suspect trojan.agent

amykitty8 · March 24, 2012

Hi,

I have run the free malwarebytes and its finding Trojan agent in a registry file, I delete it and shutdown but my computer won't shutdown and I end up upplugging it. I'm guessing this were my problem is. The last time I let it sit trying to shut down for 2 hrs, it didn't work.

i'm running windows 7 x64. I tryed to do the DDS but everytime I try to run it avast free comes up and terminates it, and I don't know how to stop it.

I've run kapersky free, avast free they didn't find it. Now I'm running microsoft windows maliciours software removal tool. I need good step by step directions as I'm just learning. Please help. Thanks

amykitty8 · March 26, 2012

From mar 23- I have run the free malwarebytes and its finding Trojan agent in a registry file, I delete it and shutdown but my computer won't shutdown and I end up upplugging it. I'm guessing this were my problem is. The last time I let it sit trying to shut down for 2 hrs, it didn't work.

i'm running windows 7 x64. I tryed to do the DDS but everytime I try to run it avast free comes up and terminates it, and I don't know how to stop it.

I've run kapersky free, avast free they didn't find it. Now I'm running microsoft windows maliciours software removal tool. I need good step by step directions as I'm just learning. Please help. Thanks.

I have since bought malwarebytes pro. Its not finding anything now, Why would it all of a sudden be gone.

Getting very frustrated that no one will help.

Thanks

Edited March 26, 2012 by Maurice Naggar
2 topics merged

Maurice Naggar · March 26, 2012

Hello amykitty8 and welcome to MalwareBytes forums.

We try to help on a timely basis, but you must understand the malware-removal forum is always quite busy, and, there are several dozens of others ahead of you in the queue.

I will be helping and guiding you. Please follow my guidance and only do what I suggest. Do not get or run any tools or other programs on your own. Do not make changes, adds, or removes to this system without checking first with me.

Stop getting any more other antivirus apps. Having several installed & active will certainly lead to deadlocks.

If needed, while running the reports below, disable all antivirus programs that you have on this system.

See the how-to How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall.

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

To show all files:

Go to your Desktop
Double-Click the Computer icon.
From the menu options, Select Tools, then Folder Options.
Next click the View tab.
Locate and uncheck Hide file extensions for known file types.
Locate and uncheck Hide protected operating system files (Recommended).
Locate and click Show hidden files and folders and drives.
Click Apply > OK.

Step 3

Download Random's System Information Tool (RSIT) by random/random from here and save it to your desktop.

Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Step 4

Download Security Check by screen317 and save it to your Desktop: here or here

Run Security Check
Follow the onscreen instructions inside of the command window.
A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!

Step 5

Close all open browsers at this point.

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Start Internet Explorer

Using Internet Explorer browser only, go to BitDefender Quickscan website:

http://quickscan.bitdefender.com

and click "Start Scan".

Observe your browser in case it shows a notice/message bar to allow download and installation of a tool.

Allow the download and install of qsax.cab from BitDefender. Right-click the IE info bar and select Install to install the BitDefender quick scan module.

If prompted, reply yes to allow it to run.

Press the Allow button and follow prompts.

Press the "Start Scan" once more.

You'll see the EULA in a pop-up window. Click the I accept & then the OK button

Note: The FAQ is here --> http://quickscan.bitdefender.com/faq/

and that QuickScan has no removal capability.

The site boasts a 60-second scan. Do have patience as it likely will take longer.

It may seem to stall at moments, but have patience; it will move on.

You'll see a progress bar at top right of window.

Hopefully you will see a No infections found in the bar-winddow. Press the View Log button.

The log report will show in your text editor. Save the log.

Do a Select ALL, Copy. Then paste contents into your next reply.

RE-Enable your antivirus program.

Copy & Paste contents of Log.txt & Info.txt & Checkup.txt & log from Bitdefender.

Use separate replies as needed if logs do not fit into one reply box.

amykitty8 · March 26, 2012

Logfile of random's system information tool 1.09 (written by random/random)

Run by Shari at 2012-03-26 13:42:19

Microsoft Windows 7 Home Premium Service Pack 1

System drive C: has 237 GB (66%) free of 358 GB

Total RAM: 4061 MB (30% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 1:42:50 PM, on 3/26/2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

Running processes:

C:\Program Files\ltmoh\ltmoh.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe

C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe

C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe

C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files (x86)\winsim\ConnectionManager\Simply.SystemTrayIcon.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

D:\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe

c:\program files (x86)\common files\installshield\updateservice\isuspm.exe

C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\agent.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files\trend micro\Shari.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.ca/welcome

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?babsrc=HP_ss&affID=100489&mntrId=8c30ab8c000000000000001e65527a4f

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Presented by TOSHIBA Leading Innovation >>>

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)

F2 - REG:system.ini: UserInit=userinit.exe,

O1 - Hosts: ::1 localhost

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\bh\BabylonToolbar.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarTlbr.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [HWSetup] "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP

O4 - HKLM\..\Run: [KeNotify] "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe"

O4 - HKLM\..\Run: [sVPWUTIL] "C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" SVPwUTIL

O4 - HKLM\..\Run: [TRCMan] C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe

O4 - HKLM\..\Run: [TUSBSleepChargeSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe

O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [ConnectionManager] C:\Program Files (x86)\Winsim\ConnectionManager\Simply.SystemTrayIcon.exe

O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe

O4 - HKLM\..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "D:\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg"&"inst=NzctNjA4Mzk5MzM0LVRCOSsyLUZMKzktUEwrOS1YTzM2KzEtTjFEKzEtUUlYMSs0LVgyMDEwKzItRjEwTTEwRCsyLUxJQysyMi1GTDEwKzEtU1AxKzEtU1VEKzEtUzFJKzEtU1UzKzEtVFVHKzMtTFNEKzItRERUKzA"&"prod=90"&"ver=10.0.1382

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [iSUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKCU\..\Run: [Akamai NetSession Interface] C:\Users\Shari\AppData\Local\Akamai\netsession_win.exe

O4 - HKCU\..\Run: [HP Photosmart 5510 series (NET)] "C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN19T05NXC05NR:NW" -scfn "HP Photosmart 5510 series (NET)" -AutoStart 1

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: Adobe Active File Monitor V9 (AdobeActiveFileMonitor9.0) - Adobe Systems Incorporated - C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: TOSHIBA Web Camera Service (camsvc) - TOSHIBA - C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Macrium Reflect Image Mounting Service (ReflectService) - Unknown owner - C:\Program Files\Macrium\Reflect\ReflectService.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: TOSHIBA Modem region select service (RSELSVC) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\rselect\RSelSvc.exe

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Simply Accounting Database Connection Manager - Sage - C:\Program Files (x86)\Winsim\ConnectionManager\SimplyConnectionManager.exe

O23 - Service: Simply Accounting Transaction Manager 2010 - CDN - Sage - C:\Program Files (x86)\Winsim\TransactionManager2010 - CDN\Sage_SA.TransactionManager.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O23 - Service: TOSHIBA HDD Protection (Thpsrv) - Unknown owner - C:\Windows\system32\ThpSrv.exe (file missing)

O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)

O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe

O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

O23 - Service: Windows Presentation Foundation Font Cache 4.0.0.0 (WPFFontCache_v0400) - Unknown owner - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe (file missing)

O23 - Service: WRSVC - Unknown owner - C:\Program Files\Webroot\WRSA.exe (file missing)

--

End of file - 17373 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe

%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

wininit.exe

C:\Windows\system32\services.exe

winlogon.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"

atieclxx

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

"C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe"

"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"

"C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"

"C:\Program Files\Bonjour\mDNSResponder.exe"

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt

"C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe"

"C:\Program Files\Macrium\Reflect\ReflectService.exe"

"C:\Program Files\TOSHIBA\rselect\RSelSvc.exe" /Service

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\ThpSrv.exe

C:\Windows\system32\TODDSrv.exe

"C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe"

"C:\Program Files\TOSHIBA\TECO\TecoService.exe"

"C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe"

"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"

"C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe"

WLIDSvcM.exe 5064

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-113993fb-fe30-4c54-832f-802486b14d7e -SystemEventPortName:HostProcess-39c99525-a6a5-4309-82aa-108480417289 -IoCancelEventPortName:HostProcess-fb83bf33-70ab-4e78-b2ed-e8e3b7e4a603 -NonStateChangingEventPortName:HostProcess-0b025858-2542-4bb6-b09f-973137ad2aa9 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:83497142-7bee-40bf-b420-b45c6b61fe97

"taskhost.exe"

"C:\Windows\system32\Dwm.exe"

C:\Windows\Explorer.EXE

"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe"

"C:\Program Files\TOSHIBA\TECO\Teco.exe" /r

"C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe"

"C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe"

"C:\Program Files\ltmoh\ltmoh.exe"

"C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe"

"C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe"

"C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe"

"C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe"

"C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN19T05NXC05NR:NW" -scfn "HP Photosmart 5510 series (NET)" -AutoStart 1

"C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe"

C:\Windows\system32\SearchIndexer.exe /Embedding

"C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe"

"C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe"

"C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe"

"C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe" /SPEAKER

"C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start

"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM"

"C:\Program Files (x86)\winsim\ConnectionManager\Simply.SystemTrayIcon.exe"

"C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui

"D:\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

"C:\Program Files (x86)\iTunes\iTunesHelper.exe"

"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

"C:\Program Files\iPod\bin\iPodService.exe"

"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0

"C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe" -CtxID "#Hewlett-Packard#HP Deskjet F4200 series#1267673647" -Startup

"C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe" -Embedding

"C:\Program Files\LSI SoftModem\agr64svc.exe"

"C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe" -Embedding

"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe"

C:\Windows\System32\svchost.exe -k secsvcs

"C:\Program Files\Windows Media Player\wmpnetwk.exe"

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-GB --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/DnsParallelism/parallel_default/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Instant/SuggestExperimentB/Prefetch/ContentPrefetchPrerender1/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderFromOmniboxHeuristic/ExactFullAlgorithm/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwnd16/SpdyImpact/npn_with_spdy/WarmSocketImpact/warm_socket/ --extension-process --enable-print-preview --channel=4884.049A7700.63338498 /prefetch:3

PEV.DAT -dcg1M -c:##c#b#u#b#t#b#f# { -rtd or -tpmz or -tf -preg"\.(bat|cmd|reg|vbs|wsf|vbe|msi|msp|com|pif|ren|vir|tmp|dll|scr|sys|exe|bin|drv)$" } "C:\Users\Shari\AppData\Local\*"

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel=4884.067C56E0.653587362 /prefetch:12

C:\Windows\system32\rundll32.exe "C:\PROGRA~2\Google\Chrome\APPLIC~1\170963~1.83\gcswf32.dll",BrokerMain browser=chrome

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path="C:\Program Files (x86)\Google\Chrome\Application\17.0.963.83\gcswf32.dll" --lang=en-GB --channel=4884.07C4C6E0.1603749088 --flash-broker=5588 /prefetch:4

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-GB --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/DnsParallelism/parallel_default/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Instant/SuggestExperimentB/Prefetch/ContentPrefetchPrerender1/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderFromOmniboxHeuristic/ExactFullAlgorithm/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwnd16/SpdyImpact/npn_with_spdy/WarmSocketImpact/warm_socket/ --enable-print-preview --channel=4884.09E5C540.1444236645 /prefetch:3

"C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe"

C:\Windows\System32\svchost.exe -k HPZ12

"c:\program files (x86)\common files\installshield\updateservice\isuspm.exe" /scheduler

C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\agent.exe -Embedding

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-GB --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/DnsParallelism/parallel_default/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Instant/SuggestExperimentB/Prefetch/ContentPrefetchPrerender1/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderFromOmniboxHeuristic/ExactFullAlgorithm/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwnd16/SpdyImpact/npn_with_spdy/WarmSocketImpact/warm_socket/ --enable-print-preview --channel=4884.099D5700.1731267036 /prefetch:3

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-GB --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/DnsParallelism/parallel_default/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Instant/SuggestExperimentB/Prefetch/ContentPrefetchPrerender1/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderFromOmniboxHeuristic/ExactFullAlgorithm/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwnd16/SpdyImpact/npn_with_spdy/WarmSocketImpact/warm_socket/ --enable-print-preview --channel=4884.07C6B1C0.380334493 /prefetch:3

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-GB --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/DnsParallelism/parallel_default/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Instant/SuggestExperimentB/Prefetch/ContentPrefetchPrerender1/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderFromOmniboxHeuristic/ExactFullAlgorithm/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwnd16/SpdyImpact/npn_with_spdy/WarmSocketImpact/warm_socket/ --enable-print-preview --channel=4884.0967AE00.1249046262 /prefetch:3

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-GB --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/DnsParallelism/parallel_default/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Instant/SuggestExperimentB/Prefetch/ContentPrefetchPrerender1/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderFromOmniboxHeuristic/ExactFullAlgorithm/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwnd16/SpdyImpact/npn_with_spdy/WarmSocketImpact/warm_socket/ --enable-print-preview --channel=4884.096B2380.195216814 /prefetch:3

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-GB --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/DnsParallelism/parallel_default/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Instant/SuggestExperimentB/Prefetch/ContentPrefetchPrerender1/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderFromOmniboxHeuristic/ExactFullAlgorithm/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwnd16/SpdyImpact/npn_with_spdy/WarmSocketImpact/warm_socket/ --enable-print-preview --channel=4884.06F53E00.1714115464 /prefetch:3

"C:\Users\Shari\Downloads\RSITx64.exe"

C:\Windows\system32\wbem\wmiprvse.exe

"C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPNetworkCommunicator.exe"

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Shari\AppData\Roaming\Mozilla\Firefox\Profiles\jhd5ya42.default

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]

"Description"=Adobe® Flash® Player 10

"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=]

"Description"=iTunes Detector Plug-in

"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0]

"Description"=

"Path"=C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@google.com/npPicasa2,version=2.0.0]

"Description"=Picasa2 plugin

"Path"=C:\Program Files (x86)\Picasa2\npPicasa2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin]

"Description"=Oracle® Next Generation Java™ Plug-In

"Path"=C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]

"Description"=

"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]

"Description"=Ag Player Plugin

"Path"=c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]

"Description"=WLPG Install MIME type

"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]

"Description"=WLPG Install MIME type

"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WPF,version=3.5]

"Description"=Windows Presentation Foundation plug-in for Mozilla browsers

"Path"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]

"Description"=Google Update

"Path"=C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]

"Description"=Google Update

"Path"=C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0]

"Description"=WildTangent Games App Presence Detector Plugin

"Path"=C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]

"Description"=Handles PDFs in-place in Firefox

"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]

"Description"=

"Path"=disabled

C:\Program Files (x86)\Mozilla Firefox\extensions\

{972ce4c6-7e08-4474-a285-3208198ce6fd}

{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}

C:\Program Files (x86)\Mozilla Firefox\components\

binary.manifest

browsercomps.dll

C:\Program Files (x86)\Mozilla Firefox\searchplugins\

amazondotcom.xml

bing.xml

eBay.xml

google.xml

twitter.xml

wikipedia.xml

yahoo.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}]

avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2012-03-06 1211776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]

HP Print Enhancer - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22 328248]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}]

Babylon toolbar helper - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\bh\BabylonToolbar.dll [2011-08-14 270960]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]

Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

Java Plug-In SSV Helper - C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2012-03-01 325408]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]

avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-03-06 1003704]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}]

Windows Live Messenger Companion Helper - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-11-10 393600]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2012-03-01 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]

HP Smart BHO Class - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22 517688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2012-03-06 1211776]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]

{CCC7A320-B3CA-4199-B1A6-9F516DD69829}

{98889811-442D-49dd-99D7-DC866BE87DBC} - Babylon Toolbar - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarTlbr.dll [2011-08-14 237680]

{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-03-06 1003704]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2009-07-28 7982112]

"Teco"=C:\Program Files\TOSHIBA\TECO\Teco.exe [2009-04-14 1451520]

"TosSENotify"=C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe [2009-03-24 1123840]

"TPCHWMsg"=C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe [2009-04-09 613232]

"LtMoh"=C:\Program Files\ltmoh\Ltmoh.exe [2008-09-25 195080]

"TPwrMain"=C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [2009-11-05 505696]

"HSON"=C:\Program Files\TOSHIBA\TBS\HSON.exe [2009-03-09 52600]

"SmoothView"=C:\Program Files\Toshiba\SmoothView\SmoothView.exe [2009-07-28 508216]

"00TCrdMain"=C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [2009-10-26 911160]

"HDMICtrlMan"=C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe [2009-08-03 1032536]

"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-07-29 497648]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2010-11-20 163328]

"ISUSPM Startup"=C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-08-09 221184]

"AdobeBridge"= []

"Akamai NetSession Interface"=C:\Users\Shari\AppData\Local\Akamai\netsession_win.exe []

"HP Photosmart 5510 series (NET)"=C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe [2011-09-16 2676584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [2010-11-10 4240760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HotSync Manager.lnk]

C:\PROGRA~2\palmOne\Hotsync.exe [2004-06-09 471040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Shari^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^palmOne Registration.lnk]

C:\PROGRA~2\palmOne\register.exe [2005-09-19 2367488]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]

"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040]

"HWSetup"=C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [2009-06-02 423936]

"KeNotify"=C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [2009-01-13 34088]

"SVPWUTIL"=C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [2008-11-21 438272]

"TRCMan"=C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe [2008-11-26 701752]

"TUSBSleepChargeSrv"=C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe [2009-03-27 252288]

"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-07-29 98304]

"ISUSScheduler"=C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [2004-08-09 81920]

"ConnectionManager"=C:\Program Files (x86)\Winsim\ConnectionManager\Simply.SystemTrayIcon.exe [2009-08-23 91432]

"hpqSRMon"=C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [2008-08-20 150016]

"SwitchBoard"=C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

"AdobeCS5ServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-02-22 406992]

"AppleSyncNotifier"=C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [2011-04-20 58656]

"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]

"APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2011-11-01 59240]

"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2011-10-24 421888]

"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2012-03-06 4241512]

"Malwarebytes' Anti-Malware"=D:\Malwarebytes' Anti-Malware\mbamgui.exe [2012-01-13 460872]

"iTunesHelper"=C:\Program Files (x86)\iTunes\iTunesHelper.exe [2012-01-16 421736]

"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-01-18 254696]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\RunOnce]

"AvgUninstallURL"=cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg&inst=NzctNjA4Mzk5MzM0LVRCOSsyLUZMKzktUEwrOS1YTzM2KzEtTjFEKzEtUUlYMSs0LVgyMDEwKzItRjEwTTEwRCsyLUxJQysyMi1GTDEwKzEtU1AxKzEtU1VEKzEtUzFJKzEtU1UzKzEtVFVHKzMtTFNEKzItRERUKzA∏=90&ver=10.0.1382 []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

HP Digital Imaging Monitor.lnk - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WRkrn]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WRSVC]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"ConsentPromptBehaviorAdmin"=0

"ConsentPromptBehaviorUser"=3

"EnableLUA"=0

"EnableUIADesktopToggle"=0

"PromptOnSecureDesktop"=0

"dontdisplaylastusername"=0

"legalnoticecaption"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"legalnoticetext"=

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=255

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoActiveDesktop"=1

"NoActiveDesktopChanges"=1

"ForceActiveDesktopOn"=0

"BindDirectlyToPropertySetStorage"=0

"NoDriveTypeAutoRun"=255

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"vidc.mrle"=msrle32.dll

"vidc.msvc"=msvidc32.dll

"msacm.imaadpcm"=imaadp32.acm

"msacm.msg711"=msg711.acm

"msacm.msgsm610"=msgsm32.acm

"msacm.msadpcm"=msadp32.acm

"midimapper"=midimap.dll

"wavemapper"=msacm32.drv

"VIDC.UYVY"=msyuv.dll

"VIDC.YUY2"=msyuv.dll

"VIDC.YVYU"=msyuv.dll

"VIDC.IYUV"=iyuv_32.dll

"vidc.i420"=iyuv_32.dll

"VIDC.YVU9"=tsbyuv.dll

"msacm.l3acm"=C:\Windows\System32\l3codeca.acm

"MSVideo8"=VfWWDM32.dll

"wave"=wdmaud.drv

"midi"=wdmaud.drv

"mixer"=wdmaud.drv

"aux"=wdmaud.drv

"wave1"=wdmaud.drv

"midi1"=wdmaud.drv

"mixer1"=wdmaud.drv

"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-03-26 13:42:25 ----D---- C:\Program Files\trend micro

2012-03-26 13:42:19 ----D---- C:\rsit

2012-03-26 11:36:38 ----D---- C:\Windows\ERDNT

2012-03-26 11:34:36 ----D---- C:\Program Files (x86)\ERUNT

2012-03-24 12:28:53 ----D---- C:\ProgramData\Spybot - Search & Destroy

2012-03-24 12:28:53 ----D---- C:\Program Files (x86)\Spybot - Search & Destroy

2012-03-23 16:27:43 ----A---- C:\TDSSKiller.2.7.22.0_23.03.2012_16.27.43_log.txt

2012-03-23 16:13:44 ----A---- C:\Windows\SYSWOW64\MRT.exe

2012-03-20 06:44:52 ----A---- C:\Windows\system32\ntoskrnl.exe

2012-03-20 06:44:45 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe

2012-03-20 06:44:43 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe

2012-03-19 08:06:39 ----D---- C:\ProgramData\Kaspersky Lab

2012-03-19 06:58:42 ----A---- C:\Windows\system32\win32k.sys

2012-03-19 06:58:39 ----A---- C:\Windows\SYSWOW64\DWrite.dll

2012-03-19 06:58:39 ----A---- C:\Windows\system32\DWrite.dll

2012-03-19 06:58:32 ----A---- C:\Windows\system32\rdrmemptylst.exe

2012-03-19 06:58:32 ----A---- C:\Windows\system32\rdpwsx.dll

2012-03-19 06:58:32 ----A---- C:\Windows\system32\rdpcorekmts.dll

2012-03-19 06:58:02 ----A---- C:\Windows\system32\rdpcore.dll

2012-03-19 06:58:01 ----A---- C:\Windows\SYSWOW64\rdpcore.dll

2012-03-19 06:58:01 ----A---- C:\Windows\system32\drivers\rdpwd.sys

2012-03-19 06:58:00 ----A---- C:\Windows\system32\drivers\tdtcp.sys

2012-03-14 08:49:44 ----D---- C:\Program Files (x86)\Citrix

2012-03-02 09:11:26 ----D---- C:\Users\Shari\AppData\Roaming\HPAppData

2012-03-01 07:41:52 ----A---- C:\Windows\SYSWOW64\javaws.exe

2012-03-01 07:41:52 ----A---- C:\Windows\SYSWOW64\javaw.exe

2012-03-01 07:41:52 ----A---- C:\Windows\SYSWOW64\java.exe

======List of files/folders modified in the last 1 month======

2021-10-31 19:57:32 ----A---- C:\Windows\system32\ANPOP.dll

2012-03-26 13:42:42 ----D---- C:\Windows\Temp

2012-03-26 13:42:25 ----D---- C:\Program Files

2012-03-26 11:36:38 ----D---- C:\Windows

2012-03-26 11:34:36 ----D---- C:\Program Files (x86)

2012-03-26 08:26:14 ----D---- C:\Windows\system32\config

2012-03-26 08:06:47 ----SHD---- C:\Windows\Installer

2012-03-26 08:06:46 ----HD---- C:\Config.Msi

2012-03-26 08:06:03 ----SHD---- C:\System Volume Information

2012-03-24 12:28:53 ----HD---- C:\ProgramData

2012-03-23 18:05:03 ----D---- C:\Windows\SysWOW64

2012-03-23 18:05:03 ----D---- C:\Windows\system32\drivers

2012-03-23 18:05:03 ----D---- C:\Windows\System32

2012-03-23 17:33:32 ----D---- C:\Windows\Prefetch

2012-03-21 06:43:26 ----D---- C:\Windows\inf

2012-03-21 06:43:26 ----A---- C:\Windows\system32\PerfStringBackup.INI

2012-03-20 07:37:04 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-03-20 07:26:12 ----D---- C:\Windows\winsxs

2012-03-20 06:45:33 ----D---- C:\Windows\system32\catroot

2012-03-20 06:45:21 ----D---- C:\Windows\system32\catroot2

2012-03-20 06:15:53 ----D---- C:\ProgramData\Microsoft Help

2012-03-19 07:43:50 ----D---- C:\Windows\Tasks

2012-03-19 07:43:50 ----D---- C:\Windows\system32\wfp

2012-03-19 07:43:50 ----D---- C:\Windows\system32\DriverStore

2012-03-19 07:43:44 ----D---- C:\Windows\system32\CodeIntegrity

2012-03-19 07:43:44 ----D---- C:\Windows\AppCompat

2012-03-19 07:43:43 ----D---- C:\Program Files (x86)\Microsoft Office

2012-03-19 07:43:36 ----D---- C:\Windows\system32\wbem

2012-03-19 07:43:36 ----D---- C:\Windows\registration

2012-03-16 17:51:39 ----D---- C:\Windows\SYSWOW64\wbem

2012-03-16 17:51:38 ----D---- C:\Windows\system32\drivers\UMDF

2012-03-16 17:51:32 ----D---- C:\Program Files\Windows Live

2012-03-16 17:51:31 ----D---- C:\Program Files (x86)\Windows Live

2012-03-16 17:49:36 ----D---- C:\Windows\Microsoft.NET

2012-03-11 19:39:32 ----RSD---- C:\Windows\assembly

2012-03-10 18:51:07 ----D---- C:\Windows\rescache

2012-03-06 17:15:14 ----A---- C:\Windows\SYSWOW64\aswBoot.exe

2012-03-06 17:15:03 ----A---- C:\Windows\system32\aswBoot.exe

2012-03-04 17:19:46 ----A---- C:\Windows\system32\MRT.exe

2012-03-01 07:42:28 ----D---- C:\Program Files (x86)\Common Files

2012-03-01 07:41:39 ----A---- C:\Windows\SYSWOW64\deployJava1.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2009-06-04 408600]

R0 LPCFilter;LPC Lower Filter Driver; C:\Windows\system32\DRIVERS\LPCFilter.sys [2009-07-30 44912]

R0 PxHlpa64;PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]

R0 Thpdrv;TOSHIBA HDD Protection Driver; C:\Windows\system32\DRIVERS\thpdrv.sys [2009-06-29 34880]

R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver; C:\Windows\system32\DRIVERS\Thpevm.SYS [2009-06-29 14784]

R0 tos_sps64;TOSHIBA tos_sps64 Service; C:\Windows\system32\DRIVERS\tos_sps64.sys [2009-07-24 482384]

R0 TVALZ;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver; C:\Windows\system32\DRIVERS\TVALZ_O.SYS [2009-07-14 26840]

R0 WRkrn;WRkrn; C:\Windows\System32\drivers\WRkrn.sys []

R1 aswRdr;aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [2012-03-06 53080]

R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2012-03-06 819032]

R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2012-03-06 337240]

R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2012-03-06 59224]

R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-13 59904]

R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2012-03-06 24408]

R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2012-03-06 69976]

R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver; C:\Windows\system32\DRIVERS\TVALZFL.sys [2009-03-23 14472]

R3 AgereSoftModem;TOSHIBA V.92 Software Modem; C:\Windows\system32\DRIVERS\agrsm64.sys [2009-07-21 1208320]

R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-07-30 6037504]

R3 enecir;ENE CIR Receiver; C:\Windows\system32\DRIVERS\enecir.sys [2008-12-30 68608]

R3 enecirhid;ENE CIR HID Receiver; C:\Windows\system32\DRIVERS\enecirhid.sys [2008-04-29 14336]

R3 enecirhidma;ENE CIR HIDmini Filter; C:\Windows\system32\DRIVERS\enecirhidma.sys [2008-04-25 6656]

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 34152]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2009-07-28 1966624]

R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2011-12-10 23152]

R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit; C:\Windows\system32\DRIVERS\NETw5s64.sys [2010-01-13 7675392]

R3 PGEffect;Pangu effect driver; C:\Windows\system32\DRIVERS\pgeffect.sys [2009-03-18 32832]

R3 RTHDMIAzAudService;Service for HDMI; C:\Windows\system32\drivers\RtHDMIVX.sys [2009-05-20 202016]

R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-03-01 187392]

R3 StillCam;Still Serial Digital Camera Driver; C:\Windows\system32\DRIVERS\serscan.sys [2009-07-13 12288]

R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2009-03-20 266288]

R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\Windows\system32\DRIVERS\tdcmdpst.sys [2009-07-30 27784]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-13 17920]

S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2009-07-13 145920]

S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\drivers\Dot4Prt.sys [2010-11-20 19968]

S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2009-07-13 43008]

S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2010-09-23 48488]

S3 JMCR;JMCR; C:\Windows\system32\DRIVERS\jmcr.sys [2009-04-08 138592]

S3 libusb0;libusb-win32 - Kernel Driver, Version 1.2.4.0; C:\Windows\system32\drivers\libusb0.sys [2011-11-23 29184]

S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit; C:\Windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]

S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-13 12352]

S3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh64.sys [2009-04-24 206336]

S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys [2011-05-10 51712]

S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-13 41984]

S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]

S3 WSDPrintDevice;WSD Print Support via UMB; C:\Windows\system32\DRIVERS\WSDPrint.sys [2009-07-13 23040]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9; C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-06 169408]

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Program Files\LSI SoftModem\agr64svc.exe [2009-03-27 16896]

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-07-29 203264]

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2011-10-24 55144]

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-03-06 44768]

R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 462184]

R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\syswow64\svchost.exe [2009-07-13 20992]

R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2006-10-19 61440]

R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]

R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-13 27136]

R2 ReflectService;Macrium Reflect Image Mounting Service; C:\Program Files\Macrium\Reflect\ReflectService.exe [2010-09-28 301024]

R2 RSELSVC;TOSHIBA Modem region select service; C:\Program Files\TOSHIBA\rselect\RSelSvc.exe [2009-02-19 55808]

R2 Thpsrv;TOSHIBA HDD Protection; C:\Windows\system32\ThpSrv.exe [2009-07-08 531520]

R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe [2009-07-28 140632]

R2 TosCoSrv;TOSHIBA Power Saver; C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe [2009-11-05 489312]

R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [2009-04-14 251392]

R2 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-03-17 84480]

R2 TPCHSrv;TPCH Service; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2009-04-09 803696]

R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 2286976]

R3 hpqcxs08;hpqcxs08; C:\Windows\syswow64\svchost.exe [2009-07-13 20992]

R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2012-01-16 934760]

S2 camsvc;TOSHIBA Web Camera Service; C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe [2009-04-16 20544]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-25 136176]

S2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-13 27136]

S2 Simply Accounting Database Connection Manager;Simply Accounting Database Connection Manager; C:\Program Files (x86)\Winsim\ConnectionManager\SimplyConnectionManager.exe [2009-08-23 29992]

S2 WRSVC;WRSVC; C:\Program Files\Webroot\WRSA.exe -service []

S3 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-09-23 1493352]

S3 GamesAppService;GamesAppService; C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

S3 gupdatem;Google Update Service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-25 136176]

S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-09-19 182768]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]

S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]

S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 Simply Accounting Transaction Manager 2010 - CDN;Simply Accounting Transaction Manager 2010 - CDN; C:\Program Files (x86)\Winsim\TransactionManager2010 - CDN\Sage_SA.TransactionManager.exe [2009-08-23 42280]

S3 SwitchBoard;Adobe SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

S3 TMachInfo;TMachInfo; C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 51512]

S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-11-01 1255736]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe []

S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

-----------------EOF-----------------

amykitty8 · March 26, 2012

info.txt logfile of random's system information tool 1.09 2012-03-26 13:43:00

======Uninstall list======

Update for Microsoft Office 2007 (KB2508958)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}

Update for Microsoft Office 2007 (KB2508958)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}

-->"C:\Program Files (x86)\InstallShield Installation Information\{BB8AE808-F003-4C7F-B56B-8C80EEAFFE23}\setup.exe" --u:{BB8AE808-F003-4C7F-B56B-8C80EEAFFE23}

-->"C:\Program Files (x86)\TOSHIBA Games\Blackhawk Striker 2\Uninstall.exe"

-->"C:\Program Files (x86)\TOSHIBA Games\Farm Mania\Uninstall.exe"

-->"C:\Program Files (x86)\TOSHIBA Games\FATE Undiscovered Realms\Uninstall.exe"

-->"C:\Program Files (x86)\TOSHIBA Games\Jewel Quest 3\Uninstall.exe"

-->"C:\Program Files (x86)\TOSHIBA Games\My Tribe\Uninstall.exe"

-->"C:\Program Files (x86)\TOSHIBA Games\Peggle\Uninstall.exe"

-->"C:\Program Files (x86)\TOSHIBA Games\Polar Bowler\Uninstall.exe"

-->"C:\Program Files (x86)\TOSHIBA Games\Polar Golfer\Uninstall.exe"

-->"C:\Program Files (x86)\TOSHIBA Games\Virtual Villagers - A New Home\Uninstall.exe"

-->C:\Program Files\TOSHIBA\TVAP\setup.exe

64 Bit HP CIO Components Installer-->MsiExec.exe /I{9301985B-D116-4A93-A93D-94580084FF86}

64 Bit HP CIO Components Installer-->MsiExec.exe /I{FF21C3E6-97FD-474F-9518-8DCBE94C2854}

Acrobat.com-->MsiExec.exe /X{287ECFA4-719A-2143-A09B-D6A12DE54E40}

Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE

Adobe AIR-->C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall

Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}

Adobe Community Help-->msiexec /qb /x {0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}

Adobe Community Help-->MsiExec.exe /I{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}

Adobe Digital Editions-->"C:\Program Files (x86)\Adobe\Adobe Digital Editions\uninstall.exe"

Adobe Flash Player 10 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_activeX.exe

Adobe Flash Player 10 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_plugin.exe

Adobe Photoshop CS5-->C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe --appletID="DWA_UI" --appletVersion="1.0" --mode="Uninstall" --mediaSignature="{15FEDA5F-141C-4127-8D7E-B962D1742728}"

Adobe Photoshop Elements 9-->msiexec /i {007F778D-F15C-4EAB-AE92-071D21FAF632} NOT_STANDALONE=1

Adobe Reader X (10.1.2)-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-AA1000000001}

Apple Application Support-->MsiExec.exe /I{343666E2-A059-48AC-AD67-230BF74E2DB2}

Apple Mobile Device Support-->MsiExec.exe /I{75104836-CAC7-444E-A39E-3F54151942F5}

Apple Software Update-->MsiExec.exe /I{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}

avast! Free Antivirus-->C:\Program Files\AVAST Software\Avast\aswRunDll.exe "C:\Program Files\AVAST Software\Avast\Setup\setiface.dll" RunSetup

Babylon toolbar on IE-->"C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\uninstall.exe"

Bonjour-->MsiExec.exe /X{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}

Catalyst Control Center - Branding-->MsiExec.exe /I{E3D63B95-4B21-414A-A2C7-D6D6A6AC6D79}

CCleaner-->"C:\Program Files\CCleaner\uninst.exe"

Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}

D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF}

Defraggler-->"C:\Program Files\Defraggler\uninst.exe"

Direct DiscRecorder-->C:\Program Files (x86)\InstallShield Installation Information\{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}\setup.exe -runfromtemp -l0x0409

Dolby Control Center-->MsiExec.exe /I{20387B45-18A4-4D48-ABD9-A23D2CBE42B3}

DVD MovieFactory for TOSHIBA-->C:\Program Files (x86)\InstallShield Installation Information\{50F68032-B5B7-4513-9116-C978DBD8F27A}\setup.exe -runfromtemp -l0x0409

Elements 9 Organizer-->MsiExec.exe /I{433EACD8-4747-4A6A-826A-FFA9F39B0D40}

Elements STI Installer-->C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe --appletID="DWA_UI" --appletVersion="1.0" --mode="Uninstall" --mediaSignature="{E2AE009D-37E5-4724-A6B8-0ED6A6BA4F68}"

ENE CIR Receiver Driver-->C:\PROGRA~1\DIFX\0169CE~1\DPInst.exe /u C:\Windows\System32\DriverStore\FileRepository\enecir.inf_amd64_neutral_589399e0a623e5a0\enecir.inf

ePUBee DRM Removal 1.3.2-->"C:\Program Files (x86)\ePUBee DRM Removal\unins000.exe"

ERUNT 1.1j-->"C:\Program Files (x86)\ERUNT\unins000.exe"

FBReader for Windows-->"C:\Program Files (x86)\FBReader\uninstall.exe"

Google Chrome-->"C:\Program Files (x86)\Google\Chrome\Application\17.0.963.83\Installer\setup.exe" --uninstall --multi-install --chrome --system-level

Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}

Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

HDMI Control Manager-->C:\Program Files (x86)\InstallShield Installation Information\{63DA1F6A-2E65-4367-99B9-9E39FADEC446}\setup.exe -runfromtemp -l0x0409

HP Customer Participation Program 10.0-->C:\Program Files (x86)\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat

HP Deskjet F4200 All-In-One Driver Software 10.0 Rel .3-->C:\Program Files (x86)\HP\Digital Imaging\{AE9A67F9-ADF1-4a44-BAB5-C1DB302B37A2}\setup\hpzscr40.exe -datfile hposcr28.dat -onestop

HP Imaging Device Functions 10.0-->C:\Program Files (x86)\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat

HP Photosmart 5510 series Basic Device Software-->MsiExec.exe /I{424E8E17-A7B7-45B5-8C79-D58F04D9D920}

HP Photosmart Essential 3.5-->C:\Program Files (x86)\HP\Digital Imaging\PhotosmartEssential\hpzscr01.exe -datfile hpqbud13.dat

HP Smart Web Printing 4.60-->C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpzscr01.exe -datfile hpqbud15.dat

HP Solution Center 13.0-->C:\Program Files (x86)\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat -forcereboot

HP Update-->MsiExec.exe /X{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}

Intel® Matrix Storage Manager-->C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\Uninstall\imsmudlg.exe -uninstall

iTunes-->MsiExec.exe /I{5E11C972-1E76-45FE-8F92-14E0D1140B1B}

Java 6 Update 31-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216031FF}

JMicron Flash Media Controller Driver-->"C:\Program Files (x86)\JMicron\JMCR_DIR\setup.exe" delpkg

Junk Mail filter update-->MsiExec.exe /I{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}

Kobo-->"C:\Program Files (x86)\Kobo\uninstall.exe"

LSI V92 MOH Application-->agrsmdel.exe -a

Macrium Reflect - Free Edition-->MsiExec.exe /I{BAC8EFD5-602B-4EF6-91DD-F9AD7C83284E}

Malwarebytes Anti-Malware version 1.60.1.1000-->"D:\Malwarebytes' Anti-Malware\unins000.exe"

Mesh Runtime-->MsiExec.exe /I{8C6D6116-B724-4810-8F2D-D047E6B7D68E}

Messenger Companion-->MsiExec.exe /I{50816F92-1652-4A7C-B9BC-48F682742C4B}

Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /x64 /parameterfolder Client

Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}

Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4}

Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4}

Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4}

Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4}

Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4}

Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4}

Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {664655D8-B9BB-455D-8A58-7EAF7B0B2862}

Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-002A-0409-1000-0000000FF1CE} /uninstall {98333358-268C-4164-B6D4-C96DF5153727}

Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6E107EB7-8B55-48BF-ACCB-199F86A2CD93}

Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4}

Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {98333358-268C-4164-B6D4-C96DF5153727}

Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4}

Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4}

Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4}

Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {98333358-268C-4164-B6D4-C96DF5153727}

Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0116-0409-1000-0000000FF1CE} /uninstall {98333358-268C-4164-B6D4-C96DF5153727}

Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4}

Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6E107EB7-8B55-48BF-ACCB-199F86A2CD93}

Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}

Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}

Microsoft Office Enterprise 2007-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL

Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}

Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}

Microsoft Office File Validation Add-In-->MsiExec.exe /I{90140000-2005-0000-0000-0000000FF1CE}

Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}

Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}

Microsoft Office Home and Student 2007-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL

Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}

Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}

Microsoft Office Office 64-bit Components 2007-->MsiExec.exe /X{90120000-002A-0000-1000-0000000FF1CE}

Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}

Microsoft Office Outlook Connector-->MsiExec.exe /X{95140000-007A-0409-0000-0000000FF1CE}

Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}

Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}

Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}

Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}

Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}

Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}

Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {1FF96026-A04A-4C3E-B50A-BB7022654D0F}

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {71F055E8-E2C6-4214-BB3D-BFE03561B89E}

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}

Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}

Microsoft Office Shared 64-bit MUI (English) 2007-->MsiExec.exe /X{90120000-002A-0409-1000-0000000FF1CE}

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0116-0409-1000-0000000FF1CE}

Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}

Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}

Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}

Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}

Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053-->MsiExec.exe /X{B6E3757B-5E77-3915-866A-CCFC4B8D194C}

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}

Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175-->MsiExec.exe /X{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}

Microsoft Visual C++ 2005 Redistributable (x64)-->MsiExec.exe /X{071c9b48-7c32-4621-a0ac-3f809523288f}

Microsoft Visual C++ 2005 Redistributable (x64)-->MsiExec.exe /X{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}

Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148-->MsiExec.exe /X{EE936C7A-EA40-31D5-9B65-8E3E089C3828}

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570-->MsiExec.exe /X{8338783A-0968-3B85-AFC7-BAAE0A63DC50}

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570-->MsiExec.exe /X{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}

Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022-->MsiExec.exe /X{350AA351-21FA-3270-8B7A-835434E766AD}

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161-->MsiExec.exe /X{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}

Microsoft Works-->MsiExec.exe /I{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}

Microsoft_VC80_ATL_x86_x64-->MsiExec.exe /I{925D058B-564A-443A-B4B2-7E90C6432E55}

Microsoft_VC80_CRT_x86_x64-->MsiExec.exe /I{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}

Microsoft_VC80_CRT_x86-->MsiExec.exe /I{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}

Microsoft_VC80_MFC_x86_x64-->MsiExec.exe /I{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}

Microsoft_VC80_MFC_x86-->MsiExec.exe /I{D1A19B02-817E-4296-A45B-07853FD74D57}

Microsoft_VC80_MFCLOC_x86_x64-->MsiExec.exe /I{1E9FC118-651D-4934-97BE-E53CAE5C7D45}

Microsoft_VC80_MFCLOC_x86-->MsiExec.exe /I{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}

Microsoft_VC90_ATL_x86_x64-->MsiExec.exe /I{8557397C-A42D-486F-97B3-A2CBC2372593}

Microsoft_VC90_ATL_x86-->MsiExec.exe /I{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}

Microsoft_VC90_CRT_x86_x64-->MsiExec.exe /I{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}

Microsoft_VC90_CRT_x86-->MsiExec.exe /I{08D2E121-7F6A-43EB-97FD-629B44903403}

Microsoft_VC90_MFC_x86_x64-->MsiExec.exe /I{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}

Microsoft_VC90_MFC_x86-->MsiExec.exe /I{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}

Mozilla Firefox 9.0.1 (x86 en-US)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe

MSVCRT_amd64-->MsiExec.exe /I{D0B44725-3666-492D-BEF6-587A14BD9BD9}

MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}

MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}

My TOSHIBA-->MsiExec.exe /I{AE8FFD41-8BFC-47D3-829E-77D23BFF09FF}

MySQL Connector/ODBC 3.51-->MsiExec.exe /I{F929096B-54A0-4C5C-B125-1E7EB1917412}

OpenOffice.org 3.2-->MsiExec.exe /I{6ADD0603-16EF-400D-9F9E-486432835002}

OverDrive Media Console-->MsiExec.exe /I{D4AFC7AD-F637-4EDD-BC76-767E4AF78CE1}

palmOne-->MsiExec.exe /X{FF24F097-D090-41D2-8E9C-BAFEBBFD938C}

PDF Settings CS5-->MsiExec.exe /I{A78FE97A-C0C8-49CE-89D0-EDD524A17392}

Picasa 2-->"C:\Program Files (x86)\Picasa2\Uninstall.exe"

PlayReady PC runtime-->MsiExec.exe /X{704ABF63-B0B1-446B-9D92-C5D06AFCE7B6}

QuickTime-->MsiExec.exe /I{7BE15435-2D3E-4B58-867F-9C75BED0208C}

RealNetworks - Microsoft Visual C++ 2005 Runtime-->MsiExec.exe /I{026C3D27-9BE1-46BE-BEAE-6DE38A0F4FBE}

RealNetworks - Microsoft Visual C++ 2008 Runtime-->MsiExec.exe /X{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}

Realtek 8136 8168 8169 Ethernet Driver-->C:\Program Files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -removeonly

Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -removeonly

RealUpgrade 1.1-->MsiExec.exe /I{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}

Safari-->MsiExec.exe /I{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FD8D7C9A-E56A-3E7B-BA6D-FE68F13296E3} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {F66C3466-1FDB-347C-B3AE-FB6C50627B10} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {B5BD3CA1-11AB-35A6-B22A-6A219DC0668E} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E720AD01-93D5-3E8E-BB8D-E4EF5AF4E5DD} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {BCD37DCB-F479-3D4D-A90E-A0F7575549C4} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FF811680-AECE-3F35-A98C-1B84B6E09168} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {5D45782A-1099-317E-ABCC-FF63D5B21386} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E59B2174-E924-311F-8549-AD714C14664D} /parameterfolder Client

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A0D5F849-D9D5-48ED-99D0-C74D7BFA6A09}

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A0D5F849-D9D5-48ED-99D0-C74D7BFA6A09}

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AEA16A27-0B97-4670-818F-A98D06EC0A6F}

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {AEA16A27-0B97-4670-818F-A98D06EC0A6F}

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0EF0D4FB-BB23-4515-AAEA-1240AC2DA525}

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0EF0D4FB-BB23-4515-AAEA-1240AC2DA525}

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5A8732F0-C20F-4A9B-A2A9-66FE7A586C35}

Shop for HP Supplies-->C:\Program Files (x86)\HP\Digital Imaging\HPSSupply\hpzscr01.exe -datfile hpqbud16.dat

Simply Accounting by Sage 2010-->"C:\Program Files (x86)\InstallShield Installation Information\{5BB74B26-8320-4846-951F-84CFFAD671C6}\setup.exe" -runfromtemp -l0x0409 -removeonly

Simply Accounting by Sage 2010-->MsiExec.exe /I{5BB74B26-8320-4846-951F-84CFFAD671C6}

Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall

TOSHIBA Assist-->C:\Program Files (x86)\InstallShield Installation Information\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}\setup.exe -runfromtemp -l0x0009 -removeonly

TOSHIBA Disc Creator-->MsiExec.exe /X{5DA0E02F-970B-424B-BF41-513A5018E4C0}

TOSHIBA DVD PLAYER-->C:\Program Files (x86)\InstallShield Installation Information\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}\setup.exe -runfromtemp -l0x0009 -ADDREMOVE -removeonly

TOSHIBA eco Utility-->C:\Program Files (x86)\InstallShield Installation Information\{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}\setup.exe -runfromtemp -l0x0409

TOSHIBA Extended Tiles for Windows Mobility Center-->C:\Program Files (x86)\InstallShield Installation Information\{617C36FD-0CBE-4600-84B2-441CEB12FADF}\setup.exe -runfromtemp -l0x0409

TOSHIBA Face Recognition-->"C:\Program Files (x86)\InstallShield Installation Information\{F67FA545-D8E5-4209-86B1-AEE045D1003F}\setup.exe" -runfromtemp -l0x0409 -removeonly

TOSHIBA Face Recognition-->MsiExec.exe /X{F67FA545-D8E5-4209-86B1-AEE045D1003F}

TOSHIBA Flash Cards Support Utility-->C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{620BBA5E-F848-4D56-8BDA-584E44584C5E}

TOSHIBA Hardware Setup-->C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{5279374D-87FE-4879-9385-F17278EBB9D3} /l1033

TOSHIBA HDD Protection-->MsiExec.exe /X{94A90C69-71C1-470A-88F5-AA47ECC96B40}

TOSHIBA HDD/SSD Alert-->C:\Program Files (x86)\InstallShield Installation Information\{D4322448-B6AF-4316-B859-D8A0E84DCB38}\setup.exe -runfromtemp -l0x0409

TOSHIBA Internal Modem Region Select Utility-->C:\Program Files (x86)\InstallShield Installation Information\{89F7D66C-777D-473B-AA11-319C0F190EAC}\setup.exe -runfromtemp -l0x0409

TOSHIBA PC Health Monitor-->MsiExec.exe /X{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}

TOSHIBA Recovery Disc Creator-->MsiExec.exe /X{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}

TOSHIBA Remote Control Manager-->C:\Program Files (x86)\InstallShield Installation Information\{FEB650EB-7639-444E-9FC2-C33EE6ED1A37}\setup.exe -runfromtemp -l0x0009 -removeonly

TOSHIBA SD Memory Utilities-->MsiExec.exe /X{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}

TOSHIBA Service Station-->C:\Program Files (x86)\InstallShield Installation Information\{AC6569FA-6919-442A-8552-073BE69E247A}\setup.exe -runfromtemp -l0x0009 -removeonly

TOSHIBA Software Modem-->C:\Windows\agrsmdel

TOSHIBA Speech System Applications-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}\Setup.exe" -l0x9

TOSHIBA Speech System SR Engine(U.S.) Version1.0-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{008D69EB-70FF-46AB-9C75-924620DF191A}\Setup.exe" -l0x9 UNINSTALL

TOSHIBA Speech System TTS Engine(U.S.) Version1.0-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}\Setup.exe" -l0x9

TOSHIBA Supervisor Password-->C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE} /l1033

Toshiba Upgrade Assistant for Microsoft Windows 7-->C:\Program Files (x86)\InstallShield Installation Information\{41773726-92D0-4265-A0F8-DD980CA1AEC4}\setup.exe -runfromtemp -l0x0009 -removeonly

TOSHIBA USB Sleep and Charge Utility-->C:\Program Files (x86)\InstallShield Installation Information\{E487EE7D-EAAA-4E2A-9116-E3B477D8A74F}\setup.exe -runfromtemp -l0x0009 -removeonly

TOSHIBA Value Added Package-->C:\Program Files\TOSHIBA\TVAP\Setup.exe

TOSHIBA Web Camera Application-->C:\Program Files (x86)\InstallShield Installation Information\{5E6F6CF3-BACC-4144-868C-E14622C658F3}\setup.exe -runfromtemp -l0x0009 -removeonly

Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}

Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {29C7BE97-DE59-37A2-A687-2ADD5321948A} /parameterfolder Client

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7D799A81-5661-3159-BF92-754161CED6E6} /parameterfolder Client

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4DFA8287-EA36-3469-99FE-F568FEC81653} /parameterfolder Client

Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}

Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B7873DF5-9E1C-45EE-8895-D29C6AE01202}

Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B7873DF5-9E1C-45EE-8895-D29C6AE01202}

Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C20964A7-5181-45E5-9E82-72F5D400DEBF}

Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C20964A7-5181-45E5-9E82-72F5D400DEBF}

Update for Microsoft Office 2007 suites (KB2597970) 32-Bit Edition-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {91E130AA-C37F-42D8-9D5D-397B3416A7F2}

Update for Microsoft Office Access 2007 Help (KB963663)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}

Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {567103D1-96CD-4B76-93B9-2681A187DEFF}

Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {567103D1-96CD-4B76-93B9-2681A187DEFF}

Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}

Update for Microsoft Office Infopath 2007 Help (KB963662)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {716B81B8-B13C-41DF-8EAC-7A2F656CAB63}

Update for Microsoft Office OneNote 2007 Help (KB963670)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2744EF05-38E1-4D5D-B333-E021EDAEA245}

Update for Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {0451F231-E3E3-4943-AB9F-58EB96171784}

Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}

Update for Microsoft Office Publisher 2007 Help (KB963667)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2E40DE55-B289-4C8B-8901-5D369B16814F}

Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}

Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}

Update Installer for WildTangent Games App-->"C:\Program Files (x86)\WildTangent Games\App\Uninstall.exe"

Visual C++ 8.0 Runtime Setup Package (x64)-->MsiExec.exe /I{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}

Visual Studio 2008 x64 Redistributables-->MsiExec.exe /I{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}

WildTangent Games App (Toshiba Games)-->"C:\Program Files (x86)\WildTangent Games\Touchpoints\toshiba\Uninstall.exe"

WildTangent Games-->"C:\Program Files (x86)\TOSHIBA Games\Uninstall.exe"

Windows 7 Upgrade Advisor-->MsiExec.exe /I{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}

Windows Live Communications Platform-->MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066}

Windows Live Essentials-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe

Windows Live Essentials-->MsiExec.exe /I{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}

Windows Live Family Safety-->MsiExec.exe /I{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}

Windows Live Family Safety-->MsiExec.exe /X{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}

Windows Live ID Sign-in Assistant-->MsiExec.exe /I{1B8ABA62-74F0-47ED-B18C-A43128E591B8}

Windows Live Installer-->MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917}

Windows Live Language Selector-->MsiExec.exe /I{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}

Windows Live Mail-->MsiExec.exe /I{9D56775A-93F3-44A3-8092-840E3826DE30}

Windows Live Mail-->MsiExec.exe /I{C66824E4-CBB3-4851-BB3F-E8CFD6350923}

Windows Live Mesh ActiveX Control for Remote Connections-->MsiExec.exe /I{2902F983-B4C1-44BA-B85D-5C6D52E2C441}

Windows Live Mesh-->MsiExec.exe /I{A0C91188-C88F-4E86-93E6-CD7C9A266649}

Windows Live Mesh-->MsiExec.exe /I{DECDCB7C-58CC-4865-91AF-627F9798FE48}

Windows Live Messenger Companion Core-->MsiExec.exe /I{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}

Windows Live Messenger-->MsiExec.exe /X{80956555-A512-4190-9CAD-B000C36D6B6B}

Windows Live Messenger-->MsiExec.exe /X{EB4DF488-AAEF-406F-A341-CB2AAA315B90}

Windows Live MIME IFilter-->MsiExec.exe /I{DA54F80E-261C-41A2-A855-549A144F2F59}

Windows Live Movie Maker-->MsiExec.exe /X{19BA08F7-C728-469C-8A35-BFBD3633BE08}

Windows Live Movie Maker-->MsiExec.exe /X{92EA4134-10D1-418A-91E1-5A0453131A38}

Windows Live Photo Common-->MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}

Windows Live Photo Common-->MsiExec.exe /X{D436F577-1695-4D2F-8B44-AC76C99E0002}

Windows Live Photo Gallery-->MsiExec.exe /X{3336F667-9049-4D46-98B6-4C743EEBC5B1}

Windows Live Photo Gallery-->MsiExec.exe /X{34F4D9A4-42C2-4348-BEF4-E553C84549E7}

Windows Live PIMT Platform-->MsiExec.exe /I{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}

Windows Live Remote Client Resources-->MsiExec.exe /I{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}

Windows Live Remote Client-->MsiExec.exe /I{DF6D988A-EEA0-4277-AAB8-158E086E439B}

Windows Live Remote Service Resources-->MsiExec.exe /I{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}

Windows Live Remote Service-->MsiExec.exe /I{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}

Windows Live SOXE Definitions-->MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F}

Windows Live SOXE-->MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4}

Windows Live UX Platform Language Pack-->MsiExec.exe /I{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}

Windows Live UX Platform-->MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}

Windows Live Writer Resources-->MsiExec.exe /X{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}

Windows Live Writer-->MsiExec.exe /X{A726AE06-AAA3-43D1-87E3-70F510314F04}

Windows Live Writer-->MsiExec.exe /X{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}

Windows Live Writer-->MsiExec.exe /X{AAF454FC-82CA-4F29-AB31-6A109485E76E}

Windows Mail Recovery v.3.4.0-->"C:\Program Files\Windows Mail Recovery\unins000.exe"

Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}

======Hosts File======

127.0.0.1 activate.adobe.com

======System event log======

Computer Name: Shari-PC

Event Code: 43029

Message: Display is not active

Record Number: 129284

Source Name: atikmdag

Time Written: 20110620153117.181038-000

Event Type: Error

User:

Computer Name: Shari-PC

Event Code: 43029

Message: Display is not active

Record Number: 129271

Source Name: atikmdag

Time Written: 20110620150910.030400-000

Event Type: Error

User:

Computer Name: Shari-PC

Event Code: 43029

Message: Display is not active

Record Number: 129257

Source Name: atikmdag

Time Written: 20110620145951.080033-000

Event Type: Error

User:

Computer Name: Shari-PC

Event Code: 43029

Message: Display is not active

Record Number: 129241

Source Name: atikmdag

Time Written: 20110620143520.986027-000

Event Type: Error

User:

Computer Name: Shari-PC

Event Code: 43029

Message: Display is not active

Record Number: 129222

Source Name: atikmdag

Time Written: 20110620141347.071032-000

Event Type: Error

User:

=====Application event log=====

Computer Name: Shari-PC

Event Code: 100

Message: Task Scheduling Error: m->NextScheduledEvent 1260941

Record Number: 141295

Source Name: Bonjour Service

Time Written: 20111017181609.000000-000

Event Type: Error

User:

Computer Name: Shari-PC

Event Code: 100

Message: Task Scheduling Error: Continuously busy for more than a second

Record Number: 141294

Source Name: Bonjour Service

Time Written: 20111017181609.000000-000

Event Type: Error

User:

Computer Name: Shari-PC

Event Code: 100

Message: Task Scheduling Error: m->NextScheduledSPRetry 1259287

Record Number: 141293

Source Name: Bonjour Service

Time Written: 20111017181607.000000-000

Event Type: Error

User:

Computer Name: Shari-PC

Event Code: 100

Message: Task Scheduling Error: m->NextScheduledEvent 1259287

Record Number: 141292

Source Name: Bonjour Service

Time Written: 20111017181607.000000-000

Event Type: Error

User:

Computer Name: Shari-PC

Event Code: 100

Message: Task Scheduling Error: Continuously busy for more than a second

Record Number: 141291

Source Name: Bonjour Service

Time Written: 20111017181607.000000-000

Event Type: Error

User:

=====Security event log=====

Computer Name: Shari-PC

Event Code: 4624

Message: An account was successfully logged on.

Subject:

Security ID: S-1-5-18

Account Name: SHARI-PC$

Account Domain: WORKGROUP

Logon ID: 0x3e7

Logon Type: 7

New Logon:

Security ID: S-1-5-21-1860276669-3846564906-2277380801-1000

Account Name: Shari

Account Domain: Shari-PC

Logon ID: 0x1a34edd4

Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:

Process ID: 0x334

Process Name: C:\Windows\System32\winlogon.exe

Network Information:

Workstation Name: SHARI-PC

Source Network Address: 127.0.0.1

Source Port: 0

Detailed Authentication Information:

Logon Process: User32

Authentication Package: Negotiate

Transited Services: -

Package Name (NTLM only): -

Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.

- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.

- Transited services indicate which intermediate services have participated in this logon request.

- Package name indicates which sub-protocol was used among the NTLM protocols.

- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.

Record Number: 44556

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20110510020703.958255-000

Event Type: Audit Success

User:

Computer Name: Shari-PC

Event Code: 4648

Message: A logon was attempted using explicit credentials.

Subject:

Security ID: S-1-5-18

Account Name: SHARI-PC$

Account Domain: WORKGROUP

Logon ID: 0x3e7

Logon GUID: {00000000-0000-0000-0000-000000000000}

Account Whose Credentials Were Used:

Account Name: Shari

Account Domain: Shari-PC

Logon GUID: {00000000-0000-0000-0000-000000000000}

Target Server:

Target Server Name: localhost

Additional Information: localhost

Process Information:

Process ID: 0x334

Process Name: C:\Windows\System32\winlogon.exe

Network Information:

Network Address: 127.0.0.1

Port: 0

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.

Record Number: 44555

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20110510020703.958255-000

Event Type: Audit Success

User:

Computer Name: Shari-PC

Event Code: 5061

Message: Cryptographic operation.

Subject:

Security ID: S-1-5-19

Account Name: LOCAL SERVICE

Account Domain: NT AUTHORITY

Logon ID: 0x3e5

Cryptographic Parameters:

Provider Name: Microsoft Software Key Storage Provider

Algorithm Name: RSA

Key Name: ef7ffb5d-0178-442a-8964-e8b6db815e09

Key Type: Machine key.

Cryptographic Operation:

Operation: Open Key.

Return Code: 0x0

Record Number: 44554

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20110510015548.545688-000

Event Type: Audit Success

User:

Computer Name: Shari-PC

Event Code: 5058

Message: Key file operation.

Subject:

Security ID: S-1-5-19

Account Name: LOCAL SERVICE

Account Domain: NT AUTHORITY

Logon ID: 0x3e5

Cryptographic Parameters:

Provider Name: Microsoft Software Key Storage Provider

Algorithm Name: Not Available.

Key Name: ef7ffb5d-0178-442a-8964-e8b6db815e09

Key Type: Machine key.

Key File Operation Information:

File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d8e263782db7281da756467bc02cc64e_897c8f13-60ec-460d-a7ba-2cbdf3953505

Operation: Read persisted key from file.

Return Code: 0x0

Record Number: 44553

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20110510015548.545688-000

Event Type: Audit Success

User:

Computer Name: Shari-PC

Event Code: 5061

Message: Cryptographic operation.

Subject:

Security ID: S-1-5-18

Account Name: SHARI-PC$

Account Domain: WORKGROUP

Logon ID: 0x3e7

Cryptographic Parameters:

Provider Name: Microsoft Software Key Storage Provider

Algorithm Name: RSA

Key Name: {B1AFD20E-4697-49DB-9D7A-0479F4188B88}

Key Type: Machine key.

Cryptographic Operation:

Operation: Open Key.

Return Code: 0x0

Record Number: 44552

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20110510015543.457397-000

Event Type: Audit Success

User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC

"PROCESSOR_ARCHITECTURE"=AMD64

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"USERNAME"=SYSTEM

"windir"=%SystemRoot%

"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\

"NUMBER_OF_PROCESSORS"=2

"PROCESSOR_LEVEL"=6

"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 23 Stepping 10, GenuineIntel

"PROCESSOR_REVISION"=170a

"asl.log"=Destination=file

"DFSTRACINGON"=FALSE

"Path"=C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Common Files\Ulead Systems\MPEG;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\

"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\34FB5F65-FFEB-4B61-BF0E-A6A76C450FAA\TraceFormat

"CLASSPATH"=.;C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip

"QTJAVA"=C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

amykitty8 · March 26, 2012

Thanks for helping. Sorry It wouldn't let me send it in one post cause it was to long.

amykitty8 · March 26, 2012

security check up

Results of screen317's Security Check version 0.99.24

Windows 7 x64 (UAC is disabled!)

Internet Explorer 9

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

avast! Free Antivirus

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Java 6 Update 31

Adobe Flash Player ( 10.0.32.18) Flash Player Out of Date!

Adobe Reader X (10.1.2)

````````````````````````````````

Process Check:

objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe

Malwarebytes' Anti-Malware mbamgui.exe

AVAST Software Avast AvastSvc.exe

AVAST Software Avast AvastUI.exe

``````````End of Log````````````

amykitty8 · March 26, 2012

Bitdefender

QuickScan 32-bit v0.9.9.113

---------------------------

Scan date: Mon Mar 26 14:16:57 2012

Machine ID: 8C30AB8C

No infection found.

-------------------

Processes

---------

AAM Updates Notifier Application 7844 C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe

Adobe Acrobat Update Service 1884 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

Adobe Photoshop Elements 1960 C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe

avast! Antivirus 1424 C:\Program Files\AVAST Software\Avast\AvastSvc.exe

avast! Antivirus 3040 C:\Program Files\AVAST Software\Avast\AvastUI.exe

GPCore COM object 5840 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

HDMI Control Manager 2636 C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe

hp digital imaging - hp all-in-one seri 4956 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe

hp digital imaging - hp all-in-one seri 3296 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe

hp digital imaging - hp all-in-one seri 3728 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

HP Smart Web Printing 26860 C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe

InstallShield Update Service 21756 C:\Program Files (x86)\Common Files\InstallShield\UpdateService\agent.exe

InstallShield Update Service 2224 C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe

InstallShield Update Service 23360 C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe

iTunes 1344 C:\Program Files (x86)\iTunes\iTunesHelper.exe

Java Platform SE Auto Updater 2 0 2380 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

KeNotify Application 444 C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe

LightScribe 1828 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

LtMoh Application 4384 C:\Program Files\ltmoh\ltmoh.exe

Malwarebytes Anti-Malware 3972 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

Malwarebytes Anti-Malware 1484 D:\Malwarebytes' Anti-Malware\mbamgui.exe

MobileDeviceService 1124 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

PEV.DAT 2100 C:\Users\Shari\AppData\Local\Temp\nslB405.tmp\PEV.DAT

Simply Accounting Connection Manager 4308 C:\Program Files (x86)\winsim\ConnectionManager\Simply.SystemTrayIcon.exe

TOSHIBA Remote Control Manager 3392 C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe

Windows® Internet Explorer 2248 C:\Program Files (x86)\Internet Explorer\iexplore.exe

Windows® Internet Explorer 4960 C:\Program Files (x86)\Internet Explorer\iexplore.exe

Windows® Internet Explorer 27380 C:\Program Files (x86)\Internet Explorer\iexplore.exe

(verified) Microsoft® Windows® Operating System 1760 C:\Windows\SysWOW64\svchost.exe

Network activity

----------------

Process AvastSvc.exe (1424) connected on port 80 (HTTP) --> 72.5.58.52

Process iexplore.exe (2248) connected on port 80 (HTTP) --> 206.108.207.162

Process iexplore.exe (2248) connected on port 80 (HTTP) --> 173.194.79.139

Process iexplore.exe (27380) connected on port 80 (HTTP) --> 173.194.79.139

Process iexplore.exe (27380) connected on port 80 (HTTP) --> 173.194.79.121

Process iexplore.exe (27380) connected on port 80 (HTTP) --> 65.60.5.220

Autoruns and critical files

---------------------------

HWSetup C:\Program Files\TOSHIBA\Utilities\HWSetup.exe

Adobe CS5 Service Manager C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe

Adobe Reader and Acrobat Manager C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

Adobe Updater Startup Utility C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe

Apple Push C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe

avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastUI.exe

Catalyst® Control Center C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

GrooveMonitor Utility C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe

GrooveShellExtensions Module C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

HD Audio Control Panel C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

HDMI Control Manager C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe

HP Digital Imaging C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe

hp digital imaging - hp all-in-one seri C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

HpqSRmon Application C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe

InstallShield Update Service C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe

InstallShield Update Service C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

Internet Explorer C:\Program Files (x86)\Internet Explorer

iTunes C:\Program Files (x86)\iTunes\iTunesHelper.exe

Java Platform SE Auto Updater 2 0 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

KeNotify Application C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe

LtMoh Application C:\Program Files\ltmoh\ltmoh.exe

Malwarebytes Anti-Malware D:\Malwarebytes' Anti-Malware\mbamgui.exe

Microsoft® Windows® Operating System C:\Windows\ehome\ehTray.exe

Microsoft® Windows® Operating System C:\Windows\system32\cmd.exe

Microsoft® Windows® Operating System C:\Windows\system32\userinit.exe

MobileMe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

QuickTime C:\Program Files (x86)\QuickTime\QTTask.exe

SBSV 2010/02/19-11:02:07 C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

Simply Accounting Connection Manager C:\Program Files (x86)\winsim\ConnectionManager\Simply.SystemTrayIcon.exe

SVPWUTIL Application C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe

TOSHIBA Button Support C:\Program Files\TOSHIBA\TBS\HSON.exe

TOSHIBA eco Utility C:\Program Files\TOSHIBA\TECO\Teco.exe

TOSHIBA Flash Cards C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

TOSHIBA HDD SSD Alert C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe

TOSHIBA PC Health Monitor C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe

TOSHIBA Power Saver C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE

TOSHIBA Remote Control Manager C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe

TOSHIBA USB Sleep and Charge C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe

TOSHIBA Zooming Utility C:\Program Files\Toshiba\SmoothView\SmoothView.exe

(verified) Google Update C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Browser plugins

---------------

AcroIEHelperShim Library C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

Adobe Acrobat C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

Adobe Acrobat C:\Program Files (x86)\Internet Explorer\plugins\nppdf32.dll

avast! WebRep C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

Babylon Toolbar C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarTlbr.dll

Babylon Toolbar C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\bh\BabylonToolbar.dll

Bitdefender QuickScan C:\Windows\Downloaded Program Files\qsax.dll

Bonjour C:\Program Files (x86)\Bonjour\mdnsNSP.dll

Bonjour C:\Program Files\Bonjour\mdnsNSP.dll

Google Update C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

GrooveShellExtensions Module C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

HP Smart Web Printing C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

HP Smart Web Printing C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

InstallShield Update Service C:\Windows\Downloaded Program Files\isusweb.dll

Java Platform SE 6 U31 C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

Java Platform SE 6 U31 C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

Java Platform SE 6 U31 C:\Program Files (x86)\Java\jre6\bin\ssv.dll

Microsoft® CoReXT C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

Microsoft® CoReXT C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

Microsoft® CoReXT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

Microsoft® Windows® Operating System C:\Windows\system32\mswsock.dll

Microsoft® Windows® Operating System C:\Windows\system32\NLAapi.dll

NP_wtapp.dll C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll

npitunes.dll C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

NPSWF32.dll C:\Windows\system32\Macromed\Flash\NPSWF32.dll

Picasa C:\Program Files (x86)\Picasa2\npPicasa2.dll

QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin.dll

QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin2.dll

QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin3.dll

QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin4.dll

QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin5.dll

QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin6.dll

QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin7.dll

Silverlight Plug-In c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll

Windows Live Messenger Companion C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

Windows Live Photo Gallery C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

Windows Presentation Foundation c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

Windows® Internet Explorer C:\Windows\SysWOW64\ieframe.dll

(verified) InstallShield Update Service C:\Windows\Downloaded Program Files\dwusplay.dll

(verified) InstallShield Update Service C:\Windows\Downloaded Program Files\dwusplay.exe

(verified) Microsoft® Windows® Operating System C:\Windows\system32\napinsp.dll

(verified) Microsoft® Windows® Operating System C:\Windows\system32\pnrpnsp.dll

(verified) Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll

Missing files

-------------

File not found: C:\Users\Shari\AppData\Local\Akamai\netsession_win.exe

--> HKCU\Software\Microsoft\Windows\CurrentVersion\Run\"Akamai NetSession Interface"

Scan

----

MD5: c004f38974f4d321b4c20a240e1175c0 C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe

MD5: b4c6840939d5030b63a7d64645f4d983 C:\Program Files (x86)\Adobe\Elements 9 Organizer\platform.dll

MD5: 8082f66dc9c8167ff1aa548736f58457 C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

MD5: 8143723d21f4fa9b7aa295a29ae9541c C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

MD5: 0d3c94d4405b18dd0f5fa45c2f1e6e47 C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarApp.dll

MD5: 9e333a83f65f010bae4b958e71775c15 C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarEng.dll

MD5: 034c197e79d7233bd04bfac1710cb988 C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarTlbr.dll

MD5: c471b1eef9df1c55b5261006ce04e11f C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\bh\BabylonToolbar.dll

MD5: 40947436a70e0034e41123df5a0a7702 C:\Program Files (x86)\Bonjour\mdnsNSP.dll

MD5: bea99c8ce8583bd99d0e73ab018f204e C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

MD5: 8a3ba48b5be893e1d81bfac17a3c1b1f C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

MD5: b8e421c0890356cd4a793d8a346d9096 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

MD5: 62b7936f9036dd6ed36e6a7efa805dc0 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

MD5: de93885641d5c4f7ea7563a08137b218 C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe

MD5: 9c825b8bbef134fff112225202e22d1a C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\LogSession.dll

MD5: 9a8d791996e764e66187830c0611db49 C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterCore.dll

MD5: bb7481a1306823d1b6592263f1ab8dd7 C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe

MD5: f577910a133a592234ebaad3f3afa258 C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

MD5: 60c079cb2150760263d1fe5ff6218961 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\AppleVersions.dll

MD5: 1f3ff6c062b311fe410ec89f6bfac213 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe

MD5: 37cf2461cb5e40c4cfab82c8fc79a2bc C:\Program Files (x86)\Common Files\Apple\Apple Application Support\ASL.dll

MD5: fc33cbbb9cadcec307da010fe763d04c C:\Program Files (x86)\Common Files\Apple\Apple Application Support\CFNetwork.dll

MD5: 054b87c872292a960b9b8a834b34dfa7 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\CoreFoundation.dll

MD5: 149d74e1128a86dc9cfb2851fbea11eb C:\Program Files (x86)\Common Files\Apple\Apple Application Support\icudt46.dll

MD5: 250bf888ddbe88d61eb19a9d4957c794 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libdispatch.dll

MD5: fd86c605fd7ad4a41c01ec7a4a1e1c5d C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libicuin.dll

MD5: a3609397ef273b03295dbb10274be12c C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libicuuc.dll

MD5: 18301b40411b2108076ab685b4e4b6dc C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

MD5: 794950db77aa590c2964eca0a5874a09 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\objc.dll

MD5: df1c1cd0c7ee95cc00d71e9e415e7bcd C:\Program Files (x86)\Common Files\Apple\Apple Application Support\pthreadVC2.dll

MD5: c28fd3b37b6f18751c99e6022a2a9782 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\SQLite3.dll

MD5: 2503287bd19ae52e36e9de42834a2ac0 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\YSCrashDump.DLL

MD5: a56ccbbfccedce2fd9c69fed24e035e3 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MD5: 3debbecf665dcdde3a95d9b902010817 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

MD5: 1224bc6de919f8cd8c1c945280e63852 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll

MD5: 42cdfb2273eec623b903c311b19fb484 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

MD5: 06a4250c9e3606cae3f68da45702f342 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iTunesMobileDevice.dll

MD5: 905b5bf5be0a86e8412801bf20357195 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\MobileDevice.dll

MD5: 7b9bdc7849c94ae302b29688fe14d90f C:\Program Files (x86)\Common Files\InstallShield\UpdateService\_ispmres.dll

MD5: 2dcb5abe60984701af96a76b6749148a C:\Program Files (x86)\Common Files\InstallShield\UpdateService\agent.exe

MD5: 51f3c4fbeef66ceba7abe43f4f5c1b69 C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe

MD5: 053d8d245118bea6e21e1812871f67ba C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe

MD5: 98a078f838a70f84e1bd490d7c7675f4 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

MD5: c1a3af85dbfc67988fb71ce5e8f3b570 C:\Program Files (x86)\Common Files\LightScribe\LSLog.dll

MD5: f3918787f9d5f5ff2da57cdefb858ec5 C:\Program Files (x86)\Common Files\LightScribe\LSSProxy.dll

MD5: 6e5dac168d1ff9843e84a59d51d31107 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

MD5: 2424231bbd703a677d115c29983b4293 C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL

MD5: 785f487a64950f3cb8e9f16253ba3b7b C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

MD5: 6bf01e200063d7274f3af06d226671f5 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

MD5: da579734b4375740efee86ffdfed57a7 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\wlidcli.DLL

MD5: 9d4a1690af93f233e15380398bec7431 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

MD5: 1e6b52abdf4082374de9d43cbd2f7e08 C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

MD5: ebd98cf6e4d04d300e57f9ec15d3bead C:\Program Files (x86)\HP\Digital Imaging\bin\hpocxi08.dll

MD5: 4967aa8bd06d51af10e629287c7a264d C:\Program Files (x86)\HP\Digital Imaging\bin\hpodio08.dll

MD5: ffad5f0a4ed6c79bdab71a3084faa621 C:\Program Files (x86)\HP\Digital Imaging\bin\hpotra08.dll

MD5: 0f5b791db1a18423c926f1791e2a43cb C:\Program Files (x86)\HP\Digital Imaging\bin\hpotra08.rsc

MD5: 017bd724c977cef95a01203aeca571d3 C:\Program Files (x86)\HP\Digital Imaging\bin\hpotradd.dll

MD5: 7e04b1ade140f483a6581461568d8d9c C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe

MD5: f54fff428bc887f08eb83674fbb321da C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcob08.dll

MD5: a39732604c75d237c80cc94b75e4eefe C:\Program Files (x86)\HP\Digital Imaging\bin\HpqCPTA.dll

MD5: e6bee998f3555266459abc69e2dd83dd C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxm08.dll

MD5: 0a3c6aa4a9fc38c20ba4eac2c3351c05 c:\program files (x86)\hp\digital imaging\bin\hpqcxs08.dll

MD5: c83c0791fc7fa3cbe9be2825b8a47eaf c:\program files (x86)\hp\digital imaging\bin\hpqddcmn.dll

MD5: df446ba625cc441617843e87798ce048 c:\program files (x86)\hp\digital imaging\bin\hpqddsvc.dll

MD5: 8f48362b61a6637d1b064278e549ef40 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddusr.dll

MD5: 347a39b69ac03b8f56d8807b989f5ca8 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpb01.dll

MD5: 883008a9b5bff94a153d99dba54cb5c1 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

MD5: cc190b07e357bcd40c2afb57b9a67b7f C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpreh.dll

MD5: 4122925c28e461811c033276e25589e9 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqmif08.dll

MD5: 3c69ce161c7007e9ad53a325492d446a C:\Program Files (x86)\HP\Digital Imaging\bin\hpqrif08.dll

MD5: 759a94a551d8dcc47343e302b50fd8e6 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsem08.rsc

MD5: e88c8f90588e9f738a04fbf386fd987d C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSplh08.dll

MD5: ff473648e7b1b37c7f3249a6549fac72 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe

MD5: 57527cf591c67bb8f0ba495d60426b96 C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRTA.dll

MD5: 332889d2c21a5b728fbbd45d6c89661a C:\Program Files (x86)\HP\Digital Imaging\bin\hpqssm08.dll

MD5: b70278d1459a677639d51892160fd365 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe

MD5: efb8937a7bf6dcedd0a10a79d2e756e2 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsti08.dll

MD5: 258977efc45fd728e929a8eb95554050 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqstp08.dll

MD5: b3c25be824aff69567496ba8640218aa C:\Program Files (x86)\HP\Digital Imaging\bin\hpqstp08.rsc

MD5: dab8c1971354b1a55d271066674ed734 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtao08.dll

MD5: ab47343af4e28bee50bacac93cc2e74a C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtap08.dll

MD5: d9335549eae48b14fb66efcb6ffae736 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

MD5: f89e2e5b554cceb5fcd344349c78fded C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.rsc

MD5: 715ab41a22e0de693cb101639070d3be C:\Program Files (x86)\HP\Digital Imaging\bin\hpquio08.dll

MD5: 2ab5f9e7d0780364f8bfea5cf3180240 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusg.dll

MD5: f0842cf3c0b33c07b2ca1692900f21b4 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqwso08.dll

MD5: aba42e3cf8dca42ea9c0bc3b72fa9491 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqxml2.dll

MD5: cbbaf06c2ac8882d239c8dc5bfa197fd C:\Program Files (x86)\HP\Digital Imaging\Product Assistant\bin\hprbevst.dll

MD5: b07b569af5665fcb388ea4b6a0756a10 C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\ClipBookDBComponent.dll

MD5: a9956c8ec5d16acef896f043a80a9fb6 C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_Operation.dll

MD5: 6f8a654af50f13b0abdda731527f65ad C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll

MD5: ac592074ac7d67ea52b9426ebee09c96 C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll

MD5: d749e8b62d7c2f6844f4995bb71b172a C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll

MD5: dd0343e035d76940c52fc0c65e0e3ef0 C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll

MD5: fa979bd1b2fbd8d7d409532461c846d6 C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll

MD5: 2151d95bba7d8766ba8b5bd1f595fb3a C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll

MD5: 2c9983d248c2c4d56ea275bfaffffdb1 C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\xre\components\hpNeoLogging.dll

MD5: dba01e33b18fd8592da0f47b99edb2d4 C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\xre\components\hpXRE.dll

MD5: 6966f7c128106c942f6787e78388a210 C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\xre\components\js3250.dll

MD5: 34ef8080d4591a495f94e95d37c04b09 C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\xre\components\MOZCRT19.dll

MD5: 63d5682fe31278f4eab4bf93db523886 C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\xre\components\nspr4.dll

MD5: 350d6d825023a4a58cf2691e2f7ca848 C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\xre\components\nss3.dll

MD5: 15dd623207d99f6e33d8e1b656c59e75 C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\xre\components\nssutil3.dll

MD5: f86062027e3e27652978cf2ac2dcf99d C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\xre\components\plc4.dll

MD5: 3071da2e0aa382df856fa5eaf2f0c716 C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\xre\components\plds4.dll

MD5: a1474e9488527c9aed975725d6ff3449 C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\xre\components\smime3.dll

MD5: 0a6152534ea55f45bc29c4d17ecbeb49 C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\xre\components\sqlite3.dll

MD5: cad799dd070c782d02686d06dc980ac1 C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\xre\components\ssl3.dll

MD5: 2fbe5087b17225f035150e2f2bf7d6d0 C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\xre\components\xpcom.dll

MD5: 72596213ebdecb7ef1ee933df071a32b C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\xre\components\xul.dll

MD5: 10cbadbb78ceee801e07f70910acc2a9 C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\RsrcLoaderLib.dll

MD5: f36fa84c7c1f4107433b76bd38a4389f C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\SatelliteENU.dll

MD5: c6157a1233be84d05a194f46022ef619 C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\UtilityLib.dll

MD5: a1659e4d08fe8d0f0bc61960d8c0369e C:\Program Files (x86)\Internet Explorer\ieproxy.dll

MD5: cf5d4889c15cc8a40be54f55f27093b1 C:\Program Files (x86)\Internet Explorer\IEShims.dll

MD5: 904e13ba41af2e353a32cf351ca53639 C:\Program Files (x86)\Internet Explorer\iexplore.exe

MD5: 53fe2d34b143efdb80685281e751b91c C:\Program Files (x86)\Internet Explorer\plugins\nppdf32.dll

MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin.dll

MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin2.dll

MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin3.dll

MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin4.dll

MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin5.dll

MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin6.dll

MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin7.dll

MD5: 8ff64dd3d8200ed0a61410ed8f61c80d C:\Program Files (x86)\Internet Explorer\sqmapi.dll

MD5: e4ce6c4ae730e0ec87fc5da4cd1946ad C:\Program Files (x86)\iTunes\iTunesHelper.dll

MD5: 0dcac41eb58a45049bd7ff665c32d5f4 C:\Program Files (x86)\iTunes\iTunesHelper.exe

MD5: e7be61eb1bde3921ff0cdd24f1535332 C:\Program Files (x86)\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.DLL

MD5: 93a67ad03fd9c2286a4a5ad9a67f381a C:\Program Files (x86)\iTunes\iTunesHelper.Resources\iTunesHelper.DLL

MD5: 64151c0799431e0304ae1bd6202131a7 C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

MD5: a9770771b622a871643ea2a4a3983e95 C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

MD5: 34e3709244736b8976820f730e5a8815 C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

MD5: 8e6c86726b67d3faa3144849b9aac06c C:\Program Files (x86)\Java\jre6\bin\ssv.dll

MD5: 82f9764ebe2ef590cd2b3beb234e5671 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.dll

MD5: d3b6d02f0d95a62dfbae7d7ea404db59 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamcore.dll

MD5: a2c2ec01306a666c4372bb7a06659b5d C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamnet.dll

MD5: 056b19651bd7b7ce5f89a3ac46dbdc08 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

MD5: 123271bd5237ab991dc5c21fdf8835eb C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe

MD5: 0e34b7bb1fcf22bcc1e394d16f9e992b C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe

MD5: 30efebdc960a482e3e188b9960b286e2 C:\Program Files (x86)\Microsoft Office\Office12\GrooveNew.DLL

MD5: 30db64d316f502558db2380f7343c9fd C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

MD5: 207204af80505af51271fe164b56f662 C:\Program Files (x86)\Microsoft Office\Office12\GrooveUtil.DLL

MD5: ed327201724ea05d509b7939abe49e98 c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll

MD5: 625d0a824f513ce1cabb8861e97f2142 C:\Program Files (x86)\Picasa2\npPicasa2.dll

MD5: af43c4f7f3c8bc95dad95024f96cdc4a C:\Program Files (x86)\QuickTime\QTTask.exe

MD5: 32577b987ae5401038451bb392cb8d89 C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

MD5: 40f151bfde7a68aaf52bb07990af39d5 C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe

MD5: f1140ed3a1e1d6824a63f27afd9eef32 C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe

MD5: 0ee17b1575177974597b798b1f1e8a97 C:\Program Files (x86)\TOSHIBA\TRCMan\HardIO.dll

MD5: 884e15c0cbf4db145fd1f7fb790a9799 C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe

MD5: c5b2679b0ae204fdd0415199b7afef20 C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe

MD5: 81cc023d8ee53f137aeb735717cea919 C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe

MD5: ba72cfc2bf952da409a953e89d6fe2cd C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll

MD5: c403c5db49a0f9aaf4f2128edc0106d8 C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe

MD5: 47bdbce3e2d819b17ab9fa4539b9df71 C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

MD5: 4ce9dac1518ff7e77bd213e6394b9d77 C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe

MD5: 5b239ff33aeaffc5983aaad4dbf9c87f C:\Program Files (x86)\Windows Live\Installer\wlshim.dll

MD5: ac421a44de902f2627f1e63793ed89cd C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

MD5: 3856e8add648bc2dfeb07406c7f25804 C:\Program Files (x86)\Windows Live\Shared\UXCalendar.dll

MD5: f0d369b57b0b0b00d4e146f0f53fb86c C:\Program Files (x86)\Windows Live\Shared\uxcontacts.dll

MD5: e680a55e9488921fc487616f4ede7797 C:\Program Files (x86)\Windows Live\Shared\UXCore.dll

MD5: cc9e4d197143738bd868282e76ff6731 C:\Program Files (x86)\Windows Live\Shared\WLDCore.dll

MD5: 72f9da60ad131d4a74d17c4d62b75b24 C:\Program Files (x86)\winsim\ConnectionManager\Simply.SystemTrayIcon.exe

MD5: 850e17e9eb94d59a54bd6fa33a2cfa99 C:\Program Files (x86)\Winsim\ConnectionManager\SimplyConnectionManager.exe

MD5: 50765e0c0b94257ced940592aad02b68 C:\Program Files (x86)\Winsim\TransactionManager2010 - CDN\Sage_SA.TransactionManager.exe

MD5: 53f02d0b63c0581cc75b59feb8727868 C:\Program Files\AVAST Software\Avast\1033\Base.dll

MD5: e4483e1ad553b637fff75270db6ceab3 C:\Program Files\AVAST Software\Avast\1033\UILangRes.dll

MD5: c7cec19606f6c6bcef7dbd5056f93724 C:\Program Files\AVAST Software\Avast\Aavm4h.dll

MD5: b678403bb3864b7288676764d9f3bd05 C:\Program Files\AVAST Software\Avast\AavmRpch.dll

MD5: 10bf5ce8ed0730aa32d28c32ff09c56f C:\Program Files\AVAST Software\Avast\AhAScr.dll

MD5: 5fa711c78fceb7ba5f34c31ade5707ae C:\Program Files\AVAST Software\Avast\AhResBhv.dll

MD5: 710d1e35c7904f5b39fe46348dcf1141 C:\Program Files\AVAST Software\Avast\AhResJs.dll

MD5: 9ad0825d4e06e4059d4b60656cdeb2b5 C:\Program Files\AVAST Software\Avast\AhResMai.dll

MD5: 5c1d7208e37719966fdc447d135eeadd C:\Program Files\AVAST Software\Avast\AhResMes.dll

MD5: 51a5228a3a5888c916f3df20075a0873 C:\Program Files\AVAST Software\Avast\AhResNS.dll

MD5: 0fd1252cb6091d4b2c4da60bcaed8e7a C:\Program Files\AVAST Software\Avast\AhResP2P.dll

MD5: bb3972c96fc1feceeca79e81433e6be1 C:\Program Files\AVAST Software\Avast\AhResStd.dll

MD5: 0e6bc5d5ebe89ca95d29963de785277a C:\Program Files\AVAST Software\Avast\AhResWS.dll

MD5: 23f655904edbe354cacec16148073d1c C:\Program Files\AVAST Software\Avast\ashBase.dll

MD5: 1b34989ddfd77861d3bfc7bdb0ae45ea C:\Program Files\AVAST Software\Avast\ashServ.dll

MD5: 309391d362fa6036f92919cda11957f7 C:\Program Files\AVAST Software\Avast\ashTask.dll

MD5: 9765a954bc96d5444a55aacbac91a7c4 C:\Program Files\AVAST Software\Avast\ashTaskEx.dll

MD5: 90111518c52523789635e09d80c53584 C:\Program Files\AVAST Software\Avast\aswAra.dll

MD5: 0b8c72a9be02f1f1c6d2876b78f270ad C:\Program Files\AVAST Software\Avast\aswAux.dll

MD5: 153c55e9f84bf079a276c0d350806dc5 C:\Program Files\AVAST Software\Avast\aswCmnBS.dll

MD5: c1101c9f70c136106c80c7de073a7801 C:\Program Files\AVAST Software\Avast\aswCmnIS.dll

MD5: d07f23592281202d8f0bed99dfaf3db2 C:\Program Files\AVAST Software\Avast\aswCmnOS.dll

MD5: a43709d69b819285970de820d3ce0df4 C:\Program Files\AVAST Software\Avast\aswData.dll

MD5: aa8b84990d8605565c31daca9903067e C:\Program Files\AVAST Software\Avast\aswDld.dll

MD5: c0c17ab13efe021d09e278e127560944 C:\Program Files\AVAST Software\Avast\aswEngLdr.dll

MD5: 172c234f9c72a9bb2c939851acad734b C:\Program Files\AVAST Software\Avast\aswIdle.dll

MD5: b5b3db22e559bfd2f970a8d8f5ae9275 C:\Program Files\AVAST Software\Avast\aswJsFlt.dll

MD5: 0bf206e2eac174e9b607fb90930c2477 C:\Program Files\AVAST Software\Avast\aswLog.dll

MD5: a21f1d4883777c8f2b918b9a33988f52 C:\Program Files\AVAST Software\Avast\aswProperty.dll

MD5: a218dc737865366494df73601a7b4626 C:\Program Files\AVAST Software\Avast\aswSqLt.dll

MD5: 7d634bb1b2bc4249e0e00ef39ddd5aab C:\Program Files\AVAST Software\Avast\aswStrm.dll

MD5: 0db949d42fc8b02cee4fd2a32f9b0910 C:\Program Files\AVAST Software\Avast\aswUtil.dll

MD5: 1d55d89c711cddc0ddff4665656e13f8 C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

MD5: 4041d31508a2a084dfb42c595854090f C:\Program Files\AVAST Software\Avast\AvastSvc.exe

MD5: 782fef655dbf8653c9f2722bebf7a8a6 C:\Program Files\AVAST Software\Avast\AvastUI.exe

MD5: 5de753d819b3ed72bfb9ce4c57d3d047 C:\Program Files\AVAST Software\Avast\CommonRes.dll

MD5: daabb737eec31c2e54cc2c9939c9f4fb C:\Program Files\AVAST Software\Avast\defs\12032601\algo.dll

MD5: bad3ddd34f9d6fcfde51a407168850fa C:\Program Files\AVAST Software\Avast\defs\12032601\aswCleanerDLL.dll

MD5: cac074d89b94d80cea752a814d2ce9a2 C:\Program Files\AVAST Software\Avast\defs\12032601\aswCmnBS.dll

MD5: f400fcee6ff5594d36d1ccf6be2bef77 C:\Program Files\AVAST Software\Avast\defs\12032601\aswCmnIS.dll

MD5: 1d9b569b0bcac111e4dab7d9cec86cba C:\Program Files\AVAST Software\Avast\defs\12032601\aswCmnOS.dll

MD5: 4bad48f68ef88e69d36304792e51b299 C:\Program Files\AVAST Software\Avast\defs\12032601\aswEngin.dll

MD5: ec0897691aa5603c8bc4243266923c73 C:\Program Files\AVAST Software\Avast\defs\12032601\aswFiDb.dll

MD5: 8ebd34fadf90782c3a1b77104c463dc4 C:\Program Files\AVAST Software\Avast\defs\12032601\aswRep.dll

MD5: 7bacb32fdc0da79536b16ea38d1604e1 C:\Program Files\AVAST Software\Avast\defs\12032601\aswScan.dll

MD5: e0e3a3b9f7b630a99e0dd2a7af514331 C:\Program Files\AVAST Software\Avast\defs\12032601\uiExt.dll

MD5: 026c3bd6f2f2fdc676eced82062c9f47 C:\Program Files\AVAST Software\Avast\snxhk.dll

MD5: f9d908de6b166dac9b89bf62fa291ce8 C:\Program Files\Bonjour\mdnsNSP.dll

MD5: ebbcd5dfbb1de70e8f4af8fa59e401fd C:\Program Files\Bonjour\mDNSResponder.exe

MD5: 28ad5e311996a34025cfb07e131058dd C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

MD5: 7e47c328fc4768cb8beafbcfafa70362 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

MD5: a0327aa1960eb88668b252c3cdab75b6 C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe

MD5: ee4c2a137c7088911a8919effc9812e7 C:\Program Files\iPod\bin\iPodService.exe

MD5: b65f8dba54f251906bbe8611b5a0e7ab C:\Program Files\LSI SoftModem\agr64svc.exe

MD5: 40f593dda448ad66d5600a799faedc4a C:\Program Files\ltmoh\ltmoh.exe

MD5: d9115d2ecab5753fab7553642e0a8e34 C:\Program Files\ltmoh\MOHAPI.dll

MD5: a1652da8758c0753e1690ff59bc335e5 C:\Program Files\Macrium\Reflect\ReflectService.exe

MD5: 910afe116ade17c93e892c38452075f9 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

MD5: b9ff62ad15a11e468b3ba18cd8a83e5b C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

MD5: d7330569674ca0f889887075fb470011 C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe

MD5: ceb832917fd46757169ee35bd00a9172 C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe

MD5: 98c864481d62f86ec8af65be3419a95b C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

MD5: 596966f8c575d01a60f9553d9d090f64 C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE

MD5: cde1b73b7e71304b385ac9f5a44e0430 C:\Program Files\TOSHIBA\rselect\RSelSvc.exe

MD5: 7577cacc4f6c07175062c03cd1b7b763 C:\Program Files\Toshiba\SmoothView\SmoothView.exe

MD5: a62882f40163f1262808e380db5fed69 C:\Program Files\TOSHIBA\TBS\HSON.exe

MD5: fde3ec30ef457e967269397dbecc2959 C:\Program Files\TOSHIBA\TECO\Teco.exe

MD5: 947b552af9371bb52ab1e8c184d1a3d0 C:\Program Files\TOSHIBA\TECO\TecoService.exe

MD5: c5b90f05034111fc9f7f9e796fcc5930 C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe

MD5: b67c69e2982769355d9ff76dd3b2a0fd C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

MD5: 66c4503d050dbacafc5b38fe54edd86f C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

MD5: f919a4f30a436eddd92c77e2e8a7782b C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe

MD5: 8107e3a186c034ddeb14718d71332714 C:\Program Files\TOSHIBA\Utilities\HWSetup.exe

MD5: 06c8fa1cf39de6a735b54d906ba791c6 C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

MD5: a9f3bfc9345f49614d5859ec95b9e994 C:\Program Files\Windows Media Player\wmpnetwk.exe

MD5: 053d8d245118bea6e21e1812871f67ba C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

MD5: f1fba6185a6a2bc6456970914875078e C:\Users\Shari\AppData\Local\Temp\nslB405.tmp\PEV.DAT

MD5: 368b2bee3f88bfb883d2c74a258de6f6 C:\Windows\AppPatch\AcLayers.DLL

MD5: 6e55b702a50248d03e62af0cf3ceb87d C:\Windows\assembly\GAC_32\Simply.ConnectionManagerService\15.0.0.1__bfd98eaca3f932d5\Simply.ConnectionManagerService.dll

MD5: 638f45c6397c911828d2a478729b23aa C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll

MD5: 56cebc1d7b1d98959b87149ea3d22071 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll

MD5: a2c3f8e5ac37dbee96c563606f710fe3 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll

MD5: fff324a37cb0a2704d070f41059e5ab0 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\075d9c27aa02085fef8983b5f5f85834\System.ServiceProcess.ni.dll

MD5: 5764f20720f350d46fd6cef6cb3a4941 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll

MD5: 3d725c257ea3952158fffbb5874896da C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll

MD5: 68cdc33d31f1952c80a915677d7b7796 C:\Windows\Downloaded Program Files\isusweb.dll

MD5: ebc89d1526dc72917d4421551656c54e C:\Windows\Downloaded Program Files\qsax.dll

MD5: c4002b6b41975f057d98c439030cea07 C:\Windows\ehome\ehRecvr.exe

MD5: 10035e4c014522fe740172ff0b4ff43e C:\Windows\ehome\ehTray.exe

MD5: 332feab1435662fc6c672e25beb37be3 C:\Windows\Explorer.exe

MD5: 5988fc40f8db5b0739cd1e3a5d0d78bd C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

MD5: a8b7f3818ab65695e3a0bb3279f6dce6 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

MD5: 7b46a076184b73aedc1a66a71d9131e8 C:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll

MD5: 59d16fd61802739988728790bf1232b3 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll

MD5: 96076b8fcdff3c6db4ccfbf7fe3a9b28 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll

MD5: ab87eeffd18f2baafc274e7075ea6c67 c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

MD5: f5df6846f30e9f54ea60ccaeb3fb2055 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll

MD5: 773212b2aaa24c1e31f10246b15b276c C:\Windows\servicing\TrustedInstaller.exe

MD5: 37ce7a79d901235504f9add99a7ac177 C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll

MD5: 7a044b0746d957bfd7aae18cfd8422c5 C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll

MD5: 0a12d948b2cc7fbb01e28daa5e7c01ea C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll

MD5: cb4863f2bd46aa02d954b86b56a149da C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll

MD5: 2cae4ed96aa903578452b85e5383940c C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

MD5: e96170a923a69711b4d08e885f05d889 C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll

MD5: 44ca750001f0db8c308d1ca4abd0f8e5 C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll

MD5: 15df9eb8daba744e4d0e9b117f760f49 C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll

MD5: a2385b02cb492131af6f79959a42a93f C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll

MD5: 3ad0832e8e29fbe9bd722e3354dd4f57 C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

MD5: 88dc1714e38d4eb41a4378aab98e753b C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll

MD5: a1d4deb5176c96b1a80715f6a1fdfb4f C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

MD5: b302a1630e5aea2d830b76bbcd761d72 C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll

MD5: 22f767bb3b704f79363999bd4a49e68e C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

MD5: 00b83152f99e846fefb139c574cd4a96 C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll

MD5: 50035c36acee069d0c209288208626d9 C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll

MD5: cdf677ad479fa99f2e4d9766b83ef53c C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

MD5: 12c34c7325b74e8347e8db75279a8f3f C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

MD5: 96324ed3218133a13fff82055afac733 C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

MD5: a7bdf88a46bcc218b73e383e6547ba5f C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll

MD5: 573c70d7076f2f101752a727db7c2280 C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

MD5: 29b01d02e9ff3d8a63f8747b50a5a1a3 C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll

MD5: 0cc90316b34118e3b8af760d92c262a4 C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll

MD5: 6f399c3e562c4e69df96039743a7aa26 C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

MD5: f3b94e04053c2483a6fecf953d6661d6 C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

MD5: c6942a18444bfffc3cceca69a7e1879c C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll

MD5: f47e08b025ae376ef1342fc9ecfecdf1 C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll

MD5: 8a13e14b68e00ac2cb67420396d8a1c5 C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll

MD5: 863f793d15b4026b1a5fdeca873d4d84 C:\Windows\system32\apphelp.dll

MD5: 375fe18fcdbdb14e4f2704d602216dfd C:\Windows\system32\atidxx32.dll

MD5: c940f2f5c60b3727c5f18840735b229c C:\Windows\system32\AUDIOSES.DLL

MD5: 7a6986dd659b96398a11af5173892715 C:\Windows\system32\Cabinet.dll

MD5: ad7b9c14083b52bc532fba5948342b98 C:\Windows\system32\cmd.exe

MD5: 4e5fe39c1076d115ec8bfcfe14d75b80 C:\Windows\system32\credssp.dll

MD5: a585bebf7d054bd9618eda0922d5484a C:\Windows\system32\cryptsvc.dll

MD5: 465bea35f7ed4a4a57686dea7ea10f47 C:\Windows\system32\cscapi.dll

MD5: 35cede6439ff0d8903223a0817ffe46c C:\Windows\system32\d2d1.dll

MD5: 2de90400a63818fa38c4c5c9adb166bf C:\Windows\system32\d3d10_1.dll

MD5: 9c36a3ca80f9b204c670336d344f5df8 C:\Windows\system32\d3d10_1core.dll

MD5: 78b7a3bda25c90daa50d36a56a8d1351 C:\Windows\system32\D3D10Warp.dll

MD5: 53223b673a3fa2f9a4d1c31c8d3f6cd8 C:\Windows\system32\dbghelp.dll

MD5: 162d247e995eaebf3ef4289069e1111c C:\Windows\system32\DEVRTL.dll

MD5: e9e01eb683c132f7fa27cd607b8a2b63 C:\Windows\system32\dhcpcore.dll

MD5: b40420876b9288e0a1c8cca8a84e5dc9 C:\Windows\system32\DNSAPI.dll

MD5: 062373995eae5f0eac9eaa9192136bfb C:\Windows\system32\dnssd.dll

MD5: b280c4608ac389da9515a35ac4cab0fd C:\Windows\system32\drivers\libusb0.sys

MD5: ccf4e830512c0a298791f1d34b81c215 C:\Windows\system32\DWrite.dll

MD5: 0411b7958c524bb2e91ee1b3035fe321 C:\Windows\system32\dxgi.dll

MD5: 8b88ebbb05a0e56b7dcc708498c02b3e C:\Windows\system32\explorer.exe

MD5: e2a17bcc08d92f42e08af6ba2f93aba7 C:\Windows\system32\explorerframe.dll

MD5: 03a03a453f1aaae0c73aaaf895321c7a C:\Windows\System32\fwpuclnt.dll

MD5: 5da32ba5d9789ba3fee8a867ec966c5c C:\Windows\system32\hpzidr12.dll

MD5: 1cd5c2dfd2a5bf6da720386679f3c449 C:\Windows\system32\hpzipr12.dll

MD5: ed6f6fbbcdec95483b7351e23f4fcdf6 C:\Windows\system32\IEADVPACK.DLL

MD5: 490fc0d07f7c0468e232ab8e8e956719 C:\Windows\system32\IEFRAME.dll

MD5: 07970aa4c392efb133d1a1bfbd66a58f C:\Windows\system32\IEUI.dll

MD5: a6f09e5669d9a19035f6d942caa15882 C:\Windows\system32\IMM32.DLL

MD5: a90dc9abd65db1a8902f361103029952 C:\Windows\system32\iphlpapi.dll

MD5: dc6612a9ee015a36ba2a27bc9cc12537 C:\Windows\system32\MFC42.DLL

MD5: 243974ec02f7ae49e4179c54624143ab C:\Windows\System32\MMDevApi.dll

MD5: 7f8678c59f188528d60104e697c2361e C:\Windows\system32\mscms.dll

MD5: d83947a58613e9091b4c9cc0f1546a8d C:\Windows\SYSTEM32\MSCOREE.DLL

MD5: 497c9c3db953a60ec4f43a097e15f75e C:\Windows\system32\MSHTML.dll

MD5: 0ce4d3bd306da6d1f6f233c403f5b667 C:\Windows\system32\msi.dll

MD5: eee470f2a771fc0b543bdeef74fceca0 C:\Windows\system32\msiexec.exe

MD5: 35aae2e841aa1a949775168e119482c9 C:\Windows\system32\msls31.dll

MD5: c335ec1182ac10b188705554e0bc1186 C:\Windows\system32\MSVFW32.dll

MD5: 8999b8631c7fd9f7f9ec3cafd953ba24 C:\Windows\system32\mswsock.dll

MD5: 4205ca4cd43e725db9ff02b0a588a8c6 C:\Windows\System32\msxml3.dll

MD5: 269d867585cda04d3972a39f3694e7df C:\Windows\System32\msxml6.dll

MD5: 8ce1a6d16b9077e91e192499eb611c5f C:\Windows\system32\NetApi32.dll

MD5: 20b3934db73eaba2b49b7177873cb81f C:\Windows\system32\netutils.dll

MD5: 104a1070e90f1c530328e69b49718841 C:\Windows\system32\NLAapi.dll

MD5: 03f3b770dfbed6131653ceda8ca780f0 C:\Windows\system32\ntshrui.dll

MD5: 7d34af98a706230cc2dedfe0cabf87ab C:\Windows\system32\ODBC32.dll

MD5: 8e01332cc4b68bc6b5b7effe374442aa C:\Windows\system32\OLEACC.dll

MD5: 414bba67a3ded1d28437eb66aeb8a720 C:\Windows\system32\pla.dll

MD5: 12c45e3cb6d65f73209549e2d02eca7a C:\Windows\system32\PROPSYS.dll

MD5: dbc02d918fff1cad628acbe0c0eaa8e8 C:\Windows\system32\provsvc.dll

MD5: 5997d769cdb108390dcfaebf442bf816 C:\Windows\system32\RpcRtRemote.dll

MD5: 0915c4db6dbc3bb9e11b7ecbbe4b7159 C:\Windows\system32\rtutils.dll

MD5: 68ecca523ed760aafc03c5d587569859 C:\Windows\system32\samcli.dll

MD5: 236f286e103fd44bd85fdd93097fd5dd C:\Windows\system32\SearchIndexer.exe

MD5: 69678722290c78d5d7198c60b5a4e3e8 C:\Windows\system32\secur32.dll

MD5: 4ae380f39a0032eab7dd953030b26d28 C:\Windows\system32\sessenv.dll

MD5: 414da952a35bf5d50192e28263b40577 C:\Windows\System32\shsvcs.dll

MD5: 4b9e4ce667df26ada061aa81e9aa841d C:\Windows\system32\SPFILEQ.dll

MD5: 5ccdcd40e732d54e0f7451ac66ac1c87 C:\Windows\system32\srvcli.dll

MD5: 919001d2bb17df06ca3f8ac16ad039f6 C:\Windows\system32\SXS.DLL

MD5: 613bf4820361543956909043a265c6ac C:\Windows\System32\tapisrv.dll

MD5: d15618a0ff8dbc2c5bf3726bacc75a0b C:\Windows\system32\USERENV.dll

MD5: 61ac3efdfacfdd3f0f11dd4fd4044223 C:\Windows\system32\userinit.exe

MD5: cfc7d8289d2b5f3cf8d16e2db7f93d4a C:\Windows\system32\wbem\fastprox.dll

MD5: 704314fd398c81d5f342caa5df7b7f21 C:\Windows\system32\wbemcomn.dll

MD5: 34eee0dfaadb4f691d6d5308a51315dc C:\Windows\System32\wcncsvc.dll

MD5: d205c24a9d069049fe2df2a1b38726a7 C:\Windows\system32\wdmaud.drv

MD5: a9d880f97530d5b8fee278923349929d C:\Windows\System32\webclnt.dll

MD5: fb19fc5951a88f3c523e35c2c98d23c0 C:\Windows\system32\webio.dll

MD5: 1db71a41daee6b3f8cd0dda8209fa2d5 C:\Windows\system32\windowscodecs.dll

MD5: ca9f7888b524d8100b977c81f44c3234 C:\Windows\system32\WINHTTP.dll

MD5: d5aefad57c08349a4393d987df7c715d C:\Windows\system32\WINMM.dll

MD5: 9419abf3163b6f0e3ad3dd2b381c879f C:\Windows\system32\WinSCard.dll

MD5: 9e4b0e7472b4ceba9e17f440b8cb0ab8 C:\Windows\system32\WINSPOOL.DRV

MD5: 418e881201583a3039d81f43e39e6c78 C:\Windows\system32\WINSTA.dll

MD5: e5a4a1326a02f8e7b59e6c3270ce7202 C:\Windows\system32\wkscli.dll

MD5: 1957d49a9613faad1c73b508cce02aa5 C:\Windows\system32\wmp.dll

MD5: 0fbc74aa20fe0ae6884279f893169c60 C:\Windows\system32\wmploc.dll

MD5: a8cdf3768604ff95b54669e20053d569 C:\Windows\system32\WSCAPI.dll

MD5: 1b91cd34ea3a90ab6a4ef0550174f4cc C:\Windows\system32\WsmSvc.dll

MD5: 6a6b2ee4565a178035be2a4ff6f2c968 C:\Windows\system32\WTSAPI32.dll

MD5: edf2a5e96bec469da3f64e9bdd386111 C:\Windows\system32\XmlLite.dll

MD5: d2958325c1ae1ae37a83334c6229e3bc C:\Windows\SysWOW64\actxprxy.dll

MD5: 95e2376b3323f062eb562b8586d0f14a C:\Windows\syswow64\ADVAPI32.dll

MD5: f436e847fa799ecd75ad8c313673f450 C:\Windows\syswow64\CFGMGR32.dll

MD5: d1de1eafde97be41cf6585027ff3e732 C:\Windows\syswow64\COMDLG32.dll

MD5: 454e292861a4ef1d72f43f42bbaf6917 C:\Windows\syswow64\CRYPT32.dll

MD5: 2eeff4502f5e13b1bed4a04ccad64c08 C:\Windows\syswow64\DEVOBJ.dll

MD5: d6d3ad7bf1d6f6ce9547613ed5e170a2 C:\Windows\syswow64\GDI32.dll

MD5: ee9d715af1b928982f417238b9914484 C:\Windows\SysWOW64\ieapfltr.dll

MD5: 490fc0d07f7c0468e232ab8e8e956719 C:\Windows\SysWOW64\ieframe.dll

MD5: cdf5b6aec538e02d5579e2e791042a1a C:\Windows\syswow64\iertutil.dll

MD5: b2fd31e20b423335fe3273b4bf95813c C:\Windows\syswow64\imagehlp.dll

MD5: a6f09e5669d9a19035f6d942caa15882 C:\Windows\syswow64\IMM32.dll

MD5: 3a1c55c0c951f0fdc413d69f7adf2278 C:\Windows\SysWOW64\jscript.dll

MD5: 2f0971c08f73ee881bb54cc7c11dff7b C:\Windows\SysWOW64\jscript9.dll

MD5: 99c3f8e9cc59d95666eb8d8a8b4c2beb C:\Windows\syswow64\kernel32.dll

MD5: 5c2d21c9b6b6175b89bc5d7e3cb979e1 C:\Windows\syswow64\KERNELBASE.dll

MD5: 938f39b50bafe13d6f58c7790682c010 C:\Windows\syswow64\MSASN1.dll

MD5: 497c9c3db953a60ec4f43a097e15f75e C:\Windows\SysWOW64\mshtml.dll

MD5: 0ce4d3bd306da6d1f6f233c403f5b667 C:\Windows\SysWOW64\msi.dll

MD5: 9dc80a8aaaaac397bdab3c67165a824e C:\Windows\syswow64\msvcrt.dll

MD5: 8ce1a6d16b9077e91e192499eb611c5f C:\Windows\SysWOW64\NETAPI32.DLL

MD5: e73b0f1819602cb6ef176fb78d76a47b C:\Windows\SysWOW64\ntdll.dll

MD5: 928cf7268086631f54c3d8e17238c6dd C:\Windows\syswow64\ole32.dll

MD5: 8e01332cc4b68bc6b5b7effe374442aa C:\Windows\SysWOW64\OLEACC.dll

MD5: 6c765e82b57f2e66ce9c54ac238471d9 C:\Windows\syswow64\OLEAUT32.dll

MD5: c5ad8083cf94201f1f8084ecc696a8b7 C:\Windows\syswow64\RPCRT4.dll

MD5: 5997d769cdb108390dcfaebf442bf816 C:\Windows\SysWOW64\RpcRtRemote.dll

MD5: 79a4d2eac23ee8d57dfc05349545ade1 C:\Windows\SysWOW64\RTCOM\RTCOMDLL.dll

MD5: 1affb765af1fdcc0c185c38e9ddddaee C:\Windows\SysWOW64\schannel.dll

MD5: 10fb16b50affda6d44588f3c445dc273 C:\Windows\syswow64\SETUPAPI.dll

MD5: 358fc25391c6733eaf49db480afdfd8c C:\Windows\syswow64\SHELL32.dll

MD5: 8cc3c111d653e96f3ea1590891491d71 C:\Windows\syswow64\SHLWAPI.dll

MD5: 44b2693080979a0e05085b3faaa43a09 C:\Windows\syswow64\SspiCli.dll

MD5: 919001d2bb17df06ca3f8ac16ad039f6 C:\Windows\SysWOW64\SXS.DLL

MD5: 544eff88ac6c85df5a4d6f18dfe08cfc C:\Windows\SysWOW64\taskschd.dll

MD5: 79f14b5df9e17e12193337ed4ee1c491 C:\Windows\syswow64\urlmon.dll

MD5: 5e0db2d8b2750543cd2ebb9ea8e6cdd3 C:\Windows\syswow64\USER32.dll

MD5: 804aaafebb3ad5f49334dd906bcb1de5 C:\Windows\syswow64\USP10.dll

MD5: 1d94fa7c81d2ffe494af094619ba706f C:\Windows\syswow64\WININET.dll

MD5: 2d0d2da87bea7144f2a17f19d0d17e4c C:\Windows\syswow64\WINTRUST.dll

MD5: a8bb45f9ecad993461e0fef8e2a99152 C:\Windows\syswow64\WLDAP32.dll

MD5: 7ff15a4f092cd4a96055ba69f903e3e9 C:\Windows\syswow64\WS2_32.dll

MD5: 0b3595a4ff0b36d68e5fc67fd7d70fdc C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCP80.dll

MD5: c9564cf4976e7e96b4052737aa2492b4 C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll

MD5: 58a14c45a5cd2528f10a889e7b0c3fc2 C:\Windows\WinSxS\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.6161_none_51cd0a7abbe4e19b\ATL90.DLL

MD5: 4c39358ebdd2ffcd9132a30e1ec31e16 C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCP90.dll

MD5: cdbe9690cf2b8409facad94fac9479c9 C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll

MD5: ca6ade4f7761bb15b3325356dc3b82bb C:\Windows\WinSxS\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_4bf7e3e2bf9ada4c\mfc90u.dll

MD5: fbfca1a574d47ee575448b719cbbf2e4 C:\Windows\WinSxS\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_49768ef57548175e\MFC90ENU.DLL

MD5: bdac1aa64495d0f7e1ff810ebbf1f018 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\COMCTL32.DLL

MD5: 352b3dc62a0d259a82a052238425c872 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll

MD5: 0029eba325f2fc9b6ba46bee33f32a09 C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll

MD5: 82f9764ebe2ef590cd2b3beb234e5671 D:\Malwarebytes' Anti-Malware\mbam.dll

MD5: 60d0647a2dc2d397b84d0afb0808f85d D:\Malwarebytes' Anti-Malware\mbamgui.exe

MD5: a2c2ec01306a666c4372bb7a06659b5d D:\Malwarebytes' Anti-Malware\mbamnet.dll

No file uploaded.

Scan finished - communication took 3 sec

Total traffic - 0.02 MB sent, 1.50 KB recvd

Scanned 554 files and modules - 77 seconds

==============================================================================

Maurice Naggar · March 26, 2012

Since this system has Spybot, then, make sure that Tea Timer is OFF.

Start Spybot-S&D, switch to the Advanced mode via the menu bar item Mode

then select Advanced Mode

On the left hand side, slect Tools

Then click on the Resident icon in the list

Uncheck Resident TeaTimer and OK any prompts.

Now Logoff & Restart your computer fresh.

Since you have Avast antivirus, let's make sure to set trust exclusions in bot Avast & MBAM

See section K of the Frequently Asked Questions of MBAM

http://forums.malwar...post&pid=417798

Do the trust settings in Avast

Do the trust settings in MBAM

I did not notice something un-toward in the RSIT log. The BitDefender scan is OK too

The last run of MBAM ( as you mentioned) found nothing. I am guessing that you are seeing a one-off happening (between the 1st run & the 2nd).

Anyhow, after you have put the trust exclusions:

Save and close any work documents, close any apps that you started.

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.

Do a FLASH Scan.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Put a Copy of that log in your next reply here.

A 2nd run of MBAM:

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.

Do a QUICK Scan.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Put a Copy of that log in your next reply here for review.

I noticed TDSSKILLER utility on this system. Did you run that on your own? Are you getting help elsewhere?

Please advise.

Do not run any other tools on your own, while I am helping you & while this topic is open.

amykitty8 · March 27, 2012

I ran TDSSKILLER a couple of days ago. It found nothing. and no I'm not getting help from somewhere else, I was trying to figure things out on my own while waiting for a reply.

I will continue with the rest of this later tonight. Thank you.

amykitty8 · March 27, 2012

I uninstalled spybot before all this happened, obvisiously not completely. Do you still want me to run it? Would I have to download it again or can it be located again and ran?

Thank you for all your help I really appreciate it.

Maurice Naggar · March 27, 2012

If you removed Spybot, then skip over that part.

I need for you to do the rest of the items in my preceding reply. Do as much as you can, and post the reports for my review.

amykitty8 · March 28, 2012

When doing Avast trust setting, under Behaviour shields, after I browse and open the recommended file do I "Add" so it drops into the box or not and just go on to the next file? Thanks

Maurice Naggar · March 28, 2012

Yes click Add so it populates the box

amykitty8 · March 28, 2012

Scan type: Flash scan

Scan options enabled: Memory | Startup | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled: Registry | File System

Objects scanned: 160056

Time elapsed: 1 minute(s), 29 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

Scan type: Quick scan

Scan options disabled:

Objects scanned: 205522

Time elapsed: 10 minute(s), 45 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

Maurice Naggar · March 28, 2012

Some security housekeeping, first. Your version of Flash Player is out-of-date & poses a security risk.

Close all browsers and instant messenger (IM) programs.

Press Start button, type in

appwiz.cpl

That will start Programs & Features list & populate the list.

Find all occurrences of Adobe Flash Player

Select it by clicking once on the line. And then Un-install (remove)

Go to http://www.adobe.com/go/getflash

and get the latest Flash Player

Un-Check any checkbox for McAfee Security Scan Plus, or any other widget or toolbar !!!

Now then, the Bit Defender scan found nothing. And the 2 MBAM scans found nothing.

How is your system now?

amykitty8 · March 28, 2012

I have uninstalled adobe flash, but when I go to download it its saying and there is now download button "Your Google Chrome browser already includes Adobe® Flash® Player built-in. Google Chrome will automatically update when new versions of Flash Player are available" and there is now download button.

amykitty8 · March 28, 2012

there is no download button

amykitty8 · March 28, 2012

I'm not sure what to say about how my computer is working. It's still going and using cpu in random spurts and I'm not doing anything. and my document folder has a few locked folders, which I never locked and avast is finding and not scanning a bunch of locked files that I didn't lock. i don't know if this means anything or not. I'm just leery about still having something on here and when can I trust that its clean. Why all of a sudden would the trojan be gone and why has nothing else ever picked it up? Thanks

Maurice Naggar · March 28, 2012

I have uninstalled adobe flash, but when I go to download it its saying and there is now download button "Your Google Chrome browser already includes Adobe® Flash® Player built-in. Google Chrome will automatically update when new versions of Flash Player are available" and there is now download button.

Close / exit Google. Use instead, Internet Explorer to go get the Flash Player.

This is probably the smallest issue you have.

I am reading and digesting your posts that followed. So please wait for other reply from me.

Maurice Naggar · March 28, 2012

I have re-read your topic from the beginning. Want to emphasize that you stop getting & running things on your own.

You tried Kaspersky, and then went and got Avast antivirus. You ran TDSSKILLER on your own.

While I am helping you, do NOT get & run any tools, other than the ones I guide you to.

That also means, do not change your system, add programs, or changes programs, or settings without first checking with me.

Otherwise, we will be out of sync and I will be in the dark.

P.S. Do no websurfing or any sort of online transaction. Go only to this forum and sites I guide you to.

Let me know The Avast version number you have, and if it is up-to-date.

Close and Save any open documents you have running. Close any programs you started.

Do not run any programs while these next tools are in-progress.

Step 2

Turn OFF your Avast antivirus

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Leave the firewall on

Please download the following program to your Desktop >> Unhide <<

Once the program has been downloaded, double-click on the Unhide.exe icon on your desktop and allow the program to run. This program will remove the +H, or hidden, attribute from all the files on your hard drives.

Step 3

You will want to print out or copy these instructions to Notepad for offline reference!

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Close all open browsers at this point.

Start Internet Explorer (fresh) by pressing Start >> Internet Explorer >> Right-Click and select Run As Administrator.

Using Internet Explorer browser only, go to ESET Online Scanner website:

http://www.eset.com/onlinescan/

Accept the Terms of Use and press Start button;
Approve the install of the required ActiveX Control, then follow on-screen instructions;
Enable (check) the Remove found threats option, and run the scan.
After the scan completes, the Details tab in the Results window will display what was found and removed.
- A logfile is created and located at C:\Program Files (x86)\Eset\EsetOnlineScanner\log.txt.
Look at contents of this file using Notepad or Wordpad.
The Frequently Asked Questions for ESET Online Scanner can be viewed here
http://go.eset.com/us/online-scanner/faq
- It is emphasized to temporarily disable any pc-resident {active} antivirus program prior to any on-line scan by any on-line scanner.
  (And the prompt re-enabling when finished.)
- If you use Firefox, you have to install IETab, an add-on. This is to enable ActiveX support.
- Do not use the system while the scan is running. Once the full scan is underway, go take a long break

Step 4

If you have a prior copy of Combofix, delete it now

Download Combofix from any of the links below, and SAVE it to your Desktop.

Link 1

Link 2

**Note: It is important that it is saved directly to your Desktop and not run straight away from download **

Have infinite patience during the run & scan by Combofix. It has many phases: some 50+ stages

It will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.

You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.

Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.

If this is on a notebook system, make sure first the notebook is connected to wall-power (AC power)

Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

Right- click on Combo-Fix.exe on your Desktop and select "Run as Administrator".

A window may open with a warning or prompts. Accept the EULA and follow the prompts during the start phase of Combofix.
When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.

A caution - Do not run Combofix more than once.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

If this occurs, please reboot to restore the desktop.

A file will be created at => C:\Combofix.txt.

Note:

Do not mouseclick combofix's window nor run any program while Combofix is running.

That may cause it to stall.

Step 5

Re-enable the antivirus program.

Reply with copy of the Eset scan log and the C:\Combofix.txt log

amykitty8 · March 29, 2012

Just wanted to say, I haven't tried doing anything on my own. I have had avast and malwarebytes on my computer for months. Yes I ran Kapersky but that was before i started all this with you. I have from the beginning had avast set to do a scan every day automatically, i was not aware that I was not supposed to. Plus I was not aware that I wasn't supposed to do anything else on my computer like surf or do projects on it.

So do I turn off the auto full scan for avast?

Thank you

amykitty8 · March 29, 2012

Avast 7 free. yes its up to date. Should I take auto updates off after I finish this?

amykitty8 · March 29, 2012

When I download unhide it automatically downloads to my download file on the c drive, then it asks to run or cancel. How do i download it to my desktop?

Maurice Naggar · March 29, 2012

On Avast, just insure that Avast scheduled scan will not be at a time that you would be doing the tasks I asked for.

Having Avast auto-update is fine. Perfect.

If Unhide is already saved into your system, then just RUN it from there.

Proceed forward and do what I had outlined.

suspect trojan.agent

Recommended Posts

Link to post

Share on other sites

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Posted Images

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information