\program files\PC Connectivity Solution\ServiceLayer.exe
    c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
    c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
    c:\program files\PC Connectivity Solution\Transports\NclToBTSrv.exe
    .
    **************************************************************************
    .
    Completion time: 2010-04-18 16:26:32 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-04-18 14:26
    Pre-Run: 9.982.529.536 bytes free
    Post-Run: 10.656.382.976 bytes free
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(3)\WINDOWS
    [operating systems]
    d:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(3)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
    - - End Of File - - 5C35F98565E837A02CCBAF078B92CA57


    and now the HiJackThis LOG

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:21:58, on 18.4.2010
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
    c:\Program Files\Sophos\AutoUpdate\ALsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\system32\TPSMain.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\TPSBattM.exe
    C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    C:\Program Files\Google\Gmail Notifier\gnotify.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Notebook Hardware Control\nhc.exe
    C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
    C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    C:\Program Files\12Voip.com\12Voip\12Voip.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
    C:\Program Files\Sophos\AutoUpdate\ALMon.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosSkypeApl.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclToBTSrv.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    C:\Program Files\Sophos\Sophos Anti-Virus\SAVMain.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: Sophos Web Content Scanner - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - c:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll
    O2 - BHO: UltraEdit Toolbar - {4E7BD74F-2B8D-469E-85AA-FD60BB9AAE22} - C:\PROGRA~1\UE_TOO~1\UE_TOO~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: UltraEdit Toolbar - {4E7BD74F-2B8D-469E-85AA-FD60BB9AAE22} - C:\PROGRA~1\UE_TOO~1\UE_TOO~1.DLL
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
    O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [NotebookHardwareControl] "C:\Program Files\Notebook Hardware Control\nhc.exe" -quiet
    O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
    O4 - HKLM\..\Run: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
    O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [12Voip] "C:\Program Files\12Voip.com\12Voip\12Voip.exe" -nosplash -minimized
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
    O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
    O4 - Global Startup: Bluetooth Manager.lnk = ?
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
    O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - c:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
    O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Sophos AutoUpdate Service - Sophos Plc - c:\Program Files\Sophos\AutoUpdate\ALsvc.exe
    O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
    O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
    --
    End of file - 11384 bytes
     

    Attached Files:

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/917723

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice