Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google redirect after trying to update Java

Started by rdmilton04 , Mar 04 2011 02:27 PM

  • Please log in to reply

#1
rdmilton04
Posted 04 March 2011 - 02:27 PM

rdmilton04

    New Member

  • Member
  • Pip
  • 4 posts
About a week ago, I was sent a link by a reputable company, to complete a typing test for possible employment. The link required me to update Java in order to complete the test. My entire computer was infected with a virus at that point, where it would show a "you're infected, blue screen of death" kind of desktop. I ran several programs to remove the virus, both in full mode as well as safe mode (fsbl, tdsskiller, Hitman Pro 3.5, TweakNow Reg Cleaner 2011, CCleaner, TweakNow PowerPack 2010, Spybot, Malwarebytes, and Cleanup). I am also running Avast as my main virus protector. None of the rootkits found anything, but I was able to clean the "virus" (I think). Now that I'm able to connect to the internet again, I'm getting Google redirects to various sites, mostly PPC sites. I'm using Firefox, although my family uses Explorer. Because they are not very computer savvy, I'm not sure if it happens on Explorer (or if that even makes a difference). I even removed Google's toolbar and reinstalled (it was worth a shot) and went to Java's main site to update and was able to do so, but the original link still says I need to update. I'm not really worried about the Java or job anymore (it was a temp anyway), but any help is definitely appreciated as I'm usually the one to fix my friends' computers and this has been a pain in the butt for me :D

OTL logfile created on: 3/4/2011 1:55:41 PM - Run 1
OTL by OldTimer - Version 3.2.22.2 Folder = C:\Users\Rukiya\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 42.00% Memory free
5.00 Gb Paging File | 3.00 Gb Available in Paging File | 59.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.71 Gb Total Space | 215.08 Gb Free Space | 74.50% Space Free | Partition Type: NTFS
Drive F: | 465.76 Gb Total Space | 240.36 Gb Free Space | 51.61% Space Free | Partition Type: NTFS

Computer Name: RUKIYA-PC | User Name: Rukiya | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/04 13:55:20 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Rukiya\Desktop\OTL.exe
PRC - [2011/03/02 15:41:30 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/02/20 16:57:50 | 000,107,000 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2011/01/13 02:47:34 | 003,396,624 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/01/13 02:47:33 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/12/08 03:24:16 | 005,247,624 | ---- | M] () -- C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
PRC - [2010/11/29 14:58:34 | 001,294,712 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
PRC - [2010/11/29 14:58:30 | 000,054,136 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
PRC - [2010/11/19 13:29:00 | 004,916,568 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2010/07/04 08:32:51 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/05/04 20:40:46 | 002,815,488 | ---- | M] (SpeedBit Ltd.) -- C:\Program Files\DAP\DAP.exe
PRC - [2010/04/26 10:06:44 | 000,096,112 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
PRC - [2009/10/30 23:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/09/25 16:17:17 | 000,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\16.7.0.30\ccSvcHst.exe
PRC - [2009/08/21 10:29:40 | 000,464,224 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2009/08/21 10:29:20 | 000,476,512 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
PRC - [2009/08/11 17:09:54 | 000,185,712 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe
PRC - [2009/08/11 17:09:38 | 001,324,384 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TECO\TEco.exe
PRC - [2009/08/10 20:55:46 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
PRC - [2009/08/06 18:05:18 | 000,583,024 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
PRC - [2009/08/06 18:04:56 | 000,685,424 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
PRC - [2009/08/05 15:04:54 | 000,738,616 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
PRC - [2009/08/03 19:16:50 | 001,021,272 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
PRC - [2009/08/03 19:16:32 | 000,111,960 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
PRC - [2009/07/30 00:54:38 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009/07/30 00:54:10 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/07/28 21:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009/07/28 16:43:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2009/07/28 15:00:10 | 000,460,088 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
PRC - [2009/07/13 19:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 19:14:24 | 000,157,184 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Windows Defender\MpCmdRun.exe
PRC - [2009/07/13 16:24:00 | 000,304,496 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2009/03/10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/10/09 08:07:56 | 000,107,912 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2008/07/21 16:15:14 | 000,193,888 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Maxtor\Sync\SyncServices.exe
PRC - [2008/01/14 10:17:49 | 005,701,632 | ---- | M] () -- C:\Program Files\Noguska\NolaPro\Apache\mysql\bin\mysqld-nt.exe


========== Modules (SafeList) ==========

MOD - [2011/03/04 13:55:20 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Rukiya\Desktop\OTL.exe
MOD - [2011/01/13 02:47:35 | 000,189,728 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2010/08/20 23:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/01/13 02:47:33 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/01/04 20:46:37 | 003,129,432 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_dbc0250.dll -- (Akamai)
SRV - [2010/11/29 14:58:30 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/11/19 13:29:00 | 004,916,568 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2010/04/10 09:15:47 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/03/29 07:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009/09/25 16:17:17 | 000,117,640 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\16.7.0.30\ccSvcHst.exe -- (Norton Internet Security)
SRV - [2009/08/21 10:29:40 | 000,464,224 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2009/08/11 17:09:54 | 000,185,712 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV - [2009/08/10 20:55:46 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe -- (cfWiMAXService)
SRV - [2009/08/06 18:04:56 | 000,685,424 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV - [2009/08/03 19:16:32 | 000,111,960 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV - [2009/07/30 00:54:10 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/07/28 16:43:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2009/07/13 19:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 19:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/05/22 12:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/03/10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/10/09 08:07:56 | 000,107,912 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2008/07/21 16:15:14 | 000,193,888 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Maxtor\Sync\SyncServices.exe -- (Maxtor Sync Service)
SRV - [2008/01/14 10:17:49 | 005,701,632 | ---- | M] () [Auto | Running] -- C:\Program Files\Noguska\NolaPro\Apache\mysql\bin\mysqld-nt.exe -- (MySQLNoguskaNolaPro)
SRV - [2007/05/31 16:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 16:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV - [2011/01/13 02:41:16 | 000,294,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/01/13 02:40:16 | 000,047,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/01/13 02:37:30 | 000,023,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/01/13 02:37:19 | 000,051,280 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/01/13 02:37:09 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/09/25 16:17:18 | 000,308,272 | ---- | M] (Symantec Corporation) [File_System | System | Stopped] -- C:\windows\system32\drivers\NIS\1007000.01E\SRTSP.SYS -- (SRTSP)
DRV - [2009/09/25 16:17:18 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\windows\system32\drivers\NIS\1007000.01E\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2009/08/14 07:45:24 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/08/14 07:45:24 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/08/05 20:04:04 | 000,171,520 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/30 18:45:56 | 000,022,912 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2009/07/30 13:06:30 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/07/24 16:57:06 | 000,275,536 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2009/07/14 16:28:42 | 000,023,512 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2009/07/13 17:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 17:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 16:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/13 16:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/07/07 09:53:06 | 000,007,680 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2009/06/24 19:23:12 | 000,159,776 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
DRV - [2009/06/19 20:31:08 | 000,012,920 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TVALZFL.sys -- (TVALZFL)
DRV - [2009/05/05 01:30:28 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV - [2008/11/11 13:42:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008/11/11 13:41:00 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008/11/11 13:41:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2008/08/22 10:28:32 | 000,333,824 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8187Se.sys -- (RTL8187Se)
DRV - [2008/04/01 13:33:16 | 000,019,456 | ---- | M] (LeapFrog) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\FlyUsb.sys -- (FlyUsb)
DRV - [2007/05/03 13:37:08 | 000,022,152 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mxopswd.sys -- (MXOPSWD)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=TSNA&bmod=TSNA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=TSNA&bmod=TSNA
IE - HKLM\..\URLSearchHook: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files\Swag_Bucks\tbSwag.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files\Swag_Bucks\tbSwag.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.2
FF - prefs.js..extensions.enabledItems: [email protected]:2.1.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.1
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.14.2
FF - prefs.js..extensions.enabledItems: {8ea9957e-2953-402f-80e0-bceb5f169d6f}:0.5.4
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9
FF - prefs.js..extensions.enabledItems: {c4dc572a-3295-40eb-b30f-b54aa4cdc4b7}:0.7.26
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:7.2.3
FF - prefs.js..extensions.enabledItems: {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}:9.4.0.5
FF - prefs.js..extensions.enabledItems: [email protected]:3.2.5.2
FF - prefs.js..extensions.enabledItems: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}:3.2.5.2
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {1400E5F5-E1EF-4640-BA2C-EAFF992D58F9}:1.9.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24


FF - HKLM\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2011/02/20 16:59:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.14\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/02 15:41:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.14\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/02 15:41:30 | 000,000,000 | ---D | M]

[2009/11/09 11:46:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rukiya\AppData\Roaming\Mozilla\Extensions
[2010/08/26 22:42:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rukiya\AppData\Roaming\Mozilla\Firefox\Profiles\adyqn6bt.default\extensions
[2011/03/04 11:57:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rukiya\AppData\Roaming\Mozilla\Firefox\Profiles\clp1h3nk.default\extensions
[2011/03/03 16:36:19 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Rukiya\AppData\Roaming\Mozilla\Firefox\Profiles\clp1h3nk.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/10/14 12:10:39 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Rukiya\AppData\Roaming\Mozilla\Firefox\Profiles\clp1h3nk.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2011/01/09 12:47:25 | 000,000,000 | ---D | M] (Swag Bucks Community Toolbar) -- C:\Users\Rukiya\AppData\Roaming\Mozilla\Firefox\Profiles\clp1h3nk.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}
[2011/01/22 22:16:43 | 000,000,000 | ---D | M] (XHTML Mobile Profile) -- C:\Users\Rukiya\AppData\Roaming\Mozilla\Firefox\Profiles\clp1h3nk.default\extensions\{8ea9957e-2953-402f-80e0-bceb5f169d6f}
[2011/01/06 23:10:38 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\Rukiya\AppData\Roaming\Mozilla\Firefox\Profiles\clp1h3nk.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2010/12/30 14:39:35 | 000,000,000 | ---D | M] (wmlbrowser) -- C:\Users\Rukiya\AppData\Roaming\Mozilla\Firefox\Profiles\clp1h3nk.default\extensions\{c4dc572a-3295-40eb-b30f-b54aa4cdc4b7}
[2010/07/15 01:04:15 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Users\Rukiya\AppData\Roaming\Mozilla\Firefox\Profiles\clp1h3nk.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/07/28 14:05:23 | 000,000,000 | ---D | M] (ChaCha Guide App Toolbar) -- C:\Users\Rukiya\AppData\Roaming\Mozilla\Firefox\Profiles\clp1h3nk.default\extensions\[email protected]
[2011/01/09 12:47:26 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Rukiya\AppData\Roaming\Mozilla\Firefox\Profiles\clp1h3nk.default\extensions\[email protected]
[2010/12/30 14:39:36 | 000,000,000 | ---D | M] (Read It Later) -- C:\Users\Rukiya\AppData\Roaming\Mozilla\Firefox\Profiles\clp1h3nk.default\extensions\[email protected]
[2010/03/16 20:54:27 | 000,000,000 | ---D | M] (Ancestry.com Advanced Image Viewer) -- C:\Users\Rukiya\AppData\Roaming\Mozilla\Firefox\Profiles\clp1h3nk.default\extensions\[email protected]
[2010/09/26 11:09:37 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\Rukiya\AppData\Roaming\Mozilla\Firefox\Profiles\clp1h3nk.default\extensions\vshare@toolbar
[2011/02/23 18:24:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/21 22:37:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/02/23 18:24:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2010/05/04 20:40:47 | 000,000,000 | ---D | M] (Download Accelerator Plus (DAP) extension) -- C:\PROGRAM FILES\DAP\DAPFIREFOX
[2011/02/20 16:59:15 | 000,000,000 | ---D | M] (Roboform Toolbar for Firefox) -- C:\PROGRAM FILES\SIBER SYSTEMS\AI ROBOFORM\FIREFOX
[2011/02/22 01:29:24 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\RUKIYA\APPDATA\LOCAL\{1400E5F5-E1EF-4640-BA2C-EAFF992D58F9}
[2009/11/19 15:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/11/19 15:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll

O1 HOSTS File: ([2009/06/10 15:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.7.0.30\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.7.0.30\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Swag Bucks Toolbar) - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files\Swag_Bucks\tbSwag.dll (Conduit Ltd.)
O2 - BHO: (DAPIELoader Class) - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\DAP\dapieloader.dll (SpeedBit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.7.0.30\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Swag Bucks Toolbar) - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files\Swag_Bucks\tbSwag.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Swag Bucks Toolbar) - {8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} - C:\Program Files\Swag_Bucks\tbSwag.dll (Conduit Ltd.)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [HLBackupScheduler] C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe ()
O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [ModemHelper] File not found
O4 - HKLM..\RunOnce: [MSKSSRV] File not found
O4 - HKLM..\RunOnce: [MSPCLOCK] File not found
O4 - HKLM..\RunOnce: [MSPQM] File not found
O4 - HKLM..\RunOnce: [MSTEE.CxTransform] File not found
O4 - HKLM..\RunOnce: [MSTEE.Splitter] File not found
O4 - HKLM..\RunOnce: [SpybotSnD] C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe (Safer Networking Limited)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: @C:\windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe (PlotSoft LLC)
O13 - gopher Prefix: missing
O16 - DPF: {0B195D55-0AB4-48C7-828F-34BE10BA4266} http://www.worldwinn...ealornodeal.cab (DealOrNoDeal Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} http://das.microsoft...tail/DASAct.cab (DASWebDownload Class)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinn...ed/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {95A311CD-EC8E-452A-BCEC-B844EB616D03} http://www.worldwinn...eweledtwist.cab (BejeweledTwist Control)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://networkforgo...nt/ieatgpc1.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail....NPUplden-us.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.7.0.30\CoIEPlg.dll (Symantec Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 15:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007/05/10 08:48:26 | 000,000,032 | ---- | M] () - F:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{ceff6803-3bca-11e0-a4e6-001e33f98934}\Shell - "" = AutoRun
O33 - MountPoints2\{ceff6803-3bca-11e0-a4e6-001e33f98934}\Shell\AutoRun\command - "" = E:\ToolLauncher-Bootstrap.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/04 13:55:13 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Users\Rukiya\Desktop\OTL.exe
[2011/02/26 00:44:28 | 000,000,000 | ---D | C] -- C:\Users\Rukiya\Desktop\Wall Street-Money Never Sleeps 2010 720p BRRip x264 [Team QrG]
[2011/02/23 18:22:55 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2011/02/23 00:21:24 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2011/02/23 00:20:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011/02/22 10:47:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TweakNow RegCleaner 2011
[2011/02/22 10:47:06 | 000,000,000 | ---D | C] -- C:\Users\Rukiya\AppData\Roaming\TweakNow RegCleaner 2011
[2011/02/22 10:47:06 | 000,000,000 | ---D | C] -- C:\Program Files\TweakNow RegCleaner 2011
[2011/02/22 10:41:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/02/22 01:29:24 | 000,000,000 | ---D | C] -- C:\Users\Rukiya\AppData\Local\{1400E5F5-E1EF-4640-BA2C-EAFF992D58F9}
[2011/02/22 01:25:45 | 000,000,000 | ---D | C] -- C:\ProgramData\jAaCmCe08200
[2011/02/20 17:01:12 | 000,000,000 | ---D | C] -- C:\Users\Rukiya\AppData\Roaming\RoboForm
[2011/02/20 16:59:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm
[2011/02/20 16:56:09 | 000,000,000 | ---D | C] -- C:\ProgramData\GoodSync
[2011/02/20 16:56:08 | 000,000,000 | ---D | C] -- C:\Users\Rukiya\AppData\Roaming\GoodSync
[2011/02/20 16:56:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GoodSync
[2011/02/20 13:33:29 | 000,000,000 | ---D | C] -- C:\ProgramData\V CAST Media Manager
[2011/02/20 13:28:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Verizon
[2011/02/20 13:28:21 | 000,000,000 | ---D | C] -- C:\Users\Rukiya\AppData\Local\V CAST Media Manager
[2011/02/20 13:28:20 | 000,000,000 | ---D | C] -- C:\Users\Rukiya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Verizon V CAST Media Manager
[2011/02/20 13:27:16 | 000,000,000 | ---D | C] -- C:\Program Files\Verizon V CAST Media Manager
[2011/02/18 02:14:12 | 000,000,000 | ---D | C] -- C:\Users\Rukiya\AppData\Roaming\Rovio
[2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/04 13:56:00 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-636716001-1460186356-947302337-1000UA.job
[2011/03/04 13:55:20 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Rukiya\Desktop\OTL.exe
[2011/03/03 18:56:00 | 000,000,860 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-636716001-1460186356-947302337-1000Core.job
[2011/03/03 11:11:19 | 000,624,178 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2011/03/03 11:11:19 | 000,106,522 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2011/03/03 10:52:39 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/03/01 12:09:09 | 000,057,050 | ---- | M] () -- C:\Users\Rukiya\Desktop\CHI_Client_History.pdf
[2011/02/27 18:19:13 | 000,015,792 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/02/27 18:19:13 | 000,015,792 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/02/26 12:38:23 | 000,065,536 | ---- | M] () -- C:\windows\System32\Ikeext.etl
[2011/02/26 12:38:01 | 2211,577,856 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/25 15:33:59 | 000,000,182 | ---- | M] () -- C:\Users\Rukiya\AppData\Roaming\wklnhst.dat
[2011/02/25 12:53:05 | 000,029,494 | ---- | M] () -- C:\Users\Rukiya\Desktop\35FAF021080D91EE92526095D98834BCEAAA7821.torrent
[2011/02/25 12:48:57 | 000,014,608 | ---- | M] () -- C:\Users\Rukiya\Desktop\749A1681554093F112E7358ED1C6F9B3581F5FD8.torrent
[2011/02/25 12:44:59 | 000,020,129 | ---- | M] () -- C:\Users\Rukiya\Desktop\16C9B19A2508481AF3305C4938DC5738D0EBDE0D.torrent
[2011/02/25 12:43:51 | 000,028,538 | ---- | M] () -- C:\Users\Rukiya\Desktop\F5B9D7AE21DEED090BEE5F1FE8FA7496B29DFE23_2.torrent
[2011/02/25 12:43:17 | 000,028,538 | ---- | M] () -- C:\Users\Rukiya\Desktop\F5B9D7AE21DEED090BEE5F1FE8FA7496B29DFE23_1.torrent
[2011/02/25 12:40:24 | 000,015,526 | ---- | M] () -- C:\Users\Rukiya\Desktop\33608B2A6C3FEE5A302D628999FEA4FFAAD373E5.torrent
[2011/02/25 12:39:01 | 000,015,462 | ---- | M] () -- C:\Users\Rukiya\Desktop\5C15C0310299C70FF236BD75B45BE8FFCCF49C88.torrent
[2011/02/25 12:16:41 | 000,028,538 | ---- | M] () -- C:\Users\Rukiya\Desktop\F5B9D7AE21DEED090BEE5F1FE8FA7496B29DFE23.torrent
[2011/02/25 05:54:51 | 1351,975,692 | ---- | M] () -- C:\Users\Rukiya\Documents\Adobe Photoshop CS5 Extended Edition.exe
[2011/02/25 01:10:22 | 000,014,578 | ---- | M] () -- C:\Users\Rukiya\Desktop\3C01DA721491ECB7B1EB228FD6F5ED5BB228D7EA.torrent
[2011/02/25 01:09:15 | 000,012,966 | ---- | M] () -- C:\Users\Rukiya\Desktop\FA670797BB1772B66D8F5ED221A8F33C20244261.torrent
[2011/02/25 01:01:44 | 000,256,714 | ---- | M] () -- C:\Users\Rukiya\Desktop\65CDA6095351F376908F31FDD953C7BD1CE705D1.torrent
[2011/02/23 00:21:26 | 000,016,968 | ---- | M] () -- C:\windows\System32\drivers\hitmanpro35.sys
[2011/02/22 01:29:26 | 000,000,120 | ---- | M] () -- C:\Users\Rukiya\AppData\Local\Qzawuyosamav.dat
[2011/02/22 01:29:26 | 000,000,000 | ---- | M] () -- C:\Users\Rukiya\AppData\Local\Azajoluracanarig.bin
[2011/02/21 00:20:14 | 000,056,320 | -H-- | M] () -- C:\Users\Rukiya\Desktop\photothumb.db
[2011/02/20 16:56:08 | 000,002,060 | ---- | M] () -- C:\Users\Rukiya\Application Data\Microsoft\Internet Explorer\Quick Launch\GoodSync.lnk
[2011/02/20 16:56:08 | 000,002,036 | ---- | M] () -- C:\Users\Rukiya\Documents\GoodSync.lnk
[2011/02/18 22:39:19 | 000,021,081 | ---- | M] () -- C:\Users\Rukiya\Documents\research calendar.pdf
[2011/02/16 19:09:00 | 003,797,344 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2011/02/09 07:59:45 | 000,001,114 | ---- | M] () -- C:\Users\Rukiya\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/01 12:09:09 | 000,057,050 | ---- | C] () -- C:\Users\Rukiya\Desktop\CHI_Client_History.pdf
[2011/02/25 12:52:58 | 000,029,494 | ---- | C] () -- C:\Users\Rukiya\Desktop\35FAF021080D91EE92526095D98834BCEAAA7821.torrent
[2011/02/25 12:48:48 | 000,014,608 | ---- | C] () -- C:\Users\Rukiya\Desktop\749A1681554093F112E7358ED1C6F9B3581F5FD8.torrent
[2011/02/25 12:44:55 | 000,020,129 | ---- | C] () -- C:\Users\Rukiya\Desktop\16C9B19A2508481AF3305C4938DC5738D0EBDE0D.torrent
[2011/02/25 12:43:45 | 000,028,538 | ---- | C] () -- C:\Users\Rukiya\Desktop\F5B9D7AE21DEED090BEE5F1FE8FA7496B29DFE23_2.torrent
[2011/02/25 12:43:14 | 000,028,538 | ---- | C] () -- C:\Users\Rukiya\Desktop\F5B9D7AE21DEED090BEE5F1FE8FA7496B29DFE23_1.torrent
[2011/02/25 12:40:20 | 000,015,526 | ---- | C] () -- C:\Users\Rukiya\Desktop\33608B2A6C3FEE5A302D628999FEA4FFAAD373E5.torrent
[2011/02/25 12:38:55 | 000,015,462 | ---- | C] () -- C:\Users\Rukiya\Desktop\5C15C0310299C70FF236BD75B45BE8FFCCF49C88.torrent
[2011/02/25 12:16:37 | 000,028,538 | ---- | C] () -- C:\Users\Rukiya\Desktop\F5B9D7AE21DEED090BEE5F1FE8FA7496B29DFE23.torrent
[2011/02/25 01:10:16 | 000,014,578 | ---- | C] () -- C:\Users\Rukiya\Desktop\3C01DA721491ECB7B1EB228FD6F5ED5BB228D7EA.torrent
[2011/02/25 01:08:52 | 000,012,966 | ---- | C] () -- C:\Users\Rukiya\Desktop\FA670797BB1772B66D8F5ED221A8F33C20244261.torrent
[2011/02/25 01:00:46 | 000,256,714 | ---- | C] () -- C:\Users\Rukiya\Desktop\65CDA6095351F376908F31FDD953C7BD1CE705D1.torrent
[2011/02/23 00:21:26 | 000,016,968 | ---- | C] () -- C:\windows\System32\drivers\hitmanpro35.sys
[2011/02/22 01:29:26 | 000,000,120 | ---- | C] () -- C:\Users\Rukiya\AppData\Local\Qzawuyosamav.dat
[2011/02/22 01:29:26 | 000,000,000 | ---- | C] () -- C:\Users\Rukiya\AppData\Local\Azajoluracanarig.bin
[2011/02/21 20:35:53 | 1351,975,692 | ---- | C] () -- C:\Users\Rukiya\Documents\Adobe Photoshop CS5 Extended Edition.exe
[2011/02/20 16:56:08 | 000,002,060 | ---- | C] () -- C:\Users\Rukiya\Application Data\Microsoft\Internet Explorer\Quick Launch\GoodSync.lnk
[2011/02/20 16:56:08 | 000,002,036 | ---- | C] () -- C:\Users\Rukiya\Documents\GoodSync.lnk
[2011/02/18 22:39:19 | 000,021,081 | ---- | C] () -- C:\Users\Rukiya\Documents\research calendar.pdf
[2011/01/23 21:14:05 | 000,009,728 | ---- | C] () -- C:\Users\Rukiya\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/15 22:50:17 | 000,000,016 | ---- | C] () -- C:\windows\popcinfo.dat
[2010/10/23 09:19:43 | 000,000,010 | ---- | C] () -- C:\Users\Rukiya\AppData\Roaming\install
[2010/10/23 09:17:58 | 000,000,204 | ---- | C] () -- C:\Users\Rukiya\AppData\Roaming\6766.bat
[2010/10/06 22:38:18 | 000,057,344 | ---- | C] () -- C:\windows\System32\ff_vfw.dll
[2010/09/22 12:55:49 | 000,217,088 | ---- | C] () -- C:\windows\System32\LPng.dll
[2010/07/05 16:52:02 | 000,000,182 | ---- | C] () -- C:\Users\Rukiya\AppData\Roaming\wklnhst.dat
[2010/05/07 10:11:33 | 000,000,012 | ---- | C] () -- C:\Users\Rukiya\AppData\Roaming\lipoqz.dat
[2010/02/17 14:11:13 | 000,000,017 | ---- | C] () -- C:\Users\Rukiya\AppData\Local\resmon.resmoncfg
[2009/12/03 08:27:28 | 000,080,416 | ---- | C] () -- C:\windows\System32\RtNicProp32.dll
[2009/11/13 11:33:40 | 000,000,376 | ---- | C] () -- C:\windows\ODBC.INI
[2009/09/25 16:47:27 | 000,000,000 | ---- | C] () -- C:\windows\NDSTray.INI
[2009/09/25 16:08:36 | 000,000,520 | ---- | C] () -- C:\windows\System32\drivers\RTEQEX0.dat
[2009/09/25 16:08:36 | 000,000,176 | ---- | C] () -- C:\windows\System32\drivers\RTHDAEQ0.dat
[2009/09/25 15:59:59 | 000,197,654 | ---- | C] () -- C:\windows\System32\atiicdxx.dat
[2009/09/02 15:47:49 | 000,270,257 | ---- | C] () -- C:\windows\IEDel.exe
[2009/09/02 15:47:46 | 001,241,488 | ---- | C] () -- C:\windows\ROnce.exe
[2009/09/01 23:22:18 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\windows\System32\OGAEXEC.exe
[2009/07/13 22:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/13 22:33:53 | 003,797,344 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2009/07/13 20:05:48 | 000,624,178 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2009/07/13 20:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2009/07/13 20:05:48 | 000,106,522 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2009/07/13 20:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2009/07/13 20:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT
[2009/07/13 20:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat
[2009/07/13 17:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/13 17:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\windows\System32\OUTLPERF.INI
[2002/10/14 14:39:18 | 000,000,184 | ---- | C] () -- C:\windows\System32\lxbbcoin.ini

========== LOP Check ==========

[2010/08/25 07:05:29 | 000,000,000 | ---D | M] -- C:\Users\Rukiya\AppData\Roaming\.purple
[2009/12/07 00:28:12 | 000,000,000 | ---D | M] -- C:\Users\Rukiya\AppData\Roaming\AnvSoft
[2011/02/28 11:23:46 | 000,000,000 | ---D | M] -- C:\Users\Rukiya\AppData\Roaming\Azureus
[2010/04/19 20:12:09 | 000,000,000 | ---D | M] -- C:\Users\Rukiya\AppData\Roaming\Canon
[2010/08/06 14:40:17 | 000,000,000 | ---D | M] -- C:\Users\Rukiya\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/08/24 15:12:24 | 000,000,000 | ---D | M] -- C:\Users\Rukiya\AppData\Roaming\com.elance.tracker
[2010/10/16 22:01:36 | 000,000,000 | ---D | M] -- C:\Users\Rukiya\AppData\Roaming\DVDVideoSoft
[2010/02/02 15:33:49 | 000,000,000 | ---D | M] -- C:\Users\Rukiya\AppData\Roaming\enchant
[2010/06/14 22:46:02 | 000,000,000 | ---D | M] -- C:\Users\Rukiya\AppData\Roaming\Facebook
[2010/08/10 14:02:25 | 000,000,000 | ---D | M] -- C:\Users\Rukiya\AppData\Roaming\FileMaker
[2009/12/07 00:12:24 | 000,000,000 | ---D | M] -- C:\Users\Rukiya\AppData\Roaming\FLVPlayer4Free
[2011/02/28 11:28:26 | 000,000,000 | ---D | M] -- C:\Users\Rukiya\AppData\Roaming\FrostWire
[2010/05/04 19:26:38 | 000,000,000 | ---D | M] -- C:\Users\Rukiya\AppData\Roaming\GetRightToGo
[2011/02/23 22:56:01 | 000,000,000 | ---D | M] -- C:\Users\Rukiya\AppData\Roaming\GoodSync
[2010/06/14 20:18:44 | 000,000,000 | ---D | M] -- C:\Users\Rukiya\AppData\Roaming\gtk-2.0
[2010/07/21 21:55:09 | 000,000,000 | ---D | M] -- C:\Users\Rukiya\AppData\Roaming\HamsterSoft
[2009/11/17 23:29:14 | 000,000,000 | ---D | M] -- C:\Users\Rukiya\AppData\Roaming\Klok.AF6B2973D903BFAE0589C27890FE0146C233490A.1
[2009/12/05 23:13:21 | 000,000,000 | ---D | M] -- C:\Users\Rukiya\AppData\Roaming\OpenOffice.org
[2011/02/14 22:46:26 | 000,000,000 | ---D | M] -- C:\Users\Rukiya\AppData\Roaming\OpenWith.org Cache
[2011/02/14 22:46:55 | 000,000,000 | ---D | M] -- C:\Users\Rukiya\AppData\Roaming\OpenWith.org Downloaded Setups
[2010/11/06 18:18:21 | 000,000,000 | ---D | M] -- C:\Users\Rukiya\AppData\Roaming\PhotoScape
[2010/11/25 02:19:42 | 000,000,000 | ---D | M] -- C:\Users\Rukiya\AppData\Roaming\Pogo
[2011/02/20 17:01:12 | 000,000,000 | ---D | M] -- C:\Users\Rukiya\AppData\Roaming\RoboForm
[2011/02/18 02:14:12 | 000,000,000 | ---D | M] -- C:\Users\Rukiya\AppData\Roaming\Rovio
[2010/09/06 16:10:40 | 000,000,000 | ---D | M] -- C:\Users\Rukiya\AppData\Roaming\Softland
[2010/07/05 16:52:04 | 000,000,000 | ---D | M] -- C:\Users\Rukiya\AppData\Roaming\Template
[2010/07/22 01:46:03 | 000,000,000 | ---D | M] -- C:\Users\Rukiya\AppData\Roaming\Toshiba
[2010/05/02 01:44:23 | 000,000,000 | ---D | M] -- C:\Users\Rukiya\AppData\Roaming\TweakNow PowerPack 2010
[2010/02/17 14:21:43 | 000,000,000 | ---D | M] -- C:\Users\Rukiya\AppData\Roaming\TweakNow RegCleaner
[2011/02/22 10:47:06 | 000,000,000 | ---D | M] -- C:\Users\Rukiya\AppData\Roaming\TweakNow RegCleaner 2011
[2010/11/19 10:08:17 | 000,000,000 | ---D | M] -- C:\Users\Rukiya\AppData\Roaming\Uniblue
[2010/10/06 20:31:46 | 000,000,000 | ---D | M] -- C:\Users\Rukiya\AppData\Roaming\uTorrent
[2011/01/19 11:59:12 | 000,000,000 | ---D | M] -- C:\Users\Rukiya\AppData\Roaming\webex
[2009/11/07 16:01:45 | 000,000,000 | ---D | M] -- C:\Users\Rukiya\AppData\Roaming\WinBatch
[2010/11/04 00:05:16 | 000,032,572 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:010ADD2C
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:D74B6CF5
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:ADF211B1

< End of report >


OTL Extras logfile created on: 3/4/2011 1:55:41 PM - Run 1
OTL by OldTimer - Version 3.2.22.2 Folder = C:\Users\Rukiya\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 42.00% Memory free
5.00 Gb Paging File | 3.00 Gb Available in Paging File | 59.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.71 Gb Total Space | 215.08 Gb Free Space | 74.50% Space Free | Partition Type: NTFS
Drive F: | 465.76 Gb Total Space | 240.36 Gb Free Space | 51.61% Space Free | Partition Type: NTFS

Computer Name: RUKIYA-PC | User Name: Rukiya | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DisableUnicastResponsesToMulticastBroadcast" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{005F78AF-110D-398A-8430-BE98950A1E22}" = Google Talk Plugin
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}" = MyToshiba
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = Label@Once 1.0
"{0DB8F853-899A-8628-E0D7-29FB190CF848}" = Catalyst Control Center Graphics Full Existing
"{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver
"{117BCF94-6A1E-6741-39F5-09444381445E}" = CCC Help Italian
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX330_series" = Canon MX330 series MP Drivers
"{1211D6B0-B7B5-CB9A-99A2-066473FC35CA}" = CCC Help Swedish
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{14956199-1890-C3D4-F8B8-3C0C6FD82993}" = ccc-core-static
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.7
"{1D210042-41EE-4472-2219-6A900366B9A3}" = CCC Help French
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 24
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{2ABB6396-785C-E2CB-579E-79BAF98E0527}" = Catalyst Control Center Graphics Previews Vista
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3B843B38-04B1-4CE6-8888-586273E0F289}" = Quickbooks Financial Center
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E1B8E31-9692-207B-77B7-A8339AF03795}" = Catalyst Control Center Graphics Full New
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4F94119D-1B71-400e-9F04-B4E5CEAE71F8}_is1" = Sothink Movie DVD Maker
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{51C77E17-3337-6409-16A9-A90CA8B9BBF6}" = ccc-utility
"{53536479-DFB0-47ED-9D10-43F3708C222D}" = TOSHIBA eco Utility
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{58630658-9DF7-E873-9F5D-0EAF87D25DAA}" = CCC Help Norwegian
"{594A3C2C-19B3-E02E-359C-B8D134F6B939}" = CCC Help Korean
"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = ToshibaRegistration
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{6055830B-40E4-C794-3F04-2D0CD8AF1AAC}" = CCC Help Russian
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6446BBD0-CB83-40E1-BEA1-0C147065E2A6}" = Maxtor Manager
"{65F79096-EB6C-47DE-9E1F-099861DC057F}" = eReader
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6E932CA6-FD17-7694-FD7C-14CE25770EA5}" = Catalyst Control Center Graphics Previews Common
"{7148F0A8-6813-11D6-A77B-00B0D0142000}" = Java 2 Runtime Environment, SE v1.4.2
"{739A6E9D-5D7D-8A5D-EC8A-4BD11E5749AA}" = CCC Help Hungarian
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8C72927B-7410-131A-E641-B9C505F4973C}" = CCC Help Japanese
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PUBLISHERR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PUBLISHERR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PUBLISHERR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PUBLISHERR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PUBLISHERR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PUBLISHERR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
"{91120000-0019-0000-0000-0000000FF1CE}" = Microsoft Office Publisher 2007
"{91120000-0019-0000-0000-0000000FF1CE}_PUBLISHERR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0019-0000-0000-0000000FF1CE}_PUBLISHERR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{911AB6CA-E04C-1E98-523D-8FCFAB4F456C}" = CCC Help Czech
"{9216C6A7-694A-4437-BD00-BD1CF58E1839}" = CCC Help Spanish
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92DE68CE-BC3E-7323-EA53-99490C8BD34D}" = Catalyst Control Center Graphics Light
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9668AE11-E05C-8169-F6D8-FBF7B507D7DB}" = CCC Help German
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = Toshiba Application and Driver Installer
"{979587FD-F264-3C71-B0BE-6FC8DA993790}" = CCC Help Thai
"{999307CD-D57D-8C98-27ED-07F384ACFAA1}" = CCC Help Turkish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AEAF9CC-390B-49C0-8F7F-14092BF163B6}" = NetZero Launcher
"{9B97EC91-B3FD-4BFF-88FC-5345A26AC2E7}" = Adobe Illustrator CS5
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{9F153AD3-3523-4542-818E-AE2F92249667}" = SAMSUNG USB Driver for Mobile Phones
"{A055FB62-CF73-4839-AD83-122ABCB92418}" = LeapFrog Tag Junior Plugin
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A208044D-A88B-4ACF-AE95-E4F213E6EDC0}" = TOSHIBA Supervisor Password
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7594D38-0B7E-BCF7-A938-1AC03A6477FB}" = CCC Help English
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.2
"{AC7BE07B-14D3-6EB5-814A-EB0A63CBFB47}" = CCC Help Polish
"{AEFD48FE-2A76-11D3-928B-00C04FB90523}" = Microsoft Reader for Windows Mobile
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B1CDB3C6-8DD8-4864-8589-BDFBDA033941}" = CCC Help Chinese Traditional
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B26B00DA-2E5D-4CF2-83C5-911198C0F009}" = GoodSync
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4BB4CF2-F475-FB20-7AFA-F8AED032BFF8}" = ATI Catalyst Install Manager
"{B52F8C4B-FE88-4B59-9B80-1C93669D7DEB}_is1" = OpenWith.org 1.0.3
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
"{BDABF8CD-7436-EC6C-DD82-439225E22557}" = CCC Help Finnish
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Toshiba Online Backup
"{C5A15C68-0DF3-8A13-352E-E605491D7E3D}" = Catalyst Control Center InstallProxy
"{C6359569-E03E-4CDC-98E8-CDD080C6EEB5}" = LeapFrog Connect
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFAE78A9-A7A4-537E-7CC0-5A794FFBF73F}" = Catalyst Control Center Core Implementation
"{D0387727-C89D-4774-B643-B9333EAA09DE}" = TOSHIBA Hardware Setup
"{D1399216-81B2-457C-A0F7-73B9A2EF6902}" = PDFill PDF Editor with FREE Writer and Free Tools
"{D19A1978-2FB2-B39A-5D30-C1EA38F788DD}" = CCC Help Danish
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5990B8F-007E-0BC5-B925-F483E43FBB29}" = Tracker
"{D8634D93-03DD-01F1-AC7D-EE468AA24F45}" = CCC Help Dutch
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA84ECBF-4B79-47F2-B34C-95C38484C058}" = Skype Launcher
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E151E679-4EC8-36F9-A691-C7600688A1CA}" = CCC Help Chinese Standard
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E31CF665-B8E8-48BC-B9F3-9EFCA03C23DB}" = HandyShopper
"{E3D63B95-4B21-414A-A2C7-D6D6A6AC6D79}" = Catalyst Control Center - Branding
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EBC6193C-ED23-E332-9A9C-D5CB83CDDE2B}" = Catalyst Control Center Localization All
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3529665-D75E-4D6D-98F0-745C78C68E9B}" = TOSHIBA ConfigFree
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F544CA20-6810-E275-D288-F0D92CFADE4A}" = CCC Help Greek
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"{FEED29DD-7BF3-582C-3353-1F2634C2323D}" = CCC Help Portuguese
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"781745E87AFF80C0C1388CFF79D19ECAB2E9BB47" = Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0)
"7-Zip" = 7-Zip 9.15 beta
"8461-7759-5462-8226" = Vuze
"8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
"ActiveTouchMeetingClient" = WebEx
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AI RoboForm" = RoboForm 7-2-3 (All Users)
"Akamai" = Akamai NetSession Interface
"A-PDF Image to PDF_is1" = A-PDF Image to PDF 3.5
"asterisk key" = Asterisk Key 9.3
"ATT-PRT22" = ATT-PRT22
"avast5" = avast! Free Antivirus
"AviSynth" = AviSynth 2.5
"Bejeweled 2 Deluxe" = Bejeweled 2 Deluxe
"Bejeweled Blitz" = Bejeweled Blitz
"Blitz Document_is1" = Blitz Document 4.9
"Bookworm Adventures Vol. 2" = Bookworm Adventures Vol. 2
"Canon MX330 series User Registration" = Canon MX330 series User Registration
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CleanUp!" = CleanUp!
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.elance.tracker" = Tracker
"conduitEngine" = Conduit Engine
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Deal Or No Deal" = Deal Or No Deal
"doPDF 7 printer_is1" = doPDF 7.2 printer
"Download Accelerator Plus (DAP)" = Download Accelerator Plus (DAP)
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ebasePro" = ebasePro 2.20-07/14/07
"eMule" = eMule
"Exl-Plan Micro" = Exl-Plan Micro
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"FotoMix" = Digital Photo Software FotoMix 6.1.1
"Free 3GP Video Converter_is1" = Free 3GP Video Converter version 3.7.18
"FrostWire" = FrostWire 4.21.1
"GPL Ghostscript 8.64" = GPL Ghostscript 8.64
"Graboid Video" = Graboid Video 1.8
"HaaliMkx" = Haali Media Splitter
"HitmanPro35" = Hitman Pro 3.5
"IDMViewer2" = FileNet IDM Viewer 4.0
"Ilium Software Tipster_is1" = Tipster 2.1 for Windows Mobile
"InstallShield_{53536479-DFB0-47ED-9D10-43F3708C222D}" = TOSHIBA eco Utility
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{6446BBD0-CB83-40E1-BEA1-0C147065E2A6}" = Maxtor Manager
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Lexmark X74-X75" = Lexmark X74-X75
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.14)" = Mozilla Firefox (3.6.14)
"MP Navigator EX 2.1" = Canon MP Navigator EX 2.1
"NIS" = Norton Internet Security
"NoguskaNolaProApacheMySQLphp" = NolaPro By Noguska
"PFPortChecker" = PFPortChecker 1.0.32
"PhotoScape" = PhotoScape
"Pidgin" = Pidgin
"PocketRAR" = Pocket RAR documentation
"PUBLISHERR" = Microsoft Office Publisher 2007 Trial
"RealPlayer 12.0" = RealPlayer
"Spb Mobile Shell" = Spb Mobile Shell
"Swag_Bucks Toolbar" = Swag Bucks Toolbar
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TagJuniorPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Junior Plugin)
"Text Twist 2 1.00" = Text Twist 2 1.00
"The Extractor1.4.2" = The Extractor
"The Extractor1.4.2.2" = The Extractor
"TweakNow PowerPack 2010_is1" = TweakNow PowerPack 2010
"TweakNow RegCleaner 2011_is1" = TweakNow RegCleaner 2011
"TweakNow RegCleaner_is1" = TweakNow RegCleaner
"Uninstall_is1" = Uninstall 1.0.0.1
"UPCShell" = LeapFrog Connect
"uTorrent" = µTorrent
"Veetle TV" = Veetle TV 0.9.18
"Verizon V CAST Media Manager" = Verizon V CAST Media Manager
"VLC media player" = VLC media player 1.0.1
"WildTangent toshiba Master Uninstall" = WildTangent Games
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"Zuma's Revenge!1.0" = Zuma's Revenge!

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"GoToMeeting" = GoToMeeting 4.5.0.457
"oDVT" = oDesk Team

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 9/9/2010 11:21:31 AM | Computer Name = Rukiya-PC | Source = avast! | ID = 33554522
Description =

[ Application Events ]
Error - 2/20/2011 3:42:03 PM | Computer Name = Rukiya-PC | Source = Application Error | ID = 1000
Description = Faulting application name: verizon.exe, version: 0.0.0.0, time stamp:
0x4cff4e8e Faulting module name: msvcrt.dll, version: 7.0.7600.16385, time stamp:
0x4a5bda6f Exception code: 0xc0000005 Fault offset: 0x0000a05b Faulting process id:
0x78c Faulting application start time: 0x01cbd135465c5687 Faulting application path:
C:\Program Files\Verizon V CAST Media Manager\verizon.exe Faulting module path:
C:\windows\system32\msvcrt.dll Report Id: 7d4518ff-3d29-11e0-a4e6-001e33f98934

Error - 2/20/2011 9:52:25 PM | Computer Name = Rukiya-PC | Source = RapiMgr | ID = 6
Description = Windows Mobile-based USB device is plugged in but is unable to make
a network connection to the desktop.

Error - 2/22/2011 10:48:15 AM | Computer Name = Rukiya-PC | Source = VSS | ID = 8194
Description =

Error - 2/24/2011 1:22:30 AM | Computer Name = Rukiya-PC | Source = Application Error | ID = 1000
Description = Faulting application name: plugin-container.exe, version: 1.9.2.3989,
time stamp: 0x4cf928fc Faulting module name: NPSWF32.dll, version: 10.2.152.26,
time stamp: 0x4d4b5b5c Exception code: 0xc0000005 Fault offset: 0x00178b8a Faulting
process id: 0x139c Faulting application start time: 0x01cbd3dc52f6811e Faulting application
path: C:\Program Files\Mozilla Firefox\plugin-container.exe Faulting module path:
C:\windows\system32\Macromed\Flash\NPSWF32.dll Report Id: 12c7b512-3fd6-11e0-bd41-001e33f98934

Error - 2/24/2011 1:37:49 AM | Computer Name = Rukiya-PC | Source = Application Error | ID = 1000
Description = Faulting application name: plugin-container.exe, version: 1.9.2.3989,
time stamp: 0x4cf928fc Faulting module name: NPSWF32.dll, version: 10.2.152.26,
time stamp: 0x4d4b5b5c Exception code: 0xc0000005 Fault offset: 0x00178b8a Faulting
process id: 0x1468 Faulting application start time: 0x01cbd3e3da95eefc Faulting application
path: C:\Program Files\Mozilla Firefox\plugin-container.exe Faulting module path:
C:\windows\system32\Macromed\Flash\NPSWF32.dll Report Id: 36df2b33-3fd8-11e0-bd41-001e33f98934

Error - 2/25/2011 4:12:26 PM | Computer Name = Rukiya-PC | Source = Application Error | ID = 1000
Description = Faulting application name: EXCEL.EXE, version: 11.0.8328.0, time stamp:
0x4c717ddb Faulting module name: ntdll.dll, version: 6.1.7600.16695, time stamp:
0x4cc7ab44 Exception code: 0xc0000005 Fault offset: 0x0002fa7b Faulting process id:
0x514 Faulting application start time: 0x01cbd5284f4fd5ab Faulting application path:
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE Faulting module path: C:\windows\SYSTEM32\ntdll.dll
Report
Id: 8fcead97-411b-11e0-8e32-001e33f98934

Error - 2/26/2011 7:22:43 PM | Computer Name = Rukiya-PC | Source = Application Error | ID = 1000
Description = Faulting application name: firefox.exe, version: 1.9.2.3989, time
stamp: 0x4cf9293f Faulting module name: xul.dll, version: 1.9.2.3989, time stamp:
0x4cf9289d Exception code: 0xc0000005 Fault offset: 0x0039d32c Faulting process id:
0x178c Faulting application start time: 0x01cbd5fa1182b23c Faulting application path:
C:\Program Files\Mozilla Firefox\firefox.exe Faulting module path: C:\Program Files\Mozilla
Firefox\xul.dll Report Id: 4f8b3a3d-41ff-11e0-8c83-001e33f98934

Error - 2/28/2011 11:23:03 PM | Computer Name = Rukiya-PC | Source = Application Error | ID = 1000
Description = Faulting application name: mpnex21.exe, version: 2.1.0.0, time stamp:
0x49017785 Faulting module name: ntdll.dll, version: 6.1.7600.16695, time stamp:
0x4cc7ab44 Exception code: 0xc0000005 Fault offset: 0x00028ab2 Faulting process id:
0x121c Faulting application start time: 0x01cbd7bff76c9a96 Faulting application path:
C:\Program Files\Canon\MP Navigator EX 2.1\mpnex21.exe Faulting module path: C:\windows\SYSTEM32\ntdll.dll
Report
Id: 36e76c34-43b3-11e0-8c83-001e33f98934

Error - 2/28/2011 11:26:41 PM | Computer Name = Rukiya-PC | Source = Application Error | ID = 1000
Description = Faulting application name: mpnex21.exe, version: 2.1.0.0, time stamp:
0x49017785 Faulting module name: ntdll.dll, version: 6.1.7600.16695, time stamp:
0x4cc7ab44 Exception code: 0xc0000005 Fault offset: 0x00028ab2 Faulting process id:
0x1da4 Faulting application start time: 0x01cbd7c079ae0457 Faulting application path:
C:\Program Files\Canon\MP Navigator EX 2.1\mpnex21.exe Faulting module path: C:\windows\SYSTEM32\ntdll.dll
Report
Id: b948ba7d-43b3-11e0-8c83-001e33f98934

Error - 3/1/2011 1:48:41 PM | Computer Name = Rukiya-PC | Source = Application Error | ID = 1000
Description = Faulting application name: plugin-container.exe, version: 1.9.2.3989,
time stamp: 0x4cf928fc Faulting module name: NPSWF32.dll, version: 10.2.152.26,
time stamp: 0x4d4b5b5c Exception code: 0xc0000005 Fault offset: 0x00178b8a Faulting
process id: 0xd88 Faulting application start time: 0x01cbd837d3c83afe Faulting application
path: C:\Program Files\Mozilla Firefox\plugin-container.exe Faulting module path:
C:\windows\system32\Macromed\Flash\NPSWF32.dll Report Id: 24d99051-442c-11e0-8c83-001e33f98934

[ Media Center Events ]
Error - 12/31/2009 3:22:13 PM | Computer Name = Rukiya-PC | Source = MCUpdate | ID = 0
Description = 1:22:11 PM - Error connecting to the internet. 1:22:11 PM - Unable
to contact server..

Error - 12/31/2009 5:14:28 PM | Computer Name = Rukiya-PC | Source = MCUpdate | ID = 0
Description = 3:14:26 PM - Error connecting to the internet. 3:14:26 PM - Unable
to contact server..

Error - 1/1/2010 1:11:18 AM | Computer Name = Rukiya-PC | Source = MCUpdate | ID = 0
Description = 11:11:17 PM - Error connecting to the internet. 11:11:17 PM - Unable
to contact server..

Error - 1/3/2010 2:28:38 PM | Computer Name = Rukiya-PC | Source = MCUpdate | ID = 0
Description = 12:28:38 PM - Error connecting to the internet. 12:28:38 PM - Unable
to contact server..

Error - 1/3/2010 2:28:48 PM | Computer Name = Rukiya-PC | Source = MCUpdate | ID = 0
Description = 12:28:44 PM - Error connecting to the internet. 12:28:44 PM - Unable
to contact server..

[ System Events ]
Error - 6/3/2010 1:19:28 PM | Computer Name = Rukiya-PC | Source = SRTSP | ID = 524293
Description = Error loading Symantec real time Anti-Virus driver.

Error - 6/3/2010 1:19:37 PM | Computer Name = Rukiya-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 6/3/2010 1:19:37 PM | Computer Name = Rukiya-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 6/3/2010 1:20:06 PM | Computer Name = Rukiya-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SRTSP

Error - 6/3/2010 1:33:59 PM | Computer Name = Rukiya-PC | Source = SRTSP | ID = 524292
Description = Error loading virus definitions.

Error - 6/3/2010 1:33:59 PM | Computer Name = Rukiya-PC | Source = SRTSP | ID = 524293
Description = Error loading Symantec real time Anti-Virus driver.

Error - 6/3/2010 1:34:08 PM | Computer Name = Rukiya-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 6/3/2010 1:34:08 PM | Computer Name = Rukiya-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 6/3/2010 1:34:35 PM | Computer Name = Rukiya-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SRTSP

Error - 6/3/2010 1:52:39 PM | Computer Name = Rukiya-PC | Source = atikmdag | ID = 43029
Description = Display is not active


< End of report >
  • 0

Advertisements

#2
Essexboy
Posted 04 March 2011 - 03:22 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there, do any other computers using your router get redirected as well ?

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it
Posted Image

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

THEN

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    SRV - [2010/03/29 07:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
    [2011/02/22 01:29:26 | 000,000,120 | ---- | M] () -- C:\Users\Rukiya\AppData\Local\Qzawuyosamav.dat
    [2011/02/22 01:29:26 | 000,000,000 | ---- | M] () -- C:\Users\Rukiya\AppData\Local\Azajoluracanarig.bin
    [2010/10/23 09:17:58 | 000,000,204 | ---- | C] () -- C:\Users\Rukiya\AppData\Roaming\6766.bat
    [2009/09/02 15:47:46 | 001,241,488 | ---- | C] () -- C:\windows\ROnce.exe


    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#3
rdmilton04
Posted 05 March 2011 - 06:23 PM

rdmilton04

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Results of aswMBR:

aswMBR version 0.9.3 Copyright© 2011 avast! Software
Run date: 2011-03-05 18:05:42
-----------------------------
18:05:42.479 OS Version: Windows 6.1.7600
18:05:42.479 Number of processors: 2 586 0x602
18:05:42.481 ComputerName: RUKIYA-PC UserName: Rukiya
18:05:44.062 Initialize success
18:05:56.715 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
18:05:56.722 Disk 0 Vendor: WDC_WD3200BEVT-26ZCT0 12.01A12 Size: 305245MB BusType: 11
18:05:56.730 Disk 1 \Device\Harddisk1\DR2 -> \Device\0000008b
18:05:56.738 Disk 1 Vendor: Maxtor__ 0125 Size: 476940MB BusType: 7
18:05:56.757 Disk 0 MBR read successfully
18:05:56.767 Disk 0 MBR scan
18:05:56.782 Disk 0 scanning sectors +625141760
18:05:56.818 Disk 0 scanning C:\windows\system32\drivers
18:06:01.654 Service scanning
18:06:02.877 Disk 0 trace - called modules:
18:06:02.936 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS PCIIDEX.SYS msahci.sys
18:06:02.948 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x863af430]
18:06:02.961 3 CLASSPNP.SYS[8ae0459e] -> nt!IofCallDriver -> [0x863afb08]
18:06:02.966 5 ACPI.sys[837b03b2] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0x863b8030]
18:06:02.974 Scan finished successfully


Results of OTL
OTL logfile created on: 3/5/2011 6:17:20 PM - Run 2
OTL by OldTimer - Version 3.2.22.2 Folder = C:\Users\Rukiya\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 57.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 66.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.71 Gb Total Space | 214.84 Gb Free Space | 74.41% Space Free | Partition Type: NTFS
Drive F: | 465.76 Gb Total Space | 240.36 Gb Free Space | 51.61% Space Free | Partition Type: NTFS

Computer Name: RUKIYA-PC | User Name: Rukiya | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/04 19:30:44 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/03/04 13:55:20 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Rukiya\Desktop\OTL.exe
PRC - [2011/02/20 16:57:50 | 000,107,000 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2011/01/13 02:47:34 | 003,396,624 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/01/13 02:47:33 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/12/08 03:24:16 | 005,247,624 | ---- | M] () -- C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
PRC - [2010/11/29 14:58:34 | 001,294,712 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
PRC - [2010/11/29 14:58:30 | 000,054,136 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
PRC - [2010/11/19 13:29:00 | 004,916,568 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2010/07/04 08:32:51 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/10/30 23:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/09/25 16:17:17 | 000,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\16.7.0.30\ccSvcHst.exe
PRC - [2009/08/21 10:29:40 | 000,464,224 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2009/08/21 10:29:20 | 000,476,512 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
PRC - [2009/08/11 17:09:54 | 000,185,712 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe
PRC - [2009/08/11 17:09:38 | 001,324,384 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TECO\TEco.exe
PRC - [2009/08/10 20:55:46 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
PRC - [2009/08/06 18:05:18 | 000,583,024 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
PRC - [2009/08/06 18:04:56 | 000,685,424 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
PRC - [2009/08/05 15:04:54 | 000,738,616 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
PRC - [2009/08/03 19:16:50 | 001,021,272 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
PRC - [2009/08/03 19:16:32 | 000,111,960 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
PRC - [2009/07/30 00:54:38 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009/07/30 00:54:10 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/07/28 21:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009/07/28 16:43:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2009/07/28 15:00:10 | 000,460,088 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
PRC - [2009/07/13 19:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 16:24:00 | 000,304,496 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2009/03/10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/10/09 08:07:56 | 000,107,912 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2008/07/21 16:15:14 | 000,193,888 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Maxtor\Sync\SyncServices.exe
PRC - [2008/01/14 10:17:49 | 005,701,632 | ---- | M] () -- C:\Program Files\Noguska\NolaPro\Apache\mysql\bin\mysqld-nt.exe


========== Modules (SafeList) ==========

MOD - [2011/03/04 13:55:20 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Rukiya\Desktop\OTL.exe
MOD - [2011/01/13 02:47:35 | 000,189,728 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2010/08/20 23:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/01/13 02:47:33 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/01/04 20:46:37 | 003,129,432 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_dbc0250.dll -- (Akamai)
SRV - [2010/11/29 14:58:30 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/11/19 13:29:00 | 004,916,568 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2010/04/10 09:15:47 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/09/25 16:17:17 | 000,117,640 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\16.7.0.30\ccSvcHst.exe -- (Norton Internet Security)
SRV - [2009/08/21 10:29:40 | 000,464,224 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2009/08/11 17:09:54 | 000,185,712 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV - [2009/08/10 20:55:46 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe -- (cfWiMAXService)
SRV - [2009/08/06 18:04:56 | 000,685,424 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV - [2009/08/03 19:16:32 | 000,111,960 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV - [2009/07/30 00:54:10 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/07/28 16:43:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2009/07/13 19:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 19:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/05/22 12:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/03/10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/10/09 08:07:56 | 000,107,912 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2008/07/21 16:15:14 | 000,193,888 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Maxtor\Sync\SyncServices.exe -- (Maxtor Sync Service)
SRV - [2008/01/14 10:17:49 | 005,701,632 | ---- | M] () [Auto | Running] -- C:\Program Files\Noguska\NolaPro\Apache\mysql\bin\mysqld-nt.exe -- (MySQLNoguskaNolaPro)
SRV - [2007/05/31 16:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 16:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV - [2011/01/13 02:41:16 | 000,294,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/01/13 02:40:16 | 000,047,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/01/13 02:37:30 | 000,023,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/01/13 02:37:19 | 000,051,280 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/01/13 02:37:09 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/09/25 16:17:18 | 000,308,272 | ---- | M] (Symantec Corporation) [File_System | System | Stopped] -- C:\windows\system32\drivers\NIS\1007000.01E\SRTSP.SYS -- (SRTSP)
DRV - [2009/09/25 16:17:18 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\windows\system32\drivers\NIS\1007000.01E\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2009/08/14 07:45:24 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/08/14 07:45:24 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/08/05 20:04:04 | 000,171,520 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/30 18:45:56 | 000,022,912 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2009/07/30 13:06:30 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/07/24 16:57:06 | 000,275,536 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2009/07/14 16:28:42 | 000,023,512 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2009/07/13 17:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 17:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 16:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/13 16:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/07/07 09:53:06 | 000,007,680 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2009/06/24 19:23:12 | 000,159,776 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
DRV - [2009/06/19 20:31:08 | 000,012,920 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TVALZFL.sys -- (TVALZFL)
DRV - [2009/05/05 01:30:28 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV - [2008/11/11 13:42:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008/11/11 13:41:00 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008/11/11 13:41:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2008/08/22 10:28:32 | 000,333,824 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8187Se.sys -- (RTL8187Se)
DRV - [2008/04/01 13:33:16 | 000,019,456 | ---- | M] (LeapFrog) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\FlyUsb.sys -- (FlyUsb)
DRV - [2007/05/03 13:37:08 | 000,022,152 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mxopswd.sys -- (MXOPSWD)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=TSNA&bmod=TSNA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=TSNA&bmod=TSNA
IE - HKLM\..\URLSearchHook: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files\Swag_Bucks\tbSwag.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files\Swag_Bucks\tbSwag.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.2
FF - prefs.js..extensions.enabledItems: [email protected]:2.1.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.1
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.14.2
FF - prefs.js..extensions.enabledItems: {8ea9957e-2953-402f-80e0-bceb5f169d6f}:0.5.4
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9
FF - prefs.js..extensions.enabledItems: {c4dc572a-3295-40eb-b30f-b54aa4cdc4b7}:0.7.26
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:7.2.3
FF - prefs.js..extensions.enabledItems: {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}:9.4.0.5
FF - prefs.js..extensions.enabledItems: [email protected]:3.2.5.2
FF - prefs.js..extensions.enabledItems: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}:3.2.5.2
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {1400E5F5-E1EF-4640-BA2C-EAFF992D58F9}:1.9.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24


FF - HKLM\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2011/02/20 16:59:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/04 19:30:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/04 19:30:45 | 000,000,000 | ---D | M]

[2009/11/09 11:46:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rukiya\AppData\Roaming\Mozilla\Extensions
[2010/08/26 22:42:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rukiya\AppData\Roaming\Mozilla\Firefox\Profiles\adyqn6bt.default\extensions
[2011/03/05 12:07:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rukiya\AppData\Roaming\Mozilla\Firefox\Profiles\clp1h3nk.default\extensions
[2011/03/03 16:36:19 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Rukiya\AppData\Roaming\Mozilla\Firefox\Profiles\clp1h3nk.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/10/14 12:10:39 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Rukiya\AppData\Roaming\Mozilla\Firefox\Profiles\clp1h3nk.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2011/01/09 12:47:25 | 000,000,000 | ---D | M] (Swag Bucks Community Toolbar) -- C:\Users\Rukiya\AppData\Roaming\Mozilla\Firefox\Profiles\clp1h3nk.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}
[2011/01/22 22:16:43 | 000,000,000 | ---D | M] (XHTML Mobile Profile) -- C:\Users\Rukiya\AppData\Roaming\Mozilla\Firefox\Profiles\clp1h3nk.default\extensions\{8ea9957e-2953-402f-80e0-bceb5f169d6f}
[2011/01/06 23:10:38 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\Rukiya\AppData\Roaming\Mozilla\Firefox\Profiles\clp1h3nk.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2010/12/30 14:39:35 | 000,000,000 | ---D | M] (wmlbrowser) -- C:\Users\Rukiya\AppData\Roaming\Mozilla\Firefox\Profiles\clp1h3nk.default\extensions\{c4dc572a-3295-40eb-b30f-b54aa4cdc4b7}
[2010/07/15 01:04:15 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Users\Rukiya\AppData\Roaming\Mozilla\Firefox\Profiles\clp1h3nk.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/07/28 14:05:23 | 000,000,000 | ---D | M] (ChaCha Guide App Toolbar) -- C:\Users\Rukiya\AppData\Roaming\Mozilla\Firefox\Profiles\clp1h3nk.default\extensions\[email protected]
[2011/01/09 12:47:26 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Rukiya\AppData\Roaming\Mozilla\Firefox\Profiles\clp1h3nk.default\extensions\[email protected]
[2010/12/30 14:39:36 | 000,000,000 | ---D | M] (Read It Later) -- C:\Users\Rukiya\AppData\Roaming\Mozilla\Firefox\Profiles\clp1h3nk.default\extensions\[email protected]
[2010/03/16 20:54:27 | 000,000,000 | ---D | M] (Ancestry.com Advanced Image Viewer) -- C:\Users\Rukiya\AppData\Roaming\Mozilla\Firefox\Profiles\clp1h3nk.default\extensions\[email protected]
[2010/09/26 11:09:37 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\Rukiya\AppData\Roaming\Mozilla\Firefox\Profiles\clp1h3nk.default\extensions\vshare@toolbar
[2011/02/23 18:24:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/21 22:37:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/02/23 18:24:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2010/05/04 20:40:47 | 000,000,000 | ---D | M] (Download Accelerator Plus (DAP) extension) -- C:\PROGRAM FILES\DAP\DAPFIREFOX
[2011/02/20 16:59:15 | 000,000,000 | ---D | M] (Roboform Toolbar for Firefox) -- C:\PROGRAM FILES\SIBER SYSTEMS\AI ROBOFORM\FIREFOX
[2011/02/22 01:29:24 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\RUKIYA\APPDATA\LOCAL\{1400E5F5-E1EF-4640-BA2C-EAFF992D58F9}
[2009/11/19 15:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/11/19 15:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll

O1 HOSTS File: ([2011/03/05 18:08:29 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.7.0.30\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.7.0.30\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Swag Bucks Toolbar) - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files\Swag_Bucks\tbSwag.dll (Conduit Ltd.)
O2 - BHO: (DAPIELoader Class) - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\DAP\dapieloader.dll (SpeedBit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.7.0.30\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Swag Bucks Toolbar) - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files\Swag_Bucks\tbSwag.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Swag Bucks Toolbar) - {8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} - C:\Program Files\Swag_Bucks\tbSwag.dll (Conduit Ltd.)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [HLBackupScheduler] C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe ()
O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [ModemHelper] File not found
O4 - HKLM..\RunOnce: [MSKSSRV] File not found
O4 - HKLM..\RunOnce: [MSPCLOCK] File not found
O4 - HKLM..\RunOnce: [MSPQM] File not found
O4 - HKLM..\RunOnce: [MSTEE.CxTransform] File not found
O4 - HKLM..\RunOnce: [MSTEE.Splitter] File not found
O4 - HKLM..\RunOnce: [SpybotSnD] C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe (Safer Networking Limited)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: @C:\windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe (PlotSoft LLC)
O13 - gopher Prefix: missing
O16 - DPF: {0B195D55-0AB4-48C7-828F-34BE10BA4266} http://www.worldwinn...ealornodeal.cab (DealOrNoDeal Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} http://das.microsoft...tail/DASAct.cab (DASWebDownload Class)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinn...ed/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {95A311CD-EC8E-452A-BCEC-B844EB616D03} http://www.worldwinn...eweledtwist.cab (BejeweledTwist Control)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://networkforgo...nt/ieatgpc1.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail....NPUplden-us.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.7.0.30\CoIEPlg.dll (Symantec Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 15:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007/05/10 08:48:26 | 000,000,032 | ---- | M] () - F:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{ceff6803-3bca-11e0-a4e6-001e33f98934}\Shell - "" = AutoRun
O33 - MountPoints2\{ceff6803-3bca-11e0-a4e6-001e33f98934}\Shell\AutoRun\command - "" = E:\ToolLauncher-Bootstrap.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/05 18:08:23 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/03/05 18:05:23 | 000,565,760 | ---- | C] (AVAST Software) -- C:\Users\Rukiya\Desktop\aswMBR.exe
[2011/03/05 18:03:39 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2011/03/05 18:01:21 | 000,000,000 | ---D | C] -- C:\Users\Rukiya\Desktop\erunt
[2011/03/04 13:55:13 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Users\Rukiya\Desktop\OTL.exe
[2011/02/26 00:44:28 | 000,000,000 | ---D | C] -- C:\Users\Rukiya\Desktop\Wall Street-Money Never Sleeps 2010 720p BRRip x264 [Team QrG]
[2011/02/23 18:22:55 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2011/02/23 00:21:24 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2011/02/23 00:20:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011/02/22 10:47:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TweakNow RegCleaner 2011
[2011/02/22 10:47:06 | 000,000,000 | ---D | C] -- C:\Users\Rukiya\AppData\Roaming\TweakNow RegCleaner 2011
[2011/02/22 10:47:06 | 000,000,000 | ---D | C] -- C:\Program Files\TweakNow RegCleaner 2011
[2011/02/22 10:41:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/02/22 01:29:24 | 000,000,000 | ---D | C] -- C:\Users\Rukiya\AppData\Local\{1400E5F5-E1EF-4640-BA2C-EAFF992D58F9}
[2011/02/22 01:25:45 | 000,000,000 | ---D | C] -- C:\ProgramData\jAaCmCe08200
[2011/02/20 17:01:12 | 000,000,000 | ---D | C] -- C:\Users\Rukiya\AppData\Roaming\RoboForm
[2011/02/20 16:59:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm
[2011/02/20 16:56:09 | 000,000,000 | ---D | C] -- C:\ProgramData\GoodSync
[2011/02/20 16:56:08 | 000,000,000 | ---D | C] -- C:\Users\Rukiya\AppData\Roaming\GoodSync
[2011/02/20 16:56:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GoodSync
[2011/02/20 13:33:29 | 000,000,000 | ---D | C] -- C:\ProgramData\V CAST Media Manager
[2011/02/20 13:28:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Verizon
[2011/02/20 13:28:21 | 000,000,000 | ---D | C] -- C:\Users\Rukiya\AppData\Local\V CAST Media Manager
[2011/02/20 13:28:20 | 000,000,000 | ---D | C] -- C:\Users\Rukiya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Verizon V CAST Media Manager
[2011/02/20 13:27:16 | 000,000,000 | ---D | C] -- C:\Program Files\Verizon V CAST Media Manager
[2011/02/18 02:14:12 | 000,000,000 | ---D | C] -- C:\Users\Rukiya\AppData\Roaming\Rovio

========== Files - Modified Within 30 Days ==========

[2011/03/05 18:17:42 | 000,015,792 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/05 18:17:42 | 000,015,792 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/05 18:15:20 | 000,624,178 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2011/03/05 18:15:20 | 000,106,522 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2011/03/05 18:10:12 | 000,065,536 | ---- | M] () -- C:\windows\System32\Ikeext.etl
[2011/03/05 18:10:04 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/03/05 18:09:57 | 2211,577,856 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/05 18:08:29 | 000,000,098 | ---- | M] () -- C:\windows\System32\drivers\etc\Hosts
[2011/03/05 18:06:18 | 000,000,512 | ---- | M] () -- C:\Users\Rukiya\Desktop\MBR.dat
[2011/03/05 18:05:35 | 000,565,760 | ---- | M] (AVAST Software) -- C:\Users\Rukiya\Desktop\aswMBR.exe
[2011/03/05 17:56:00 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-636716001-1460186356-947302337-1000UA.job
[2011/03/05 12:21:15 | 000,009,096 | ---- | M] () -- C:\Users\Rukiya\Desktop\images.jpg
[2011/03/04 18:56:00 | 000,000,860 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-636716001-1460186356-947302337-1000Core.job
[2011/03/04 14:34:37 | 000,513,320 | ---- | M] () -- C:\Users\Rukiya\Desktop\erunt.zip
[2011/03/04 13:55:20 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Rukiya\Desktop\OTL.exe
[2011/03/01 12:09:09 | 000,057,050 | ---- | M] () -- C:\Users\Rukiya\Desktop\CHI_Client_History.pdf
[2011/02/25 15:33:59 | 000,000,182 | ---- | M] () -- C:\Users\Rukiya\AppData\Roaming\wklnhst.dat
[2011/02/25 12:53:05 | 000,029,494 | ---- | M] () -- C:\Users\Rukiya\Desktop\35FAF021080D91EE92526095D98834BCEAAA7821.torrent
[2011/02/25 12:48:57 | 000,014,608 | ---- | M] () -- C:\Users\Rukiya\Desktop\749A1681554093F112E7358ED1C6F9B3581F5FD8.torrent
[2011/02/25 12:44:59 | 000,020,129 | ---- | M] () -- C:\Users\Rukiya\Desktop\16C9B19A2508481AF3305C4938DC5738D0EBDE0D.torrent
[2011/02/25 12:43:51 | 000,028,538 | ---- | M] () -- C:\Users\Rukiya\Desktop\F5B9D7AE21DEED090BEE5F1FE8FA7496B29DFE23_2.torrent
[2011/02/25 12:43:17 | 000,028,538 | ---- | M] () -- C:\Users\Rukiya\Desktop\F5B9D7AE21DEED090BEE5F1FE8FA7496B29DFE23_1.torrent
[2011/02/25 12:40:24 | 000,015,526 | ---- | M] () -- C:\Users\Rukiya\Desktop\33608B2A6C3FEE5A302D628999FEA4FFAAD373E5.torrent
[2011/02/25 12:39:01 | 000,015,462 | ---- | M] () -- C:\Users\Rukiya\Desktop\5C15C0310299C70FF236BD75B45BE8FFCCF49C88.torrent
[2011/02/25 12:16:41 | 000,028,538 | ---- | M] () -- C:\Users\Rukiya\Desktop\F5B9D7AE21DEED090BEE5F1FE8FA7496B29DFE23.torrent
[2011/02/25 05:54:51 | 1351,975,692 | ---- | M] () -- C:\Users\Rukiya\Documents\Adobe Photoshop CS5 Extended Edition.exe
[2011/02/25 01:10:22 | 000,014,578 | ---- | M] () -- C:\Users\Rukiya\Desktop\3C01DA721491ECB7B1EB228FD6F5ED5BB228D7EA.torrent
[2011/02/25 01:09:15 | 000,012,966 | ---- | M] () -- C:\Users\Rukiya\Desktop\FA670797BB1772B66D8F5ED221A8F33C20244261.torrent
[2011/02/25 01:01:44 | 000,256,714 | ---- | M] () -- C:\Users\Rukiya\Desktop\65CDA6095351F376908F31FDD953C7BD1CE705D1.torrent
[2011/02/23 00:21:26 | 000,016,968 | ---- | M] () -- C:\windows\System32\drivers\hitmanpro35.sys
[2011/02/21 00:20:14 | 000,056,320 | -H-- | M] () -- C:\Users\Rukiya\Desktop\photothumb.db
[2011/02/20 16:56:08 | 000,002,060 | ---- | M] () -- C:\Users\Rukiya\Application Data\Microsoft\Internet Explorer\Quick Launch\GoodSync.lnk
[2011/02/20 16:56:08 | 000,002,036 | ---- | M] () -- C:\Users\Rukiya\Documents\GoodSync.lnk
[2011/02/18 22:39:19 | 000,021,081 | ---- | M] () -- C:\Users\Rukiya\Documents\research calendar.pdf
[2011/02/16 19:09:00 | 003,797,344 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2011/02/09 07:59:45 | 000,001,114 | ---- | M] () -- C:\Users\Rukiya\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk

========== Files Created - No Company Name ==========

[2011/03/05 18:06:18 | 000,000,512 | ---- | C] () -- C:\Users\Rukiya\Desktop\MBR.dat
[2011/03/05 12:19:42 | 000,009,096 | ---- | C] () -- C:\Users\Rukiya\Desktop\images.jpg
[2011/03/04 14:34:24 | 000,513,320 | ---- | C] () -- C:\Users\Rukiya\Desktop\erunt.zip
[2011/03/01 12:09:09 | 000,057,050 | ---- | C] () -- C:\Users\Rukiya\Desktop\CHI_Client_History.pdf
[2011/02/25 12:52:58 | 000,029,494 | ---- | C] () -- C:\Users\Rukiya\Desktop\35FAF021080D91EE92526095D98834BCEAAA7821.torrent
[2011/02/25 12:48:48 | 000,014,608 | ---- | C] () -- C:\Users\Rukiya\Desktop\749A1681554093F112E7358ED1C6F9B3581F5FD8.torrent
[2011/02/25 12:44:55 | 000,020,129 | ---- | C] () -- C:\Users\Rukiya\Desktop\16C9B19A2508481AF3305C4938DC5738D0EBDE0D.torrent
[2011/02/25 12:43:45 | 000,028,538 | ---- | C] () -- C:\Users\Rukiya\Desktop\F5B9D7AE21DEED090BEE5F1FE8FA7496B29DFE23_2.torrent
[2011/02/25 12:43:14 | 000,028,538 | ---- | C] () -- C:\Users\Rukiya\Desktop\F5B9D7AE21DEED090BEE5F1FE8FA7496B29DFE23_1.torrent
[2011/02/25 12:40:20 | 000,015,526 | ---- | C] () -- C:\Users\Rukiya\Desktop\33608B2A6C3FEE5A302D628999FEA4FFAAD373E5.torrent
[2011/02/25 12:38:55 | 000,015,462 | ---- | C] () -- C:\Users\Rukiya\Desktop\5C15C0310299C70FF236BD75B45BE8FFCCF49C88.torrent
[2011/02/25 12:16:37 | 000,028,538 | ---- | C] () -- C:\Users\Rukiya\Desktop\F5B9D7AE21DEED090BEE5F1FE8FA7496B29DFE23.torrent
[2011/02/25 01:10:16 | 000,014,578 | ---- | C] () -- C:\Users\Rukiya\Desktop\3C01DA721491ECB7B1EB228FD6F5ED5BB228D7EA.torrent
[2011/02/25 01:08:52 | 000,012,966 | ---- | C] () -- C:\Users\Rukiya\Desktop\FA670797BB1772B66D8F5ED221A8F33C20244261.torrent
[2011/02/25 01:00:46 | 000,256,714 | ---- | C] () -- C:\Users\Rukiya\Desktop\65CDA6095351F376908F31FDD953C7BD1CE705D1.torrent
[2011/02/23 00:21:26 | 000,016,968 | ---- | C] () -- C:\windows\System32\drivers\hitmanpro35.sys
[2011/02/21 20:35:53 | 1351,975,692 | ---- | C] () -- C:\Users\Rukiya\Documents\Adobe Photoshop CS5 Extended Edition.exe
[2011/02/20 16:56:08 | 000,002,060 | ---- | C] () -- C:\Users\Rukiya\Application Data\Microsoft\Internet Explorer\Quick Launch\GoodSync.lnk
[2011/02/20 16:56:08 | 000,002,036 | ---- | C] () -- C:\Users\Rukiya\Documents\GoodSync.lnk
[2011/02/18 22:39:19 | 000,021,081 | ---- | C] () -- C:\Users\Rukiya\Documents\research calendar.pdf
[2011/01/23 21:14:05 | 000,009,728 | ---- | C] () -- C:\Users\Rukiya\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/15 22:50:17 | 000,000,016 | ---- | C] () -- C:\windows\popcinfo.dat
[2010/10/23 09:19:43 | 000,000,010 | ---- | C] () -- C:\Users\Rukiya\AppData\Roaming\install
[2010/10/06 22:38:18 | 000,057,344 | ---- | C] () -- C:\windows\System32\ff_vfw.dll
[2010/09/22 12:55:49 | 000,217,088 | ---- | C] () -- C:\windows\System32\LPng.dll
[2010/07/05 16:52:02 | 000,000,182 | ---- | C] () -- C:\Users\Rukiya\AppData\Roaming\wklnhst.dat
[2010/05/07 10:11:33 | 000,000,012 | ---- | C] () -- C:\Users\Rukiya\AppData\Roaming\lipoqz.dat
[2010/02/17 14:11:13 | 000,000,017 | ---- | C] () -- C:\Users\Rukiya\AppData\Local\resmon.resmoncfg
[2009/12/03 08:27:28 | 000,080,416 | ---- | C] () -- C:\windows\System32\RtNicProp32.dll
[2009/11/13 11:33:40 | 000,000,376 | ---- | C] () -- C:\windows\ODBC.INI
[2009/09/25 16:47:27 | 000,000,000 | ---- | C] () -- C:\windows\NDSTray.INI
[2009/09/25 16:08:36 | 000,000,520 | ---- | C] () -- C:\windows\System32\drivers\RTEQEX0.dat
[2009/09/25 16:08:36 | 000,000,176 | ---- | C] () -- C:\windows\System32\drivers\RTHDAEQ0.dat
[2009/09/25 15:59:59 | 000,197,654 | ---- | C] () -- C:\windows\System32\atiicdxx.dat
[2009/09/02 15:47:49 | 000,270,257 | ---- | C] () -- C:\windows\IEDel.exe
[2009/09/01 23:22:18 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\windows\System32\OGAEXEC.exe
[2009/07/13 22:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/13 22:33:53 | 003,797,344 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2009/07/13 20:05:48 | 000,624,178 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2009/07/13 20:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2009/07/13 20:05:48 | 000,106,522 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2009/07/13 20:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2009/07/13 20:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT
[2009/07/13 20:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat
[2009/07/13 17:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/13 17:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\windows\System32\OUTLPERF.INI
[2002/10/14 14:39:18 | 000,000,184 | ---- | C] () -- C:\windows\System32\lxbbcoin.ini

========== LOP Check ==========

[2010/08/25 07:05:29 | 000,000,000 | ---D | M] -- C:\Users\Rukiya\AppData\Roaming\.purple
[2009/12/07 00:28:12 | 000,000,000 | ---D | M] -- C:\Users\Rukiya\AppData\Roaming\AnvSoft
[2011/02/28 11:23:46 | 000,000,000 | ---D | M] -- C:\Users\Rukiya\AppData\Roaming\Azureus
[2010/04/19 20:12:09 | 000,000,000 | ---D | M] -- C:\Users\Rukiya\AppData\Roaming\Canon
[2010/08/06 14:40:17 | 000,000,000 | ---D | M] -- C:\Users\Rukiya\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/08/24 15:12:24 | 000,000,000 | ---D | M] -- C:\Users\Rukiya\AppData\Roaming\com.elance.tracker
[2010/10/16 22:01:36 | 000,000,000 | ---D | M] -- C:\Users\Rukiya\AppData\Roaming\DVDVideoSoft
[2010/02/02 15:33:49 | 000,000,000 | ---D | M] -- C:\Users\Rukiya\AppData\Roaming\enchant
[2010/06/14 22:46:02 | 000,000,000 | ---D | M] -- C:\Users\Rukiya\AppData\Roaming\Facebook
[2010/08/10 14:02:25 | 000,000,000 | ---D | M] -- C:\Users\Rukiya\AppData\Roaming\FileMaker
[2009/12/07 00:12:24 | 000,000,000 | ---D | M] -- C:\Users\Rukiya\AppData\Roaming\FLVPlayer4Free
[2011/02/28 11:28:26 | 000,000,000 | ---D | M] -- C:\Users\Rukiya\AppData\Roaming\FrostWire
[2010/05/04 19:26:38 | 000,000,000 | ---D | M] -- C:\Users\Rukiya\AppData\Roaming\GetRightToGo
[2011/02/23 22:56:01 | 000,000,000 | ---D | M] -- C:\Users\Rukiya\AppData\Roaming\GoodSync
[2010/06/14 20:18:44 | 000,000,000 | ---D | M] -- C:\Users\Rukiya\AppData\Roaming\gtk-2.0
[2010/07/21 21:55:09 | 000,000,000 | ---D | M] -- C:\Users\Rukiya\AppData\Roaming\HamsterSoft
[2009/11/17 23:29:14 | 000,000,000 | ---D | M] -- C:\Users\Rukiya\AppData\Roaming\Klok.AF6B2973D903BFAE0589C27890FE0146C233490A.1
[2009/12/05 23:13:21 | 000,000,000 | ---D | M] -- C:\Users\Rukiya\AppData\Roaming\OpenOffice.org
[2011/02/14 22:46:26 | 000,000,000 | ---D | M] -- C:\Users\Rukiya\AppData\Roaming\OpenWith.org Cache
[2011/02/14 22:46:55 | 000,000,000 | ---D | M] -- C:\Users\Rukiya\AppData\Roaming\OpenWith.org Downloaded Setups
[2010/11/06 18:18:21 | 000,000,000 | ---D | M] -- C:\Users\Rukiya\AppData\Roaming\PhotoScape
[2010/11/25 02:19:42 | 000,000,000 | ---D | M] -- C:\Users\Rukiya\AppData\Roaming\Pogo
[2011/02/20 17:01:12 | 000,000,000 | ---D | M] -- C:\Users\Rukiya\AppData\Roaming\RoboForm
[2011/02/18 02:14:12 | 000,000,000 | ---D | M] -- C:\Users\Rukiya\AppData\Roaming\Rovio
[2010/09/06 16:10:40 | 000,000,000 | ---D | M] -- C:\Users\Rukiya\AppData\Roaming\Softland
[2010/07/05 16:52:04 | 000,000,000 | ---D | M] -- C:\Users\Rukiya\AppData\Roaming\Template
[2010/07/22 01:46:03 | 000,000,000 | ---D | M] -- C:\Users\Rukiya\AppData\Roaming\Toshiba
[2010/05/02 01:44:23 | 000,000,000 | ---D | M] -- C:\Users\Rukiya\AppData\Roaming\TweakNow PowerPack 2010
[2010/02/17 14:21:43 | 000,000,000 | ---D | M] -- C:\Users\Rukiya\AppData\Roaming\TweakNow RegCleaner
[2011/02/22 10:47:06 | 000,000,000 | ---D | M] -- C:\Users\Rukiya\AppData\Roaming\TweakNow RegCleaner 2011
[2010/11/19 10:08:17 | 000,000,000 | ---D | M] -- C:\Users\Rukiya\AppData\Roaming\Uniblue
[2010/10/06 20:31:46 | 000,000,000 | ---D | M] -- C:\Users\Rukiya\AppData\Roaming\uTorrent
[2011/01/19 11:59:12 | 000,000,000 | ---D | M] -- C:\Users\Rukiya\AppData\Roaming\webex
[2009/11/07 16:01:45 | 000,000,000 | ---D | M] -- C:\Users\Rukiya\AppData\Roaming\WinBatch
[2010/11/04 00:05:16 | 000,032,572 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:010ADD2C
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:D74B6CF5
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:ADF211B1

< End of report >
  • 0

#4
Essexboy
Posted 06 March 2011 - 05:44 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Do the redirects occur in Firefox, IE or both ? Also do any other computers using your router suffer redirects ?

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    [2011/02/22 01:25:45 | 000,000,000 | ---D | C] -- C:\ProgramData\jAaCmCe08200

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#5
Essexboy
Posted 06 March 2011 - 08:40 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
New fix thanks to the eagle eyes of OT :D Run this one instead of the previous one please

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    FF - prefs.js..extensions.enabledItems: {1400E5F5-E1EF-4640-BA2C-EAFF992D58F9}:1.9.1
    [2011/02/22 01:29:24 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\RUKIYA\APPDATA\LOCAL\{1400E5F5-E1EF-4640-BA2C-EAFF992D58F9}
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    [2011/02/22 01:25:45 | 000,000,000 | ---D | C] -- C:\ProgramData\jAaCmCe08200


    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#6
rdmilton04
Posted 09 March 2011 - 07:04 PM

rdmilton04

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
To answer your questions:
- This is the only computer in use. There are no other computers in this house.
- I tried IE and I'm not seeing the redirects; only in Firefox.

Here's my log after restart:

All processes killed
========== OTL ==========
Prefs.js: {1400E5F5-E1EF-4640-BA2C-EAFF992D58F9}:1.9.1 removed from extensions.enabledItems
C:\USERS\RUKIYA\APPDATA\LOCAL\{1400E5F5-E1EF-4640-BA2C-EAFF992D58F9}\chrome\content folder moved successfully.
C:\USERS\RUKIYA\APPDATA\LOCAL\{1400E5F5-E1EF-4640-BA2C-EAFF992D58F9}\chrome folder moved successfully.
C:\USERS\RUKIYA\APPDATA\LOCAL\{1400E5F5-E1EF-4640-BA2C-EAFF992D58F9} folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Folder C:\ProgramData\jAaCmCe08200\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Rukiya\Desktop\Google redirect Info\cmd.bat deleted successfully.
C:\Users\Rukiya\Desktop\Google redirect Info\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: Public

User: rmilton

User: Rukiya
->Temp folder emptied: 551125 bytes
->Temporary Internet Files folder emptied: 53279853 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 52025399 bytes
->Flash cache emptied: 2780 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 15340 bytes
RecycleBin emptied: 46568284 bytes

Total Files Cleaned = 145.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: Public

User: rmilton

User: Rukiya
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb



OTL by OldTimer - Version 3.2.22.2 log created on 03092011_184610

Files\Folders moved on Reboot...
File move failed. C:\windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...


Here's the log after Quickfix:
OTL logfile created on: 3/9/2011 6:49:50 PM - Run 3
OTL by OldTimer - Version 3.2.22.2 Folder = C:\Users\Rukiya\Desktop\Google redirect Info
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 69.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.71 Gb Total Space | 213.73 Gb Free Space | 74.03% Space Free | Partition Type: NTFS
Drive F: | 465.76 Gb Total Space | 236.59 Gb Free Space | 50.80% Space Free | Partition Type: NTFS

Computer Name: RUKIYA-PC | User Name: Rukiya | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/04 13:55:20 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Rukiya\Desktop\Google redirect Info\OTL.exe
PRC - [2011/02/20 16:57:50 | 000,107,000 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2011/01/13 02:47:34 | 003,396,624 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/01/13 02:47:33 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/12/08 03:24:16 | 005,247,624 | ---- | M] () -- C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
PRC - [2010/11/29 14:58:34 | 001,294,712 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
PRC - [2010/11/29 14:58:30 | 000,054,136 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
PRC - [2010/11/19 13:29:00 | 004,916,568 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2010/07/04 08:32:51 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/10/30 23:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/09/25 16:17:17 | 000,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\16.7.0.30\ccSvcHst.exe
PRC - [2009/08/21 10:29:40 | 000,464,224 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2009/08/21 10:29:20 | 000,476,512 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
PRC - [2009/08/11 17:09:54 | 000,185,712 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe
PRC - [2009/08/11 17:09:38 | 001,324,384 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TECO\TEco.exe
PRC - [2009/08/06 18:05:42 | 000,611,672 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe
PRC - [2009/08/05 15:04:54 | 000,738,616 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
PRC - [2009/08/03 19:17:06 | 000,611,672 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
PRC - [2009/07/30 00:54:38 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009/07/30 00:54:10 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/07/28 21:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009/07/28 16:43:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2009/07/28 15:00:10 | 000,460,088 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
PRC - [2009/07/13 19:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 16:24:00 | 000,304,496 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/10/09 08:07:56 | 000,107,912 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2008/07/21 16:15:14 | 000,193,888 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Maxtor\Sync\SyncServices.exe
PRC - [2008/01/14 10:17:49 | 005,701,632 | ---- | M] () -- C:\Program Files\Noguska\NolaPro\Apache\mysql\bin\mysqld-nt.exe


========== Modules (SafeList) ==========

MOD - [2011/03/04 13:55:20 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Rukiya\Desktop\Google redirect Info\OTL.exe
MOD - [2011/01/13 02:47:35 | 000,189,728 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2010/08/20 23:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/01/13 02:47:33 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/01/04 20:46:37 | 003,129,432 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_dbc0250.dll -- (Akamai)
SRV - [2010/11/29 14:58:30 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/11/19 13:29:00 | 004,916,568 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2010/04/10 09:15:47 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/09/25 16:17:17 | 000,117,640 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\16.7.0.30\ccSvcHst.exe -- (Norton Internet Security)
SRV - [2009/08/21 10:29:40 | 000,464,224 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2009/08/11 17:09:54 | 000,185,712 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV - [2009/08/10 20:55:46 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) [Auto | Stopped] -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe -- (cfWiMAXService)
SRV - [2009/08/06 18:04:56 | 000,685,424 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV - [2009/08/03 19:16:32 | 000,111,960 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV - [2009/07/30 00:54:10 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/07/28 16:43:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2009/07/13 19:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 19:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/05/22 12:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/03/10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Stopped] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/10/09 08:07:56 | 000,107,912 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2008/07/21 16:15:14 | 000,193,888 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Maxtor\Sync\SyncServices.exe -- (Maxtor Sync Service)
SRV - [2008/01/14 10:17:49 | 005,701,632 | ---- | M] () [Auto | Running] -- C:\Program Files\Noguska\NolaPro\Apache\mysql\bin\mysqld-nt.exe -- (MySQLNoguskaNolaPro)
SRV - [2007/05/31 16:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 16:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV - [2011/01/13 02:41:16 | 000,294,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/01/13 02:40:16 | 000,047,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/01/13 02:37:30 | 000,023,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/01/13 02:37:19 | 000,051,280 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/01/13 02:37:09 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/09/25 16:17:18 | 000,308,272 | ---- | M] (Symantec Corporation) [File_System | System | Stopped] -- C:\windows\system32\drivers\NIS\1007000.01E\SRTSP.SYS -- (SRTSP)
DRV - [2009/09/25 16:17:18 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\windows\system32\drivers\NIS\1007000.01E\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2009/08/14 07:45:24 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/08/14 07:45:24 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/08/05 20:04:04 | 000,171,520 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/30 18:45:56 | 000,022,912 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2009/07/30 13:06:30 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/07/24 16:57:06 | 000,275,536 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2009/07/14 16:28:42 | 000,023,512 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2009/07/13 17:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 17:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 16:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/13 16:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/07/07 09:53:06 | 000,007,680 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2009/06/24 19:23:12 | 000,159,776 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
DRV - [2009/06/19 20:31:08 | 000,012,920 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TVALZFL.sys -- (TVALZFL)
DRV - [2009/05/05 01:30:28 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV - [2008/11/11 13:42:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008/11/11 13:41:00 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008/11/11 13:41:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2008/08/22 10:28:32 | 000,333,824 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8187Se.sys -- (RTL8187Se)
DRV - [2008/04/01 13:33:16 | 000,019,456 | ---- | M] (LeapFrog) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\FlyUsb.sys -- (FlyUsb)
DRV - [2007/05/03 13:37:08 | 000,022,152 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mxopswd.sys -- (MXOPSWD)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=TSNA&bmod=TSNA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=TSNA&bmod=TSNA
IE - HKLM\..\URLSearchHook: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files\Swag_Bucks\tbSwag.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files\Swag_Bucks\tbSwag.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.2
FF - prefs.js..extensions.enabledItems: [email protected]:2.1.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.1
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.14.2
FF - prefs.js..extensions.enabledItems: {8ea9957e-2953-402f-80e0-bceb5f169d6f}:0.5.4
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9
FF - prefs.js..extensions.enabledItems: {c4dc572a-3295-40eb-b30f-b54aa4cdc4b7}:0.7.26
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:7.2.3
FF - prefs.js..extensions.enabledItems: {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}:9.4.0.5
FF - prefs.js..extensions.enabledItems: [email protected]:3.2.5.2
FF - prefs.js..extensions.enabledItems: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}:3.2.5.2
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: ""
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: [email protected]:1.9
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.6


FF - HKLM\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2011/02/20 16:59:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/04 19:30:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/04 19:30:45 | 000,000,000 | ---D | M]

[2009/11/09 11:46:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rukiya\AppData\Roaming\Mozilla\Extensions
[2010/08/26 22:42:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rukiya\AppData\Roaming\Mozilla\Firefox\Profiles\adyqn6bt.default\extensions
[2011/03/07 16:56:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rukiya\AppData\Roaming\Mozilla\Firefox\Profiles\clp1h3nk.default\extensions
[2011/03/03 16:36:19 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Rukiya\AppData\Roaming\Mozilla\Firefox\Profiles\clp1h3nk.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/10/14 12:10:39 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Rukiya\AppData\Roaming\Mozilla\Firefox\Profiles\clp1h3nk.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2011/01/09 12:47:25 | 000,000,000 | ---D | M] (Swag Bucks Community Toolbar) -- C:\Users\Rukiya\AppData\Roaming\Mozilla\Firefox\Profiles\clp1h3nk.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}
[2011/01/22 22:16:43 | 000,000,000 | ---D | M] (XHTML Mobile Profile) -- C:\Users\Rukiya\AppData\Roaming\Mozilla\Firefox\Profiles\clp1h3nk.default\extensions\{8ea9957e-2953-402f-80e0-bceb5f169d6f}
[2011/01/06 23:10:38 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\Rukiya\AppData\Roaming\Mozilla\Firefox\Profiles\clp1h3nk.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2010/12/30 14:39:35 | 000,000,000 | ---D | M] (wmlbrowser) -- C:\Users\Rukiya\AppData\Roaming\Mozilla\Firefox\Profiles\clp1h3nk.default\extensions\{c4dc572a-3295-40eb-b30f-b54aa4cdc4b7}
[2010/07/15 01:04:15 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Users\Rukiya\AppData\Roaming\Mozilla\Firefox\Profiles\clp1h3nk.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/07/28 14:05:23 | 000,000,000 | ---D | M] (ChaCha Guide App Toolbar) -- C:\Users\Rukiya\AppData\Roaming\Mozilla\Firefox\Profiles\clp1h3nk.default\extensions\[email protected]
[2011/01/09 12:47:26 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Rukiya\AppData\Roaming\Mozilla\Firefox\Profiles\clp1h3nk.default\extensions\[email protected]
[2010/12/30 14:39:36 | 000,000,000 | ---D | M] (Read It Later) -- C:\Users\Rukiya\AppData\Roaming\Mozilla\Firefox\Profiles\clp1h3nk.default\extensions\[email protected]
[2011/03/05 20:03:05 | 000,000,000 | ---D | M] (Locationbar²) -- C:\Users\Rukiya\AppData\Roaming\Mozilla\Firefox\Profiles\clp1h3nk.default\extensions\[email protected]
[2010/03/16 20:54:27 | 000,000,000 | ---D | M] (Ancestry.com Advanced Image Viewer) -- C:\Users\Rukiya\AppData\Roaming\Mozilla\Firefox\Profiles\clp1h3nk.default\extensions\[email protected]
[2010/09/26 11:09:37 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\Rukiya\AppData\Roaming\Mozilla\Firefox\Profiles\clp1h3nk.default\extensions\vshare@toolbar
[2011/03/05 20:01:29 | 000,000,000 | ---D | M] (YesScript) -- C:\Users\Rukiya\AppData\Roaming\Mozilla\Firefox\Profiles\clp1h3nk.default\extensions\[email protected]
[2011/02/23 18:24:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/21 22:37:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/02/23 18:24:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2010/05/04 20:40:47 | 000,000,000 | ---D | M] (Download Accelerator Plus (DAP) extension) -- C:\PROGRAM FILES\DAP\DAPFIREFOX
[2011/02/20 16:59:15 | 000,000,000 | ---D | M] (Roboform Toolbar for Firefox) -- C:\PROGRAM FILES\SIBER SYSTEMS\AI ROBOFORM\FIREFOX
File not found (No name found) -- C:\USERS\RUKIYA\APPDATA\LOCAL\{1400E5F5-E1EF-4640-BA2C-EAFF992D58F9}
[2009/11/19 15:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/11/19 15:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll

O1 HOSTS File: ([2011/03/09 18:46:16 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.7.0.30\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.7.0.30\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Swag Bucks Toolbar) - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files\Swag_Bucks\tbSwag.dll (Conduit Ltd.)
O2 - BHO: (DAPIELoader Class) - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\DAP\dapieloader.dll (SpeedBit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.7.0.30\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Swag Bucks Toolbar) - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files\Swag_Bucks\tbSwag.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Swag Bucks Toolbar) - {8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} - C:\Program Files\Swag_Bucks\tbSwag.dll (Conduit Ltd.)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [HLBackupScheduler] C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe ()
O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [ModemHelper] File not found
O4 - HKLM..\RunOnce: [MSKSSRV] File not found
O4 - HKLM..\RunOnce: [MSPCLOCK] File not found
O4 - HKLM..\RunOnce: [MSPQM] File not found
O4 - HKLM..\RunOnce: [MSTEE.CxTransform] File not found
O4 - HKLM..\RunOnce: [MSTEE.Splitter] File not found
O4 - HKLM..\RunOnce: [SpybotSnD] C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe (Safer Networking Limited)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: @C:\windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe (PlotSoft LLC)
O13 - gopher Prefix: missing
O16 - DPF: {0B195D55-0AB4-48C7-828F-34BE10BA4266} http://www.worldwinn...ealornodeal.cab (DealOrNoDeal Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} http://das.microsoft...tail/DASAct.cab (DASWebDownload Class)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinn...ed/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {95A311CD-EC8E-452A-BCEC-B844EB616D03} http://www.worldwinn...eweledtwist.cab (BejeweledTwist Control)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://networkforgo...nt/ieatgpc1.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail....NPUplden-us.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.7.0.30\CoIEPlg.dll (Symantec Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 15:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007/05/10 08:48:26 | 000,000,032 | ---- | M] () - F:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{ceff6803-3bca-11e0-a4e6-001e33f98934}\Shell - "" = AutoRun
O33 - MountPoints2\{ceff6803-3bca-11e0-a4e6-001e33f98934}\Shell\AutoRun\command - "" = E:\ToolLauncher-Bootstrap.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/06 00:43:42 | 000,000,000 | ---D | C] -- C:\Users\Rukiya\Desktop\Google redirect Info
[2011/03/05 18:08:23 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/03/05 18:03:39 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2011/02/23 18:22:55 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2011/02/23 00:21:24 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2011/02/23 00:20:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011/02/22 10:47:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TweakNow RegCleaner 2011
[2011/02/22 10:47:06 | 000,000,000 | ---D | C] -- C:\Users\Rukiya\AppData\Roaming\TweakNow RegCleaner 2011
[2011/02/22 10:47:06 | 000,000,000 | ---D | C] -- C:\Program Files\TweakNow RegCleaner 2011
[2011/02/22 10:41:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/02/22 01:25:45 | 000,000,000 | ---D | C] -- C:\ProgramData\jAaCmCe08200
[2011/02/20 17:01:12 | 000,000,000 | ---D | C] -- C:\Users\Rukiya\AppData\Roaming\RoboForm
[2011/02/20 16:59:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm
[2011/02/20 16:56:09 | 000,000,000 | ---D | C] -- C:\ProgramData\GoodSync
[2011/02/20 16:56:08 | 000,000,000 | ---D | C] -- C:\Users\Rukiya\AppData\Roaming\GoodSync
[2011/02/20 16:56:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GoodSync
[2011/02/20 13:33:29 | 000,000,000 | ---D | C] -- C:\ProgramData\V CAST Media Manager
[2011/02/20 13:28:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Verizon
[2011/02/20 13:28:21 | 000,000,000 | ---D | C] -- C:\Users\Rukiya\AppData\Local\V CAST Media Manager
[2011/02/20 13:28:20 | 000,000,000 | ---D | C] -- C:\Users\Rukiya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Verizon V CAST Media Manager
[2011/02/20 13:27:16 | 000,000,000 | ---D | C] -- C:\Program Files\Verizon V CAST Media Manager
[2011/02/18 02:14:12 | 000,000,000 | ---D | C] -- C:\Users\Rukiya\AppData\Roaming\Rovio

========== Files - Modified Within 30 Days ==========

[2011/03/09 18:48:01 | 000,065,536 | ---- | M] () -- C:\windows\System32\Ikeext.etl
[2011/03/09 18:47:47 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/03/09 18:47:42 | 2211,577,856 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/09 18:46:16 | 000,000,098 | ---- | M] () -- C:\windows\System32\drivers\etc\Hosts
[2011/03/09 18:41:20 | 000,624,178 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2011/03/09 18:41:20 | 000,106,522 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2011/03/09 17:56:00 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-636716001-1460186356-947302337-1000UA.job
[2011/03/08 18:56:00 | 000,000,860 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-636716001-1460186356-947302337-1000Core.job
[2011/03/05 18:44:07 | 000,015,792 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/05 18:44:07 | 000,015,792 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/02/25 15:33:59 | 000,000,182 | ---- | M] () -- C:\Users\Rukiya\AppData\Roaming\wklnhst.dat
[2011/02/25 05:54:51 | 1351,975,692 | ---- | M] () -- C:\Users\Rukiya\Documents\Adobe Photoshop CS5 Extended Edition.exe
[2011/02/23 00:21:26 | 000,016,968 | ---- | M] () -- C:\windows\System32\drivers\hitmanpro35.sys
[2011/02/20 16:56:08 | 000,002,060 | ---- | M] () -- C:\Users\Rukiya\Application Data\Microsoft\Internet Explorer\Quick Launch\GoodSync.lnk
[2011/02/20 16:56:08 | 000,002,036 | ---- | M] () -- C:\Users\Rukiya\Documents\GoodSync.lnk
[2011/02/18 22:39:19 | 000,021,081 | ---- | M] () -- C:\Users\Rukiya\Documents\research calendar.pdf
[2011/02/16 19:09:00 | 003,797,344 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2011/02/09 07:59:45 | 000,001,114 | ---- | M] () -- C:\Users\Rukiya\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk

========== Files Created - No Company Name ==========

[2011/02/23 00:21:26 | 000,016,968 | ---- | C] () -- C:\windows\System32\drivers\hitmanpro35.sys
[2011/02/21 20:35:53 | 1351,975,692 | ---- | C] () -- C:\Users\Rukiya\Documents\Adobe Photoshop CS5 Extended Edition.exe
[2011/02/20 16:56:08 | 000,002,060 | ---- | C] () -- C:\Users\Rukiya\Application Data\Microsoft\Internet Explorer\Quick Launch\GoodSync.lnk
[2011/02/20 16:56:08 | 000,002,036 | ---- | C] () -- C:\Users\Rukiya\Documents\GoodSync.lnk
[2011/02/18 22:39:19 | 000,021,081 | ---- | C] () -- C:\Users\Rukiya\Documents\research calendar.pdf
[2011/01/23 21:14:05 | 000,009,728 | ---- | C] () -- C:\Users\Rukiya\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/15 22:50:17 | 000,000,016 | ---- | C] () -- C:\windows\popcinfo.dat
[2010/10/23 09:19:43 | 000,000,010 | ---- | C] () -- C:\Users\Rukiya\AppData\Roaming\install
[2010/10/06 22:38:18 | 000,057,344 | ---- | C] () -- C:\windows\System32\ff_vfw.dll
[2010/09/22 12:55:49 | 000,217,088 | ---- | C] () -- C:\windows\System32\LPng.dll
[2010/07/05 16:52:02 | 000,000,182 | ---- | C] () -- C:\Users\Rukiya\AppData\Roaming\wklnhst.dat
[2010/05/07 10:11:33 | 000,000,012 | ---- | C] () -- C:\Users\Rukiya\AppData\Roaming\lipoqz.dat
[2010/02/17 14:11:13 | 000,000,017 | ---- | C] () -- C:\Users\Rukiya\AppData\Local\resmon.resmoncfg
[2009/12/03 08:27:28 | 000,080,416 | ---- | C] () -- C:\windows\System32\RtNicProp32.dll
[2009/11/13 11:33:40 | 000,000,376 | ---- | C] () -- C:\windows\ODBC.INI
[2009/09/25 16:47:27 | 000,000,000 | ---- | C] () -- C:\windows\NDSTray.INI
[2009/09/25 16:08:36 | 000,000,520 | ---- | C] () -- C:\windows\System32\drivers\RTEQEX0.dat
[2009/09/25 16:08:36 | 000,000,176 | ---- | C] () -- C:\windows\System32\drivers\RTHDAEQ0.dat
[2009/09/25 15:59:59 | 000,197,654 | ---- | C] () -- C:\windows\System32\atiicdxx.dat
[2009/09/02 15:47:49 | 000,270,257 | ---- | C] () -- C:\windows\IEDel.exe
[2009/09/01 23:22:18 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\windows\System32\OGAEXEC.exe
[2009/07/13 22:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/13 22:33:53 | 003,797,344 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2009/07/13 20:05:48 | 000,624,178 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2009/07/13 20:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2009/07/13 20:05:48 | 000,106,522 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2009/07/13 20:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2009/07/13 20:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT
[2009/07/13 20:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat
[2009/07/13 17:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/13 17:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\windows\System32\OUTLPERF.INI
[2002/10/14 14:39:18 | 000,000,184 | ---- | C] () -- C:\windows\System32\lxbbcoin.ini

========== LOP Check ==========

[2010/08/25 07:05:29 | 000,000,000 | ---D | M] -- C:\Users\Rukiya\AppData\Roaming\.purple
[2009/12/07 00:28:12 | 000,000,000 | ---D | M] -- C:\Users\Rukiya\AppData\Roaming\AnvSoft
[2011/03/09 18:45:22 | 000,000,000 | ---D | M] -- C:\Users\Rukiya\AppData\Roaming\Azureus
[2010/04/19 20:12:09 | 000,000,000 | ---D | M] -- C:\Users\Rukiya\AppData\Roaming\Canon
[2010/08/06 14:40:17 | 000,000,000 | ---D | M] -- C:\Users\Rukiya\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/08/24 15:12:24 | 000,000,000 | ---D | M] -- C:\Users\Rukiya\AppData\Roaming\com.elance.tracker
[2010/10/16 22:01:36 | 000,000,000 | ---D | M] -- C:\Users\Rukiya\AppData\Roaming\DVDVideoSoft
[2010/02/02 15:33:49 | 000,000,000 | ---D | M] -- C:\Users\Rukiya\AppData\Roaming\enchant
[2010/06/14 22:46:02 | 000,000,000 | ---D | M] -- C:\Users\Rukiya\AppData\Roaming\Facebook
[2010/08/10 14:02:25 | 000,000,000 | ---D | M] -- C:\Users\Rukiya\AppData\Roaming\FileMaker
[2009/12/07 00:12:24 | 000,000,000 | ---D | M] -- C:\Users\Rukiya\AppData\Roaming\FLVPlayer4Free
[2011/03/09 18:45:47 | 000,000,000 | ---D | M] -- C:\Users\Rukiya\AppData\Roaming\FrostWire
[2010/05/04 19:26:38 | 000,000,000 | ---D | M] -- C:\Users\Rukiya\AppData\Roaming\GetRightToGo
[2011/02/23 22:56:01 | 000,000,000 | ---D | M] -- C:\Users\Rukiya\AppData\Roaming\GoodSync
[2010/06/14 20:18:44 | 000,000,000 | ---D | M] -- C:\Users\Rukiya\AppData\Roaming\gtk-2.0
[2010/07/21 21:55:09 | 000,000,000 | ---D | M] -- C:\Users\Rukiya\AppData\Roaming\HamsterSoft
[2009/11/17 23:29:14 | 000,000,000 | ---D | M] -- C:\Users\Rukiya\AppData\Roaming\Klok.AF6B2973D903BFAE0589C27890FE0146C233490A.1
[2009/12/05 23:13:21 | 000,000,000 | ---D | M] -- C:\Users\Rukiya\AppData\Roaming\OpenOffice.org
[2011/02/14 22:46:26 | 000,000,000 | ---D | M] -- C:\Users\Rukiya\AppData\Roaming\OpenWith.org Cache
[2011/02/14 22:46:55 | 000,000,000 | ---D | M] -- C:\Users\Rukiya\AppData\Roaming\OpenWith.org Downloaded Setups
[2010/11/06 18:18:21 | 000,000,000 | ---D | M] -- C:\Users\Rukiya\AppData\Roaming\PhotoScape
[2010/11/25 02:19:42 | 000,000,000 | ---D | M] -- C:\Users\Rukiya\AppData\Roaming\Pogo
[2011/02/20 17:01:12 | 000,000,000 | ---D | M] -- C:\Users\Rukiya\AppData\Roaming\RoboForm
[2011/02/18 02:14:12 | 000,000,000 | ---D | M] -- C:\Users\Rukiya\AppData\Roaming\Rovio
[2010/09/06 16:10:40 | 000,000,000 | ---D | M] -- C:\Users\Rukiya\AppData\Roaming\Softland
[2010/07/05 16:52:04 | 000,000,000 | ---D | M] -- C:\Users\Rukiya\AppData\Roaming\Template
[2010/07/22 01:46:03 | 000,000,000 | ---D | M] -- C:\Users\Rukiya\AppData\Roaming\Toshiba
[2010/05/02 01:44:23 | 000,000,000 | ---D | M] -- C:\Users\Rukiya\AppData\Roaming\TweakNow PowerPack 2010
[2010/02/17 14:21:43 | 000,000,000 | ---D | M] -- C:\Users\Rukiya\AppData\Roaming\TweakNow RegCleaner
[2011/02/22 10:47:06 | 000,000,000 | ---D | M] -- C:\Users\Rukiya\AppData\Roaming\TweakNow RegCleaner 2011
[2010/11/19 10:08:17 | 000,000,000 | ---D | M] -- C:\Users\Rukiya\AppData\Roaming\Uniblue
[2010/10/06 20:31:46 | 000,000,000 | ---D | M] -- C:\Users\Rukiya\AppData\Roaming\uTorrent
[2011/01/19 11:59:12 | 000,000,000 | ---D | M] -- C:\Users\Rukiya\AppData\Roaming\webex
[2009/11/07 16:01:45 | 000,000,000 | ---D | M] -- C:\Users\Rukiya\AppData\Roaming\WinBatch
[2010/11/04 00:05:16 | 000,032,572 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:010ADD2C
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:D74B6CF5
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:ADF211B1

< End of report >
  • 0

#7
Essexboy
Posted 10 March 2011 - 05:03 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you now re-check for redirects please and let me know the result
  • 0

#8
rdmilton04
Posted 12 March 2011 - 11:02 PM

rdmilton04

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Looks like I'm good for now. THANK YOU!!!! :D :D ;)
  • 0

#9
Essexboy
Posted 13 March 2011 - 04:30 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Looking at that I am a happy bunny ;)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :D

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself. MBAM can be uninstalled via control panel add/remove along with ERUNT. But they may be useful tools to keep

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

SPRING CLEAN

To manually create a new Restore Point

  • Go to Control Panel and select System
  • Select System
  • On the left select System Protection and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. Clean
  • Select Create

Now we can purge the infected ones

  • GoStart > All programs > Accessories > system tools page
  • Select Performance Information and Tools
  • Right click Disc cleanup an select run as administrator
  • Select Your main drive and accept the warning if you get one
  • For a few moments the system will make some calculations
  • Select the More Options tab
  • In the System Restore and Shadow Backups select Clean up
  • Select Delete on the pop up
  • Select OK
  • Select Delete

Final stretch


Download and run Puran Disc Defragmenter
For the first run I would recommend a boot defrag and disk check

Posted Image


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe :D
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP