JISC0412
2010-03-25, 17:11
Hi,
Have been infected with a virus on my Windows Vista Home Prem SP2 laptop. Used Malwarebyes Anti-Malware to remove the main infection. The problem I now have is that when I try to go to Google Mail, Internet Explorer and Google Chrome say that the security certificate is invalid.
It identified Fraud.WindowsProtectionSuite & Microsoft Windows Redirected Hosts but i get an error saying that there is an "error in fixing. c:\windows\system32\drivers\etc\hosts access is denied".
I googled the problem on my desktop computer and started trying fixes on the laptop before I read the posts on this site that say specifically not to do that. Here is what I have done so far. The machine still has the original problem, mentioned above.
I ran HiJackThis and removed a BHO with no name or file attached. I also attempted to remove entries from the HOSTS section, but on rescanning, they were still there. I then ran DDS, and ComboFix.
Once these had run with no change was the point when I read the "Before you post" thread. Sorry about that.
I have now used ERUNT to back up the registry.
My HiJack This Log is posted below (if you'd like to see the one that I did at the start of my previous efforts, let me know).
Thanks
JISC0412
---------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:10:22, on 25/03/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\vVX6000.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Users\terry\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.aol.co.uk/web?isinit=true&query=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getavplusnow.com
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 - Hosts: 74.125.45.100 urs.microsoft.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
O1 - Hosts: 93.186.119.130 www.google.com
O1 - Hosts: 93.186.119.130 google.com
O1 - Hosts: 93.186.119.130 google.com.au
O1 - Hosts: 93.186.119.130 www.google.com.au
O1 - Hosts: 93.186.119.130 google.be
O1 - Hosts: 93.186.119.130 www.google.be
O1 - Hosts: 93.186.119.130 google.com.br
O1 - Hosts: 93.186.119.130 www.google.com.br
O1 - Hosts: 93.186.119.130 google.ca
O1 - Hosts: 93.186.119.130 www.google.ca
O1 - Hosts: 93.186.119.130 google.ch
O1 - Hosts: 93.186.119.130 www.google.ch
O1 - Hosts: 93.186.119.130 google.de
O1 - Hosts: 93.186.119.130 www.google.de
O1 - Hosts: 93.186.119.130 google.dk
O1 - Hosts: 93.186.119.130 www.google.dk
O1 - Hosts: 93.186.119.130 google.fr
O1 - Hosts: 93.186.119.130 www.google.fr
O1 - Hosts: 93.186.119.130 google.ie
O1 - Hosts: 93.186.119.130 www.google.ie
O1 - Hosts: 93.186.119.130 google.it
O1 - Hosts: 93.186.119.130 www.google.it
O1 - Hosts: 93.186.119.130 google.co.jp
O1 - Hosts: 93.186.119.130 www.google.co.jp
O1 - Hosts: 93.186.119.130 google.nl
O1 - Hosts: 93.186.119.130 www.google.nl
O1 - Hosts: 93.186.119.130 google.no
O1 - Hosts: 93.186.119.130 www.google.no
O1 - Hosts: 93.186.119.130 google.co.nz
O1 - Hosts: 93.186.119.130 www.google.co.nz
O1 - Hosts: 93.186.119.130 google.pl
O1 - Hosts: 93.186.119.130 www.google.pl
O1 - Hosts: 93.186.119.130 google.se
O1 - Hosts: 93.186.119.130 www.google.se
O1 - Hosts: 93.186.119.130 google.co.uk
O1 - Hosts: 93.186.119.130 www.google.co.uk
O1 - Hosts: 93.186.119.130 google.co.za
O1 - Hosts: 93.186.119.130 www.google.co.za
O1 - Hosts: 93.186.119.130 www.google-analytics.com
O1 - Hosts: 93.186.119.130 www.bing.com
O1 - Hosts: 93.186.119.130 search.yahoo.com
O1 - Hosts: 93.186.119.130 www.search.yahoo.com
O1 - Hosts: 93.186.119.130 uk.search.yahoo.com
O1 - Hosts: 93.186.119.130 ca.search.yahoo.com
O1 - Hosts: 93.186.119.130 de.search.yahoo.com
O1 - Hosts: 93.186.119.130 fr.search.yahoo.com
O1 - Hosts: 93.186.119.130 au.search.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [VX6000] C:\Windows\vVX6000.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user')
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: CrossLoop Service (CrossLoopService) - Unknown owner - C:\Users\terry\AppData\Local\CrossLoop\CrossLoopService.exe
O23 - Service: Google Update Service (gupdate1ca00b4fd16b4f) (gupdate1ca00b4fd16b4f) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - c:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: uvnc_service - UltraVNC - C:\Users\terry\AppData\Local\CrossLoop\winvnc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 8867 bytes
Have been infected with a virus on my Windows Vista Home Prem SP2 laptop. Used Malwarebyes Anti-Malware to remove the main infection. The problem I now have is that when I try to go to Google Mail, Internet Explorer and Google Chrome say that the security certificate is invalid.
It identified Fraud.WindowsProtectionSuite & Microsoft Windows Redirected Hosts but i get an error saying that there is an "error in fixing. c:\windows\system32\drivers\etc\hosts access is denied".
I googled the problem on my desktop computer and started trying fixes on the laptop before I read the posts on this site that say specifically not to do that. Here is what I have done so far. The machine still has the original problem, mentioned above.
I ran HiJackThis and removed a BHO with no name or file attached. I also attempted to remove entries from the HOSTS section, but on rescanning, they were still there. I then ran DDS, and ComboFix.
Once these had run with no change was the point when I read the "Before you post" thread. Sorry about that.
I have now used ERUNT to back up the registry.
My HiJack This Log is posted below (if you'd like to see the one that I did at the start of my previous efforts, let me know).
Thanks
JISC0412
---------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:10:22, on 25/03/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\vVX6000.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Users\terry\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.aol.co.uk/web?isinit=true&query=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getavplusnow.com
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 - Hosts: 74.125.45.100 urs.microsoft.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
O1 - Hosts: 93.186.119.130 www.google.com
O1 - Hosts: 93.186.119.130 google.com
O1 - Hosts: 93.186.119.130 google.com.au
O1 - Hosts: 93.186.119.130 www.google.com.au
O1 - Hosts: 93.186.119.130 google.be
O1 - Hosts: 93.186.119.130 www.google.be
O1 - Hosts: 93.186.119.130 google.com.br
O1 - Hosts: 93.186.119.130 www.google.com.br
O1 - Hosts: 93.186.119.130 google.ca
O1 - Hosts: 93.186.119.130 www.google.ca
O1 - Hosts: 93.186.119.130 google.ch
O1 - Hosts: 93.186.119.130 www.google.ch
O1 - Hosts: 93.186.119.130 google.de
O1 - Hosts: 93.186.119.130 www.google.de
O1 - Hosts: 93.186.119.130 google.dk
O1 - Hosts: 93.186.119.130 www.google.dk
O1 - Hosts: 93.186.119.130 google.fr
O1 - Hosts: 93.186.119.130 www.google.fr
O1 - Hosts: 93.186.119.130 google.ie
O1 - Hosts: 93.186.119.130 www.google.ie
O1 - Hosts: 93.186.119.130 google.it
O1 - Hosts: 93.186.119.130 www.google.it
O1 - Hosts: 93.186.119.130 google.co.jp
O1 - Hosts: 93.186.119.130 www.google.co.jp
O1 - Hosts: 93.186.119.130 google.nl
O1 - Hosts: 93.186.119.130 www.google.nl
O1 - Hosts: 93.186.119.130 google.no
O1 - Hosts: 93.186.119.130 www.google.no
O1 - Hosts: 93.186.119.130 google.co.nz
O1 - Hosts: 93.186.119.130 www.google.co.nz
O1 - Hosts: 93.186.119.130 google.pl
O1 - Hosts: 93.186.119.130 www.google.pl
O1 - Hosts: 93.186.119.130 google.se
O1 - Hosts: 93.186.119.130 www.google.se
O1 - Hosts: 93.186.119.130 google.co.uk
O1 - Hosts: 93.186.119.130 www.google.co.uk
O1 - Hosts: 93.186.119.130 google.co.za
O1 - Hosts: 93.186.119.130 www.google.co.za
O1 - Hosts: 93.186.119.130 www.google-analytics.com
O1 - Hosts: 93.186.119.130 www.bing.com
O1 - Hosts: 93.186.119.130 search.yahoo.com
O1 - Hosts: 93.186.119.130 www.search.yahoo.com
O1 - Hosts: 93.186.119.130 uk.search.yahoo.com
O1 - Hosts: 93.186.119.130 ca.search.yahoo.com
O1 - Hosts: 93.186.119.130 de.search.yahoo.com
O1 - Hosts: 93.186.119.130 fr.search.yahoo.com
O1 - Hosts: 93.186.119.130 au.search.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [VX6000] C:\Windows\vVX6000.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user')
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: CrossLoop Service (CrossLoopService) - Unknown owner - C:\Users\terry\AppData\Local\CrossLoop\CrossLoopService.exe
O23 - Service: Google Update Service (gupdate1ca00b4fd16b4f) (gupdate1ca00b4fd16b4f) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - c:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: uvnc_service - UltraVNC - C:\Users\terry\AppData\Local\CrossLoop\winvnc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 8867 bytes