Check your service statusCable National
Searching for something?
Reply
The Sorcerer’s Apprentice
carltovey
Posts: 35
Registered: ‎16-11-2011

browser hijack

since virgin changed its virus sofware i am now plauged with browser hijacks , i cannot click on a search in google as it redirects me to somewhere else, i have ran a scan and found nothing wrong.

Trend Product version: 10.0.38.58308 Copyright (c) 2002-2011 Radialpoint SafeCare Inc. All rights reserved.

Please use plain text.
Brainbox
rhforrester
Posts: 124
Registered: ‎11-06-2011

Re: browser hijack

[ Edited ]

Hi download ccleaner

 

you can get it from here

 

http://www.piriform.com/

 

It will fix this and clear out all the junk, can you also advise me what browser you are using and I will explain how to clear your cache settings

Please use plain text.
Fix-a-Lot
Sololobo
Posts: 2,185
Registered: ‎09-09-2009

Re: browser hijack

Sorry to disagree but I don't think CCleaner is the right utility to resolve browser redirect issues.

 

1: Check your hosts file for malicious entries, the default location is C:\Windows\System32\Drivers\etc\hosts.

2: Check your DNS server settings.

3: Check your browser is not configured to use a proxy server.

4: If you are using Internet Explorer check the IE browser add-ons and disable any which are unverified. Delete any add-ons that are unknown.

5: Scan for any malware with MalwareBytes, SpywareDoctor or similiar.

 

If you are still getting redirects after following the above then post back.

--------------------
I used to answer questions, but now I question instead. Guess why.
I'm not paranoid, they are watching.
Kudos: Users giveth and VM taketh away.
Please use plain text.
Brainbox
rhforrester
Posts: 124
Registered: ‎11-06-2011

Re: browser hijack

Hi Sololobo

:smileysad:

The advanced settings in cleaner does work. It may well be that all the user needs to do is log into the settings in his browser and change the homepage redirect and search engine preference.

 

I will take a bet he is using google chrome or firefox.... As they are always the ones that end up with this issue

Please use plain text.
The Sorcerer’s Apprentice
carltovey
Posts: 35
Registered: ‎16-11-2011

Re: browser hijack

using explorer ran CC cleaner ran malaware bytes ran spybot yesterday and deleted 24 items but hijack is still happening.

Please use plain text.
Fix-a-Lot
Sololobo
Posts: 2,185
Registered: ‎09-09-2009

Re: browser hijack

Did you check points 1 to 4 from the earlier post?

 

If running Spybot Search & Destroy and Malwarebytes did not resolve the browser hijack then try Lavasoft Adaware.

 

If this also fails to resolve your problem then you may have been infected with a rootkit. Find a copy of CWShredder (http://free.antivirus.com/cwshredder/) which will remove the CoolWebSearch and its variants.

 

Other anti-rootkit software worth a try are TDSS Killer (http://support.kaspersky.com/faq/?qid=208280684) and GMER (http://www.gmer.net/). If you feel comfortable enough to try a manual removal then Hijack This is a good tool. A guide for use of Hijack This can be found here: http://www.bleepingcomputer.com/tutorials/how-to-use-hijackthis/

 

 

--------------------
I used to answer questions, but now I question instead. Guess why.
I'm not paranoid, they are watching.
Kudos: Users giveth and VM taketh away.
Please use plain text.
The Sorcerer’s Apprentice
carltovey
Posts: 35
Registered: ‎16-11-2011

Re: browser hijack

run supersyware, run spybot, ramalawarebytes, ran shredder, ran GMER and the browser still redirects.

am down installing hijackthis

Please use plain text.
The Sorcerer’s Apprentice
carltovey
Posts: 35
Registered: ‎16-11-2011

Re: browser hijack

Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 21:42:17, on 13/03/2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal

Running processes: C:\ProgramData\DatacardService\DCSHelper.exe C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\carl\AppData\Local\Temp\Temporary Internet Files\Content.IE5\6NC10TEU\i5s7wbrw.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/CQNOT/2 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/CQNOT/2 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - (no file) O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {53427B45-5ABD-2EA7-5840-247B615A3B4F} - C:\Windows\SysWow64\odbcconff.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: SMART Notebook Download Utility - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files (x86)\SMART Technologies\Education Software\Win32\NotebookPlugin.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - (no file) O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: (no name) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - (no file) O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O4 - HKCU\..\Run: [EPSON SX525WD Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGAE.EXE /FU "C:\Windows\TEMP\E_S4FA6.tmp" /EF "HKCU" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://oas.support.microsoft.com/ActiveX/MSDcode.cab O16 - DPF: {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} (20-20 3D Viewer for WEB) - http://bq.kp.2020.net/planner/Core/Player/2020PlayerAX_WEB_Win32.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{224C3261-17AC-4BAF-A441-3C276D7CB10C}: NameServer = 88.82.13.60 88.82.13.60 O17 - HKLM\System\CCS\Services\Tcpip\..\{5F185B4B-49AC-4555-8A8E-3317482EE590}: NameServer = 8.8.8.8,8.8.4.4 O17 - HKLM\System\CS1\Services\Tcpip\..\{224C3261-17AC-4BAF-A441-3C276D7CB10C}: NameServer = 88.82.13.60 88.82.13.60 O17 - HKLM\System\CS2\Services\Tcpip\..\{224C3261-17AC-4BAF-A441-3C276D7CB10C}: NameServer = 88.82.13.60 88.82.13.60 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - (no file) O18 - Protocol: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - (no file) O18 - Protocol: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - (no file) O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE O23 - Service: ABBYY FineReader 9.0 Sprint Licensing Service (ABBYY.Licensing.FineReader.Sprint.9.0) - ABBYY - C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe O23 - Service: EPSON V5 Service4(04) (EPSON_EB_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE O23 - Service: EPSON V3 Service4(04) (EPSON_PM_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: HauppaugeTVServer - Hauppauge Computer Works - C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe O23 - Service: HP Wireless Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe O23 - Service: HWDeviceService64.exe - Unknown owner - C:\ProgramData\DatacardService\HWDeviceService64.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: RtVOsdService Installer (RtVOsdService) - Realtek Semiconductor Corp. - C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: Vodafone Mobile Broadband Service (VmbService) - Vodafone - C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

-- End of file - 13245 bytes

Please use plain text.
Brainbox
rhforrester
Posts: 124
Registered: ‎11-06-2011

Re: browser hijack

[ Edited ]

Will you run Cleaner and go click on the left handside  click the tools link. Then click the start up link Can you copy and paste what is listed. The reason for this if your are infected with a EXE file it will be automatically starting every time you start windows. By looking in the start up page you can disable it

 

It should look something like the picture below

 

ccleaner.JPG

 

Also have a look at the links below

 

http://fixredirectvirus.org/?hop=defendnow

 

 

http://fixredirectvirusreviewed.com/tag/browser-hijack

 

 

Please use plain text.
The Sorcerer’s Apprentice
carltovey
Posts: 35
Registered: ‎16-11-2011

Re: browser hijack

Yes HKCU:Run EPSON SX525WD Series C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGAE.EXE /FU "C:\Windows\TEMP\E_S4FA6.tmp" /EF "HKCU" Yes HKCU:Run ABBYY Screenshot Reader Bonus  Yes HKCU:Run Sidebar C:\Program Files\Windows Sidebar\sidebar.exe /autoRun Yes HKCU:Run SpybotSD TeaTimer C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe Yes HKCU:Run SUPERAntiSpyware C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe No HKCU:Run ABBYY Screenshot Reader Bonus "C:\Program Files (x86)\ABBYY FineReader 9.0 Sprint\Bonus.ScreenshotReader.exe" -autorun No HKCU:Run Epson Stylus SX525WD(Network) (Copy 1) C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGAE.EXE /FU "C:\Windows\TEMP\E_S7158.tmp" /EF "HKCU" No HKCU:Run Google Update "C:\Users\carl\AppData\Local\Google\Update\GoogleUpdate.exe" /c No HKCU:Run HPAdvisorDock C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe No HKCU:Run LightScribe Control Panel C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden No HKCU:Run Mobile Partner C:\Program Files (x86)\3MobileWiFi\3MobileWiFi No HKCU:Run msnmsgr "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background No HKCU:Run Sidebar C:\Program Files (x86)\Windows Sidebar\sidebar.exe /autoRun Yes HKLM:Run HPWirelessAssistant C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden Yes HKLM:Run IgfxTray C:\Windows\system32\igfxtray.exe Yes HKLM:Run HotKeysCmds C:\Windows\system32\hkcmd.exe Yes HKLM:Run Persistence C:\Windows\system32\igfxpers.exe Yes HKLM:Run SynTPEnh %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe Yes HKLM:Run MSC "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey No HKLM:Run Adobe ARM "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" No HKLM:Run Adobe Reader Speed Launcher "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" No HKLM:Run APSDaemon "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" No HKLM:Run GrooveMonitor "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" No HKLM:Run HP Quick Launch C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe No HKLM:Run MobileBroadband C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe /silent No HKLM:Run QuickTime Task "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime No HKLM:Run RTHDVCPL C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s No HKLM:Run SMART Board Service "C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardService.exe" No HKLM:Run SMART Board Tools "C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardTools.exe" No HKLM:Run SunJavaUpdateSched "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" No HKLM:Run TkBellExe "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot No Startup Common AutoStart IR.lnk C:\PROGRA~2\WinTV\Ir.exe /QUIET No Startup Common Qwizdom Tools.lnk C:\PROGRA~2\Qwizdom\APCONN~1\QWIZDO~1.EXE No Startup Common WinTV Recording Status..lnk C:\PROGRA~2\WinTV\WinTV7\WINTVT~2.EXE No Startup User Qwizdom Tools.lnk C:\PROGRA~2\Qwizdom\APCONN~1\QWIZDO~1.EXE

Please use plain text.