Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

redirect issues and more...

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

redirect issues and more...

Unread postby acerda23 » December 18th, 2010, 7:20 pm

My computer has been giving me redirect issues for the last week... would really appreciate the help...

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:18:54 PM, on 8/30/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Utilities\KeNotify.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\DllHost.exe
C:\Users\ap\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ap\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ap\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ap\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6522
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\SearchSettings.dll
O1 - Hosts: ::1 localhost
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: PE_IE_Helper Class - {0941C58F-E461-4E03-BD7D-44C27392ADE1} - C:\Program Files\IBM\Lotus Forms\Viewer\3.5\PEhelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\SearchSettings.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [HWSetup] \HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [masqform.exe] C:\Program Files\PureEdge\Viewer 6.0\masqform.exe -UpdateCurrentUser
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [acevents] "C:\Program Files\ActivIdentity\ActivClient\acevents.exe"
O4 - HKLM\..\Run: [accrdsub] "C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe"
O4 - HKLM\..\Run: [AprvRemoveLegacyExcelKeys] "C:\Program Files\ApproveIt\Support\Tools\AprvClean.exe" -k HKCU SOFTWARE\Microsoft\Office\Excel\Addins\OfficeAddIn.OfficeAddIn
O4 - HKLM\..\Run: [AprvRemoveLegacyWordKeys] "C:\Program Files\ApproveIt\Support\Tools\AprvClean.exe" -k HKCU SOFTWARE\Microsoft\Office\Word\Addins\OfficeAddIn.OfficeAddIn
O4 - HKLM\..\Run: [ApproveItForOfficeSetup] "C:\Program Files\ApproveIt\Support\Tools\ApproveItForOfficeSetup.exe " /1 /p "C:\Program Files\ApproveIt\"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\ap\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Hkufoyokaxuwe] rundll32.exe "C:\Users\ap\AppData\Local\eracegalaju.dll",Startup
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: ActivClient Agent.lnk = C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: ActivIdentity Shared Store Service (ac.sharedstore) - ActivIdentity - C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: pinger - Unknown owner - C:\Toshiba\IVP\ISM\pinger.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA HD DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 16671 bytes





32 Bit HP CIO Components Installer
abgx360 v1.0.2
Activation Assistant for the 2007 Microsoft Office suites
ActivClient CAC x86
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Photoshop CS3
Adobe Reader 9.4.1
Adobe Setup
Adobe Shockwave Player 11.5
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
AIM 6
Any DVD Converter Professional 4.1.2
Any Video Converter 2.7.1
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ApproveIt Desktop
AVG Free 8.5
Bing Bar
Bing Bar Platform
Bluetooth Stack for Windows by Toshiba
Bonjour
Camera Assistant Software for Toshiba
CD/DVD Drive Acoustic Silencer
CDDRV_Installer
Compatibility Pack for the 2007 Office system
D3DX10
DVD MovieFactory for TOSHIBA
erLT
ERUNT 1.1j
Fallout New Vegas
FCE Ultra 0.97
FLV Player 2.0 (build 25)
Full Tilt Poker.Net
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
HiJackThis
Hospital Tycoon
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Participation Program 12.0
HP Imaging Device Functions 12.0
HP Photosmart C4400 All-In-One Driver Software 11.0 Rel .3
HP Photosmart C6300 All-In-One Driver Software 12.0 Rel .4
HP Photosmart Essential 3.5
HP Smart Web Printing
HP Solution Center 12.0
HP Update
IBM Lotus Forms Viewer 3.5.1
ICQ Toolbar
ICQ7.2
ICS Viewer 6.0
iDump (Backing up your iPod)
Intel(R) PROSet/Wireless Software
iTunes
Java(TM) 6 Update 20
Java(TM) 6 Update 22
Junk Mail filter update
KhalInstallWrapper
K-Lite Codec Pack 4.5.3 (Basic)
Logitech Gaming Software
Logitech SetPoint
Logitech Vid
Logitech Webcam Software
Logitech Webcam Software Driver Package
Malwarebytes' Anti-Malware
mCore
Mesh Runtime
Messenger Companion
mHelp
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Works
Microsoft WSE 3.0 Runtime
mMHouse
Mobile Broadband Generic Drivers
Mozilla Firefox (3.6.13)
mPfMgr
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Napster Burn Engine
Nero 7 Ultra Edition
Nightmare Adventures The Witchs Prison 1.0.1
NVIDIA 3D Vision Driver 260.99
NVIDIA Graphics Driver 260.99
NVIDIA PhysX
NVIDIA PhysX System Software 260.99
NVIDIA Stereoscopic 3D Driver
OCR Software by I.R.I.S. 11.0
OGA Notifier 2.0.0048.0
OpenOffice.org 3.2
Orbit Downloader
Oregon Trail II
PDF Settings
PeerGuardian 2.0
Philips Wireless PC Controller
PHOTOfunSTUDIO -viewer-
Picasa 2
Project64 1.6
Protector Suite QL 5.8
PureEdge Submission Upgrade
QuickBooks Financial Center
QuickTime
Razer Copperhead
RCT3 Soaked
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
Realtek High Definition Audio Driver
RollerCoaster Tycoon® 3
Safari
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
Segoe UI
Shop for HP Supplies
Skype™ 4.0
Synaptics Pointing Device Driver
System Requirements Lab
System Requirements Lab CYRI
TeamSpeak 2 RC2
Texas Instruments PCIxx21/x515/xx12 drivers.
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Flash Cards Support Utility
TOSHIBA Games
TOSHIBA Hardware Setup
TOSHIBA HD DVD PLAYER
Toshiba Registration
TOSHIBA SD Memory Utilities
TOSHIBA Software Modem
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
Ubisoft Game Launcher
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Viewer_armyifx
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 0.9.9
VZAccess Manager
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Family Safety
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mail
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer
Windows Live Writer
Windows Live Writer Resources
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Player Firefox Plugin
Windows Mobile Device Updater Component
WinPatrol
WinRAR archiver
WinZip 11.1
Xfire (remove only)
Yahoo! Messenger
Yahoo! Toolbar
Zune
Zune
Zune Language Pack (DEU)
Zune Language Pack (ESP)
Zune Language Pack (FRA)
Zune Language Pack (ITA)
Zune Language Pack (NLD)
Zune Language Pack (PTB)
Zune Language Pack (PTG)
acerda23
Regular Member
 
Posts: 31
Joined: August 31st, 2010, 12:04 am
Advertisement
Register to Remove

Re: redirect issues and more...

Unread postby Cypher » December 20th, 2010, 1:54 pm

Checking your logs now be right back.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: redirect issues and more...

Unread postby Cypher » December 20th, 2010, 2:09 pm

Hi acerda23 we meet again.

Before we start please note the following important guidelines.
  • The instructions being given are for YOUR computer and system only!.
    Using these instructions on a different computer, can damage that computer and possibly make it inoperable!
  • If you don't know or understand something, please don't hesitate to ask.
  • Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  • Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
    Absence of symptoms does not mean that everything is clear.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • Please DO NOT install any other software (or hardware) during the cleaning process.
  • Print each set of instructions... if possible...your Internet connection will not be available during some fix processes.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.
Backup Made Easy - XP
How to backup your data - Vista



Add/Remove programs
  • Click on start
  • Then Run
  • In the open text entry box please copy/paste appwiz.cpl Then click enter.
  • Press the "Remove" or "Change/Remove"...button to uninstall the following.
AVG Free 8.5
Java(TM) 6 Update 20
Spybot - Search & Destroy


Next.

Download and install Avira Personal FREE Antivirus from Here.

Next.

Fix HijackThis entries

Run HijackThis

If using Vista, you must right click (hijackthis.exe) and choose "Run As Administrator".
  • If you are on the Main Menu page... Click "Do a system scan only"
  • If you are on the "scan & fix stuff" page... Press the Scan...button.
  • When the scan finishes...Place a check mark next to the following entries (if they are still present)
  • Note: Only check those items listed below.
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6522
    R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
    R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\SearchSettings.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\SearchSettings.dll
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

  • After checking these items... CLOSE ALL open windows except HijackThis.
  • Click the Fix Checked ...button...to remove the entries you checked.
  • Choose YES...when prompted to fix the selected items.
  • Once it has fixed them, close HijackThis and reboot your computer normally.

Next.

RSIT (Random's System Information Tool)

Please download RSIT by random/random... and save it to your desktop.
  • Right click on RSIT.exe and select "Run As Administrator" to run it. If Windows UAC prompts you, please allow it.
  • Please read the disclaimer... click on Continue.
  • RSIT will start running. When done... 2 logs files...will be produced.
  • The first one, "log.txt", << will be maximized
  • The second one, "info.txt", << will be minimized.
Please post both... "log.txt" and "info.txt", file contents in your next reply.
(These logs can be lengthy, so post 1 log per reply please.)

Next.

Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now right-click on RKUnhookerLE.exe and select "Run As Administrator" to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth, Files, Code Hooks. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • * This can take a while. Please be patient *.
  • Save the report somewhere where you can find it. Click Close.
  • Copy the entire contents of this log in you're next reply.
  • This log can be lengthy you may have to post it in separate replies.
  • Note: You may get the following warning - it is ok - just ignore it:
    "Rootkit Unhooker has detected a parasite inside itself!
    It is recommended to remove parasite, okay?"


Logs/Information to Post in your Next Reply

  • RSIT log.txt and info.txt contents.
  • RKUnHooker log.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: redirect issues and more...

Unread postby acerda23 » December 20th, 2010, 3:39 pm

The info.txt did not show up at all... I ran RSIT twice and both times the info.txt didn't open up...


Logfile of random's system information tool 1.08 (written by random/random)
Run by ap at 2010-12-20 13:37:01
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 32 GB (28%) free of 113 GB
Total RAM: 2046 MB (48% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:37:04 PM, on 12/20/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18999)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Users\ap\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IELowutil.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\ap\Desktop\RSIT.exe
C:\Program Files\trend micro\ap.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: PE_IE_Helper Class - {0941C58F-E461-4E03-BD7D-44C27392ADE1} - C:\Program Files\IBM\Lotus Forms\Viewer\3.5\PEhelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: @C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [acevents] "C:\Program Files\ActivIdentity\ActivClient\acevents.exe"
O4 - HKLM\..\Run: [accrdsub] "C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe"
O4 - HKLM\..\Run: [AprvRemoveLegacyExcelKeys] "C:\Program Files\ApproveIt\Support\Tools\AprvClean.exe" -k HKCU SOFTWARE\Microsoft\Office\Excel\Addins\OfficeAddIn.OfficeAddIn
O4 - HKLM\..\Run: [AprvRemoveLegacyWordKeys] "C:\Program Files\ApproveIt\Support\Tools\AprvClean.exe" -k HKCU SOFTWARE\Microsoft\Office\Word\Addins\OfficeAddIn.OfficeAddIn
O4 - HKLM\..\Run: [ApproveItForOfficeSetup] "C:\Program Files\ApproveIt\Support\Tools\ApproveItForOfficeSetup.exe " /1 /p "C:\Program Files\ApproveIt\"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [Google Update] "C:\Users\ap\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: ActivClient Agent.lnk = C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: CarbonPoker - {e4e8c758-34b4-44bb-8ef9-1f0786e81d2d} - C:\Users\ap\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CarbonPoker\CarbonPoker.lnk (HKCU)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: ActivIdentity Shared Store Service (ac.sharedstore) - ActivIdentity - C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: pinger - Unknown owner - C:\Toshiba\IVP\ISM\pinger.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA HD DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 13297 bytes

======Scheduled tasks folder======

C:\Windows\tasks\At1.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2471965245-1943476174-3207880002-1001Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2471965245-1943476174-3207880002-1001UA.job
C:\Windows\tasks\User_Feed_Synchronization-{350F5D5B-B8B6-4082-ACFC-49A0CDBA7EF4}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}]
Octh Class - C:\Program Files\Orbitdownloader\orbitcth.dll [2009-05-19 171208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-05-15 817936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0941C58F-E461-4E03-BD7D-44C27392ADE1}]
PE_IE_Helper Class - C:\Program Files\IBM\Lotus Forms\Viewer\3.5\PEhelper.dll [2010-02-01 69632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-09-22 191792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-05-14 259696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll [2009-10-28 762864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-05-14 470512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-11-20 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2008-10-16 505136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-05-14 259696]
{C55BBCD6-41AD-48AD-9953-3609C48EACC7} - Grab Pro - C:\Program Files\Orbitdownloader\GrabPro.dll [2009-05-19 670840]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-05-15 817936]
{8dcb7100-df86-4384-8842-8fa844297b3f} - @C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100 - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll [2010-09-22 612616]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-09-06 1048888]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"=C:\Program Files\Synaptics\SynTP\SynTPStart.exe [2007-07-27 204800]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"SVPWUTIL"=C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe [2006-03-22 438272]
"TPwrMain"=C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [2007-03-29 411192]
"SmoothView"=C:\Program Files\Toshiba\SmoothView\SmoothView.exe [2007-06-15 448080]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-09-03 4702208]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-03-19 1451304]
"Kernel and Hardware Abstraction Layer"=C:\Windows\KHALMNPR.EXE [2009-06-17 55824]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-04-13 69632]
"Windows Mobile-based device management"=C:\Windows\WindowsMobile\wmdSync.exe [2006-11-02 215552]
"acevents"=C:\Program Files\ActivIdentity\ActivClient\acevents.exe [2009-06-03 153640]
""= []
"accrdsub"=C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [2009-06-03 400936]
"AprvRemoveLegacyExcelKeys"=C:\Program Files\ApproveIt\Support\Tools\AprvClean.exe [2009-04-29 73728]
"AprvRemoveLegacyWordKeys"=C:\Program Files\ApproveIt\Support\Tools\AprvClean.exe [2009-04-29 73728]
"ApproveItForOfficeSetup"=C:\Program Files\ApproveIt\Support\Tools\ApproveItForOfficeSetup.exe [2009-04-29 155648]
"WinPatrol"=C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [2010-05-31 323976]
"PSQLLauncher"=C:\Program Files\Protector Suite QL\launcher.exe [2007-11-14 49416]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"=C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [2007-05-18 430080]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe [2004-04-17 196608]
"Google Update"=C:\Users\ap\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-18 136176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain]
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [2007-05-22 538744]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-12-29 687560]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2008-08-20 150016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HSON]
C:\Program Files\TOSHIBA\TBS\HSON.exe [2006-12-07 55416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2010-11-11 421160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KeNotify]
C:\Program Files\TOSHIBA\Utilities\KeNotify.exe [2006-11-06 34352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\masqform.exe]
C:\Program Files\PureEdge\Viewer 6.0\masqform.exe [2003-12-03 1052672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
C:\Program Files\Zune\ZuneLauncher.exe [2010-09-24 159472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
ActivClient Agent.lnk - C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Users\ap\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\psfus]
C:\Windows\system32\psqlpwd.dll [2007-11-14 96008]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
"DisableCAD"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\TOSHIBA\ivp\NetInt\Netint.exe"="C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine"
"C:\TOSHIBA\Ivp\ISM\pinger.exe"="C:\TOSHIBA\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger"
"C:\Program Files\Orbitdownloader\orbitdm.exe"="C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit"
"C:\Program Files\Orbitdownloader\orbitnet.exe"="C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 3 months======

2010-12-17 16:07:18 ----D---- C:\Program Files\Common Files\PocketSoft
2010-12-17 16:07:18 ----A---- C:\Windows\patchw32.dll
2010-12-17 03:24:52 ----A---- C:\Windows\system32\svchost.exe.exp.log
2010-12-16 03:16:19 ----HD---- C:\Windows\msdownld.tmp
2010-12-15 22:04:31 ----A---- C:\Windows\system32\wmicmiplugin.dll
2010-12-15 22:04:31 ----A---- C:\Windows\system32\taskschd.dll
2010-12-15 22:04:31 ----A---- C:\Windows\system32\taskeng.exe
2010-12-15 22:04:31 ----A---- C:\Windows\system32\taskcomp.dll
2010-12-15 22:04:31 ----A---- C:\Windows\system32\schedsvc.dll
2010-12-15 22:04:20 ----A---- C:\Windows\system32\tzres.dll
2010-12-15 22:02:25 ----A---- C:\Windows\system32\win32k.sys
2010-12-15 22:01:55 ----A---- C:\Windows\system32\consent.exe
2010-12-15 22:01:02 ----A---- C:\Windows\system32\fontsub.dll
2010-12-15 22:01:02 ----A---- C:\Windows\system32\atmlib.dll
2010-12-15 22:01:02 ----A---- C:\Windows\system32\atmfd.dll
2010-12-15 21:59:13 ----A---- C:\Windows\system32\iertutil.dll
2010-12-15 21:59:12 ----A---- C:\Windows\system32\mshtml.dll
2010-12-15 21:59:11 ----A---- C:\Windows\system32\mstime.dll
2010-12-15 21:59:11 ----A---- C:\Windows\system32\ieframe.dll
2010-12-15 21:59:09 ----A---- C:\Windows\system32\wininet.dll
2010-12-15 21:59:09 ----A---- C:\Windows\system32\urlmon.dll
2010-12-15 21:59:09 ----A---- C:\Windows\system32\msfeedssync.exe
2010-12-15 21:59:09 ----A---- C:\Windows\system32\msfeeds.dll
2010-12-15 21:59:09 ----A---- C:\Windows\system32\iedkcs32.dll
2010-12-15 21:59:09 ----A---- C:\Windows\system32\ie4uinit.exe
2010-12-15 21:59:07 ----A---- C:\Windows\system32\occache.dll
2010-12-15 21:59:07 ----A---- C:\Windows\system32\ieui.dll
2010-12-15 21:59:06 ----A---- C:\Windows\system32\mshtmled.dll
2010-12-15 21:59:06 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-12-15 21:59:06 ----A---- C:\Windows\system32\licmgr10.dll
2010-12-15 21:59:06 ----A---- C:\Windows\system32\jsproxy.dll
2010-12-15 21:59:06 ----A---- C:\Windows\system32\ieUnatt.exe
2010-12-15 21:59:06 ----A---- C:\Windows\system32\iesysprep.dll
2010-12-15 21:59:06 ----A---- C:\Windows\system32\iesetup.dll
2010-12-15 21:59:06 ----A---- C:\Windows\system32\iernonce.dll
2010-12-15 21:59:06 ----A---- C:\Windows\system32\iepeers.dll
2010-12-13 10:22:35 ----D---- C:\Users\ap\AppData\Roaming\Atari
2010-12-13 08:11:50 ----D---- C:\Program Files\Landwirtschafts Simulator 2011
2010-12-09 14:29:55 ----D---- C:\Program Files\Full Tilt Poker.Net
2010-12-05 18:53:16 ----D---- C:\Users\ap\AppData\Roaming\OpenOffice.org
2010-12-05 18:34:37 ----D---- C:\Program Files\JRE
2010-12-05 18:33:45 ----D---- C:\Program Files\OpenOffice.org 3
2010-12-05 18:31:58 ----A---- C:\Windows\system32\javaws.exe
2010-12-05 18:31:58 ----A---- C:\Windows\system32\javaw.exe
2010-12-05 18:31:58 ----A---- C:\Windows\system32\java.exe
2010-12-02 20:14:37 ----AD---- C:\ProgramData\TEMP
2010-12-02 20:13:54 ----D---- C:\Users\ap\AppData\Roaming\AnvSoft
2010-12-02 20:13:51 ----D---- C:\Program Files\AnvSoft
2010-11-26 18:29:29 ----A---- C:\Windows\system32\CmdLineExt.dll
2010-11-26 18:20:01 ----D---- C:\Program Files\Codemasters
2010-11-17 06:58:06 ----D---- C:\Program Files\iPod
2010-11-17 06:58:04 ----D---- C:\Program Files\iTunes
2010-11-16 07:58:30 ----A---- C:\Windows\system32\d3dx10_42.dll
2010-11-16 07:58:29 ----A---- C:\Windows\system32\D3DX9_42.dll
2010-11-15 11:49:44 ----D---- C:\Windows\pss
2010-11-15 11:05:51 ----D---- C:\ProgramData\NVIDIA Corporation
2010-11-15 11:00:18 ----A---- C:\Windows\system32\nvwgf2um.dll
2010-11-15 11:00:17 ----A---- C:\Windows\system32\nvoglv32.dll
2010-11-15 11:00:17 ----A---- C:\Windows\system32\nvgenco322030.dll
2010-11-15 11:00:17 ----A---- C:\Windows\system32\nvdispco322050.dll
2010-11-15 11:00:17 ----A---- C:\Windows\system32\drivers\nvlddmkm.sys
2010-11-15 11:00:16 ----A---- C:\Windows\system32\OpenCL.dll
2010-11-15 11:00:16 ----A---- C:\Windows\system32\nvcuvid.dll
2010-11-15 11:00:16 ----A---- C:\Windows\system32\nvcuvenc.dll
2010-11-15 11:00:16 ----A---- C:\Windows\system32\nvcuda.dll
2010-11-15 11:00:16 ----A---- C:\Windows\system32\nvcompiler.dll
2010-11-15 10:59:43 ----D---- C:\Program Files\NVIDIA Corporation
2010-11-13 14:25:19 ----D---- C:\Program Files\ICQ6Toolbar
2010-11-13 14:25:09 ----D---- C:\ProgramData\ICQ
2010-11-13 14:16:19 ----D---- C:\Users\ap\AppData\Roaming\ICQ
2010-11-13 14:16:09 ----D---- C:\Program Files\ICQ7.2
2010-10-26 21:52:51 ----A---- C:\Windows\system32\gameux.dll
2010-10-26 21:52:48 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2010-10-26 21:52:48 ----A---- C:\Windows\system32\Apphlpdm.dll
2010-10-23 11:25:07 ----D---- C:\Windows\en
2010-10-23 11:24:09 ----A---- C:\Windows\system32\drivers\fssfltr.sys
2010-10-23 11:22:29 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2010-10-23 11:16:43 ----D---- C:\Program Files\MSN Toolbar
2010-10-23 11:16:02 ----D---- C:\Program Files\Bing Bar Installer
2010-10-23 11:09:20 ----A---- C:\Windows\system32\webservices.dll
2010-10-19 18:15:47 ----D---- C:\Program Files\QuickTime
2010-10-18 20:35:47 ----D---- C:\Users\ap\AppData\Roaming\Smith Micro
2010-10-18 20:32:11 ----D---- C:\Program Files\Verizon Wireless
2010-10-16 12:42:46 ----A---- C:\Windows\system32\nvvsvc.exe
2010-10-16 12:42:46 ----A---- C:\Windows\system32\nvsvcr.dll
2010-10-16 12:42:46 ----A---- C:\Windows\system32\nvshext.dll
2010-10-16 12:42:46 ----A---- C:\Windows\system32\nvmctray.dll
2010-10-16 12:42:42 ----A---- C:\Windows\system32\nvcpl.dll
2010-10-16 12:42:38 ----A---- C:\Windows\system32\nvsvc.dll
2010-10-14 19:05:20 ----A---- C:\Windows\system32\wmp.dll
2010-10-14 19:05:12 ----A---- C:\Windows\system32\wmploc.DLL
2010-10-14 18:42:41 ----A---- C:\Windows\system32\srvsvc.dll
2010-10-14 18:42:41 ----A---- C:\Windows\system32\drivers\srvnet.sys
2010-10-14 18:42:41 ----A---- C:\Windows\system32\drivers\srv.sys
2010-10-14 18:42:39 ----A---- C:\Windows\system32\netevent.dll
2010-10-14 18:42:39 ----A---- C:\Windows\system32\drivers\srv2.sys
2010-10-14 18:42:13 ----A---- C:\Windows\system32\schannel.dll
2010-10-14 18:42:10 ----A---- C:\Windows\system32\ole32.dll
2010-10-14 18:42:06 ----A---- C:\Windows\system32\t2embed.dll
2010-10-14 18:41:22 ----A---- C:\Windows\system32\mfc40u.dll
2010-10-14 18:41:22 ----A---- C:\Windows\system32\mfc40.dll
2010-10-14 18:40:05 ----A---- C:\Windows\system32\msshsq.dll
2010-10-14 18:40:02 ----A---- C:\Windows\system32\wmpmde.dll
2010-10-14 18:35:19 ----A---- C:\Windows\system32\comctl32.dll
2010-10-14 01:36:52 ----A---- C:\Windows\system32\xlive.dll
2010-10-14 01:36:50 ----A---- C:\Windows\system32\xlivefnt.dll
2010-10-14 01:36:44 ----A---- C:\Windows\system32\xlive.dll.cat
2010-10-11 10:31:58 ----D---- C:\Program Files\Zune
2010-10-11 10:30:07 ----A---- C:\Windows\system32\WMVDECOD.DLL
2010-10-03 15:31:51 ----D---- C:\Program Files\RSA
2010-10-02 22:59:51 ----D---- C:\Program Files\CarbonPoker
2010-10-02 22:45:53 ----D---- C:\Users\ap\AppData\Roaming\UB
2010-10-02 22:45:33 ----D---- C:\Poker Application
2010-10-02 14:46:47 ----D---- C:\Users\ap\AppData\Roaming\Verizon Wireless
2010-10-02 14:45:05 ----D---- C:\ProgramData\Verizon Wireless
2010-10-02 14:41:38 ----D---- C:\Program Files\Novatel Wireless
2010-09-28 15:44:52 ----A---- C:\Windows\system32\usbaaplrc.dll
2010-09-28 15:44:52 ----A---- C:\Windows\system32\drivers\usbaapl.sys
2010-09-24 12:19:16 ----A---- C:\Windows\system32\ZuneWlanCfgSvc.exe
2010-09-22 23:47:28 ----A---- C:\Windows\system32\sirenacm.dll

======List of files/folders modified in the last 3 months======

2010-12-20 13:37:04 ----D---- C:\Program Files\Trend Micro
2010-12-20 13:36:58 ----D---- C:\Windows\Temp
2010-12-20 13:36:41 ----D---- C:\Windows\inf
2010-12-20 13:36:41 ----AD---- C:\Windows\System32
2010-12-20 13:36:41 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-12-20 13:34:19 ----D---- C:\Windows\Prefetch
2010-12-20 13:30:38 ----D---- C:\ProgramData\NVIDIA
2010-12-20 13:22:19 ----SHD---- C:\Windows\Installer
2010-12-20 13:22:19 ----HD---- C:\Config.Msi
2010-12-20 13:22:17 ----D---- C:\Program Files\Java
2010-12-20 13:20:17 ----SD---- C:\Users\ap\AppData\Roaming\Microsoft
2010-12-20 13:20:17 ----D---- C:\Windows\system32\drivers
2010-12-20 13:20:17 ----D---- C:\Windows
2010-12-20 13:20:16 ----HD---- C:\ProgramData
2010-12-19 14:37:24 ----D---- C:\Users\ap\AppData\Roaming\uTorrent
2010-12-18 20:48:34 ----SHD---- C:\System Volume Information
2010-12-18 17:00:54 ----D---- C:\Windows\Tasks
2010-12-18 17:00:54 ----D---- C:\Windows\system32\Tasks
2010-12-17 16:11:33 ----HD---- C:\Program Files\InstallShield Installation Information
2010-12-17 16:07:18 ----D---- C:\Program Files\Common Files
2010-12-16 03:55:00 ----D---- C:\Windows\rescache
2010-12-16 03:49:17 ----D---- C:\Windows\winsxs
2010-12-16 03:32:28 ----D---- C:\Program Files\Windows Mail
2010-12-16 03:32:26 ----D---- C:\Program Files\Internet Explorer
2010-12-16 03:32:25 ----D---- C:\Windows\system32\migration
2010-12-16 03:15:53 ----D---- C:\Program Files\Microsoft Works
2010-12-16 03:13:24 ----D---- C:\Windows\system32\en-US
2010-12-16 03:12:50 ----D---- C:\ProgramData\Microsoft Help
2010-12-16 03:12:24 ----D---- C:\Windows\system32\catroot
2010-12-16 03:01:12 ----A---- C:\Windows\system32\mrt.exe
2010-12-15 21:57:54 ----D---- C:\Windows\system32\catroot2
2010-12-13 17:48:21 ----RD---- C:\Program Files
2010-12-11 18:20:21 ----D---- C:\Program Files\uTorrent
2010-12-10 20:58:48 ----D---- C:\Program Files\PeerGuardian2
2010-12-10 09:11:06 ----D---- C:\Program Files\Mozilla Firefox
2010-12-05 18:37:46 ----RSD---- C:\Windows\assembly
2010-12-05 18:35:10 ----RSD---- C:\Windows\Fonts
2010-12-02 21:03:09 ----D---- C:\Users\ap\AppData\Roaming\Any Video Converter
2010-11-18 09:55:56 ----D---- C:\Users\ap\AppData\Roaming\Apple Computer
2010-11-18 09:55:15 ----D---- C:\ProgramData\Apple
2010-11-17 06:58:05 ----D---- C:\Program Files\Common Files\Apple
2010-11-16 07:58:53 ----D---- C:\Program Files\Microsoft Games for Windows - LIVE
2010-11-15 18:56:40 ----D---- C:\Users\ap\AppData\Roaming\Orbit
2010-11-15 10:59:16 ----D---- C:\NVIDIA
2010-11-15 07:42:58 ----D---- C:\ProgramData\Xfire
2010-11-14 11:18:13 ----D---- C:\Users\ap\AppData\Roaming\Xfire
2010-11-13 14:30:03 ----D---- C:\Program Files\Xfire
2010-10-27 02:18:05 ----D---- C:\Windows\AppPatch
2010-10-23 12:07:11 ----D---- C:\Windows\Microsoft.NET
2010-10-23 11:25:24 ----D---- C:\Program Files\Windows Live
2010-10-23 11:24:09 ----DC---- C:\Windows\system32\DRVSTORE
2010-10-23 11:19:40 ----SD---- C:\ProgramData\Microsoft
2010-10-23 11:18:10 ----D---- C:\Program Files\Common Files\microsoft shared
2010-10-19 10:41:44 ----N---- C:\Windows\system32\MpSigStub.exe
2010-10-16 12:55:00 ----A---- C:\Windows\system32\nvd3dum.dll
2010-10-16 12:55:00 ----A---- C:\Windows\system32\nvapi.dll
2010-10-15 02:39:03 ----D---- C:\Program Files\Windows Media Player
2010-10-11 10:35:59 ----D---- C:\Windows\system32\drivers\UMDF
2010-10-09 07:09:31 ----D---- C:\Program Files\SystemRequirementsLab
2010-10-09 07:09:27 ----D---- C:\Users\ap\AppData\Roaming\SystemRequirementsLab
2010-10-09 06:58:53 ----D---- C:\ProgramData\Adobe
2010-10-09 06:58:53 ----D---- C:\Program Files\Common Files\Adobe
2010-10-09 06:58:45 ----D---- C:\Program Files\Adobe
2010-10-03 15:33:29 ----D---- C:\Program Files\Protector Suite QL
2010-10-03 15:29:32 ----D---- C:\ProgramData\UIB
2010-10-03 14:38:30 ----D---- C:\Program Files\Microsoft Silverlight
2010-10-02 14:46:54 ----D---- C:\Windows\ModemLogs
2010-10-02 14:41:03 ----D---- C:\Windows\Downloaded Installations

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 LPCFilter;LPC Lower Filter Driver; C:\Windows\system32\DRIVERS\LPCFilter.sys [2006-07-28 19456]
R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2006-09-27 36560]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2009-01-30 717296]
R0 tos_sps32;TOSHIBA tos_sps32 Service; C:\Windows\system32\DRIVERS\tos_sps32.sys [2007-09-15 285184]
R0 TVALZ;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver; C:\Windows\system32\DRIVERS\TVALZ_O.SYS [2007-11-08 23640]
R1 Cdr4_xp;Cdr4_xp; C:\Windows\system32\drivers\Cdr4_xp.sys [2006-10-04 2432]
R1 Cdralw2k;Cdralw2k; C:\Windows\system32\drivers\Cdralw2k.sys [2006-10-04 2560]
R1 Tosrfcom;Bluetooth RFCOMM; C:\Windows\System32\Drivers\tosrfcom.sys [2007-05-24 64000]
R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2006-11-28 1161888]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-09-05 1953944]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2009-06-17 35472]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [2009-06-17 37392]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\Windows\system32\DRIVERS\LVPr2Mon.sys [2009-04-30 25624]
R3 NETw4v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-09-26 2251776]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2010-10-16 10084360]
R3 NWADI;NWADI Bus Enumerator; C:\Windows\system32\DRIVERS\NWADIenum.sys [2008-06-02 222720]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-11-10 135680]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-10 89088]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2009-03-19 208688]
R3 TcUsb;TC USB Kernel Driver; C:\Windows\System32\Drivers\tcusb.sys [2007-11-14 47120]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\Windows\system32\DRIVERS\tdcmdpst.sys [2006-10-18 16128]
R3 tifm21;tifm21; C:\Windows\system32\drivers\tifm21.sys [2007-01-24 290304]
R3 tosporte;Bluetooth COM Port; C:\Windows\system32\DRIVERS\tosporte.sys [2006-10-10 41600]
R3 tosrfbd;Bluetooth RFBUS; C:\Windows\system32\DRIVERS\tosrfbd.sys [2007-04-24 113920]
R3 tosrfbnp;Bluetooth RFBNEP; C:\Windows\System32\Drivers\tosrfbnp.sys [2006-11-20 36480]
R3 tosrfec;Bluetooth ACPI; C:\Windows\system32\DRIVERS\tosrfec.sys [2006-10-23 9216]
R3 Tosrfhid;Bluetooth RFHID; C:\Windows\system32\DRIVERS\Tosrfhid.sys [2007-03-01 73728]
R3 tosrfnds;Bluetooth Personal Area Network; C:\Windows\system32\DRIVERS\tosrfnds.sys [2005-01-06 18612]
R3 Tosrfusb;Bluetooth USB Controller; C:\Windows\system32\DRIVERS\tosrfusb.sys [2007-06-11 41856]
R3 usbvideo;Chicony USB 2.0 Camera; C:\Windows\System32\Drivers\usbvideo.sys [2008-01-18 134016]
R3 UVCFTR;UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [2007-04-16 11776]
S0 Lbd;Lbd; C:\Windows\system32\DRIVERS\Lbd.sys []
S3 afmqod3j;afmqod3j; C:\Windows\system32\drivers\afmqod3j.sys []
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-18 131584]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-18 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-18 36864]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2010-09-22 39272]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 LVRS;Logitech RightSound Filter Driver; C:\Windows\system32\DRIVERS\lvrs.sys [2009-04-30 265496]
S3 LVUVC;Logitech QuickCam S5500(UVC); C:\Windows\system32\DRIVERS\lvuvc.sys [2009-04-30 6754712]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S3 NWUSBCDFIL;Novatel Wireless Installation CD; C:\Windows\system32\DRIVERS\NwUsbCdFil.sys [2008-07-07 20480]
S3 NWUSBModem;Novatel Wireless USB Modem Driver; C:\Windows\system32\DRIVERS\nwusbmdm.sys [2008-05-09 174336]
S3 NWUSBPort;Novatel Wireless USB Status Port Driver; C:\Windows\system32\DRIVERS\nwusbser.sys [2008-05-09 174336]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver; C:\Windows\system32\DRIVERS\nwusbser2.sys [2008-05-09 174336]
S3 pgfilter;pgfilter; \??\C:\Program Files\PeerGuardian2\pgfilter.sys [2007-06-02 8192]
S3 RimUsb;BlackBerry Smartphone; C:\Windows\System32\Drivers\RimUsb.sys [2008-04-16 22784]
S3 samhidb;samhidb; C:\Windows\system32\drivers\samhidb.sys [2007-05-11 22391]
S3 SCMUSB;SCM Microsystems SCR300 USB Smart Card Reader; C:\Windows\system32\DRIVERS\stcusb.sys [2008-01-18 22016]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver; \??\C:\PROGRA~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [2009-03-20 32408]
S3 TosRfSnd;Bluetooth Audio; C:\Windows\system32\drivers\tosrfsnd.sys [2007-01-22 53376]
S3 TpChoice;Touch Pad Detection Filter driver; C:\Windows\system32\DRIVERS\TpChoice.sys []
S3 UMPass;Microsoft UMPass Driver; C:\Windows\system32\DRIVERS\umpass.sys [2008-01-18 7680]
S3 usb_rndisx;USB RNDIS Adapter; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-04-10 15872]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2010-09-28 41984]
S3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-10 73216]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys [2009-03-02 29184]
S3 WmFilter;Logitech Gaming HID Filter Driver; C:\Windows\system32\drivers\WmFilter.sys [2005-04-12 22240]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-09-30 40448]
S3 WSDPrintDevice;WSD Print Support via UMB; C:\Windows\system32\DRIVERS\WSDPrint.sys [2008-01-19 16896]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328]
S4 KR10I;KR10I; C:\Windows\system32\drivers\kr10i.sys [2006-11-09 219264]
S4 KR10N;KR10N; C:\Windows\system32\drivers\kr10n.sys [2006-11-09 211072]
S4 KR3NPXP;KR3NPXP; C:\Windows\system32\drivers\kr3npxp.sys [2006-09-27 479488]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ac.sharedstore;ActivIdentity Shared Store Service; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-06-03 207400]
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2006-10-05 9216]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-10-16 37664]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-07-27 345376]
R2 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2006-11-14 40960]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2007-03-06 643072]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 HPSLPSVC;HP Network Devices Support; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-04-30 154136]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2010-10-16 600680]
R2 pinger;pinger; C:\Toshiba\IVP\ISM\pinger.exe [2007-01-25 136816]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2007-03-06 327680]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2010-09-22 249136]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]
R2 Swupdtmr;Swupdtmr; c:\Toshiba\IVP\swupdate\swupdtmr.exe [2007-01-25 63096]
R2 TNaviSrv;TOSHIBA Navi Support Service; C:\Program Files\Toshiba\TOSHIBA HD DVD PLAYER\TNaviSrv.exe [2007-09-15 77824]
R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe [2006-05-25 114688]
R2 TosCoSrv;TOSHIBA Power Saver; C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe [2007-03-29 427576]
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2007-02-25 125048]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2006-08-23 49152]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 1710464]
R2 ZuneNetworkSvc;Zune Network Sharing Service; C:\Program Files\Zune\ZuneNss.exe [2010-09-24 6351600]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-08-14 654848]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2010-09-22 1493352]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-14 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-11-11 820008]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe [2009-07-20 121360]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-11-10 774144]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-03 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service; C:\Program Files\Zune\WMZuneComm.exe [2010-09-24 268528]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service; C:\Windows\system32\ZuneWlanCfgSvc.exe [2010-09-24 444656]
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

-----------------EOF-----------------
acerda23
Regular Member
 
Posts: 31
Joined: August 31st, 2010, 12:04 am

Re: redirect issues and more...

Unread postby Cypher » December 20th, 2010, 4:00 pm

Hi.
Did you run RKUnHooker? Post the log in your next reply.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: redirect issues and more...

Unread postby acerda23 » December 20th, 2010, 4:03 pm

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6002 (Service Pack 2)
Number of processors #2
==============================================
>Drivers
==============================================
0x8C80B000 C:\Windows\system32\DRIVERS\nvlddmkm.sys 10080256 bytes (NVIDIA Corporation, NVIDIA Windows Kernel Mode Driver, Version 260.99 )
0x82A3A000 C:\Windows\system32\ntkrnlpa.exe 3903488 bytes (Microsoft Corporation, NT Kernel & System)
0x82A3A000 PnpManager 3903488 bytes
0x82A3A000 RAW 3903488 bytes
0x82A3A000 WMIxWDM 3903488 bytes
0x8D601000 C:\Windows\system32\DRIVERS\NETw4v32.sys 2289664 bytes (Intel Corporation, Intel® Wireless WiFi Link Driver)
0x98430000 Win32k 2109440 bytes
0x98430000 C:\Windows\System32\win32k.sys 2109440 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x8F40E000 C:\Windows\system32\drivers\RTKVHDA.sys 1949696 bytes (Realtek Semiconductor Corp., Realtek(r) High Definition Audio Function Driver)
0x8F806000 C:\Windows\system32\DRIVERS\AGRSM.sys 1163264 bytes (Agere Systems, SoftModem Device Driver)
0x88A01000 C:\Windows\System32\Drivers\Ntfs.sys 1114112 bytes (Microsoft Corporation, NT File System Driver)
0x83206000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x8068D000 PCI_PNP0232 1048576 bytes
0x8068D000 C:\Windows\System32\Drivers\spmg.sys 1048576 bytes
0x8068D000 sptd 1048576 bytes
0x88800000 C:\Windows\System32\drivers\tcpip.sys 958464 bytes (Microsoft Corporation, TCP/IP Driver)
0x804D7000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)
0xA7522000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0xA1232000 C:\Windows\system32\drivers\spsys.sys 720896 bytes (Microsoft Corporation, security processor)
0x8895E000 C:\Windows\System32\drivers\dxgkrnl.sys 659456 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8D40C000 C:\Windows\system32\DRIVERS\HDAudBus.sys 577536 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x80604000 C:\Windows\system32\drivers\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)
0x83143000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x8040D000 C:\Windows\system32\mcupdate_GenuineIntel.dll 458752 bytes (Microsoft Corporation, Intel Microcode Update Library)
0xA1339000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xA74BC000 C:\Windows\System32\DRIVERS\srv.sys 319488 bytes (Microsoft Corporation, Server driver)
0x98680000 C:\Windows\System32\ATMFD.DLL 315392 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0x8D84E000 C:\Windows\system32\drivers\tifm21.sys 311296 bytes (Texas Instruments, tifm21.sys)
0x88B4F000 C:\Windows\system32\DRIVERS\tos_sps32.sys 307200 bytes (TOSHIBA Corporation, tos_sps2)
0x8302C000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x9000D000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x805B7000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)
0x80496000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0x8D9B1000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x8D1C1000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x900CD000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x8333C000 C:\Windows\system32\drivers\NETIO.SYS 241664 bytes (Microsoft Corporation, Network I/O Subsystem)
0x8D574000 C:\Windows\system32\DRIVERS\NWADIenum.sys 241664 bytes (Novatel Wireless Inc, NWADI Interface Bus Enumerator)
0xA7443000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x88B11000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x8D93C000 C:\Windows\System32\Drivers\afmqod3j.SYS 221184 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x8D5C6000 C:\Windows\system32\DRIVERS\usbhub.sys 217088 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x82A07000 ACPI_HAL 208896 bytes
0x82A07000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xAF807000 C:\Windows\System32\Drivers\RDPWD.SYS 208896 bytes (Microsoft Corporation, RDP Terminal Stack Driver)
0x830F8000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x831B4000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8D8D9000 C:\Windows\system32\DRIVERS\SynTP.sys 204800 bytes (Synaptics Incorporated, Synaptics Touchpad Driver)
0x8D982000 C:\Windows\system32\DRIVERS\msiscsi.sys 192512 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x8308B000 C:\Windows\system32\DRIVERS\pcmcia.sys 184320 bytes (Microsoft Corporation, PCMCIA Bus Driver)
0x83397000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x83311000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x8D54A000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0xA12F2000 C:\Windows\system32\DRIVERS\nwifi.sys 172032 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0xA7494000 C:\Windows\System32\DRIVERS\srv2.sys 163840 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x88BB1000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0x807CE000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x80796000 C:\Windows\System32\Drivers\SCSIPORT.SYS 155648 bytes (Microsoft Corporation, SCSI Port Driver)
0x833C4000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x8D499000 C:\Windows\system32\DRIVERS\Rtlh86.sys 147456 bytes (Realtek Corporation , Realtek 8101E/8168/8169 NDIS6 32-bit Driver )
0x8D4DF000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x88905000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0xA7403000 C:\Windows\system32\drivers\mrxdav.sys 135168 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0x90099000 C:\Windows\System32\Drivers\usbvideo.sys 135168 bytes (Microsoft Corporation, USB Video Class Driver)
0x8F966000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0xA7424000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x830D0000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
0xA13A6000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
0x90135000 C:\Windows\system32\DRIVERS\tosrfbd.sys 114688 bytes (TOSHIBA CORPORATION, Bluetooth RF Bus Driver)
0x888EA000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0xA120F000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x8D89A000 C:\Windows\system32\DRIVERS\sdbus.sys 106496 bytes (Microsoft Corporation, SecureDigital Bus Driver)
0xA13C3000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x8D91D000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xA747C000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x9011E000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x8D4BD000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x90055000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xAF83A000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x9006C000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x8F9C3000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
0xA13DC000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x8D525000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x90171000 C:\Windows\system32\DRIVERS\USBSTOR.SYS 86016 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0x8D511000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x8F9D9000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x8D8BB000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver)
0xA1326000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x900BA000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x90151000 C:\Windows\system32\DRIVERS\Tosrfhid.sys 73728 bytes (TOSHIBA Corporation., Bluetooth HID Driver from TOSHIBA)
0x88BD8000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x83386000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x8047D000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x8312A000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x9018F000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library)
0xA12E2000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x830B8000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x8D830000 C:\Windows\system32\DRIVERS\ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0x8D53A000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0x8D972000 C:\Windows\System32\Drivers\tosrfcom.sys 65536 bytes (TOSHIBA Corporation, Bluetooth RFCOMM Driver)
0x8894F000 C:\Windows\system32\DRIVERS\intelppm.sys 61440 bytes (Microsoft Corporation, Processor Device Driver)
0x901EC000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x88BA2000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x83001000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x8D502000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x83377000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x8301D000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x8D840000 C:\Windows\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0x98670000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x9008B000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8F9AC000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x8307D000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x901C0000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x8F922000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x8D5B9000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x80680000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0xA7514000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x90000000 C:\Windows\System32\DRIVERS\tssecsrv.sys 49152 bytes (Microsoft Corporation, TS Security Filter Driver)
0x8F95A000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x8D1AA000 C:\Windows\System32\drivers\watchdog.sys 49152 bytes (Microsoft Corporation, Watchdog Driver)
0x901CD000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes
0x8D8CE000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0x8D90D000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0x8F9A1000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x8D4D4000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8D9F2000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0xA1200000 C:\Windows\system32\drivers\tdtcp.sys 45056 bytes (Microsoft Corporation, TCP Transport Driver)
0x8D400000 C:\Windows\system32\DRIVERS\tosporte.sys 45056 bytes (TOSHIBA Corporation, TOSHIBA Bluetooth Port Emulation Driver)
0x90109000 C:\Windows\system32\DRIVERS\tosrfusb.sys 45056 bytes (TOSHIBA CORPORATION, Bluetooth USB Miniport Driver)
0x8893B000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8D1B6000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x83013000 C:\Windows\system32\DRIVERS\BATTC.SYS 40960 bytes (Microsoft Corporation, Battery Class Driver)
0x901D8000 C:\Windows\System32\Drivers\dump_msahci.sys 40960 bytes
0x901E2000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x807C4000 C:\Windows\system32\DRIVERS\LPCFilter.sys 40960 bytes (COMPAL ELECTRONIC INC., LPCFilter)
0x830EE000 C:\Windows\system32\drivers\msahci.sys 40960 bytes (Microsoft Corporation, MS AHCI 1.0 Standard Driver)
0x8D5AF000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0xA131C000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x90114000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0xA750A000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x8F987000 C:\Windows\System32\Drivers\tcusb.sys 40960 bytes (UPEK Inc., TouchChip USB Kernel Driver)
0x88BE9000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x8F933000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x90186000 C:\Windows\system32\DRIVERS\hidusb.sys 36864 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x901A7000 C:\Windows\system32\DRIVERS\kbdhid.sys 36864 bytes (Microsoft Corporation, HID Keyboard Filter Driver)
0xAF850000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x8313A000 C:\Windows\System32\Drivers\PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0x8F9BA000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x90163000 C:\Windows\System32\Drivers\tosrfbnp.sys 36864 bytes (TOSHIBA Corporation, Bluetooth RFBNEP Driver)
0x98650000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x88946000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x90082000 C:\Windows\System32\Drivers\UVCFTR_S.SYS 36864 bytes (Chicony Electronics Co., Ltd., UVCFTR_S.sys)
0x8078D000 C:\Windows\System32\Drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x830C8000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x8048E000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x9019F000 C:\Windows\system32\DRIVERS\LHidFilt.Sys 32768 bytes (Logitech, Inc., Logitech HID Filter Driver.)
0x901B8000 C:\Windows\system32\DRIVERS\LMouFilt.Sys 32768 bytes (Logitech, Inc., Logitech Mouse Filter Driver.)
0x901B0000 C:\Windows\system32\DRIVERS\mouhid.sys 32768 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x807BC000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x8F991000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8F999000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x88B9A000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x8F943000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x8F953000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x83076000 C:\Windows\system32\drivers\intelide.sys 28672 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0x8F93C000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x8D936000 C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xA13F1000 C:\Windows\system32\DRIVERS\LVPr2Mon.sys 20480 bytes (-, -)
0x9016C000 C:\Windows\system32\DRIVERS\tosrfnds.sys 20480 bytes (TOSHIBA Corporation., Bluetooth BNEP Driver)
0x88B4A000 C:\Windows\system32\DRIVERS\TVALZ_O.SYS 20480 bytes (TOSHIBA Corporation, TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver)
0x8D8B4000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0x8D918000 C:\Windows\system32\DRIVERS\tdcmdpst.sys 16384 bytes (TOSHIBA Corporation., Toshiba ODD Writing Driver For x86.)
0x83010000 C:\Windows\system32\DRIVERS\compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0x86CFB000 C:\Windows\system32\kdcom.dll 12288 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0x8D8B8000 C:\Windows\system32\DRIVERS\tosrfec.sys 12288 bytes (TOSHIBA Corporation, TOSHIBA Bluetooth EC Driver)
0x8D1A8000 C:\Windows\system32\DRIVERS\nvBridge.kmd 8192 bytes (NVIDIA Corporation, NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 260.99 )
0x8D9FD000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x8D90B000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0x8F931000 C:\Windows\System32\Drivers\Cdr4_xp.SYS 4096 bytes (Sonic Solutions, CDR4 CD and DVD Place Holder Driver (see PxHelp))
0x8F932000 C:\Windows\System32\Drivers\Cdralw2k.SYS 4096 bytes (Sonic Solutions, CDRAL Place Holder Driver (see PxHelp))
0x85A221F8 unknown_irp_handler 3592 bytes
0x86ED91F8 unknown_irp_handler 3592 bytes
0x85A201F8 unknown_irp_handler 3592 bytes
0x8FB2D1F8 unknown_irp_handler 3592 bytes
0x86D521F8 unknown_irp_handler 3592 bytes
0x86D661F8 unknown_irp_handler 3592 bytes
0x8FA761F8 unknown_irp_handler 3592 bytes
0x8F34D1F8 unknown_irp_handler 3592 bytes
0x858E01F8 unknown_irp_handler 3592 bytes
0x8508B1F8 unknown_irp_handler 3592 bytes
0x86B911F8 unknown_irp_handler 3592 bytes
0x85A211F8 unknown_irp_handler 3592 bytes
0x8FA8F1F8 unknown_irp_handler 3592 bytes
0x908D1500 unknown_irp_handler 2816 bytes
==============================================
>Stealth
==============================================
WARNING: File locked for read access [C:\Windows\system32\drivers\sptd.sys]
==============================================
>Files
==============================================
==============================================
>Hooks
==============================================
ntkrnlpa.exe+0x000A87AA, Type: Inline - RelativeJump 0x82AE27AA-->82AE27B1 [ntkrnlpa.exe]
ntkrnlpa.exe-->KeFindConfigurationEntry, Type: Inline - RelativeJump 0x82D8E2CF-->82D8E2D9 [ntkrnlpa.exe]
[1340]svchost.exe-->mswsock.dll+0x00002671, Type: Inline - RelativeJump 0x74F92671-->00000000 [unknown_code_page]
[1340]svchost.exe-->mswsock.dll+0x000027D4, Type: Inline - RelativeJump 0x74F927D4-->00000000 [unknown_code_page]
[1340]svchost.exe-->mswsock.dll+0x00002995, Type: Inline - RelativeJump 0x74F92995-->00000000 [unknown_code_page]
[1340]svchost.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x774C5DC8-->00000000 [unknown_code_page]
[1340]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x774C4D34-->00000000 [unknown_code_page]
[1340]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x774C5674-->00000000 [unknown_code_page]
[1340]svchost.exe-->user32.dll-->GetCursorPos, Type: Inline - RelativeJump 0x76910B88-->00000000 [unknown_code_page]
[2220]issch.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C814BC-->00000000 [shimeng.dll]
[2220]issch.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B61170-->00000000 [shimeng.dll]
[2220]issch.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x0040D0F4-->00000000 [shimeng.dll]
[2220]issch.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x768E1414-->00000000 [shimeng.dll]
[2220]issch.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D51300-->00000000 [shimeng.dll]
[2220]issch.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x704114B0-->00000000 [shimeng.dll]
[2220]issch.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x4B0D11E8-->00000000 [shimeng.dll]
[3428]explorer.exe-->mswsock.dll+0x00002671, Type: Inline - RelativeJump 0x74F92671-->00000000 [unknown_code_page]
[3428]explorer.exe-->mswsock.dll+0x000027D4, Type: Inline - RelativeJump 0x74F927D4-->00000000 [unknown_code_page]
[3428]explorer.exe-->mswsock.dll+0x00002995, Type: Inline - RelativeJump 0x74F92995-->00000000 [unknown_code_page]
[3428]explorer.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x774C5DC8-->00000000 [unknown_code_page]
[3428]explorer.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x774C4D34-->00000000 [unknown_code_page]
[3428]explorer.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x774C5674-->00000000 [unknown_code_page]
[4452]psqltray.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C814BC-->00000000 [shimeng.dll]
[4452]psqltray.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B61170-->00000000 [shimeng.dll]
[4452]psqltray.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x00406094-->00000000 [shimeng.dll]
[4452]psqltray.exe-->mswsock.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x6D64123C-->00000000 [shimeng.dll]
[4452]psqltray.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x768E1414-->00000000 [shimeng.dll]
[4452]psqltray.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D51300-->00000000 [shimeng.dll]
[4452]psqltray.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x704114B0-->00000000 [shimeng.dll]
[4452]psqltray.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x4B0D11E8-->00000000 [shimeng.dll]
[5588]firefox.exe-->mswsock.dll+0x00002671, Type: Inline - RelativeJump 0x74F92671-->00000000 [unknown_code_page]
[5588]firefox.exe-->mswsock.dll+0x000027D4, Type: Inline - RelativeJump 0x74F927D4-->00000000 [unknown_code_page]
[5588]firefox.exe-->mswsock.dll+0x00002995, Type: Inline - RelativeJump 0x74F92995-->00000000 [unknown_code_page]
[5588]firefox.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x774C5DC8-->00000000 [unknown_code_page]
[5588]firefox.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77489390-->00000000 [firefox.exe]
[5588]firefox.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x774C4D34-->00000000 [unknown_code_page]
[5588]firefox.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x774C5674-->00000000 [unknown_code_page]
[964]plugin-container.exe-->user32.dll-->TrackPopupMenu, Type: Inline - RelativeJump 0x769114F3-->00000000 [xul.dll]
acerda23
Regular Member
 
Posts: 31
Joined: August 31st, 2010, 12:04 am

Re: redirect issues and more...

Unread postby Cypher » December 20th, 2010, 4:15 pm

Hi.
Continue with the instructions below then give me another update on the PC's performance.


  • Please navigate to Start >> All Programs >> ERUNT, then double-click ERUNT from the menu.
  • Click on OK within the pop-up menu.
  • In the next menu under C:\WINDOWS\ERDNT\DD-MM-YYYY under Backup options make sure both the following are selected:
    • System registry.
    • Current user registry.
  • Next click on "OK"... at the prompt... reply "Yes".
    After a short duration the Registry backup is complete! pop-up message will appear.
  • Now click on "OK". A registry backup has now been created.

Next.

Download and run OTM

Download OTM.exe by Old Timer and save it to your Desktop.
  • Right-click OTM.exe and select " Run as administrator " to run it.
  • Right-click then copy the following code, Do not include the word Code.
    Code: Select all
    :Services
    afmqod3j
    
    :Reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"=-
    [-HKEY_CLASSES_ROOT\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HSON]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KeNotify]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\masqform.exe]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    
    :Files
    C:\Windows\tasks\At1.job
    C:\Users\ap\AppData\Roaming\uTorrent
    C:\Windows\system32\drivers\afmqod3j.sys
    
    :Commands
    [resethosts]
    [EmptyFlash]
    [emptytemp]
    [start explorer]
    [Reboot]
    

    • Return to OTM, right-click then paste the code into the blank box below Image
    • Next click on the large Image button.
    • OTM may ask to reboot the machine. Please do so if asked.
    • Copy everything in the Results window (under the green bar), and paste it in your next reply.

NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Next.

RSIT (Random's System Information Tool)

  • Ensure rsit.exe is on your desktop
  • Click the Windows Start > All programs > Accessories then Run
  • Copy/paste the following into the run box & click OK, Do not include the word Quote:
    "%userprofile%\desktop\rsit.exe" /info
  • Click Continue at the disclaimer screen
  • Once it has finished, two logs will open, log.txt << will be maximized and info.txt << will be minimized
  • Copy & paste the contents of both logs in your next reply

Next.

Please download TDSSKiller.zip and extract (unzip) it to your Desktop.
  • Right-click on TDSSKiller.exe and select " Run as administrator " to run it.
  • Click on Start Scan, the scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  • To find the log go to Start > Computer > C:
  • Post the contents of that log in your next reply please.
  • DO NOT TRY TO FIX ANYTHING AT THIS POINT


Logs/Information to Post in your Next Reply

  • OTM log.
  • RSIT log.txt and info.txt contents.
  • TDSSKiller log.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: redirect issues and more...

Unread postby acerda23 » December 20th, 2010, 4:36 pm

Tried to run ERUNT and got the following errors:

Unable to create file:
C:\\Windows\ERDNT\12-20-2010\ERDNT.INF

Registry Backup will continue, but no restore information for the ERDNT program will be saved. This means that later restoration of the registry can only be done manually, by using another OS to copy back the files.
OK

Now, once I hit OK, I get the following errors:

X Error saving file
C:\\Windows\ERDNT\12-20-2010\security!

Continue withe the next file?

[ RegCreateKeyEx: 5 - Access is denied ]

Yes No


I get the same error again that says " software !" instead of security, then another for "system" and "default", "sam", "components", "BCD", "ntuser.dat", "UsrClass.dat", "schema.dat", then finally says backup is complete...


Not sure if this means anything at all but I thought I should let you know.
acerda23
Regular Member
 
Posts: 31
Joined: August 31st, 2010, 12:04 am

Re: redirect issues and more...

Unread postby Cypher » December 20th, 2010, 4:48 pm

Hi.
Ok for now run this fix instead do not run the previous one.

Next.

Download and run OTM

Download OTM.exe by Old Timer and save it to your Desktop.
  • Right-click OTM.exe and select " Run as administrator " to run it.
  • Right-click then copy the following code, Do not include the word Code.
    Code: Select all
    :Services
    afmqod3j
    
    :Files
    C:\Windows\tasks\At1.job
    C:\Users\ap\AppData\Roaming\uTorrent
    C:\Windows\system32\drivers\afmqod3j.sys
    
    :Commands
    [resethosts]
    [EmptyFlash]
    [emptytemp]
    [start explorer]
    [Reboot]
    

    • Return to OTM, right-click then paste the code into the blank box below Image
    • Next click on the large Image button.
    • OTM may ask to reboot the machine. Please do so if asked.
    • Copy everything in the Results window (under the green bar), and paste it in your next reply.

NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Next.

RSIT (Random's System Information Tool)

  • Ensure rsit.exe is on your desktop
  • Click the Windows Start > All programs > Accessories then Run
  • Copy/paste the following into the run box & click OK, Do not include the word Quote:
    "%userprofile%\desktop\rsit.exe" /info
  • Click Continue at the disclaimer screen
  • Once it has finished, two logs will open, log.txt << will be maximized and info.txt << will be minimized
  • Copy & paste the contents of both logs in your next reply

Next.

Please download TDSSKiller.zip and extract (unzip) it to your Desktop.
  • Right-click on TDSSKiller.exe and select " Run as administrator " to run it.
  • Click on Start Scan, the scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  • To find the log go to Start > Computer > C:
  • Post the contents of that log in your next reply please.
  • DO NOT TRY TO FIX ANYTHING AT THIS POINT


Logs/Information to Post in your Next Reply

  • OTM log.
  • RSIT log.txt and info.txt contents.
  • TDSSKiller log.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: redirect issues and more...

Unread postby acerda23 » December 20th, 2010, 5:00 pm

Ran OTM before I ready your reply... Let me know if I'm good to continue with RSIT and TDSSKiller.


All processes killed
========== SERVICES/DRIVERS ==========
Error: No service named afmqod3j was found to stop!
Service\Driver key afmqod3j not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry key HKEY_CLASSES_ROOT\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HSON\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KeNotify\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\masqform.exe\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk\ not found.
========== FILES ==========
File/Folder C:\Windows\tasks\At1.job not found.
File/Folder C:\Users\ap\AppData\Roaming\uTorrent not found.
File/Folder C:\Windows\system32\drivers\afmqod3j.sys not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: ap
->Temp folder emptied: 31832 bytes
->Temporary Internet Files folder emptied: 22711052 bytes
->Java cache emptied: 16444193 bytes
->FireFox cache emptied: 47079901 bytes
->Google Chrome cache emptied: 856432 bytes
->Apple Safari cache emptied: 35028992 bytes
->Flash cache emptied: 173299 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Mcx1
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Mcx2
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67224 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 311256867 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 106729105 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 741 bytes
RecycleBin emptied: 27350998091 bytes

Total Files Cleaned = 26,599.00 mb


OTM by OldTimer - Version 3.1.15.0 log created on 12202010_144401

Files moved on Reboot...
File C:\Windows\temp\logishrd\LVPrcInj02.dll not found!
File C:\Windows\temp\~DF6D9C.tmp not found!
File C:\Windows\temp\~DF6DA3.tmp not found!

Registry entries deleted on Reboot...
acerda23
Regular Member
 
Posts: 31
Joined: August 31st, 2010, 12:04 am

Re: redirect issues and more...

Unread postby acerda23 » December 20th, 2010, 6:45 pm

RSIT Info.txt



info.txt logfile of random's system information tool 1.08 2010-12-20 16:10:44

======Uninstall list======

-->"C:\Program Files\InstallShield Installation Information\{A644254B-92F6-4970-8635-AB0775371E72}\setup.exe" --u:{A644254B-92F6-4970-8635-AB0775371E72}
-->"C:\Program Files\TOSHIBA Games\Bejeweled 2 Deluxe\Uninstall.exe"
-->"C:\Program Files\TOSHIBA Games\Blackhawk Striker 2\Uninstall.exe"
-->"C:\Program Files\TOSHIBA Games\Diner Dash\Uninstall.exe"
-->"C:\Program Files\TOSHIBA Games\FATE\Uninstall.exe"
-->"C:\Program Files\TOSHIBA Games\Mah Jong Quest\Uninstall.exe"
-->"C:\Program Files\TOSHIBA Games\Penguins!\Uninstall.exe"
-->"C:\Program Files\TOSHIBA Games\Polar Bowler\Uninstall.exe"
-->"C:\Program Files\TOSHIBA Games\Polar Golfer\Uninstall.exe"
-->"C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\Uninstall.exe"
-->"C:\Program Files\TOSHIBA Games\TOSHIBA Media Center Game Console\Uninstall.exe"
-->"C:\Program Files\TOSHIBA Games\Tradewinds\Uninstall.exe"
-->"C:\Program Files\TOSHIBA Games\Virtual Villagers - A New Home\Uninstall.exe"
-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Windows\UNNeroBackItUp.exe /UNINSTALL
-->C:\Windows\UNNeroMediaHome.exe /UNINSTALL
-->C:\Windows\UNNeroShowTime.exe /UNINSTALL
-->C:\Windows\UNNeroVision.exe /UNINSTALL
-->C:\Windows\UNRecode.exe /UNINSTALL
-->MsiExec /X{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{622E6F16-0904-49B6-BBE1-4CC836314CCF}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{697AFC77-F318-4CD4-BF16-F50F4C1072DA}\setup.exe" -l0x9
32 Bit HP CIO Components Installer-->MsiExec.exe /I{47ECCB1F-2811-49C0-B6A7-26778639ABA0}
abgx360 v1.0.2-->"C:\Program Files\abgx360\uninstall.exe"
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
ActivClient CAC x86-->MsiExec.exe /I{1BE8806A-84F8-4655-A381-0D5524430944}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil10i_ActiveX.exe -maintain activex
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil10k_Plugin.exe -maintain plugin
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->C:\Program Files\Common Files\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exe
Adobe Photoshop CS3-->MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Reader 9.4.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A94000000001}
Adobe Setup-->MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}
Adobe Shockwave Player 11.5-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
AIM 6-->C:\Program Files\AIM6\uninst.exe
Any DVD Converter Professional 4.1.2-->"C:\Program Files\AnvSoft\Any DVD Converter Professional\unins000.exe"
Any Video Converter 2.7.1-->"C:\Program Files\Any Video Converter\unins000.exe"
Apple Application Support-->MsiExec.exe /I{17424F35-8B77-4ADF-BC63-BF9B81418539}
Apple Mobile Device Support-->MsiExec.exe /I{308B6AEA-DE50-4666-996D-0FA461719D6B}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ApproveIt Desktop-->MsiExec.exe /I{6ECD42B2-32AF-4898-880D-0608EA5C592A}
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
Bing Bar Platform-->MsiExec.exe /I{65C0025A-2CDE-43C5-82D0-C7A56EF0DB39}
Bing Bar-->C:\Program Files\Bing Bar Installer\InstallManager.exe /UNINSTALL
Bluetooth Stack for Windows by Toshiba-->MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
Bonjour-->MsiExec.exe /X{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}
Camera Assistant Software for Toshiba-->C:\Program Files\InstallShield Installation Information\{37C866E4-AA67-4725-9E95-A39968DD7960}\setup.exe -runfromtemp -l0x0009
CD/DVD Drive Acoustic Silencer-->C:\Program Files\InstallShield Installation Information\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}\setup.exe -runfromtemp -l0x0009 -removeonly
CDDRV_Installer-->MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF}
DVD MovieFactory for TOSHIBA-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}\setup.exe" -l0x9
erLT-->MsiExec.exe /I{A498D9EB-927B-459B-85D6-DD6EF8C2C564}
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
Fallout New Vegas-->"D:\Program Files\Bethesda Softworks\Fallout New Vegas\unins000.exe"
FCE Ultra 0.97-->C:\Program Files\FCE Ultra\uninst.exe
FLV Player 2.0 (build 25)-->C:\Program Files\FLV Player\uninst.exe
Full Tilt Poker.Net-->C:\Program Files\Full Tilt Poker.Net\uninstall.exe
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_BDA1448D3D255554.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
HiJackThis-->MsiExec.exe /X{45A66726-69BC-466B-A7A4-12FCBA4883D7}
Hospital Tycoon-->C:\Program Files\Codemasters\Hospital Tycoon\uninstall.exe
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Customer Participation Program 12.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat -forcereboot
HP Imaging Device Functions 12.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart C4400 All-In-One Driver Software 11.0 Rel .3-->C:\Program Files\HP\Digital Imaging\{86732AE7-CB91-4f15-B091-FBA3D3926CD6}\setup\hpzscr01.exe -datfile hposcr29.dat -onestop
HP Photosmart C6300 All-In-One Driver Software 12.0 Rel .4-->C:\Program Files\HP\Digital Imaging\{BA8DF709-6BAB-4092-91E0-4D67EFC12A98}\setup\hpzscr01.exe -datfile hposcr31.dat -onestop -forcereboot
HP Photosmart Essential 3.5-->C:\Program Files\HP\Digital Imaging\PhotosmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Smart Web Printing-->C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpzscr01.exe -datfile hpqbud15.dat
HP Solution Center 12.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat -forcereboot
HP Update-->MsiExec.exe /X{7059BDA7-E1DB-442C-B7A1-6144596720A4}
IBM Lotus Forms Viewer 3.5.1-->MsiExec.exe /X{A0BBF7AB-2F47-47DC-BB02-4C826F2BC73C}
ICQ Toolbar-->C:\Program Files\ICQ6Toolbar\ICQUnToolbar.exe
ICQ7.2-->"C:\Program Files\InstallShield Installation Information\{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}\ICQ7.exe" -runfromtemp -l0x0009 -removeonly
ICS Viewer 6.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E0000600-0600-0600-0600-000000000600}\Setup.exe" -l0x9 -uninst
iDump (Backing up your iPod)-->C:\Program Files\iDump\uninstall.exe
Intel(R) PROSet/Wireless Software-->C:\Windows\Installer\iProInst.exe
iTunes-->MsiExec.exe /I{E8843212-F0FC-4C3B-BFF3-D51829CB4F19}
Java(TM) 6 Update 22-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216021FF}
Junk Mail filter update-->MsiExec.exe /I{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}
KhalInstallWrapper-->MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
K-Lite Codec Pack 4.5.3 (Basic)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Logitech Gaming Software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C1DA723-24FC-48AD-93BA-925695C3EF26}\setup.exe" -l0x9 -removeonly
Logitech SetPoint-->"C:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe" -runfromtemp -l1033 -removeonly
Logitech Vid-->MsiExec.exe /I{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}
Logitech Webcam Software Driver Package-->"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\12.0.1278\LgDrvInst.exe" -remove -instdir"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\" -enumdelay=200 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -arpregkey"lvdrivers_12.0" /clone_wait /hide_progress
Logitech Webcam Software-->MsiExec.exe /I{AC96671C-2001-432C-9826-5266D84EF1DC}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
mCore-->MsiExec.exe /I{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102}
Mesh Runtime-->MsiExec.exe /I{8C6D6116-B724-4810-8F2D-D047E6B7D68E}
Messenger Companion-->MsiExec.exe /I{50816F92-1652-4A7C-B9BC-48F682742C4B}
mHelp-->MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68}
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{1FDA5A37-B22D-43FF-B582-B8964050DC13}
Microsoft Games for Windows - LIVE-->MsiExec.exe /X{86A4C6D9-29EE-4719-AFA1-BA3341862B83}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Search Enhancement Pack-->MsiExec.exe /X{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft VC9 runtime libraries-->MsiExec.exe /I{C4124E95-5061-4776-8D5D-E3D931C778E1}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Works-->MsiExec.exe /I{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}
Microsoft WSE 3.0 Runtime-->MsiExec.exe /X{E3E71D07-CD27-46CB-8448-16D4FB29AA13}
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Mobile Broadband Generic Drivers-->MsiExec.exe /i{7B2ADCB5-3F3D-478A-90A9-A8C04EF82BF6}
Mozilla Firefox (3.6.13)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Napster Burn Engine-->MsiExec.exe /I{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}
Nero 7 Ultra Edition-->MsiExec.exe /I{235BBFC6-D863-4066-A01A-3BD504C31033}
Nightmare Adventures The Witchs Prison 1.0.1-->C:\Program Files\Games\Nightmare Adventures The Witchs Prison\Uninstall.exe
NVIDIA 3D Vision Driver 260.99-->"C:\Windows\system32\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.0\NVI2.DLL",UninstallPackage Display.3DVision
NVIDIA Graphics Driver 260.99-->"C:\Windows\system32\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.0\NVI2.DLL",UninstallPackage Display.Driver
NVIDIA PhysX System Software 260.99-->"C:\Windows\system32\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.0\NVI2.DLL",UninstallPackage Display.PhysX
NVIDIA PhysX-->MsiExec.exe /X{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}
NVIDIA Stereoscopic 3D Driver-->"C:\Program Files\NVIDIA Corporation\3D Vision\nvStInst.exe" /uninstall /ask
OCR Software by I.R.I.S. 11.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}
OpenOffice.org 3.2-->MsiExec.exe /I{5A13987D-55F4-4271-A40E-76AC9B1B38FD}
Orbit Downloader-->"C:\Program Files\Orbitdownloader\unins000.exe"
Oregon Trail II-->C:\Windows\uninst.exe -f"C:\Program Files\MECC\Oregon Trail II\DeIsL1.isu"
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PeerGuardian 2.0-->"C:\Program Files\PeerGuardian2\unins000.exe"
Philips Wireless PC Controller-->C:\PROGRA~1\PHILIPS\PHILIP~1\UNWISE.EXE C:\PROGRA~1\PHILIPS\PHILIP~1\INSTALL.LOG
PHOTOfunSTUDIO -viewer--->C:\Program Files\InstallShield Installation Information\{9A9DBEBC-C800-4776-A970-D76D6AA405B1}\setup.exe -runfromtemp -l0x0009 -z"Uninstall" -removeonly
Picasa 2-->"C:\Program Files\Picasa2\Uninstall.exe"
Project64 1.6-->MsiExec.exe /X{9559F7CA-5E34-4237-A2D9-D856464AD727}
Protector Suite QL 5.8-->MsiExec.exe /I{2CD82D77-8D1E-44FC-9A90-BBA95AC8D6B7}
PureEdge Submission Upgrade-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{742320FA-CE17-421A-91B3-E5DFA865BD19}\setup.exe" -l0x9 -removeonly
QuickBooks Financial Center-->MsiExec.exe /I{890EF3F8-742F-46BD-9E8E-084B3A1F4364}
QuickTime-->MsiExec.exe /I{E7004147-2CCA-431C-AA05-2AB166B9785D}
Razer Copperhead-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D6D5CFB3-7095-4073-B6B7-B7E909838C57}\setup.exe"
RCT3 Soaked-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA926717-CE5A-4CB4-AB21-9E6E9565A458}\setup.exe" -l0x9
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x0009 -removeonly
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
RollerCoaster Tycoon® 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\setup.exe" -l0x9
Safari-->MsiExec.exe /I{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}
Security Update for 2007 Microsoft Office System (KB2288621)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5C497F0B-2061-4CC9-A61C-6B45B867354D}
Security Update for 2007 Microsoft Office System (KB2288931)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {CD769337-C8AC-46DB-A7DC-643E50089263}
Security Update for 2007 Microsoft Office System (KB2289158)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {210B16C0-CEBD-4DE9-B474-04A7E8735E16}
Security Update for 2007 Microsoft Office System (KB2344875)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6FC5C4C1-D7AE-44C3-94B7-6424FC3E752F}
Security Update for 2007 Microsoft Office System (KB2345043)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {536FB502-775F-4494-BACE-C02CC90B7A5B}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A8894F19-59C8-38D2-8A75-36C0CCE56A5B} /qb+ REBOOTPROMPT=""
Security Update for Microsoft Office Excel 2007 (KB2345035)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B23002DD-34EC-4988-B810-A5E2A0BF04F1}
Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}
Security Update for Microsoft Office PowerPoint 2007 (KB982158)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F5B70033-E79C-4569-90BF-BC9B4E4F3F46}
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {3DED0A62-44C8-4E00-A785-5212F297A9D9}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Word 2007 (KB2344993)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7A5B74FA-7A92-4FC9-821A-2DD5D4E73E48}
Security Update for Windows Media Encoder (KB2447961)-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E} MSIPATCHREMOVE={6139D160-F916-4708-953E-68B213BE6B7A} /qb
Security Update for Windows Media Encoder (KB954156)-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E} MSIPATCHREMOVE={E836F1B7-43FB-46B0-A0D9-E4D2A5951659} /qb
Security Update for Windows Media Encoder (KB979332)-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E} MSIPATCHREMOVE={950E24CA-CA7E-4606-8F0D-DEDBC94F2A1E} /qb
Segoe UI-->MsiExec.exe /I{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}
Shop for HP Supplies-->C:\Program Files\HP\Digital Imaging\HPSSupply\hpzscr01.exe -datfile hpqbud16.dat
Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
System Requirements Lab CYRI-->MsiExec.exe /I{AB49B509-8FCA-45E6-9FB9-9E4AEEB8F148}
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe"
Texas Instruments PCIxx21/x515/xx12 drivers.-->C:\Program Files\InstallShield Installation Information\{DB780B85-B4B5-4864-A49C-9B706B169C93}\setup.exe -runfromtemp -l0x0409
TOSHIBA Assist-->C:\Program Files\InstallShield Installation Information\{12B3A009-A080-4619-9A2A-C6DB151D8D67}\setup.exe -runfromtemp -l0x0009 -removeonly
TOSHIBA ConfigFree-->C:\Program Files\InstallShield Installation Information\{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}\setup.exe -runfromtemp -l0x0009 uninstall
TOSHIBA Disc Creator-->MsiExec.exe /X{5DA0E02F-970B-424B-BF41-513A5018E4C0}
TOSHIBA Extended Tiles for Windows Mobility Center-->C:\Program Files\InstallShield Installation Information\{617C36FD-0CBE-4600-84B2-441CEB12FADF}\setup.exe -runfromtemp -l0x0409
TOSHIBA Flash Cards Support Utility-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{620BBA5E-F848-4D56-8BDA-584E44584C5E}
TOSHIBA Games-->"C:\Program Files\TOSHIBA Games\Uninstall.exe"
TOSHIBA Hardware Setup-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{5279374D-87FE-4879-9385-F17278EBB9D3} /l1033
TOSHIBA HD DVD PLAYER-->C:\Program Files\InstallShield Installation Information\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}\setup.exe -runfromtemp -l0x0009 -ADDREMOVE -removeonly
Toshiba Registration-->MsiExec.exe /I{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}
TOSHIBA SD Memory Utilities-->MsiExec.exe /X{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}
TOSHIBA Software Modem-->Tosmreg -U
TOSHIBA Software Upgrades-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{425A2BC2-AA64-4107-9C29-484245BBEA05}\setup.exe" -l0x9 -removeonly
TOSHIBA Speech System Applications-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}\Setup.exe" -l0x9
TOSHIBA Speech System SR Engine(U.S.) Version1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{008D69EB-70FF-46AB-9C75-924620DF191A}\Setup.exe" -l0x9 UNINSTALL
TOSHIBA Speech System TTS Engine(U.S.) Version1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}\Setup.exe" -l0x9
TOSHIBA Supervisor Password-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE} /l1033
TOSHIBA Value Added Package-->C:\Program Files\InstallShield Installation Information\{FEDD27A0-B306-45EF-BF58-B527406B42C8}\setup.exe -runfromtemp -l0x0409
Ubisoft Game Launcher-->"C:\Program Files\InstallShield Installation Information\{888F1505-C2B3-4FDE-835D-36353EBD4754}\setup.exe" -runfromtemp -l0x0409 -removeonly
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}
Update for Microsoft Office OneNote 2007 (KB980729)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {329050A9-EF80-40F9-B633-74508F54C1FF}
Update for Microsoft Office OneNote 2007 Help (KB963670)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2744EF05-38E1-4D5D-B333-E021EDAEA245}
Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}
Viewer_armyifx-->C:\Program Files\Viewer_armyifx\uninstall.exe
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\Windows\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
VLC media player 0.9.9-->C:\Program Files\VideoLAN\VLC\uninstall.exe
VZAccess Manager-->MsiExec.exe /I{7641FD7D-E94E-424E-A95C-0593C84DC0C0}
Windows Live Communications Platform-->MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}
Windows Live Family Safety-->MsiExec.exe /I{294BF709-D758-4363-8D75-01479AD20927}
Windows Live Family Safety-->MsiExec.exe /X{F53D678E-238F-4A71-9742-08BB6774E9DC}
Windows Live ID Sign-in Assistant-->MsiExec.exe /I{61AD15B2-50DB-4686-A739-14FE180D4429}
Windows Live Installer-->MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917}
Windows Live Mail-->MsiExec.exe /I{9D56775A-93F3-44A3-8092-840E3826DE30}
Windows Live Mail-->MsiExec.exe /I{C66824E4-CBB3-4851-BB3F-E8CFD6350923}
Windows Live Mesh ActiveX Control for Remote Connections-->MsiExec.exe /I{2902F983-B4C1-44BA-B85D-5C6D52E2C441}
Windows Live Mesh-->MsiExec.exe /I{A0C91188-C88F-4E86-93E6-CD7C9A266649}
Windows Live Mesh-->MsiExec.exe /I{DECDCB7C-58CC-4865-91AF-627F9798FE48}
Windows Live Messenger Companion Core-->MsiExec.exe /I{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}
Windows Live Messenger-->MsiExec.exe /X{80956555-A512-4190-9CAD-B000C36D6B6B}
Windows Live Messenger-->MsiExec.exe /X{EB4DF488-AAEF-406F-A341-CB2AAA315B90}
Windows Live MIME IFilter-->MsiExec.exe /I{AF844339-2F8A-4593-81B3-9F4C54038C4E}
Windows Live Movie Maker-->MsiExec.exe /X{19BA08F7-C728-469C-8A35-BFBD3633BE08}
Windows Live Movie Maker-->MsiExec.exe /X{92EA4134-10D1-418A-91E1-5A0453131A38}
Windows Live Photo Common-->MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}
Windows Live Photo Common-->MsiExec.exe /X{D436F577-1695-4D2F-8B44-AC76C99E0002}
Windows Live Photo Gallery-->MsiExec.exe /X{3336F667-9049-4D46-98B6-4C743EEBC5B1}
Windows Live Photo Gallery-->MsiExec.exe /X{34F4D9A4-42C2-4348-BEF4-E553C84549E7}
Windows Live PIMT Platform-->MsiExec.exe /I{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}
Windows Live Remote Client Resources-->MsiExec.exe /I{464B3406-A4D0-4914-910F-7CA4380DCC13}
Windows Live Remote Client-->MsiExec.exe /I{19A4A990-5343-4FF7-B3B5-6F046C091EDF}
Windows Live Remote Service Resources-->MsiExec.exe /I{17504ED4-DB08-40A8-81C2-27D8C01581DA}
Windows Live Remote Service-->MsiExec.exe /I{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}
Windows Live SOXE Definitions-->MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F}
Windows Live SOXE-->MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4}
Windows Live UX Platform Language Pack-->MsiExec.exe /I{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}
Windows Live UX Platform-->MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}
Windows Live Writer Resources-->MsiExec.exe /X{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}
Windows Live Writer-->MsiExec.exe /X{A726AE06-AAA3-43D1-87E3-70F510314F04}
Windows Live Writer-->MsiExec.exe /X{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}
Windows Live Writer-->MsiExec.exe /X{AAF454FC-82CA-4F29-AB31-6A109485E76E}
Windows Media Encoder 9 Series-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows Mobile Device Updater Component-->MsiExec.exe /X{2C4E2E4E-A7C9-4CCB-BF03-FE6EBD5D4AB7}
WinPatrol-->C:\PROGRA~1\BILLPS~1\WINPAT~1\Setup.exe /remove /q0
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinZip 11.1-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}
Xfire (remove only)-->"C:\Program Files\Xfire\uninst.exe"
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
Zune Language Pack (DEU)-->MsiExec.exe /X{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}
Zune Language Pack (ESP)-->MsiExec.exe /X{6B33492E-FBBC-4EC3-8738-09E16E395A10}
Zune Language Pack (FRA)-->MsiExec.exe /X{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}
Zune Language Pack (ITA)-->MsiExec.exe /X{C5D37FFA-7483-410B-982B-91E93FD3B7DA}
Zune Language Pack (NLD)-->MsiExec.exe /X{6740BCB0-5863-47F4-80F4-44F394DE4FE2}
Zune Language Pack (PTB)-->MsiExec.exe /X{07EEE598-5F21-4B57-B40B-46592625B3D9}
Zune Language Pack (PTG)-->MsiExec.exe /X{5C93E291-A1CC-4E51-85C6-E194209FCDB4}
Zune-->C:\Program Files\Zune\ZuneSetup.exe /x
Zune-->MsiExec.exe /X{7006ED29-58F2-40C3-AE87-039287AD20B6}

======Hosts File======

::1 localhost

======Security center information======

AV: McAfee VirusScan
FW: McAfee Personal Firewall
AS: McAfee VirusScan
AS: Lavasoft Ad-Watch Live! (disabled)
AS: Windows Defender

======System event log======

Computer Name: x-PC
Event Code: 7
Message: The device, \Device\CdRom0, has a bad block.
Record Number: 281719
Source Name: cdrom
Time Written: 20101003204059.290058-000
Event Type: Error
User:

Computer Name: x-PC
Event Code: 7
Message: The device, \Device\CdRom0, has a bad block.
Record Number: 281718
Source Name: cdrom
Time Written: 20101003204059.274458-000
Event Type: Error
User:

Computer Name: x-PC
Event Code: 7
Message: The device, \Device\CdRom0, has a bad block.
Record Number: 281717
Source Name: cdrom
Time Written: 20101003204059.258858-000
Event Type: Error
User:

Computer Name: x-PC
Event Code: 7
Message: The device, \Device\CdRom0, has a bad block.
Record Number: 281716
Source Name: cdrom
Time Written: 20101003204053.159219-000
Event Type: Error
User:

Computer Name: x-PC
Event Code: 6008
Message: The previous system shutdown at 3:33:22 PM on 10/3/2010 was unexpected.
Record Number: 281712
Source Name: EventLog
Time Written: 20101003204257.000000-000
Event Type: Error
User:

=====Application event log=====

Computer Name: x-PC
Event Code: 20227
Message: CoId={F0990CFC-1972-499A-B705-9D0AAAB5EB09}: The user x-PC\ap dialed a connection named Broadband Connection which has failed. The error code returned on failure is 815.
Record Number: 16779
Source Name: RasClient
Time Written: 20090831185635.000000-000
Event Type: Error
User:

Computer Name: x-PC
Event Code: 20227
Message: CoId={5552E4F6-79E5-4558-96A9-DD9B662B35CD}: The user x-PC\ap dialed a connection named Broadband Connection which has failed. The error code returned on failure is 0.
Record Number: 16776
Source Name: RasClient
Time Written: 20090831183958.000000-000
Event Type: Error
User:

Computer Name: x-PC
Event Code: 20227
Message: CoId={8E23545E-A5F7-48B9-A828-D79750A3D959}: The user x-PC\ap dialed a connection named Broadband Connection which has failed. The error code returned on failure is 0.
Record Number: 16773
Source Name: RasClient
Time Written: 20090831174330.000000-000
Event Type: Error
User:

Computer Name: x-PC
Event Code: 20227
Message: CoId={DAB34C30-AAAC-44AC-A4AA-E4335AEFC623}: The user x-PC\ap dialed a connection named Broadband Connection which has failed. The error code returned on failure is 815.
Record Number: 16770
Source Name: RasClient
Time Written: 20090831173912.000000-000
Event Type: Error
User:

Computer Name: x-PC
Event Code: 1002
Message: The program iexplore.exe version 8.0.6001.18813 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: f0c Start Time: 01ca2a27832c4667 Termination Time: 19
Record Number: 16724
Source Name: Application Hang
Time Written: 20090831104206.000000-000
Event Type: Error
User:

=====Security event log=====

Computer Name: x-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0

Logon Type: 3

New Logon:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x117cf9d
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x0
Process Name: -

Network Information:
Workstation Name: JOSHUA-PC
Source Network Address: 192.168.1.101
Source Port: 57844

Detailed Authentication Information:
Logon Process: NtLmSsp
Authentication Package: NTLM
Transited Services: -
Package Name (NTLM only): NTLM V1
Key Length: 128

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 26536
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090726212143.094093-000
Event Type: Audit Success
User:

Computer Name: x-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0

Logon Type: 3

New Logon:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x117cf73
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x0
Process Name: -

Network Information:
Workstation Name: JOSHUA-PC
Source Network Address: 192.168.1.101
Source Port: 57843

Detailed Authentication Information:
Logon Process: NtLmSsp
Authentication Package: NTLM
Transited Services: -
Package Name (NTLM only): NTLM V1
Key Length: 128

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 26535
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090726212143.056093-000
Event Type: Audit Success
User:

Computer Name: x-PC
Event Code: 4634
Message: An account was logged off.

Subject:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x10fa57e

Logon Type: 3

This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Record Number: 26534
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090726210953.767093-000
Event Type: Audit Success
User:

Computer Name: x-PC
Event Code: 4634
Message: An account was logged off.

Subject:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x10fa654

Logon Type: 3

This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Record Number: 26533
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090726210953.729093-000
Event Type: Audit Success
User:

Computer Name: x-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0

Logon Type: 3

New Logon:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x10fa654
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x0
Process Name: -

Network Information:
Workstation Name: JOSHUA-PC
Source Network Address: 192.168.1.101
Source Port: 57292

Detailed Authentication Information:
Logon Process: NtLmSsp
Authentication Package: NTLM
Transited Services: -
Package Name (NTLM only): NTLM V1
Key Length: 128

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 26532
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090726210942.741093-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files\NVIDIA Corporation\PhysX\Common;C:\Program Files\Common Files\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\ActivIdentity\ActivClient\;C:\Program Files\ApproveIt\ThirdParty\Bin\;C:\Program Files\ApproveIt\;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Windows Live\Shared
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"asl.log"=Destination=file;OnFirstLog=command,environment
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------
acerda23
Regular Member
 
Posts: 31
Joined: August 31st, 2010, 12:04 am

Re: redirect issues and more...

Unread postby acerda23 » December 20th, 2010, 6:49 pm

RSIT Log.txt



Logfile of random's system information tool 1.08 (written by random/random)
Run by ap at 2010-12-20 16:10:38
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 31 GB (27%) free of 113 GB
Total RAM: 2046 MB (55% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:10:42 PM, on 12/20/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18999)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Users\ap\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\Taskmgr.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\ap\Desktop\rsit.exe
C:\Program Files\trend micro\ap.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: ÿþ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: PE_IE_Helper Class - {0941C58F-E461-4E03-BD7D-44C27392ADE1} - C:\Program Files\IBM\Lotus Forms\Viewer\3.5\PEhelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: @C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [acevents] "C:\Program Files\ActivIdentity\ActivClient\acevents.exe"
O4 - HKLM\..\Run: [accrdsub] "C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe"
O4 - HKLM\..\Run: [AprvRemoveLegacyExcelKeys] "C:\Program Files\ApproveIt\Support\Tools\AprvClean.exe" -k HKCU SOFTWARE\Microsoft\Office\Excel\Addins\OfficeAddIn.OfficeAddIn
O4 - HKLM\..\Run: [AprvRemoveLegacyWordKeys] "C:\Program Files\ApproveIt\Support\Tools\AprvClean.exe" -k HKCU SOFTWARE\Microsoft\Office\Word\Addins\OfficeAddIn.OfficeAddIn
O4 - HKLM\..\Run: [ApproveItForOfficeSetup] "C:\Program Files\ApproveIt\Support\Tools\ApproveItForOfficeSetup.exe " /1 /p "C:\Program Files\ApproveIt\"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [Google Update] "C:\Users\ap\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: ActivClient Agent.lnk = C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: CarbonPoker - {e4e8c758-34b4-44bb-8ef9-1f0786e81d2d} - C:\Users\ap\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CarbonPoker\CarbonPoker.lnk (HKCU)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: ActivIdentity Shared Store Service (ac.sharedstore) - ActivIdentity - C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: pinger - Unknown owner - C:\Toshiba\IVP\ISM\pinger.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA HD DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 13613 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2471965245-1943476174-3207880002-1001Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2471965245-1943476174-3207880002-1001UA.job
C:\Windows\tasks\User_Feed_Synchronization-{350F5D5B-B8B6-4082-ACFC-49A0CDBA7EF4}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}]
Octh Class - C:\Program Files\Orbitdownloader\orbitcth.dll [2009-05-19 171208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-05-15 817936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0941C58F-E461-4E03-BD7D-44C27392ADE1}]
PE_IE_Helper Class - C:\Program Files\IBM\Lotus Forms\Viewer\3.5\PEhelper.dll [2010-02-01 69632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-09-22 191792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-05-14 259696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll [2009-10-28 762864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-05-14 470512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-11-20 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2008-10-16 505136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-05-14 259696]
{C55BBCD6-41AD-48AD-9953-3609C48EACC7} - Grab Pro - C:\Program Files\Orbitdownloader\GrabPro.dll [2009-05-19 670840]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-05-15 817936]
{8dcb7100-df86-4384-8842-8fa844297b3f} - @C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100 - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll [2010-09-22 612616]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-09-06 1048888]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"=C:\Program Files\Synaptics\SynTP\SynTPStart.exe [2007-07-27 204800]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"SVPWUTIL"=C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe [2006-03-22 438272]
"TPwrMain"=C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [2007-03-29 411192]
"SmoothView"=C:\Program Files\Toshiba\SmoothView\SmoothView.exe [2007-06-15 448080]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-09-03 4702208]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-03-19 1451304]
"Kernel and Hardware Abstraction Layer"=C:\Windows\KHALMNPR.EXE [2009-06-17 55824]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-04-13 69632]
"Windows Mobile-based device management"=C:\Windows\WindowsMobile\wmdSync.exe [2006-11-02 215552]
"acevents"=C:\Program Files\ActivIdentity\ActivClient\acevents.exe [2009-06-03 153640]
""= []
"accrdsub"=C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [2009-06-03 400936]
"AprvRemoveLegacyExcelKeys"=C:\Program Files\ApproveIt\Support\Tools\AprvClean.exe [2009-04-29 73728]
"AprvRemoveLegacyWordKeys"=C:\Program Files\ApproveIt\Support\Tools\AprvClean.exe [2009-04-29 73728]
"ApproveItForOfficeSetup"=C:\Program Files\ApproveIt\Support\Tools\ApproveItForOfficeSetup.exe [2009-04-29 155648]
"WinPatrol"=C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [2010-05-31 323976]
"PSQLLauncher"=C:\Program Files\Protector Suite QL\launcher.exe [2007-11-14 49416]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-12-13 281768]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"=C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [2007-05-18 430080]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe [2004-04-17 196608]
"Google Update"=C:\Users\ap\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-18 136176]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
ActivClient Agent.lnk - C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Users\ap\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\psfus]
C:\Windows\system32\psqlpwd.dll [2007-11-14 96008]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
"DisableCAD"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\TOSHIBA\ivp\NetInt\Netint.exe"="C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine"
"C:\TOSHIBA\Ivp\ISM\pinger.exe"="C:\TOSHIBA\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger"
"C:\Program Files\Orbitdownloader\orbitdm.exe"="C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit"
"C:\Program Files\Orbitdownloader\orbitnet.exe"="C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-12-20 14:18:03 ----D---- C:\Users\ap\AppData\Roaming\Avira
2010-12-20 14:12:27 ----A---- C:\Windows\system32\drivers\ssmdrv.sys
2010-12-20 14:12:26 ----A---- C:\Windows\system32\drivers\avipbb.sys
2010-12-20 14:12:26 ----A---- C:\Windows\system32\drivers\avgntflt.sys
2010-12-20 14:12:20 ----D---- C:\ProgramData\Avira
2010-12-20 14:12:20 ----D---- C:\Program Files\Avira
2010-12-17 16:07:18 ----D---- C:\Program Files\Common Files\PocketSoft
2010-12-17 16:07:18 ----A---- C:\Windows\patchw32.dll
2010-12-17 03:24:52 ----A---- C:\Windows\system32\svchost.exe.exp.log
2010-12-15 22:04:31 ----A---- C:\Windows\system32\wmicmiplugin.dll
2010-12-15 22:04:31 ----A---- C:\Windows\system32\taskschd.dll
2010-12-15 22:04:31 ----A---- C:\Windows\system32\taskeng.exe
2010-12-15 22:04:31 ----A---- C:\Windows\system32\taskcomp.dll
2010-12-15 22:04:31 ----A---- C:\Windows\system32\schedsvc.dll
2010-12-15 22:04:20 ----A---- C:\Windows\system32\tzres.dll
2010-12-15 22:02:25 ----A---- C:\Windows\system32\win32k.sys
2010-12-15 22:01:55 ----A---- C:\Windows\system32\consent.exe
2010-12-15 22:01:02 ----A---- C:\Windows\system32\fontsub.dll
2010-12-15 22:01:02 ----A---- C:\Windows\system32\atmlib.dll
2010-12-15 22:01:02 ----A---- C:\Windows\system32\atmfd.dll
2010-12-15 21:59:13 ----A---- C:\Windows\system32\iertutil.dll
2010-12-15 21:59:12 ----A---- C:\Windows\system32\mshtml.dll
2010-12-15 21:59:11 ----A---- C:\Windows\system32\mstime.dll
2010-12-15 21:59:11 ----A---- C:\Windows\system32\ieframe.dll
2010-12-15 21:59:09 ----A---- C:\Windows\system32\wininet.dll
2010-12-15 21:59:09 ----A---- C:\Windows\system32\urlmon.dll
2010-12-15 21:59:09 ----A---- C:\Windows\system32\msfeedssync.exe
2010-12-15 21:59:09 ----A---- C:\Windows\system32\msfeeds.dll
2010-12-15 21:59:09 ----A---- C:\Windows\system32\iedkcs32.dll
2010-12-15 21:59:09 ----A---- C:\Windows\system32\ie4uinit.exe
2010-12-15 21:59:07 ----A---- C:\Windows\system32\occache.dll
2010-12-15 21:59:07 ----A---- C:\Windows\system32\ieui.dll
2010-12-15 21:59:06 ----A---- C:\Windows\system32\mshtmled.dll
2010-12-15 21:59:06 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-12-15 21:59:06 ----A---- C:\Windows\system32\licmgr10.dll
2010-12-15 21:59:06 ----A---- C:\Windows\system32\jsproxy.dll
2010-12-15 21:59:06 ----A---- C:\Windows\system32\ieUnatt.exe
2010-12-15 21:59:06 ----A---- C:\Windows\system32\iesysprep.dll
2010-12-15 21:59:06 ----A---- C:\Windows\system32\iesetup.dll
2010-12-15 21:59:06 ----A---- C:\Windows\system32\iernonce.dll
2010-12-15 21:59:06 ----A---- C:\Windows\system32\iepeers.dll
2010-12-13 10:22:35 ----D---- C:\Users\ap\AppData\Roaming\Atari
2010-12-13 08:11:50 ----D---- C:\Program Files\Landwirtschafts Simulator 2011
2010-12-09 14:29:55 ----D---- C:\Program Files\Full Tilt Poker.Net
2010-12-05 18:53:16 ----D---- C:\Users\ap\AppData\Roaming\OpenOffice.org
2010-12-05 18:34:37 ----D---- C:\Program Files\JRE
2010-12-05 18:33:45 ----D---- C:\Program Files\OpenOffice.org 3
2010-12-05 18:31:58 ----A---- C:\Windows\system32\javaws.exe
2010-12-05 18:31:58 ----A---- C:\Windows\system32\javaw.exe
2010-12-05 18:31:58 ----A---- C:\Windows\system32\java.exe
2010-12-02 20:14:37 ----AD---- C:\ProgramData\TEMP
2010-12-02 20:13:54 ----D---- C:\Users\ap\AppData\Roaming\AnvSoft
2010-12-02 20:13:51 ----D---- C:\Program Files\AnvSoft
2010-11-26 18:29:29 ----A---- C:\Windows\system32\CmdLineExt.dll
2010-11-26 18:20:01 ----D---- C:\Program Files\Codemasters

======List of files/folders modified in the last 1 months======

2010-12-20 16:10:41 ----D---- C:\Program Files\Trend Micro
2010-12-20 16:10:33 ----D---- C:\Windows\Temp
2010-12-20 16:02:48 ----D---- C:\ProgramData\NVIDIA
2010-12-20 14:55:21 ----D---- C:\Windows\inf
2010-12-20 14:55:21 ----AD---- C:\Windows\System32
2010-12-20 14:55:21 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-12-20 14:49:44 ----D---- C:\Windows\Prefetch
2010-12-20 14:44:28 ----D---- C:\Windows
2010-12-20 14:44:01 ----D---- C:\Windows\system32\drivers\etc
2010-12-20 14:38:23 ----D---- C:\Windows\Tasks
2010-12-20 14:16:51 ----SHD---- C:\System Volume Information
2010-12-20 14:12:27 ----D---- C:\Windows\system32\drivers
2010-12-20 14:12:20 ----RD---- C:\Program Files
2010-12-20 14:12:20 ----HD---- C:\ProgramData
2010-12-20 14:09:29 ----SHD---- C:\Windows\Installer
2010-12-20 14:09:28 ----HD---- C:\Config.Msi
2010-12-20 14:09:28 ----D---- C:\Windows\winsxs
2010-12-20 13:22:17 ----D---- C:\Program Files\Java
2010-12-20 13:20:17 ----SD---- C:\Users\ap\AppData\Roaming\Microsoft
2010-12-18 17:00:54 ----D---- C:\Windows\system32\Tasks
2010-12-17 16:11:33 ----HD---- C:\Program Files\InstallShield Installation Information
2010-12-17 16:07:18 ----D---- C:\Program Files\Common Files
2010-12-16 03:55:00 ----D---- C:\Windows\rescache
2010-12-16 03:32:28 ----D---- C:\Program Files\Windows Mail
2010-12-16 03:32:26 ----D---- C:\Program Files\Internet Explorer
2010-12-16 03:32:25 ----D---- C:\Windows\system32\migration
2010-12-16 03:15:53 ----D---- C:\Program Files\Microsoft Works
2010-12-16 03:13:24 ----D---- C:\Windows\system32\en-US
2010-12-16 03:12:50 ----D---- C:\ProgramData\Microsoft Help
2010-12-16 03:12:24 ----D---- C:\Windows\system32\catroot
2010-12-16 03:01:12 ----A---- C:\Windows\system32\mrt.exe
2010-12-15 21:57:54 ----D---- C:\Windows\system32\catroot2
2010-12-11 18:20:21 ----D---- C:\Program Files\uTorrent
2010-12-10 20:58:48 ----D---- C:\Program Files\PeerGuardian2
2010-12-10 09:11:06 ----D---- C:\Program Files\Mozilla Firefox
2010-12-05 18:37:46 ----RSD---- C:\Windows\assembly
2010-12-05 18:35:10 ----RSD---- C:\Windows\Fonts
2010-12-02 21:03:09 ----D---- C:\Users\ap\AppData\Roaming\Any Video Converter

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 LPCFilter;LPC Lower Filter Driver; C:\Windows\system32\DRIVERS\LPCFilter.sys [2006-07-28 19456]
R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2006-09-27 36560]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2009-01-30 717296]
R0 tos_sps32;TOSHIBA tos_sps32 Service; C:\Windows\system32\DRIVERS\tos_sps32.sys [2007-09-15 285184]
R0 TVALZ;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver; C:\Windows\system32\DRIVERS\TVALZ_O.SYS [2007-11-08 23640]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2010-12-13 135096]
R1 Cdr4_xp;Cdr4_xp; C:\Windows\system32\drivers\Cdr4_xp.sys [2006-10-04 2432]
R1 Cdralw2k;Cdralw2k; C:\Windows\system32\drivers\Cdralw2k.sys [2006-10-04 2560]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2010-06-17 28520]
R1 Tosrfcom;Bluetooth RFCOMM; C:\Windows\System32\Drivers\tosrfcom.sys [2007-05-24 64000]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2010-12-13 61960]
R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2006-11-28 1161888]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-09-05 1953944]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\Windows\system32\DRIVERS\LVPr2Mon.sys [2009-04-30 25624]
R3 NETw4v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-09-26 2251776]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2010-10-16 10084360]
R3 NWADI;NWADI Bus Enumerator; C:\Windows\system32\DRIVERS\NWADIenum.sys [2008-06-02 222720]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-11-10 135680]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-10 89088]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2009-03-19 208688]
R3 TcUsb;TC USB Kernel Driver; C:\Windows\System32\Drivers\tcusb.sys [2007-11-14 47120]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\Windows\system32\DRIVERS\tdcmdpst.sys [2006-10-18 16128]
R3 tifm21;tifm21; C:\Windows\system32\drivers\tifm21.sys [2007-01-24 290304]
R3 tosporte;Bluetooth COM Port; C:\Windows\system32\DRIVERS\tosporte.sys [2006-10-10 41600]
R3 tosrfbd;Bluetooth RFBUS; C:\Windows\system32\DRIVERS\tosrfbd.sys [2007-04-24 113920]
R3 tosrfbnp;Bluetooth RFBNEP; C:\Windows\System32\Drivers\tosrfbnp.sys [2006-11-20 36480]
R3 tosrfec;Bluetooth ACPI; C:\Windows\system32\DRIVERS\tosrfec.sys [2006-10-23 9216]
R3 Tosrfhid;Bluetooth RFHID; C:\Windows\system32\DRIVERS\Tosrfhid.sys [2007-03-01 73728]
R3 tosrfnds;Bluetooth Personal Area Network; C:\Windows\system32\DRIVERS\tosrfnds.sys [2005-01-06 18612]
R3 Tosrfusb;Bluetooth USB Controller; C:\Windows\system32\DRIVERS\tosrfusb.sys [2007-06-11 41856]
R3 usbvideo;Chicony USB 2.0 Camera; C:\Windows\System32\Drivers\usbvideo.sys [2008-01-18 134016]
R3 UVCFTR;UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [2007-04-16 11776]
S0 Lbd;Lbd; C:\Windows\system32\DRIVERS\Lbd.sys []
S3 ahyfjv34;ahyfjv34; C:\Windows\system32\drivers\ahyfjv34.sys []
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-18 131584]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-18 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-18 36864]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2010-09-22 39272]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2009-06-17 35472]
S3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [2009-06-17 37392]
S3 LVRS;Logitech RightSound Filter Driver; C:\Windows\system32\DRIVERS\lvrs.sys [2009-04-30 265496]
S3 LVUVC;Logitech QuickCam S5500(UVC); C:\Windows\system32\DRIVERS\lvuvc.sys [2009-04-30 6754712]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S3 NWUSBCDFIL;Novatel Wireless Installation CD; C:\Windows\system32\DRIVERS\NwUsbCdFil.sys [2008-07-07 20480]
S3 NWUSBModem;Novatel Wireless USB Modem Driver; C:\Windows\system32\DRIVERS\nwusbmdm.sys [2008-05-09 174336]
S3 NWUSBPort;Novatel Wireless USB Status Port Driver; C:\Windows\system32\DRIVERS\nwusbser.sys [2008-05-09 174336]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver; C:\Windows\system32\DRIVERS\nwusbser2.sys [2008-05-09 174336]
S3 pgfilter;pgfilter; \??\C:\Program Files\PeerGuardian2\pgfilter.sys [2007-06-02 8192]
S3 RimUsb;BlackBerry Smartphone; C:\Windows\System32\Drivers\RimUsb.sys [2008-04-16 22784]
S3 samhidb;samhidb; C:\Windows\system32\drivers\samhidb.sys [2007-05-11 22391]
S3 SCMUSB;SCM Microsystems SCR300 USB Smart Card Reader; C:\Windows\system32\DRIVERS\stcusb.sys [2008-01-18 22016]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver; \??\C:\PROGRA~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [2009-03-20 32408]
S3 TosRfSnd;Bluetooth Audio; C:\Windows\system32\drivers\tosrfsnd.sys [2007-01-22 53376]
S3 TpChoice;Touch Pad Detection Filter driver; C:\Windows\system32\DRIVERS\TpChoice.sys []
S3 UMPass;Microsoft UMPass Driver; C:\Windows\system32\DRIVERS\umpass.sys [2008-01-18 7680]
S3 usb_rndisx;USB RNDIS Adapter; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-04-10 15872]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2010-09-28 41984]
S3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-10 73216]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys [2009-03-02 29184]
S3 WmFilter;Logitech Gaming HID Filter Driver; C:\Windows\system32\drivers\WmFilter.sys [2005-04-12 22240]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-09-30 40448]
S3 WSDPrintDevice;WSD Print Support via UMB; C:\Windows\system32\DRIVERS\WSDPrint.sys [2008-01-19 16896]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328]
S4 KR10I;KR10I; C:\Windows\system32\drivers\kr10i.sys [2006-11-09 219264]
S4 KR10N;KR10N; C:\Windows\system32\drivers\kr10n.sys [2006-11-09 211072]
S4 KR3NPXP;KR3NPXP; C:\Windows\system32\drivers\kr3npxp.sys [2006-09-27 479488]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ac.sharedstore;ActivIdentity Shared Store Service; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-06-03 207400]
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2006-10-05 9216]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-12-13 135336]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-12-13 267944]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-10-16 37664]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-07-27 345376]
R2 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2006-11-14 40960]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2007-03-06 643072]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 HPSLPSVC;HP Network Devices Support; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-04-30 154136]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2010-10-16 600680]
R2 pinger;pinger; C:\Toshiba\IVP\ISM\pinger.exe [2007-01-25 136816]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2007-03-06 327680]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2010-09-22 249136]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]
R2 Swupdtmr;Swupdtmr; c:\Toshiba\IVP\swupdate\swupdtmr.exe [2007-01-25 63096]
R2 TNaviSrv;TOSHIBA Navi Support Service; C:\Program Files\Toshiba\TOSHIBA HD DVD PLAYER\TNaviSrv.exe [2007-09-15 77824]
R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe [2006-05-25 114688]
R2 TosCoSrv;TOSHIBA Power Saver; C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe [2007-03-29 427576]
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2007-02-25 125048]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2006-08-23 49152]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 1710464]
R2 ZuneNetworkSvc;Zune Network Sharing Service; C:\Program Files\Zune\ZuneNss.exe [2010-09-24 6351600]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-08-14 654848]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2010-09-22 1493352]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-14 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-11-11 820008]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe [2009-07-20 121360]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-11-10 774144]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-03 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service; C:\Program Files\Zune\WMZuneComm.exe [2010-09-24 268528]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service; C:\Windows\system32\ZuneWlanCfgSvc.exe [2010-09-24 444656]
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

-----------------EOF-----------------
acerda23
Regular Member
 
Posts: 31
Joined: August 31st, 2010, 12:04 am

Re: redirect issues and more...

Unread postby acerda23 » December 20th, 2010, 6:57 pm

I'm unable to run the TDSSKiller.exe I'm getting the following error:

X C:\Users\ap\Desktop\TDSSKiller.exe

The service cannot accept control messages at this time.

OK


I'm still having the same issues with redirecting and various programs giving me issues with (Not Responding) and forcing me to close them...
acerda23
Regular Member
 
Posts: 31
Joined: August 31st, 2010, 12:04 am

Re: redirect issues and more...

Unread postby Cypher » December 21st, 2010, 6:23 am

Hi acerda23.
Ran OTM before I ready your reply... Let me know if I'm good to continue with RSIT and TDSSKiller.

If you have problems from now on Stop and let me know.
Don't continue until you hear from me again this is important.

Disable Avira anti-virus

  • Please navigate to the system tray on the bottom right hand corner and look for an open white umbrella on red background (looks to this: Image )
  • right click it-> untick the option AntiVir Guard enable.
  • You should now see a closed, white umbrella on a red background (looks to this: Image )
  • Note: Don't forget to re-enable it after the fix.

Next.

Download and Run ComboFix

  • Please download ComboFix from one of the following links.

    Link 1.

    Link 2.

    **IMPORTANT !!! Save ComboFix.exe to your Desktop**
  • Please disable any Antivirus or Firewall you have active, as shown in this topic. Please close all open application windows.
  • Double click on ComboFix.exe & follow the prompts
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console
Image
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Image

  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper



Logs/Information to Post in your Next Reply

  • ComboFix.txt.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: redirect issues and more...

Unread postby acerda23 » December 21st, 2010, 4:46 pm

I can't seem to get Avira to show up as Enabled on my Tray Icon...


ComboFix 10-12-21.01 - ap 12/21/2010 14:11:23.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2046.1127 [GMT -6:00]
Running from: c:\users\ap\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\xp
c:\programdata\xp\EBLib.dll
c:\programdata\xp\TPwSav.sys
c:\users\ap\AppData\Local\{4405867D-A568-4DA4-B8E4-7C4ECB906E52}
c:\users\ap\AppData\Local\{4405867D-A568-4DA4-B8E4-7C4ECB906E52}\chrome.manifest
c:\users\ap\AppData\Local\{4405867D-A568-4DA4-B8E4-7C4ECB906E52}\chrome\content\_cfg.js
c:\users\ap\AppData\Local\{4405867D-A568-4DA4-B8E4-7C4ECB906E52}\chrome\content\overlay.xul
c:\users\ap\AppData\Local\{4405867D-A568-4DA4-B8E4-7C4ECB906E52}\install.rdf
c:\windows\system32\Thumbs.db

.
((((((((((((((((((((((((( Files Created from 2010-11-21 to 2010-12-21 )))))))))))))))))))))))))))))))
.

2010-12-21 20:24 . 2010-12-21 20:29 -------- d-----w- c:\users\ap\AppData\Local\temp
2010-12-21 20:24 . 2010-12-21 20:24 -------- d-----w- c:\users\Mcx2\AppData\Local\temp
2010-12-21 20:24 . 2010-12-21 20:24 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2010-12-21 20:24 . 2010-12-21 20:24 -------- d-----w- c:\users\Guest\AppData\Local\temp
2010-12-21 20:24 . 2010-12-21 20:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-21 16:25 . 2010-12-21 16:25 -------- d-----w- c:\program files\iPod
2010-12-21 16:25 . 2010-12-21 16:26 -------- d-----w- c:\program files\iTunes
2010-12-20 22:19 . 2010-12-20 22:19 -------- d-----w- c:\users\Default\AppData\Roaming\Apple Computer
2010-12-20 22:19 . 2010-12-20 22:19 -------- d-----w- c:\users\Default\AppData\Local\Apple Computer
2010-12-20 20:18 . 2010-12-20 20:18 -------- d-----w- c:\users\ap\AppData\Roaming\Avira
2010-12-20 20:12 . 2010-12-13 14:40 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-12-20 20:12 . 2010-12-13 14:40 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-12-20 20:12 . 2010-12-20 20:12 -------- d-----w- c:\programdata\Avira
2010-12-20 20:12 . 2010-12-20 20:12 -------- d-----w- c:\program files\Avira
2010-12-17 22:07 . 2010-12-17 22:07 -------- d-----w- c:\program files\Common Files\PocketSoft
2010-12-17 22:07 . 2002-02-28 00:50 197120 ----a-w- c:\windows\patchw32.dll
2010-12-16 04:04 . 2010-11-04 18:56 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-12-16 04:04 . 2010-11-04 18:55 352768 ----a-w- c:\windows\system32\taskschd.dll
2010-12-16 04:04 . 2010-11-04 18:55 270336 ----a-w- c:\windows\system32\taskcomp.dll
2010-12-16 04:04 . 2010-11-04 18:55 601600 ----a-w- c:\windows\system32\schedsvc.dll
2010-12-16 04:04 . 2010-11-04 16:34 171520 ----a-w- c:\windows\system32\taskeng.exe
2010-12-16 04:04 . 2010-10-28 13:20 2048 ----a-w- c:\windows\system32\tzres.dll
2010-12-16 04:04 . 2010-10-12 15:53 33280 ----a-w- c:\program files\Windows Mail\wabfind.dll
2010-12-16 04:04 . 2010-10-12 13:41 66048 ----a-w- c:\program files\Windows Mail\wabmig.exe
2010-12-16 04:04 . 2010-10-12 13:41 515584 ----a-w- c:\program files\Windows Mail\wab.exe
2010-12-16 04:02 . 2010-10-18 13:31 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-12-16 04:01 . 2010-10-18 13:37 81920 ----a-w- c:\windows\system32\consent.exe
2010-12-16 04:01 . 2010-10-28 15:44 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-12-16 04:01 . 2010-10-28 13:27 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-12-16 04:01 . 2010-06-16 15:30 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-12-16 03:57 . 2010-11-03 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2010-12-15 00:42 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{602C609C-1104-41E2-B861-34C8E29F4793}\mpengine.dll
2010-12-13 16:22 . 2010-12-13 16:22 -------- d-----w- c:\users\ap\AppData\Roaming\Atari
2010-12-13 14:11 . 2010-12-13 23:45 -------- d-----w- c:\program files\Landwirtschafts Simulator 2011
2010-12-09 20:30 . 2010-12-13 13:57 -------- d-----w- c:\users\ap\AppData\Local\FullTiltPoker.NET
2010-12-09 20:29 . 2010-12-13 13:57 -------- d-----w- c:\program files\Full Tilt Poker.Net
2010-12-06 00:53 . 2010-12-06 00:53 -------- d-----w- c:\users\ap\AppData\Roaming\OpenOffice.org
2010-12-06 00:34 . 2010-12-06 00:34 -------- d-----w- c:\program files\JRE
2010-12-06 00:33 . 2010-12-06 00:34 -------- d-----w- c:\program files\OpenOffice.org 3
2010-12-03 02:13 . 2010-12-03 02:13 -------- d-----w- c:\users\ap\AppData\Roaming\AnvSoft
2010-12-03 02:13 . 2010-12-03 02:13 -------- d-----w- c:\program files\AnvSoft
2010-11-29 23:38 . 2010-11-29 23:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 23:38 . 2010-11-29 23:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-27 00:29 . 2010-11-27 00:29 108144 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-11-27 00:20 . 2010-11-27 00:20 -------- d-----w- c:\program files\Codemasters
2010-11-24 02:32 . 2010-10-19 04:27 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 16:41 . 2009-10-02 22:41 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-16 18:55 . 2010-11-15 17:00 5473896 ----a-w- c:\windows\system32\nvwgf2um.dll
2010-10-16 18:55 . 2010-11-15 17:00 888424 ----a-w- c:\windows\system32\nvdispco322050.dll
2010-10-16 18:55 . 2010-11-15 17:00 813672 ----a-w- c:\windows\system32\nvgenco322030.dll
2010-10-16 18:55 . 2010-11-15 17:00 14899816 ----a-w- c:\windows\system32\nvoglv32.dll
2010-10-16 18:55 . 2010-11-15 17:00 10084360 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2010-10-16 18:55 . 2010-11-15 17:00 57960 ----a-w- c:\windows\system32\OpenCL.dll
2010-10-16 18:55 . 2010-11-15 17:00 4837480 ----a-w- c:\windows\system32\nvcuda.dll
2010-10-16 18:55 . 2010-11-15 17:00 2912360 ----a-w- c:\windows\system32\nvcuvid.dll
2010-10-16 18:55 . 2010-11-15 17:00 2666600 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-10-16 18:55 . 2010-11-15 17:00 13019752 ----a-w- c:\windows\system32\nvcompiler.dll
2010-10-16 18:55 . 2010-11-15 17:00 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2010-10-16 18:55 . 2007-09-16 03:41 10023528 ----a-w- c:\windows\system32\nvd3dum.dll
2010-10-16 18:55 . 2007-09-16 03:41 1719912 ----a-w- c:\windows\system32\nvapi.dll
2010-10-16 18:42 . 2010-10-16 18:42 66664 ----a-w- c:\windows\system32\nvshext.dll
2010-10-16 18:42 . 2010-10-16 18:42 600680 ----a-w- c:\windows\system32\nvvsvc.exe
2010-10-16 18:42 . 2010-10-16 18:42 1881704 ----a-w- c:\windows\system32\nvsvcr.dll
2010-10-16 18:42 . 2010-10-16 18:42 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-10-16 18:42 . 2010-10-16 18:42 3420776 ----a-w- c:\windows\system32\nvcpl.dll
2010-10-16 18:42 . 2010-10-16 18:42 2079336 ----a-w- c:\windows\system32\nvsvc.dll
2010-10-14 07:36 . 2010-10-14 07:36 15451288 ----a-w- c:\windows\system32\xlive.dll
2010-10-14 07:36 . 2010-10-14 07:36 13642904 ----a-w- c:\windows\system32\xlivefnt.dll
2010-10-11 09:07 . 2010-10-11 09:07 690952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-09-28 21:44 . 2010-09-28 21:44 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-09-28 21:44 . 2010-09-28 21:44 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-09-24 18:25 . 2010-09-24 18:25 6144 ----a-w- c:\windows\system32\drivers\UMDF\pt-PT\ZuneDriver.dll.mui
2010-09-24 18:25 . 2010-09-24 18:25 6144 ----a-w- c:\windows\system32\drivers\UMDF\pt-BR\ZuneDriver.dll.mui
2010-09-24 18:25 . 2010-09-24 18:25 6656 ----a-w- c:\windows\system32\drivers\UMDF\nl-NL\ZuneDriver.dll.mui
2010-09-24 18:24 . 2010-09-24 18:24 6656 ----a-w- c:\windows\system32\drivers\UMDF\it-IT\ZuneDriver.dll.mui
2010-09-24 18:24 . 2010-09-24 18:24 6144 ----a-w- c:\windows\system32\drivers\UMDF\fr-FR\ZuneDriver.dll.mui
2010-09-24 18:24 . 2010-09-24 18:24 6656 ----a-w- c:\windows\system32\drivers\UMDF\es-ES\ZuneDriver.dll.mui
2010-09-24 18:24 . 2010-09-24 18:24 6144 ----a-w- c:\windows\system32\drivers\UMDF\de-DE\ZuneDriver.dll.mui
2010-09-24 18:19 . 2010-09-24 18:19 444656 ----a-w- c:\windows\system32\ZuneWlanCfgSvc.exe
2010-09-24 17:14 . 2010-09-24 17:14 6144 ----a-w- c:\windows\system32\drivers\UMDF\en-US\ZuneDriver.dll.mui
2010-09-23 05:47 . 2010-09-23 05:47 49016 ----a-w- c:\windows\system32\sirenacm.dll
2010-09-23 05:32 . 2010-09-23 05:32 301936 ----a-w- c:\windows\WLXPGSS.SCR
2010-09-23 05:21 . 2010-10-23 17:24 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2003-03-19 02:20 . 2010-06-07 12:47 1060864 ----a-w- c:\program files\mozilla firefox\plugins\mfc71.dll
2003-02-21 09:42 . 2010-06-07 12:47 348160 ----a-w- c:\program files\mozilla firefox\plugins\msvcr71.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-11-14 17:22 3186440 ----a-w- c:\program files\Protector Suite QL\farchns.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-11-14 17:22 3186440 ----a-w- c:\program files\Protector Suite QL\farchns.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2007-05-18 430080]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]
"Google Update"="c:\users\ap\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-12-18 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AprvRemoveLegacyExcelKeys"="c:\program files\ApproveIt\Support\Tools\AprvClean.exe -k HKCU SOFTWARE\Microsoft\Office\Excel\Addins\OfficeAddIn.OfficeAddIn" [X]
"AprvRemoveLegacyWordKeys"="c:\program files\ApproveIt\Support\Tools\AprvClean.exe -k HKCU SOFTWARE\Microsoft\Office\Word\Addins\OfficeAddIn.OfficeAddIn" [X]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-07-27 204800]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-03-23 438272]
"RtHDVCpl"="RtHDVCpl.exe" [2007-09-04 4702208]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-20 1451304]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 69632]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"acevents"="c:\program files\ActivIdentity\ActivClient\acevents.exe" [2009-06-03 153640]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2009-06-03 400936]
"ApproveItForOfficeSetup"="c:\program files\ApproveIt\Support\Tools\ApproveItForOfficeSetup.exe" [2009-04-30 155648]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2010-05-31 323976]
"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2007-11-14 49416]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]

c:\users\ap\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ActivClient Agent.lnk - c:\program files\ActivIdentity\ActivClient\acsagent.exe [2009-6-3 130600]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-2-4 813584]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-11-14 17:07 96008 ----a-w- c:\windows\System32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\DRIVERS\NwUsbCdFil.sys [2008-07-07 20480]
R3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\DRIVERS\nwusbser2.sys [2008-05-09 174336]
R3 samhidb;samhidb;c:\windows\system32\drivers\samhidb.sys [2007-05-12 22391]
R3 SCMUSB;SCM Microsystems SCR300 USB Smart Card Reader;c:\windows\system32\DRIVERS\stcusb.sys [2008-01-19 22016]
R3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [2009-03-21 32408]
R3 TpChoice;Touch Pad Detection Filter driver;c:\windows\system32\DRIVERS\TpChoice.sys [x]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2010-09-24 268528]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-19 16896]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-01-30 717296]
S2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-06-03 207400]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-12-13 135336]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPService REG_MULTI_SZ HPSLPSVC
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder

2010-12-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2471965245-1943476174-3207880002-1001Core.job
- c:\users\ap\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-18 23:00]

2010-12-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2471965245-1943476174-3207880002-1001UA.job
- c:\users\ap\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-18 23:00]

2010-12-21 c:\windows\Tasks\User_Feed_Synchronization-{350F5D5B-B8B6-4082-ACFC-49A0CDBA7EF4}.job
- c:\windows\system32\msfeedssync.exe [2010-12-16 04:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = <local>;*.local
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\ap\AppData\Roaming\Mozilla\Firefox\Profiles\w65xxmtu.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cc6d786 ... g=en-US&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: tab-search: tab@search.com - %profile%\extensions\tab@search.com
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - user.js: search.clsid - {27E3332A-9C46-47C4-A594-89D304933A64}
FF - user.js: search.sid - 15101055100
FF - user.js: extensions.newAddons - false
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-TPwrMain - %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-SmoothView - %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe



**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\6e574e40]
"imagepath"="\??\c:\windows\TEMP\A277.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2471965245-1943476174-3207880002-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:75,70,0f,46,48,1a,2a,53,49,1e,93,0e,c6,8e,64,51,44,fd,f6,13,80,ed,b4,
f0,35,d7,8d,2c,6f,c5,9d,06,4e,28,63,29,95,5b,97,7a,c6,c2,23,47,12,ed,77,62,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50

[HKEY_USERS\S-1-5-21-2471965245-1943476174-3207880002-1001\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:e4,66,32,75,24,b4,da,e2,14,b3,5f,86,34,1d,47,53,cf,9a,ff,18,aa,
33,1d,af,ee,5b,42,2f,4b,f4,5d,37,66,33,5c,ea,0e,8a,b9,25,28,20,4f,06,17,1a,\
"rkeysecu"=hex:cf,fd,36,ed,8f,83,8f,67,d5,d5,68,a4,04,da,e7,c7

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(5924)
c:\program files\Protector Suite QL\farchns.dll
c:\program files\Protector Suite QL\infql2.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\NVIDIA Corporation\Display\NvXDSync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Protector Suite QL\upeksvr.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\toshiba\IVP\ISM\pinger.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\toshiba\IVP\swupdate\swupdtmr.exe
c:\program files\Toshiba\TOSHIBA HD DVD PLAYER\TNaviSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\Toshiba\Power Saver\TosCoSrv.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Zune\ZuneNss.exe
.
**************************************************************************
.
Completion time: 2010-12-21 14:39:00 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-21 20:38

Pre-Run: 30,716,928,000 bytes free
Post-Run: 30,341,431,296 bytes free

- - End Of File - - 3A263AD20CB92974E66C707427AC40AC
acerda23
Regular Member
 
Posts: 31
Joined: August 31st, 2010, 12:04 am
Advertisement
Register to Remove

Next

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 306 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware