Raymondo
2010-07-10, 21:11
It redirects my searh request to other sites I have not chosen to go to!
Cant find it by running any of my anti virus prog
can you please help. I have backed up my registry via erunt and run DDS, HERE IS DA TECHIE STUFF!
DDS (Ver_10-03-17.01) - NTFSx86
Run by RAY THE ADMIN at 3:28:31.67 on Sun 11/07/2010
Internet Explorer: 7.0.6002.18005
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.61.1033.18.3066.1955 [GMT 10:00]
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Toshiba\Utilities\KeNotify.exe
C:\Program Files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe
C:\Program Files\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\taskeng.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\RAY THE ADMIN\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UWEFOX67\dds[1].com
============== Pseudo HJT Report ===============
uDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
uStart Page = hxxp://www.toshibadirect.com/dpdstart
uWindow Title = Microsoft Internet Explorer
mStart Page = about:blank
mDefault_Page_URL =
mDefault_Search_URL =
mSearch Page =
mWindow Title = Microsoft Internet Explorer
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - Google Dictionary Compression sdch
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe
uRun: [fsm]
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe" /start
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [KeNotify] c:\program files\toshiba\utilities\KeNotify.exe
mRun: [SVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL
mRun: [PCMAgent] "c:\program files\cyberlink\powercinema for toshiba\PCMAgent.exe"
mRun: [ToshibaServiceStation] c:\program files\toshiba\toshiba service station\ToshibaServiceStation.exe /hide:60
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [UVS10 Preload] c:\program files\ulead systems\ulead videostudio se dvd\uvPL.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"
StartupFolder: c:\users\ray the admin\appdata\roaming\microsoft\windows\start menu\programs\startup\OneNote 2007 Screen Clipper and Launcher.lnk.disabled
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng1.exe
uPolicies-explorer: RestrictRun = 0 (0x0)
uPolicies-system: NoSecCPL = 0 (0x0)
uPolicies-system: NoDispAppearancePage = 0 (0x0)
uPolicies-system: NoDispSettingsPage = 0 (0x0)
uPolicies-system: NoDevMgrPage = 0 (0x0)
uPolicies-system: NoConfigPage = 0 (0x0)
uPolicies-system: NoVirtMemPage = 0 (0x0)
uPolicies-system: NoFileSysPage = 0 (0x0)
uPolicies-system: NoNetSetup = 0 (0x0)
uPolicies-system: NoNetSetupIDPage = 0 (0x0)
uPolicies-system: NoNetSetupSecurityPage = 0 (0x0)
uPolicies-system: NoWorkgroupContents = 0 (0x0)
uPolicies-system: NoEntireNetwork = 0 (0x0)
uPolicies-system: NoFileSharingControl = 0 (0x0)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-explorer: NoResolveTrack = 1 (0x1)
mPolicies-explorer: NoFolderOptions = 00000000
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: rapid-downloads.com
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://oas.support.microsoft.com/ActiveX/MSDcode.cab
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
AppInit_DLLs: avgrsstx.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
============= SERVICES / DRIVERS ===============
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2010-4-26 52872]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-4-26 216400]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-4-26 29584]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-4-26 243024]
R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-6-22 308136]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2008-7-11 40960]
R2 DLPortIO;DriverLINX Port I/O Driver;c:\windows\system32\drivers\dlportio.sys [2010-2-21 3584]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-3-14 1153368]
R2 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2008-8-26 62776]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-4 126976]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2009-6-15 115552]
R3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\drivers\NETw5v32.sys [2008-4-28 3658752]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-4-26 430152]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-2-26 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-2-26 8320]
S3 RkHit;RkHit;c:\windows\system32\drivers\RKHit.sys [2010-5-12 34736]
S3 ZMHHPAudioSrv;ZOOM H Series High Performance Audio Driver Service;c:\windows\system32\drivers\zmhhpau.sys [2008-8-11 91136]
S4 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\toshiba\smartfacev\SmartFaceVWatchSrv.exe [2008-4-25 73728]
=============== Created Last 30 ================
2010-07-09 15:24:22 0 d-----w- c:\users\ray the admin\DoctorWeb
2010-07-09 15:04:19 0 d-----w- c:\users\raythe~1\appdata\roaming\Malwarebytes
2010-07-09 14:47:20 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-09 14:47:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-09 14:47:19 0 d-----w- c:\programdata\Malwarebytes
2010-07-09 14:47:19 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-08 10:45:13 65536 ------w- c:\windows\system32\Ikeext.etl
2010-07-05 06:50:45 0 d--h--w- c:\windows\PIF
2010-07-01 16:12:19 0 d-----w- c:\users\ray the admin\{ba50a115-6e0e-4cd7-b056-24d84bfbd0db}
2010-07-01 12:00:49 0 d-----w- C:\My Drivers
2010-06-29 05:57:24 0 d-----w- c:\program files\SelfTest
2010-06-27 14:37:52 324120 ----a-w- c:\windows\system32\drivers\rvuitwln.sys
2010-06-24 17:06:14 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-24 17:06:14 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-24 17:06:14 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-06-24 17:06:14 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-24 17:06:14 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-06-22 00:45:21 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-06-16 17:34:42 160 ----a-w- c:\windows\MyDrivers.ini
2010-06-16 13:31:35 0 d-----w- c:\programdata\inf
2010-06-16 13:31:31 0 d-----w- c:\program files\My Drivers
2010-06-15 11:21:28 0 d-----w- c:\program files\SystemRequirementsLab
2010-06-14 13:45:10 714240 ----a-w- c:\windows\system32\timedate.cpl
2010-06-14 12:18:00 0 d-----w- c:\program files\RdDrv001
2010-06-14 09:30:55 0 d-----w- c:\users\raythe~1\appdata\roaming\WinBatch
2010-06-14 08:59:17 0 d-----w- c:\program files\ROLAND FILE CONVERTER
2010-06-11 03:41:03 67072 ----a-w- c:\windows\system32\asycfilt.dll
2010-06-11 03:41:02 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-06-11 03:41:01 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-06-11 03:40:59 834048 ----a-w- c:\windows\system32\wininet.dll
2010-06-11 03:40:57 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-06-11 03:40:52 2037248 ----a-w- c:\windows\system32\win32k.sys
==================== Find3M ====================
2010-07-10 10:36:05 56887 ----a-w- c:\programdata\nvModes.dat
2010-07-06 14:52:27 51200 ----a-w- c:\windows\inf\infpub.dat
2010-07-06 14:52:27 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-07-01 18:31:03 143360 ----a-w- c:\windows\inf\infstor.dat
2010-06-22 00:45:24 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-22 00:45:07 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-05 06:10:42 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-06-05 06:10:42 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
2010-05-21 04:14:28 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-04-23 14:13:55 2048 ----a-w- c:\windows\system32\tzres.dll
2009-09-17 13:03:54 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2010-03-09 09:53:28 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\cookies\index.dat
2010-03-09 09:53:28 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\history\history.ie5\index.dat
2010-03-09 09:53:28 32768 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\temporary internet files\content.ie5\index.dat
2009-08-31 17:53:55 16 --sh--r- c:\windows\system32\drivers\fbd.sys
2009-08-31 17:53:52 6 --sh--r- c:\windows\system32\drivers\taishop.sys
2010-01-01 09:18:31 16384 --sha-w- c:\windows\temp\cookies\index.dat
2010-01-01 09:18:31 16384 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2010-01-01 09:18:31 16384 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat
============= FINISH: 3:29:32.70 ===============
Cant find it by running any of my anti virus prog
can you please help. I have backed up my registry via erunt and run DDS, HERE IS DA TECHIE STUFF!
DDS (Ver_10-03-17.01) - NTFSx86
Run by RAY THE ADMIN at 3:28:31.67 on Sun 11/07/2010
Internet Explorer: 7.0.6002.18005
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.61.1033.18.3066.1955 [GMT 10:00]
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Toshiba\Utilities\KeNotify.exe
C:\Program Files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe
C:\Program Files\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\taskeng.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\RAY THE ADMIN\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UWEFOX67\dds[1].com
============== Pseudo HJT Report ===============
uDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
uStart Page = hxxp://www.toshibadirect.com/dpdstart
uWindow Title = Microsoft Internet Explorer
mStart Page = about:blank
mDefault_Page_URL =
mDefault_Search_URL =
mSearch Page =
mWindow Title = Microsoft Internet Explorer
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - Google Dictionary Compression sdch
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe
uRun: [fsm]
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe" /start
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [KeNotify] c:\program files\toshiba\utilities\KeNotify.exe
mRun: [SVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL
mRun: [PCMAgent] "c:\program files\cyberlink\powercinema for toshiba\PCMAgent.exe"
mRun: [ToshibaServiceStation] c:\program files\toshiba\toshiba service station\ToshibaServiceStation.exe /hide:60
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [UVS10 Preload] c:\program files\ulead systems\ulead videostudio se dvd\uvPL.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"
StartupFolder: c:\users\ray the admin\appdata\roaming\microsoft\windows\start menu\programs\startup\OneNote 2007 Screen Clipper and Launcher.lnk.disabled
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng1.exe
uPolicies-explorer: RestrictRun = 0 (0x0)
uPolicies-system: NoSecCPL = 0 (0x0)
uPolicies-system: NoDispAppearancePage = 0 (0x0)
uPolicies-system: NoDispSettingsPage = 0 (0x0)
uPolicies-system: NoDevMgrPage = 0 (0x0)
uPolicies-system: NoConfigPage = 0 (0x0)
uPolicies-system: NoVirtMemPage = 0 (0x0)
uPolicies-system: NoFileSysPage = 0 (0x0)
uPolicies-system: NoNetSetup = 0 (0x0)
uPolicies-system: NoNetSetupIDPage = 0 (0x0)
uPolicies-system: NoNetSetupSecurityPage = 0 (0x0)
uPolicies-system: NoWorkgroupContents = 0 (0x0)
uPolicies-system: NoEntireNetwork = 0 (0x0)
uPolicies-system: NoFileSharingControl = 0 (0x0)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-explorer: NoResolveTrack = 1 (0x1)
mPolicies-explorer: NoFolderOptions = 00000000
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: rapid-downloads.com
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://oas.support.microsoft.com/ActiveX/MSDcode.cab
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
AppInit_DLLs: avgrsstx.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
============= SERVICES / DRIVERS ===============
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2010-4-26 52872]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-4-26 216400]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-4-26 29584]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-4-26 243024]
R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-6-22 308136]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2008-7-11 40960]
R2 DLPortIO;DriverLINX Port I/O Driver;c:\windows\system32\drivers\dlportio.sys [2010-2-21 3584]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-3-14 1153368]
R2 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2008-8-26 62776]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-4 126976]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2009-6-15 115552]
R3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\drivers\NETw5v32.sys [2008-4-28 3658752]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-4-26 430152]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-2-26 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-2-26 8320]
S3 RkHit;RkHit;c:\windows\system32\drivers\RKHit.sys [2010-5-12 34736]
S3 ZMHHPAudioSrv;ZOOM H Series High Performance Audio Driver Service;c:\windows\system32\drivers\zmhhpau.sys [2008-8-11 91136]
S4 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\toshiba\smartfacev\SmartFaceVWatchSrv.exe [2008-4-25 73728]
=============== Created Last 30 ================
2010-07-09 15:24:22 0 d-----w- c:\users\ray the admin\DoctorWeb
2010-07-09 15:04:19 0 d-----w- c:\users\raythe~1\appdata\roaming\Malwarebytes
2010-07-09 14:47:20 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-09 14:47:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-09 14:47:19 0 d-----w- c:\programdata\Malwarebytes
2010-07-09 14:47:19 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-08 10:45:13 65536 ------w- c:\windows\system32\Ikeext.etl
2010-07-05 06:50:45 0 d--h--w- c:\windows\PIF
2010-07-01 16:12:19 0 d-----w- c:\users\ray the admin\{ba50a115-6e0e-4cd7-b056-24d84bfbd0db}
2010-07-01 12:00:49 0 d-----w- C:\My Drivers
2010-06-29 05:57:24 0 d-----w- c:\program files\SelfTest
2010-06-27 14:37:52 324120 ----a-w- c:\windows\system32\drivers\rvuitwln.sys
2010-06-24 17:06:14 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-24 17:06:14 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-24 17:06:14 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-06-24 17:06:14 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-24 17:06:14 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-06-22 00:45:21 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-06-16 17:34:42 160 ----a-w- c:\windows\MyDrivers.ini
2010-06-16 13:31:35 0 d-----w- c:\programdata\inf
2010-06-16 13:31:31 0 d-----w- c:\program files\My Drivers
2010-06-15 11:21:28 0 d-----w- c:\program files\SystemRequirementsLab
2010-06-14 13:45:10 714240 ----a-w- c:\windows\system32\timedate.cpl
2010-06-14 12:18:00 0 d-----w- c:\program files\RdDrv001
2010-06-14 09:30:55 0 d-----w- c:\users\raythe~1\appdata\roaming\WinBatch
2010-06-14 08:59:17 0 d-----w- c:\program files\ROLAND FILE CONVERTER
2010-06-11 03:41:03 67072 ----a-w- c:\windows\system32\asycfilt.dll
2010-06-11 03:41:02 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-06-11 03:41:01 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-06-11 03:40:59 834048 ----a-w- c:\windows\system32\wininet.dll
2010-06-11 03:40:57 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-06-11 03:40:52 2037248 ----a-w- c:\windows\system32\win32k.sys
==================== Find3M ====================
2010-07-10 10:36:05 56887 ----a-w- c:\programdata\nvModes.dat
2010-07-06 14:52:27 51200 ----a-w- c:\windows\inf\infpub.dat
2010-07-06 14:52:27 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-07-01 18:31:03 143360 ----a-w- c:\windows\inf\infstor.dat
2010-06-22 00:45:24 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-22 00:45:07 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-05 06:10:42 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-06-05 06:10:42 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
2010-05-21 04:14:28 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-04-23 14:13:55 2048 ----a-w- c:\windows\system32\tzres.dll
2009-09-17 13:03:54 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2010-03-09 09:53:28 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\cookies\index.dat
2010-03-09 09:53:28 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\history\history.ie5\index.dat
2010-03-09 09:53:28 32768 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\temporary internet files\content.ie5\index.dat
2009-08-31 17:53:55 16 --sh--r- c:\windows\system32\drivers\fbd.sys
2009-08-31 17:53:52 6 --sh--r- c:\windows\system32\drivers\taishop.sys
2010-01-01 09:18:31 16384 --sha-w- c:\windows\temp\cookies\index.dat
2010-01-01 09:18:31 16384 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2010-01-01 09:18:31 16384 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat
============= FINISH: 3:29:32.70 ===============