Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirect Malware Has Dug In; Can't Run GMER Without Blue Screen


  • This topic is locked This topic is locked
46 replies to this topic

#1 gregger77

gregger77

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:03:17 PM

Posted 23 June 2010 - 05:26 PM

Hello,

I have picked up redirect malware that redirects my browser at will to sites like Tazinga and Monster Marketplace. I also get occasional fake Google search wndows or am directed to malware software offers. Affects both Firefox and IE. Here's what I know about my situation:

1. I am running Windows XP and network connections are firewalled.

2. I tried to run DDS, but the .scr extension is also used by my AutoCad True View program, thinks its a True View script, and won't run without filling notepad wth complete gibberish.

3. I have run Defogger, with this result logged:

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 15:38 on 23/06/2010 (RG009)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...

-=E.O.F=-

4. I downloaded and ran GMER; twice now, I have gotten the Blue Screen of Death and my system rebooted on its own.

5. Periodically I get a "Host Process for Windows Services stopped Working" error.

6. I ran MalwareBytes and it found 2 instances of Aleuron Trojan virus. Hit "remove" and it said it did, but nothing changed with behavior of the browser.

Sorry that's all I know. Would like to run DDS but that would seem to mean uninstalling True View which would be a real pain; maybe there is another way to run it.

Thanks for any advice you can offer!

--G.


BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,507 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:17 PM

Posted 23 June 2010 - 05:33 PM


Hello gregger77,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • Finally, please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.


1.
Try and rename DDS to to Fire.com and try and run it.

2.
Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.


3.
Please try and run Gmer in Safemode. Please uncheck Services and Device

Things to include in your next reply::
DDS LOG
GMER LOG




" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 gregger77

gregger77
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:03:17 PM

Posted 23 June 2010 - 08:57 PM

Hi there

Renaming DDS didn't really work...now the file name is really "fire.com.scr" and is still "recognized" as a True View Script file. Running it produces a log file, and here's a sample of the content:

VK ўoTN<N<T#=L34w
lTS`M6lՍ[NPHr_0)a ؾ,f)|Bţ3]ˣoKjvh-Pw4l4` \3nfwp"nseXcDgϨ|0 O E J\#2\bN\Mk(^EK] m
<_@tHw,K{YwCdAEj]vWbڰ.ϓcF (C&{;yU2)[)g*uŊ0ʫ䜁M呎s
PKڟ}Cb{/p=_IѶ_' ֐`VSJYgĹ|_KwD ;6ИoOGS̷c7KgB-6Xfv-pĝ]PmUu ;&

Meanwhile, when I put my laptop into Safe Mode, my login and password for Windows will not work, and therefore I am unable to run GMER in safe mode. When I restart the computer and login to normal mode Windows, the login and password work once again.

Frustrating!

#4 gregger77

gregger77
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:03:17 PM

Posted 24 June 2010 - 12:07 PM

Hey fireman, any thoughts on next steps?

Thanks!

#5 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,507 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:17 PM

Posted 24 June 2010 - 06:23 PM

    1. Please download OTL from one of the following mirrors:
  • This is THE Mirror
    2. Save it to your desktop.
    3. Double click on the icon on your desktop.
    4. Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT

    5. Push the Quick Scan button.
    6. Two reports will open, copy and paste them in a reply here:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,507 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:17 PM

Posted 26 June 2010 - 01:25 PM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 5-7 days the topic will need to be closed.

Thanks for understanding smile.gif

With Regards,
fireman4it

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 gregger77

gregger77
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:03:17 PM

Posted 28 June 2010 - 08:57 AM

Hi

Took a few days off and have been busy trying to run and log DDS, GMER, OTL. Will report back shortly with logs. Took a long time assembling it all in a reply here only to lose it before it could post. Will try again later today.

Thanks!


#8 gregger77

gregger77
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:03:17 PM

Posted 28 June 2010 - 04:11 PM

Since the forum refuses to allow me to paste in a full log, let's try an attachment, then, containing the body of the reply I would like to post.

Into the attachment (notepad file) are pasted logs for DDS, OTL and GMER.

Please read the attachment to access these logs.

Edited by gregger77, 28 June 2010 - 04:20 PM.


#9 gregger77

gregger77
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:03:17 PM

Posted 28 June 2010 - 04:22 PM

It's a 60K .txt file. Almost nothing. The "uploading file" routine goes on for minutes and hangs. What's the problem?

#10 gregger77

gregger77
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:03:17 PM

Posted 28 June 2010 - 04:30 PM

DEFOGGER LOG

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 17:56 on 23/06/2010 (RG009)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

* * *

* * *

DDS LOG


DDS (Ver_10-03-17.01) - NTFSx86 MINIMAL
Run by Administrator at 16:42:54.42 on Sun 06/27/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2968.2685 [GMT -5:00]

AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

============== Running Processes ===============

C:\windows\system32\svchost -k DcomLaunch
svchost.exe
C:\windows\system32\svchost.exe -k netsvcs
C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\windows\Explorer.EXE
C:\Documents and Settings\RG009\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://lenovo.live.com
uDefault_Page_URL = hxxp://lenovo.live.com
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptsn.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\acti

* * *

DDS LOG


DDS (Ver_10-03-17.01) - NTFSx86 MINIMAL
Run by Administrator at 16:42:54.42 on Sun 06/27/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2968.2685 [GMT -5:00]

AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

============== Running Processes ===============

C:\windows\system32\svchost -k DcomLaunch
svchost.exe
C:\windows\system32\svchost.exe -k netsvcs
C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\windows\Explorer.EXE
C:\Documents and Settings\RG009\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://lenovo.live.com
uDefault_Page_URL = hxxp://lenovo.live.com
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptsn.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\ado

#11 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,507 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:17 PM

Posted 28 June 2010 - 06:24 PM

Hello,

I need the full DDS log. If you have to use multiple posts. How is your machine running also?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#12 gregger77

gregger77
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:03:17 PM

Posted 28 June 2010 - 09:10 PM

QUOTE(fireman4it @ Jun 28 2010, 06:24 PM) View Post
Hello,

I need the full DDS log. If you have to use multiple posts. How is your machine running also?


For the moment, at least, the computer is running okay. I think I have a problem with the internet service I am using (at a hotel); maybe it's blocking me from uploading a lousy little 60K file?

If I cut and paste all the logs I have in tiny pieces, we're talking a whole lot of posts. I guess I will wait until I'm able to use another ISP (like, at a Starbucks or something) and see how I do.

Thanks for your help.

Edited by gregger77, 28 June 2010 - 09:11 PM.


#13 gregger77

gregger77
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:03:17 PM

Posted 28 June 2010 - 09:13 PM

I keep trying to paste in the whole DDS log (which is only 14KB of text). Keep getting an error "internet connection was reset." As I said, I'll have to try another connection.

By the way, I have the entire set of DDS, GMER and OTL logs in a short 60K .txt file, so if I can email this to you somewhere, I'd gladly do that.

Thanks

--G.

Edited by gregger77, 28 June 2010 - 09:16 PM.


#14 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,507 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:17 PM

Posted 28 June 2010 - 09:16 PM

Hello,

I will wait for your logs. In the mean time here is a couple other scanners to run. You can post these results with your DDS log.


1.
Please download Malwarebytes Anti-Malware (v1.44) and save it to your desktop.MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

2.
I'd like us to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push
Note for Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)

You can refer to this short video by: neomage
**Note**
To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#15 gregger77

gregger77
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:03:17 PM

Posted 29 June 2010 - 07:32 AM

Trying again to post. Here's what has been done.

1) Ran Defogger. See log pasted below. (NOTE, all of the items I have pasted below are separated by * * * three asterisks and a label).

2) Ran DDS in Safe mode. See log pasted below.

3) Tried to run OTL in Windows regular mode. Crashed to blue screen during "Creating Restore Point." Error reads, "Access violation at address 0040295B in module 'OTL.exe'. Read of address 0020F000.

4) Ran OTL again in Safe mode. Took probably 10-15 minutes; was very slow during "Manual file scan...Getting folder structure."

Pasted both logs below.

5) Tried to run GMER in Safe mode, got blue screen; error message left screen quickly, but referred to "PFN_LIST_..."

6) Ran GMER again in Safe mode. Generated log below.

Let me know what to do next. Thanks!

* * *

DEFOGGER LOG

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 17:56 on 23/06/2010 (RG009)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

* * *

DDS LOG


DDS (Ver_10-03-17.01) - NTFSx86 MINIMAL
Run by Administrator at 16:42:54.42 on Sun 06/27/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2968.2685 [GMT -5:00]

AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

============== Running Processes ===============

C:\windows\system32\svchost -k DcomLaunch
svchost.exe
C:\windows\system32\svchost.exe -k netsvcs
C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\windows\Explorer.EXE
C:\Documents and Settings\RG009\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://lenovo.live.com
uDefault_Page_URL = hxxp://lenovo.live.com
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptsn.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [picon] "c:\program files\common files\intel\privacy icon\PrivacyIconClient.exe" -startup
mRun: [TPFNF7] c:\program files\lenovo\npdirect\TPFNF7SP.exe /r
mRun: [<NO NAME>]
mRun: [TpShocks] TpShocks.exe
mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [CameraApplicationLauncher] c:\program files\lenovo\camera center\bin\CameraApplicationLaunchpadLauncher.exe
mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: [BLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog
mRun: [CreateLMBCShortCut] "c:\program files\lenovo\mobile broadband connect\UserShortcutCreator.exe"
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\thinkpad\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\pimm.lnk - c:\program files\pimm\Pimm.exe
mPolicies-explorer: NoWe




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users