Firefox pop-ups have now stopped. I still can't turn on the firewall - though I assume that would be a Windows XP SP2 issue. SpySweeper is pretty awesome, is it the best one out there to buy?
Spysweeper Log:********
11:01 AM: | Start of Session, Thursday, November 17, 2005 |
11:01 AM: Spy Sweeper started
11:01 AM: Sweep initiated using definitions version 573
11:01 AM: Starting Memory Sweep
11:02 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:02 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:02 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:02 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:02 AM: Found Adware: icannnews
11:02 AM: Detected running threat: C:\WINDOWS\system32\ir0ml5d11.dll (ID = 83)
11:03 AM: Detected running threat: C:\WINDOWS\system32\weadmoe.dll (ID = 83)
11:03 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:03 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:03 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:03 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:04 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:04 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:04 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:04 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:04 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:04 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:04 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:04 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:05 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:05 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:05 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:05 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:05 AM: Detected running threat: C:\WINDOWS\system32\guard.tmp (ID = 83)
11:05 AM: Memory Sweep Complete, Elapsed Time: 00:03:34
11:05 AM: Starting Registry Sweep
11:05 AM: Found Adware: effective-i toolbar
11:05 AM: HKLM\software\effective-i\ (22 subtraces) (ID = 125658)
11:05 AM: Found Adware: internetoptimizer
11:05 AM: HKLM\software\avenue media\ (27 subtraces) (ID = 128888)
11:05 AM: Found Adware: maxifiles
11:05 AM: HKLM\software\classes\xbtb07618.xbtb07618.1\ (3 subtraces) (ID = 134854)
11:05 AM: HKLM\software\classes\xbtb07618.xbtb07618\ (5 subtraces) (ID = 134855)
11:05 AM: HKLM\software\microsoft\windows\currentversion\uninstall\xbtb07618.xbtb07618toolbar\ (2 subtraces) (ID = 134857)
11:05 AM: HKCR\xbtb07618.xbtb07618.1\ (3 subtraces) (ID = 134867)
11:05 AM: HKCR\xbtb07618.xbtb07618\ (5 subtraces) (ID = 134868)
11:05 AM: Found Adware: mirar webband
11:05 AM: HKCR\clsid\{9a9c9b69-f908-4aab-8d0c-10ea8997f37e}\ (6 subtraces) (ID = 135066)
11:05 AM: HKLM\software\classes\clsid\{9a9c9b69-f908-4aab-8d0c-10ea8997f37e}\ (6 subtraces) (ID = 135079)
11:05 AM: Found Adware: elitemediagroup-mediamotor
11:05 AM: HKCR\clsid\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9}\ (23 subtraces) (ID = 140032)
11:05 AM: HKLM\software\classes\clsid\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9}\inprocserver32\ (2 subtraces) (ID = 140081)
11:05 AM: HKLM\software\classes\clsid\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9}\miscstatus\ (3 subtraces) (ID = 140082)
11:05 AM: HKLM\software\classes\clsid\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9}\progid\ (1 subtraces) (ID = 140083)
11:05 AM: HKLM\software\classes\clsid\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9}\toolboxbitmap32\ (1 subtraces) (ID = 140084)
11:05 AM: HKLM\software\classes\clsid\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9}\typelib\ (1 subtraces) (ID = 140085)
11:05 AM: HKLM\software\classes\clsid\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9}\version\ (1 subtraces) (ID = 140086)
11:05 AM: HKLM\software\avenue media\internet optimizer\ (26 subtraces) (ID = 394594)
11:05 AM: Found Trojan Horse: trojan downloader popuppers
11:05 AM: HKCR\clsid\{62fba4e7-bd9e-4d8d-8fbb-3c32999cb7fc}\ (23 subtraces) (ID = 960709)
11:05 AM: HKCR\clsid\{a03323d3-f649-4f16-a6e4-4fc53f917a83}\ (10 subtraces) (ID = 960733)
11:05 AM: HKCR\typelib\{1942bebe-dce5-4148-868e-1250a2218b4c}\ (9 subtraces) (ID = 960748)
11:05 AM: HKLM\software\classes\clsid\{62fba4e7-bd9e-4d8d-8fbb-3c32999cb7fc}\ (23 subtraces) (ID = 960771)
11:05 AM: HKLM\software\classes\clsid\{a03323d3-f649-4f16-a6e4-4fc53f917a83}\ (10 subtraces) (ID = 960795)
11:05 AM: HKLM\software\classes\typelib\{1942bebe-dce5-4148-868e-1250a2218b4c}\ (9 subtraces) (ID = 960810)
11:05 AM: Found Adware: lopdotcom
11:05 AM: HKU\S-1-5-21-2169178071-3036124262-2297696099-1006\software\microsoft\internet explorer\new windows\allow\ || lop.com (ID = 130287)
11:05 AM: HKU\S-1-5-21-2169178071-3036124262-2297696099-1006\software\microsoft\internet explorer\new windows\allow\ || searchweb2.com (ID = 130288)
11:05 AM: HKU\S-1-5-21-2169178071-3036124262-2297696099-1006\software\microsoft\internet explorer\new windows\allow\ || www.lop.com (ID = 130289)
11:05 AM: HKU\S-1-5-21-2169178071-3036124262-2297696099-1006\software\microsoft\internet explorer\new windows\allow\ || www.searchweb2.com (ID = 130290)
11:06 AM: HKU\S-1-5-18\software\director\ || baseurl (ID = 980277)
11:06 AM: Registry Sweep Complete, Elapsed Time:00:00:59
11:06 AM: Starting Cookie Sweep
11:06 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:06 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:06 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:06 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:06 AM: Cookie Sweep Complete, Elapsed Time: 00:00:00
11:06 AM: Starting File Sweep
11:06 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:06 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:06 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:06 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:06 AM: c:\documents and settings\localservice\start menu\programs\ucmore - the search accelerator (3 subtraces) (ID = -2147481062)
11:06 AM: Found Trojan Horse: trojan downloader matcash
11:06 AM: c:\program files\common files\inetget (1 subtraces) (ID = -2147477182)
11:07 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:07 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:07 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:07 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:07 AM: unstall.exe (ID = 133210)
11:07 AM: Found Adware: look2me
11:07 AM: akisynth_c.dll (ID = 163672)
11:07 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:07 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:07 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:07 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:07 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:07 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:07 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:07 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:08 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:08 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:08 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:08 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:08 AM: Found Adware: targetsaver
11:08 AM: vocabulary (ID = 78283)
11:08 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:08 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:08 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:08 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:09 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:09 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:09 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:09 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:09 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:09 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:09 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:09 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:10 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:10 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:10 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:10 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:10 AM: class-barrel (ID = 78229)
11:10 AM: anti gram.exe (ID = 122)
11:10 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:10 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:10 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:10 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:10 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:10 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:10 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:10 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:11 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:11 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:11 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:11 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:11 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:11 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:11 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:11 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:12 AM: close axis.exe (ID = 122)
11:12 AM: icont.exe (ID = 65739)
11:12 AM: iemonitor.ocx (ID = 186211)
11:12 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:12 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:12 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:12 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:12 AM: autoit3.exe (ID = 185254)
11:12 AM: Found Adware: command
11:12 AM: mte3ndi6odoxng.exe (ID = 185985)
11:12 AM: Found Adware: apropos
11:12 AM: contextplus.exe (ID = 185940)
11:12 AM: mc-110-12-0000169.exe.tcf (ID = 184140)
11:12 AM: rule sign.exe (ID = 122)
11:12 AM: mc-110-12-0000169.exe.tcf (ID = 190798)
11:12 AM: mc-110-12-0000169.exe.tcf (ID = 190798)
11:12 AM: installer.exe (ID = 168558)
11:12 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:12 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:12 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:12 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:12 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:12 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:12 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:12 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:13 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:13 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:13 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:13 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:14 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:14 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:14 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:14 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:14 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:14 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:14 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:14 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:14 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:14 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:14 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:14 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:15 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:15 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:15 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:15 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:15 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:15 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:15 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:15 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:15 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:15 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:15 AM: ucmore tour.lnk (ID = 59855)
11:15 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:15 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:15 AM: how to uninstall.lnk (ID = 59838)
11:16 AM: File Sweep Complete, Elapsed Time: 00:09:52
11:16 AM: Full Sweep has completed. Elapsed time 00:14:37
11:16 AM: Traces Found: 276
11:16 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:16 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:16 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:16 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:16 AM: Removal process initiated
11:16 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:16 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:16 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:16 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:16 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:16 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:16 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:16 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:17 AM: Quarantining All Traces: icannnews
11:17 AM: icannnews is in use. It will be removed on reboot.
11:17 AM: C:\WINDOWS\system32\ir0ml5d11.dll is in use. It will be removed on reboot.
11:17 AM: C:\WINDOWS\system32\weadmoe.dll is in use. It will be removed on reboot.
11:17 AM: C:\WINDOWS\system32\guard.tmp is in use. It will be removed on reboot.
11:17 AM: Quarantining All Traces: look2me
11:17 AM: Quarantining All Traces: lopdotcom
11:17 AM: Quarantining All Traces: trojan downloader matcash
11:17 AM: Quarantining All Traces: apropos
11:17 AM: Quarantining All Traces: internetoptimizer
11:17 AM: Quarantining All Traces: maxifiles
11:17 AM: maxifiles is in use. It will be removed on reboot.
11:17 AM: mc-110-12-0000169.exe.tcf is in use. It will be removed on reboot.
11:17 AM: Quarantining All Traces: trojan downloader popuppers
11:17 AM: Quarantining All Traces: command
11:17 AM: Quarantining All Traces: effective-i toolbar
11:17 AM: Quarantining All Traces: elitemediagroup-mediamotor
11:18 AM: Quarantining All Traces: mirar webband
11:18 AM: Quarantining All Traces: targetsaver
11:20 AM: Preparing to restart your computer. Please wait...
11:20 AM: Removal process completed. Elapsed time 00:04:10
********
10:59 AM: | Start of Session, Thursday, November 17, 2005 |
10:59 AM: Spy Sweeper started
10:59 AM: Your spyware definitions have been updated.
11:01 AM: | End of Session, Thursday, November 17, 2005 |
Hijack This Log:Logfile of HijackThis v1.99.1
Scan saved at 11:28:03 AM, on 11/17/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\iTunes\iTunesHelper.exe
c:\Toshiba\IVP\swupdate\swupdtmr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\toshiba\ivp\ism\ivpsvmgr.exe
C:\Program Files\TrojanHunter 4.2\THGuard.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Pongo\Desktop\spyware [bleep]\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://toshibadirect.com/O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IVPServiceMgr] C:\toshiba\ivp\ism\ivpsvmgr.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.micros...b?1131829831250O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoft...free/asinst.cabO20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe
Edited by deeplennon, 17 November 2005 - 01:32 PM.