[Resolved] Computer Unusable! Spyware desktop background and
#16
Posted 07 May 2008 - 05:19 PM
Register to Remove
#17
Posted 07 May 2008 - 05:27 PM
#18
Posted 07 May 2008 - 06:25 PM
#19
Posted 07 May 2008 - 06:38 PM
there are things to try first, reformat is a last resort but it is an option.How extensive are my infections? I am wondering if I should be thinking about just backing up my data and reformatting. What do you think?
I think most of the infections are gone
it is just a matter of fixing the damage that was done
Gringo
#20
Posted 07 May 2008 - 11:32 PM
#21
Posted 08 May 2008 - 07:23 AM
before we go any further I want you to install the recovery console
: Recovery Console :
we need to install the Recovery Console on this computer
this is very important it could save you later
Go to Microsoft's website => http://support.microsoft.com/kb/310994
Select the download that's appropriate for your Operating System
the one for you is Windows XP Service Pack 2 (SP2)
Download the file & save it as it's originally named, next to ComboFix.exe.
Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console. When complete, a log named CF_RC.txt will open. Please post the contents of that log.
gringo
#22
Posted 08 May 2008 - 08:10 AM
---------------------------------------------------------------------
---------------------------------------------------------------------
ComboFix 08-04-29.3 - Administrator 2008-05-08 6:47:28.4 - NTFSx86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.72 [GMT -7:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
.
((((((((((((((((((((((((( Files Created from 2008-04-08 to 2008-05-08 )))))))))))))))))))))))))))))))
.
2008-05-06 06:48 . 2008-05-06 06:48 <DIR> d---s---- C:\Documents and Settings\Administrator\UserData
2008-05-05 22:06 . 2007-06-28 14:36 401,720 --a------ C:\Administrator.exe
2008-05-04 08:46 . 2008-05-04 08:46 <DIR> d-------- C:\Deckard
2008-05-04 07:59 . 2008-05-04 07:59 <DIR> d-------- C:\Program Files\MBAnti-Malware
2008-05-04 07:59 . 2008-05-04 07:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-04 07:59 . 2008-05-04 07:59 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-05-04 07:49 . 2004-05-13 15:17 10,752 --a------ C:\WINDOWS\system32\clb.dll
2008-05-04 07:49 . 2008-05-04 07:31 5,786 --a------ C:\WINDOWS\system32\clb[1].dll.zip
2008-05-03 21:12 . 2007-06-28 14:36 401,720 --a------ C:\milkman.exe
2008-04-29 21:39 . 2008-04-29 21:39 <DIR> d-------- C:\WINDOWS\ERUNT
2008-04-29 07:37 . 2008-04-29 07:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-27 19:56 . 2005-08-09 15:00 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-04-27 19:56 . 2005-08-09 15:47 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\You've Got Pictures Screensaver
2008-04-27 19:56 . 2005-08-09 15:07 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\toshiba
2008-04-27 19:56 . 2005-08-09 15:38 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Intuit
2008-04-27 19:56 . 2005-08-09 15:39 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\InterTrust
2008-04-27 19:56 . 2006-03-12 16:31 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AOL
2008-04-27 19:56 . 2008-05-06 06:48 <DIR> d-------- C:\Documents and Settings\Administrator
2008-04-27 19:56 . 2008-05-08 06:50 393,216 --ah----- C:\Documents and Settings\Administrator\ntuser.dat.LOG
2008-04-27 19:46 . 2008-04-27 19:46 578 --a------ C:\WINDOWS\index.html
2008-04-27 16:07 . 2004-08-04 05:00 4,224 --a------ C:\WINDOWS\system32\beep.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-27 23:37 24,576 ----a-w C:\WINDOWS\system32\userinit.exe
2008-04-27 22:55 --------- d-----w C:\Documents and Settings\Tommy\Application Data\OpenOffice.org2
2008-03-28 16:01 --------- d-----w C:\Documents and Settings\Tommy\Application Data\skypePM
2008-03-25 19:22 --------- d-----w C:\Documents and Settings\Tommy\Application Data\Skype
2008-03-11 15:32 --------- d-----w C:\Program Files\Phun
2008-03-09 04:47 --------- d-----w C:\Program Files\MediaCoder
2008-02-10 05:26 30,720 ---h--r C:\WINDOWS\CdaC13BA.EXE
2008-02-10 05:26 112,128 ---h--r C:\WINDOWS\CdaC14BA.DLL
2008-02-10 05:20 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2006-03-04 04:30 1,304,066 ----a-w C:\Program Files\mpc2kxp6482.zip
.
((((((((((((((((((((((((((((( snapshot@2008-05-03_18.12.25.34 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-08-04 12:00:00 110,080 -c--a-w C:\WINDOWS\$NtUninstallKB895200$\clbcatex.dll
+ 2004-08-04 12:00:00 501,248 -c--a-w C:\WINDOWS\$NtUninstallKB895200$\clbcatq.dll
- 2008-05-04 00:57:20 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-08 05:29:41 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-05-04 00:57:25 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-05-04 05:24:20 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-05-04 00:57:25 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-05-04 05:24:20 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 00:32 65536]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 05:33 122941]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-08 14:44 98394]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-08 14:43 688218]
"NDSTray.exe"="NDSTray.exe" []
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2002-09-10 21:26 368706]
"Motive SmartBridge"="C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2003-12-10 04:52 380928]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-12-22 12:47 155648]
"tsnp2std"="C:\WINDOWS\tsnp2std.exe" [2006-11-29 02:11 258048]
"snp2std"="C:\WINDOWS\vsnp2std.exe" [2006-09-14 23:21 675840]
"CFSServ.exe"="CFSServ.exe" []
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-09-27 18:17 443968]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Tommy^Start Menu^Programs^Startup^OpenOffice.org 2.0.lnk]
path=C:\Documents and Settings\Tommy\Start Menu\Programs\Startup\OpenOffice.org 2.0.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.0.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2005-06-28 21:05 344064 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
--a------ 2006-10-10 14:23 43520 C:\Program Files\BitTorrent\bittorrent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CFSServ.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2005-09-16 09:43 274432 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
--a------ 2005-09-22 19:29 303104 c:\PROGRA~1\mcafee.com\agent\McAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
--a------ 2006-01-11 13:05 212992 C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 09:24 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Notebook Maximizer]
--a------ 2004-05-25 14:35 28672 C:\Program Files\Notebook Maximizer\maximizer_startup.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]
--a------ 2005-08-11 23:02 53248 C:\Program Files\McAfee.com\VSO\oasclnt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PadTouch]
--a------ 2004-09-07 14:03 1077301 C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pinger]
--a------ 2005-03-17 17:37 151552 c:\toshiba\ivp\ism\pinger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2005-12-22 12:47 155648 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
--a------ 2005-04-26 16:13 122880 C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-07-27 12:17 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD]
--a------ 2004-12-30 00:32 65536 C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba Hotkey Utility]
--a------ 2005-10-18 15:04 1261568 c:\Program Files\Toshiba\Windows Utilities\Hotkey.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
--a------ 2005-08-10 13:49 163840 C:\Program Files\McAfee.com\VSO\mcvsshld.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
--a------ 2005-07-08 19:18 151552 C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"mcupdmgr.exe"=3 (0x3)
"McTskshd.exe"=2 (0x2)
"McShield"=2 (0x2)
"McDetect.exe"=2 (0x2)
"iPodService"=3 (0x3)
"DVD-RAM_Service"=2 (0x2)
"CFSvcs"=2 (0x2)
"C-DillaCdaC11BA"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"C:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= C:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\WINDOWS\\system32\\LEXPPS.EXE"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\ABC\\abc.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R3 BoiHwsetup;Access 32bits INT15 routine;C:\WINDOWS\system32\drivers\BoiHwSetup.sys [2005-06-10 21:42]
R3 qkbfiltr;Quanta HotKey Keyboard Filter Driver;C:\WINDOWS\system32\drivers\qkbfiltr.sys [2005-05-09 15:17]
R3 qmofiltr;Quanta HotKey Mouse Filter Driver;C:\WINDOWS\system32\drivers\qmofiltr.sys [2005-05-05 14:27]
S2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 14:38]
S3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2005-03-31 17:08]
S3 MBAMCatchMe;MBAMCatchMe;C:\Program Files\MBAnti-Malware\catchme.sys [2008-04-07 20:17]
S3 RimSerPort;RIM Virtual Serial Port;C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2005-06-13 15:16]
S3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2006-12-27 06:10]
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-08 06:50:22
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-05-08 6:52:12
ComboFix-quarantined-files.txt 2008-05-08 13:52:05
ComboFix2.txt 2008-05-04 14:56:57
ComboFix3.txt 2008-05-04 05:52:35
ComboFix4.txt 2008-05-04 01:13:25
Pre-Run: 28,297,166,848 bytes free
Post-Run: 28,293,750,784 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
180
#23
Posted 08 May 2008 - 08:43 AM
here is a collection of small things to try
one thing may not work but maybe together something will happen
I will keep looking for more things to try
:FIXES TASK MANAGER:
Download RatsCheddar.zip
It contains a program written by Rathat, and it is a Policy Controller.
Save and extract this program to the desktop.
Once extracted, click on the RatsCheddar.exe file.
Enable everything, then click Exit
Reboot your Computer.
fix permissions
Download the DjLizard Repair Permissions and extract the package. This will create a folder called Repair Permissions. Run the !RUNME.BAT file in that folder. Now see if you can get to the Control Panel.
FixPolicies
Download to your Desktop FixPolicies.exe, a self-extracting ZIP archive from here: http://downloads.mal...FixPolicies.exe
- Double-click FixPolicies.exe.
- Click the "Install" button on the bottom toolbar of the box that will open.
- The program will create a new Folder called FixPolicies.
- Double-click to Open the new Folder, and then double-click the file within: Fix_Policies.cmd.
- A black box should briefly appear and then close. This will enable your Control Panel and stop the Administrative warnings, at least until the malware infection resets the registry policy keys again. You can run this as many times as you like. A permanent fix requires removing the infection.
Fix msconfig
Fix msconfig-when no access for XP
- Download >>this File<< from kellys-korner.
- Double-click xp_emergencyutil.exe to run the file.
- Now try Start > Run > type msconfig > OK
- Does msconfig works now?
- Please post back and let me know.
let me know of any changes
gringo
#24
Posted 08 May 2008 - 08:50 AM
#25
Posted 09 May 2008 - 08:32 AM
Register to Remove
#26
Posted 09 May 2008 - 05:32 PM
The things I need you to do needs to be done in normal mode ( I tried on my computer in safe mode and it don't work)
I have asked for some help here in the windows forum to see if they could give us some ideas
the link to the topic is here if you would like to follow yourself
http://forums.whatth...ger_t91710.html
we are going to beat this thing yet
gringo
#27
Posted 09 May 2008 - 08:05 PM
Create a new Administrator account, see if you can access them there. If yes, you can copy the data from his old account to the new one then delete the old one after a while.
see if you can do this if not reply in the other thread so they can get a better feel of the problems
gringo
#28
Posted 10 May 2008 - 10:37 AM
#29
Posted 10 May 2008 - 01:02 PM
Yes!!!!I can create a new account and log in under normal mode!
no those were only to get things to where we are now.Should I perform the steps as described in our last post and run the ratscheddar and etc?
send me a hijackthis log in normal mode so we can finish the clean up
you can move your data anytime( in the windows thread I made he goes into some nice instructions on how to move your data)
Gringo
Edited by gringo_pr, 10 May 2008 - 01:33 PM.
#30
Posted 11 May 2008 - 08:06 AM
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:04:35 AM, on 5/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\tsnp2std.exe
C:\WINDOWS\vsnp2std.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\internet explorer\iexplore.exe
C:\milkman.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshibadirect.com/dpdstart
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish....fishActivia.cab
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.co...IEGetPlugin.ocx
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1202624207765
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 6719 bytes
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users