|
| | | New Member
Group: Forum Members
Last Login: 7/9/2008 6:28 AM
Posts: 15, Visits: 15 |
| Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:06:06 PM, on 7/5/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Users\chuck chiuco\Program Files\DNA\btdna.exe
C:\Program Files\Microsoft Encarta\Encarta Premium DVD 2007\EDICT.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Symantec AntiVirus\vpc32.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\DllHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\System32\msconfig.exe" /auto
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\chuck chiuco\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [E07AXLRD_24659234] "C:\Program Files\Microsoft Encarta\Encarta Premium DVD 2007\EDICT.EXE" -m
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\CHUCKC~1\AppData\Local\Temp\hGVPgghG.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\CHUCKC~1\AppData\Local\Temp\awtqRHAs.dll,c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: pinger - Unknown owner - C:\TOSHIBA\IVP\ISM\pinger.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 7951 bytes
|
| |
| | | 
Senior Forum Moderator
Group: Moderators
Last Login: 8/9/2008 10:14 AM
Posts: 29,010, Visits: 54,734 |
| Welcome
Please disable UAC [User Account Control].
1. Click Start and then click the picture at the top of the right column on the Start menu,this opens the User Accounts Control Panel.
2. Click Turn User Account Control on or off,you will have to respond to a UAC prompt to complete this action.
3. Clear the Use User Account Control (UAC) to help protect your computer check box and click OK.
4. Click Restart Now when prompted,after your computer restarts,UAC will be off.
You can repeat these steps to re-enable UAC,just click to select the check box in Step 3 when we've finished.
Download Combofix by sUBs and save to your desktop.
Alternative Combofix download link HERE.
Note
It is important that it is saved directly to your desktop
Close any open browsers.
Click on Start/All Programs/Accessories/Run,copy and paste the following bold text into the 'Open:' space,then press OK [See image below]:
"%userprofile%\desktop\combofix.exe" /killall
Combofix.exe will start,please follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.
Do NOT post the ComboFix-quarantined-files.txt unless I ask.
*Note*
In case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix,please disable your scanner and redownload Combofix again.
Some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.
Also post a new Hijackthis log please.
________________________________________
ASAP & UNITE member since 2006
 
|
| |
| | | New Member
Group: Forum Members
Last Login: 7/9/2008 6:28 AM
Posts: 15, Visits: 15 |
| Thanks for the warm welcome. I really appreciate it.
ComboFix 08-07-04.6 - chuck chiuco 2008-07-05 20:54:56.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.74 [GMT 8:00]
Running from: C:\Users\chuck chiuco\Desktop\ComboFix.exe
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Windows\system32\AutoRun.inf
C:\Windows\system32\urqpqrSl.dll
.
((((((((((((((((((((((((( Files Created from 2008-06-05 to 2008-07-05 )))))))))))))))))))))))))))))))
.
2008-07-05 20:04 . 2008-07-05 20:04d--------C:\Program Files\Trend Micro
2008-07-05 12:30 . 2008-07-05 12:30d--------C:\Windows\Sun
2008-07-05 11:16 . 2008-07-05 11:29d--------C:\Users\chuck chiuco\.housecall6.6
2008-07-04 21:13 . 2008-07-05 10:51d--------C:\Users\chuck chiuco\AppData\Roaming\LimeWire
2008-07-02 16:13 . 2008-07-02 16:13d--------C:\Program Files\YouTube Downloader
2008-06-26 21:03 . 2008-06-26 21:03354,560--a------C:\Windows\System32\TuneUpDefragService.exe
2008-06-26 21:03 . 2008-04-04 14:5128,416--a------C:\Windows\System32\uxtuneup.dll
2008-06-26 21:03 . 2008-04-04 14:5116,640--a------C:\Windows\System32\authuitu.dll
2008-06-12 19:44 . 2008-06-12 19:440--ah-----C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-06-11 12:05 . 2008-04-25 10:121,383,424--a------C:\Windows\System32\mshtml.tlb
2008-06-11 12:05 . 2008-04-25 12:35826,880--a------C:\Windows\System32\wininet.dll
2008-06-11 12:03 . 2008-04-26 16:081,314,816--a------C:\Windows\System32\quartz.dll
2008-06-11 12:03 . 2008-05-10 09:33113,664--a------C:\Windows\System32\drivers\rmcast.sys
2008-06-06 12:36 . 2008-06-06 12:36d--------C:\PerfLogs
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-05 13:03---------d-----wC:\Users\chuck chiuco\AppData\Roaming\DNA
2008-07-05 09:52---------d-----wC:\Users\chuck chiuco\AppData\Roaming\BitTorrent
2008-07-04 13:09---------d-----wC:\Program Files\ESET
2008-06-26 13:03---------d-----wC:\Program Files\TuneUp Utilities 2008
2008-06-14 07:46---------d-----wC:\Users\chuck chiuco\AppData\Roaming\SiteAdvisor
2008-06-11 16:27---------d-----wC:\Program Files\Windows Mail
2008-06-06 05:06174--sha-wC:\Program Files\desktop.ini
2008-06-06 04:44---------d-----wC:\Program Files\Windows Sidebar
2008-06-06 04:44---------d-----wC:\Program Files\Windows Photo Gallery
2008-06-06 04:44---------d-----wC:\Program Files\Windows Collaboration
2008-06-06 04:44---------d-----wC:\Program Files\Windows Calendar
2008-06-06 04:43---------d-----wC:\Program Files\Windows Defender
2008-06-01 03:38---------d-----wC:\ProgramData\Microsoft Help
2008-05-31 11:41---------d-----wC:\Program Files\NetBeans 6.0
2008-05-31 11:40---------d-----wC:\Program Files\Apache Software Foundation
2008-05-24 03:53---------d-----wC:\Program Files\iTunes
2008-05-24 03:53---------d-----wC:\Program Files\iPod
2008-05-24 03:50---------d-----wC:\Program Files\QuickTime
2008-05-24 02:47---------d-----wC:\Program Files\BitTorrent
2008-05-24 02:46---------d-----wC:\Program Files\DNA
2008-05-24 02:32---------d-----wC:\Program Files\Apple Software Update
2008-05-19 09:00---------d-----wC:\ProgramData\Symantec
2008-05-19 08:59805----a-wC:\Windows\system32\drivers\SYMEVENT.INF
2008-05-19 08:598,014----a-wC:\Windows\system32\drivers\SYMEVENT.CAT
2008-05-19 08:59109,744----a-wC:\Windows\system32\drivers\SYMEVENT.SYS
2008-05-19 08:59---------d-----wC:\Program Files\Symantec
2008-05-19 08:59---------d-----wC:\Program Files\Common Files\Symantec Shared
2008-05-19 08:58---------d-----wC:\Program Files\Symantec AntiVirus
2008-05-13 06:25---------d-----wC:\Program Files\Microsoft Works
2007-05-24 01:14262,144----a-wC:\ProgramData\ntuser.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2006-11-11 05:22 417792]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-05-24 10:46 289088]
"E07AXLRD_24659234"="C:\Program Files\Microsoft Encarta\Encarta Premium DVD 2007\EDICT.EXE" [2006-06-10 17:10 351000]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"="C:\Windows\System32\msconfig.exe" [2008-01-19 15:33 227840]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-11-22 17:12 107112]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-11-28 06:34 134808]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-28 04:50 815104]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-10 01:57 3784704 C:\Windows\RtHDVCpl.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35 1294336]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm.acm
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^chuck chiuco^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Users\chuck chiuco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\Windows\pss\Adobe Gamma.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain]
--a------ 2006-12-16 06:59 530552 C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2005-06-06 23:46 57344 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2006-11-29 11:17 106496 C:\Windows\System32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2007-03-11 21:34 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HSON]
--a------ 2006-12-08 07:49 55416 C:\Program Files\Toshiba\TBS\HSON.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HWSetup]
--a------ 2006-11-01 23:06 413696 C:\Program Files\Toshiba\Utilities\HWSetup.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2006-11-29 11:14 98304 C:\Windows\System32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KeNotify]
--a------ 2006-11-07 08:14 34352 C:\Program Files\Toshiba\Utilities\KeNotify.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh]
--a------ 2005-12-16 17:41 188416 C:\Program Files\ltmoh\ltmoh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32kui]
--a------ 2007-11-19 10:07 949376 C:\Program Files\ESET\nod32kui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
--a------ 2007-12-10 10:12 695808 C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
--a------ 2006-11-29 11:13 81920 C:\Windows\System32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiteAdvisor]
--a------ 2006-10-19 00:14 35928 C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
--a------ 2006-12-12 08:45 448632 C:\Program Files\Toshiba\SmoothView\SmoothView.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SVPWUTIL]
--a------ 2006-01-19 07:06 421888 C:\Program Files\Toshiba\Utilities\SVPWUTIL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2006-10-28 04:50 815104 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPwrMain]
--a------ 2006-12-20 14:16 411768 C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2008-01-19 15:38 1008184 C:\Program Files\Windows Defender\MSASCui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
--a------ 2006-11-10 01:57 3784704 C:\Windows\RtHDVCpl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{BE72CEC1-CAAF-493B-B075-5EBBA76BF2A2}"= UDP:C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"{C116E19A-60C0-47F9-9BAB-6C6BDEF5E836}"= UDP:C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:Yahoo! Music Jukebox
"{09557353-EFED-4298-969C-3C4C6C8EA901}"= TCP:C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:Yahoo! Music Jukebox
"TCP Query User{89241E07-A662-45C0-B48D-07CE55EF2F77}C:\\program files\\java\\jdk1.6.0_03\\jre\\bin\\java.exe"= UDP:C:\program files\java\jdk1.6.0_03\jre\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{4927C80D-52BB-46A0-81AB-0806C79B7C85}C:\\program files\\java\\jdk1.6.0_03\\jre\\bin\\java.exe"= TCP:C:\program files\java\jdk1.6.0_03\jre\bin\java.exe:Java(TM) Platform SE binary
"TCP Query User{C732612D-C29E-4C06-A228-6B1EAA5044B4}C:\\program files\\java\\jre1.6.0_03\\bin\\java.exe"= UDP:C:\program files\java\jre1.6.0_03\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{3231E652-11E6-4674-AA8B-C5FDAEFE86AC}C:\\program files\\java\\jre1.6.0_03\\bin\\java.exe"= TCP:C:\program files\java\jre1.6.0_03\bin\java.exe:Java(TM) Platform SE binary
"TCP Query User{8663F1DC-0434-4DDC-93D5-43862C4BB3D2}C:\\program files\\java\\jdk1.6.0_03\\bin\\java.exe"= UDP:C:\program files\java\jdk1.6.0_03\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{38E4EBAC-3833-496A-8B65-3355840A1C8E}C:\\program files\\java\\jdk1.6.0_03\\bin\\java.exe"= TCP:C:\program files\java\jdk1.6.0_03\bin\java.exe:Java(TM) Platform SE binary
"{79B72BE6-5BF5-4674-954B-62977C9BF9AD}"= UDP:C:\Program Files\Symantec AntiVirus\Rtvscan.exe:Symantec Antivirus
"{F39AD649-8304-4AB1-850C-3E57695B507D}"= TCP:C:\Program Files\Symantec AntiVirus\Rtvscan.exe:Symantec Antivirus
"{E0F62224-777E-4936-ADEA-C54A405FF628}"= UDP:C:\Program Files\Common Files\Symantec Shared\ccApp.exe:Symantec Email
"{D74A5E5D-DC9F-44D4-BB63-71038F627053}"= TCP:C:\Program Files\Common Files\Symantec Shared\ccApp.exe:Symantec Email
"{72E56E42-9089-40F7-B73F-EA151FFF8510}"= UDP:C:\Program Files\DNA\btdna.exe NA
"{C0BD6D0D-B336-46C8-8667-6573321EDFE3}"= TCP:C:\Program Files\DNA\btdna.exeNA
"{0E054C4A-CBFA-4C92-BAC5-DF80E14A0866}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{D0B73F0E-8167-4C8E-B07A-AA03D68FB375}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{3C7AD3E7-5FFE-4B0D-8A27-1FD9BF1D0949}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{E1119A88-19F7-4AA9-A5AC-6DE2CE1490EE}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{ADA95086-DD11-4952-88FC-05A58E0EC4EB}"= UDP:C:\Users\chuck chiuco\LimeWire\LimeWire.exe:LimeWire
"{D5127073-7496-46BF-896E-25579759B986}"= TCP:C:\Users\chuck chiuco\LimeWire\LimeWire.exe:LimeWire
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"= C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine
"C:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= C:\TOSHIBA\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetworkREG_MULTI_SZ PLA DPS BFE mpssvc
hpdevmgmtREG_MULTI_SZ hpqcxs08 hpqddsvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{04a02a64-0fff-11dd-8a08-001b3845110c}]
\shell\AutoRun\command - E:\password_viewer.exe %1
\shell\Explore\command - E:\password_viewer.exe %1
\shell\Open\command - E:\password_viewer.exe %1
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1601d692-10ce-11dd-a95a-001b3845110c}]
\shell\AutoRun\command - E:\password_viewer.exe %1
\shell\Explore\command - E:\password_viewer.exe %1
\shell\Open\command - E:\password_viewer.exe %1
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52a39800-2264-11dd-88b0-001b3845110c}]
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\Desktop.exe
\shell\Explore\Command - E:\Desktop.exe
\shell\Open\Command - E:\Desktop.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e1ee209-aaaf-11dc-8e08-001b3845110c}]
\shell\AutoRun\command - SilentSoftech.exe
\shell\explore\command - SilentSoftech.exe
\shell\open\command - SilentSoftech.exe
\shell\var1\command - SilentSoftech.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e234826-ee34-11dc-a25d-001b3845110c}]
\shell\Auto\command - F:\noteped.exe
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\noteped.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bbed94f5-202d-11dd-8f98-001b3845110c}]
\shell\1\Command - E:\music.exe
\shell\2\Command - E:\music.exe
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\Music.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c586816e-1b85-11dd-924d-001b3845110c}]
\shell\AutoRun\command - E:\password_viewer.exe %1
\shell\Explore\command - E:\password_viewer.exe %1
\shell\Open\command - E:\password_viewer.exe %1
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dd994f17-0b43-11dd-96e6-001b3845110c}]
\shell\AutoRun\command - E:\password_viewer.exe %1
\shell\Explore\command - E:\password_viewer.exe %1
\shell\Open\command - E:\password_viewer.exe %1
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dd994f24-0b43-11dd-96e6-001b3845110c}]
\shell\AutoRun\command - vuts0e.cmd
\shell\explore\Command - vuts0e.cmd
\shell\open\Command - vuts0e.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ebcf0a00-110b-11dd-a6cd-001b3845110c}]
\shell\AutoRun\command - G:\password_viewer.exe %1
\shell\Explore\command - G:\password_viewer.exe %1
\shell\Open\command - G:\password_viewer.exe %1
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8c428b3-11ed-11dd-ab6e-001b3845110c}]
\shell\AutoRun\command - E:\password_viewer.exe %1
\shell\Explore\command - E:\password_viewer.exe %1
\shell\Open\command - E:\password_viewer.exe %1
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ff7ba673-0f3e-11dd-8bc0-001b3845110c}]
\shell\AutoRun\command - F:\password_viewer.exe %1
\shell\Explore\command - F:\password_viewer.exe %1
\shell\Open\command - F:\password_viewer.exe %1
.
Contents of the 'Scheduled Tasks' folder
"2008-07-04 09:16:32 C:\Windows\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
.
- - - - ORPHANS REMOVED - - - -
BHO-{4199E18C-2A6A-4A36-ABB6-166565573ECA} - C:\Users\CHUCKC~1\AppData\Local\Temp\awtqRHAs.dll
ShellExecuteHooks-{427B37EF-B6C5-4823-A97C-10B88977E398} - C:\Windows\system32\urqpqrSl.dll
MSConfigStartUp-NDSTray - NDSTray.exe
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-05 21:06:56
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
C:\Program Files\ESET\nod32krn.exe
C:\TOSHIBA\IVP\ISM\pinger.exe
C:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Windows\System32\TODDSrv.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-07-05 21:14:06 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-05 13:13:40
Pre-Run: 49,588,867,072 bytes free
Post-Run: 49,435,668,480 bytes free
268--- E O F ---2008-07-04 08:27:11
|
| |
| | |
Senior Forum Moderator
Group: Moderators
Last Login: 8/9/2008 10:14 AM
Posts: 29,010, Visits: 54,734 |
| You're running filesharing programs.
Many of these programs come bundled with unwanted components/malware.
If you wish to find out whether the one you're using does,click Here.
Even if you are using a so called "safe" program,it's only the program that's safe.
You will be sharing files from uncertified sources,and these are often infected.
The bad guys use filesharing programs as a major source to spread their wares.
I suggest you uninstall it/them now.
If you must use P2P/file sharing programs,you should read on:
* Don't download files from people you don't trust -- Just like you shouldn't open e-mail attachments from people you don't trust, you should be wary about downloading files from them as well.
* Keep your file-sharing legal -- Downloading copyrighted music, movies and software using these file-sharing programs without the copyright owner's permission could put you in serious legal trouble. Peer-to-peer users should be aware that they may not be anonymous while using these networks. Copyright holders have located peer-to-peer copyright infringers and have sued them. There are a growing number of online music and movie services where you can stream, download or purchase digital files with the copyright owners' permission. Using these services is one way to ensure that you will avoid unwanted lawsuits.
* Watch out for spy-ware -- Some file-sharing programs embed spy-ware programs when you install them on your computer. These programs can run in the background and create unwanted pop-up advertisements and some even monitor your online behavior.
* Use and update your anti-virus software -- Computer experts are starting to see viruses being spread through file-sharing networks. Be careful what you download and always make sure your anti-virus software is running and frequently updated.
* Secure your sensitive computer information -- If you keep sensitive information on your computer like your tax return information and online bank account data, check to make sure that you are not inadvertently making this available to thousands of strangers on the Internet.
* Parents, talk to your kids -- Parents should be aware that file-sharing networks contain inappropriate audio and video clips -- many of a sexually explicit nature.
Copy and paste ALL the following text in the code box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: CFScript to your desktop.
KILLALL::
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{04a02a64-0fff-11dd-8a08-001b3845110c}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1601d692-10ce-11dd-a95a-001b3845110c}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52a39800-2264-11dd-88b0-001b3845110c}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e1ee209-aaaf-11dc-8e08-001b3845110c}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e234826-ee34-11dc-a25d-001b3845110c}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bbed94f5-202d-11dd-8f98-001b3845110c}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c586816e-1b85-11dd-924d-001b3845110c}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dd994f17-0b43-11dd-96e6-001b3845110c}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dd994f24-0b43-11dd-96e6-001b3845110c}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ebcf0a00-110b-11dd-a6cd-001b3845110c}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8c428b3-11ed-11dd-ab6e-001b3845110c}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ff7ba673-0f3e-11dd-8bc0-001b3845110c}]
Now drag then drop the CFScript file onto ComboFix.exe as seen in the image below.
This will start ComboFix again.
After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.
Run F-Secure Online Scanner.
Note:
This scanner is for Internet Explorer only.
* Click on Online Services and then Online Scanner.
* Accept the License Agreement.
* Once the ActiveX installs,click Full System Scan.
* Once the download completes,the scan will begin automatically.
* The scan will take some time to finish,so please be patient.
* When the scan completes, click the Automatic cleaning (recommended) button.
* Click the Show Report button then copy and paste the entire report into your next reply.
Also post a new Hijackthis log,let me know how your pc is running now.
________________________________________
ASAP & UNITE member since 2006
|
| |
| | | New Member
Group: Forum Members
Last Login: 7/9/2008 6:28 AM
Posts: 15, Visits: 15 |
| Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:44, on 2008-07-05
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\msconfig.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Microsoft Encarta\Encarta Premium DVD 2007\EDICT.EXE
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\System32\wsqmcons.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: (no name) - {4199E18C-2A6A-4A36-ABB6-166565573ECA} - C:\Users\CHUCKC~1\AppData\Local\Temp\awtqRHAs.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\System32\msconfig.exe" /auto
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [E07AXLRD_24659234] "C:\Program Files\Microsoft Encarta\Encarta Premium DVD 2007\EDICT.EXE" -m
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1 |
| |
|
