Author Topic: Trojan Attack (Read 2772 times)

sammygirlqt · « **on:** April 27, 2011, 12:16:15 AM »

I was refered here by ravencajun to run the analysis. April 23 I did my income tax online with UFile. I had a uFile program that I could not close so I closed down my whole system. April 24 when I logged on this program was still there and then my security file was showing Trojans, 8 of them. McAffee came on said shut down so they could fix. Did that and when I came back on McAffee said my system was safe. Went to GardenWeb Computer forum and there ravencajun helped me run AntiMalware scan and Spyware scan. Malware detected 4 items, Trojan.Agent, Adware.fMyWeb, Adware.FunWeb, Trojan.Fakealert.

I have followed your instructions and everything done to RootRepel. Can't download the program. Get error message "Root Repel does not support 64bit OSs. I think my system is 64bit. How do I tell? I am not very technical educated so need language for Dummy! I don't know anything about virus, just knew when McAffee came on.
Sammygirl.

R-C · « **Reply #1 on:** April 27, 2011, 12:35:11 AM »

here is the link to the GW thread
http://ths.gardenweb.com/forums/load/comphelp/msg041541551813.html?17501

Corrine · « **Reply #2 on:** April 27, 2011, 12:50:39 AM »

Hi, Sammygirl.

Welcome to LandzDown Forum.

We will do our best to assist you. However, in order to do so, please follow all instructions provided in the sequence given. Do not install/re-install any programs or run any fixes or scanners that you have not been instructed to use. This may cause conflicts with the tools being used in the cleanup process.

If you have questions regarding any of the instructions or problems running any tools, please let us know.

Ok, skip, RootRepeal. However, for RSIT, you do need to know if you have a 32- or 64-bit OS. See Is my PC running the 32-bit or 64-bit version of Windows?.

Please also post a copy of the Malwarebytes scan that detected the trojans. You can located it by launching MBAM and clicking the Logs tab in MBAM.

sammygirlqt · « **Reply #3 on:** April 27, 2011, 02:28:53 AM »

Here is the report from the MBAM scan

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6435

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19048

24/04/2011 5:31:08 PM
mbam-log-2011-04-24 (17-30-26).txt

Scan type: Quick scan
Objects scanned: 160407
Time elapsed: 7 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\your\AppData\Local\Temp\a2D59.tmp (Trojan.Agent) -> No action taken.
c:\Users\your\downloads\smileycentralpfsetup2.3.50.26.znfox000.exe (Adware.MyWebSearch) -> No action taken.
c:\Users\your\downloads\televisionfanatic.exe (Adware.FunWeb) -> No action taken.
c:\Users\your\local settings\temporary internet files\Content.IE5\4CIUJA22\bestantivirus2011[1].exe (Trojan.Fakealert) -> No action taken.

sammygirlqt · « **Reply #4 on:** April 27, 2011, 02:37:27 AM »

I can't find a topic heading "Is my PC running 32 or 64 bts. Can you put up a link where you want me to go? Sorry .

sammygirlqt · « **Reply #5 on:** April 27, 2011, 03:05:17 AM »

I found it, my system is a 64bt.
Here are the scans I ran here on Landzdown today.

Logfile of random's system information tool 1.08 (written by random/random)
Run by your at 2011-04-26 17:36:12
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 206 GB (71%) free of 288 GB
Total RAM: 2936 MB (50% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:36:34 PM, on 26/04/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19048)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Uniblue\RegistryBooster\rbmonitor.exe
C:\Program Files (x86)\Lexmark 1400 Series\lxdjamon.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64brmon.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files\trend micro\your.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.facemoods.com/?a=ccd2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.shoptoshiba.ca/welcome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.shoptoshiba.ca/welcome
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ccd2&s={searchTerms}&f=4
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://ca.search.yahoo.com/search?fr=mcafee&p=%s
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {0696f815-a3a9-490a-bb14-9ec3350b1276} - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64SrcAs.dll
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
O2 - BHO: Search Assistant BHO - {5d79f641-c168-40df-a32f-bacea7509e75} - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64SrcAs.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110203184505.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Toolbar BHO - {cb41fc95-f1b3-4797-8bb6-1012ff62abba} - C:\PROGRA~2\TELEVI~2\bar\1.bin\64bar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: TelevisionFanatic - {c98d5b61-b0ea-4d48-9839-1079d352d880} - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64bar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [cfFncEnabler.exe] cfFncEnabler.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [TelevisionFanatic Browser Plugin Loader] C:\PROGRA~2\TELEVI~2\bar\1.bin\64brmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Pop up Blocker Pro] "C:\Program Files (x86)\Pop up Blocker Pro\pdie.exe" Minimize
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [RegistryBooster] "C:\Program Files (x86)\Uniblue\RegistryBooster\launcher.exe" delay 20000
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: McAfee Online Backup Status.lnk = C:\Program Files (x86)\McAfee Online Backup\MOBKstat.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll/cmsidewiki.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Pop up Blocker Pro - {ABE734A7-8298-4FAB-9545-F9B6341C2D47} - C:\Program Files (x86)\Pop up Blocker Pro\pdie.exe
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: lxdj_device - - C:\Windows\system32\lxdjcoms.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
O23 - Service: McAfee Online Backup (MOBKbackup) - McAfee, Inc. - C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - c:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: SmartFaceVWatchSrv - Toshiba - C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: TelevisionFanatic Service (TelevisionFanaticService) - TelevisionFanatic - C:\PROGRA~2\TELEVI~2\bar\1.bin\64barsvc.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: Winferno Subscription Service - Capital Intellect Inc - C:\Program Files (x86)\Common Files\Winferno\WSS\WSS.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio64.exe (file missing)

--
End of file - 13419 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
wininit.exe
C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE"
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\lxdjcoms.exe -service
"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc
"C:\Windows\system32\mfevtps.exe"
"c:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe"
"C:\Windows\system32\rundll32.exe" "c:\PROGRA~2\mcafee\SITEAD~1\saHook.dll" saHooker_Initialize_and_Wait
"c:\PROGRA~2\mcafee\SITEAD~1\saHook.dll" saHooker_Initialize_and_Wait
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\PROGRA~2\TELEVI~2\bar\1.bin\64barsvc.exe
"C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe"
C:\Windows\system32\TODDSrv.exe
"C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe"
"C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe"
"C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe"
"C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe"
C:\Windows\System32\svchost.exe -k WerSvcGroup
"C:\Program Files (x86)\Common Files\Winferno\WSS\WSS.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\DRIVERS\xaudio64.exe
"C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe"
"C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe"
"C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe"
taskeng.exe {3B47B5C3-921B-403C-BC19-4875EB09C200}
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
taskeng.exe {958C4560-0B24-4039-91E8-0B77D75AA9AE}
taskeng.exe {3C5603F6-A987-461A-B823-4814329B0420}
"C:\Program Files (x86)\Uniblue\RegistryBooster\rbmonitor.exe"
"C:\Program Files (x86)\Lexmark 1400 Series\lxdjamon.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe"
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
"C:\Program Files (x86)\McAfee Online Backup\MOBKstat.exe"
"C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe"
"C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE" /tsr
"C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
"C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64brmon.exe"
"C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe" NoShow
C:\Windows\system32\igfxsrvc.exe -Embedding
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe"
"C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe" /wts 5060 416 420
"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
"C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:3440 CREDAT:71937
"C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe"
C:\Windows\servicing\TrustedInstaller.exe
"C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:3440 CREDAT:203009
"C:\Users\your\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5SD5DCTE\RSITx64[1].exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\FileCure Default.job
C:\Windows\tasks\FileCure Startup.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\ParetoLogic Registration3.job
C:\Windows\tasks\ParetoLogic Update Version3.job
C:\Windows\tasks\RegistryBooster.job
C:\Windows\tasks\User_Feed_Synchronization-{52DA150D-5C31-44A1-A010-248CCF184B4C}.job
C:\Windows\tasks\vtscheduletask.job
C:\Windows\tasks\WSSHelper.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}]
McAfee Phishing Filter - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL [2010-11-25 283352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110203184505.dll [2010-10-13 78968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2011-04-26 409776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg64.dll [2011-04-26 341048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll [2011-04-08 309096]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}]
McAfee Phishing Filter - c:\progra~1\mcafee\msk\mskapbho.dll [2010-11-25 238056]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5d79f641-c168-40df-a32f-bacea7509e75}]
Search Assistant BHO - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64SrcAs.dll [2011-03-11 53248]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110203184505.dll [2010-10-13 73288]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2011-04-26 305328]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll [2011-04-26 1007160]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll [2011-04-08 251928]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cb41fc95-f1b3-4797-8bb6-1012ff62abba}]
Toolbar BHO - C:\PROGRA~2\TELEVI~2\bar\1.bin\64bar.dll [2011-03-11 675840]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-09-15 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll [2011-04-08 309096]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2011-04-26 409776]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll [2011-04-08 251928]
{c98d5b61-b0ea-4d48-9839-1079d352d880} - TelevisionFanatic - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64bar.dll [2011-03-11 675840]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2011-04-26 305328]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"LXDJCATS"=rundll32 C:\Windows\system32\spool\DRIVERS\x64\3\LXDJtime.dll,RunDLLEntry []
"lxdjamon"=C:\Program Files (x86)\Lexmark 1400 Series\lxdjamon.exe [2007-03-05 20480]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-20 1584184]
"TPwrMain"=C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [2008-02-06 431968]
"SmoothView"=C:\Program Files\Toshiba\SmoothView\SmoothView.exe [2007-12-11 519544]
"Persistence"=C:\Windows\system32\igfxpers.exe [2008-06-25 181784]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-06-25 151064]
"HSON"=C:\Program Files\TOSHIBA\TBS\HSON.exe [2007-12-06 52560]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-06-25 209432]
"HDMICtrlMan"=C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe [2008-04-26 900608]
"00TCrdMain"=C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [2008-03-19 865280]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-08-28 1825064]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"=C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe [2008-04-24 432640]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1555968]
"Pop up Blocker Pro"=C:\Program Files (x86)\Pop up Blocker Pro\pdie.exe [2007-01-12 1309184]
"swg"=C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2011-03-18 39408]
"RegistryBooster"=C:\Program Files (x86)\Uniblue\RegistryBooster\launcher.exe [2011-03-14 67456]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2011-04-20 2988488]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Camera Assistant Software"=C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe [2008-04-29 417792]
"NDSTray.exe"=NDSTray.exe []
"cfFncEnabler.exe"=cfFncEnabler.exe []
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-01-31 35760]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"mcui_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2010-11-22 1484856]
"TelevisionFanatic Browser Plugin Loader"=C:\PROGRA~2\TELEVI~2\bar\1.bin\64brmon.exe [2011-03-11 20480]

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\shared tools\msconfig\startupreg\Weather]
C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1 []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
McAfee Online Backup Status.lnk - C:\Program Files (x86)\McAfee Online Backup\MOBKstat.exe
McAfee Security Scan Plus.lnk - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Users\your\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-06-12 218112]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro35]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro35.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\McMPFSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefire]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefirek]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefirek.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfehidk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfehidk.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfevtp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2011-04-26 17:36:13 ----D---- C:\Program Files\trend micro
2011-04-26 17:36:12 ----D---- C:\rsit
2011-04-24 18:30:54 ----D---- C:\Users\your\AppData\Roaming\SUPERAntiSpyware.com
2011-04-24 18:30:54 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2011-04-24 18:30:42 ----D---- C:\ProgramData\!SASCORE
2011-04-24 18:30:36 ----D---- C:\Program Files\SUPERAntiSpyware
2011-04-24 17:17:50 ----D---- C:\Users\your\AppData\Roaming\Malwarebytes
2011-04-24 17:17:24 ----A---- C:\Windows\SYSWOW64\drivers\mbamswissarmy.sys
2011-04-24 17:17:22 ----D---- C:\ProgramData\Malwarebytes
2011-04-24 17:17:19 ----A---- C:\Windows\system32\drivers\mbam.sys
2011-04-24 17:17:18 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-04-22 16:18:44 ----HDC---- C:\ProgramData\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}
2011-04-22 16:18:42 ----D---- C:\Program Files (x86)\Uniblue
2011-04-14 22:11:10 ----A---- C:\Windows\system32\drivers\srvnet.sys
2011-04-14 22:11:10 ----A---- C:\Windows\system32\drivers\srv2.sys
2011-04-14 22:11:10 ----A---- C:\Windows\system32\drivers\srv.sys
2011-04-14 22:10:55 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2011-04-14 22:10:55 ----A---- C:\Windows\SYSWOW64\jscript.dll
2011-04-14 22:10:55 ----A---- C:\Windows\system32\vbscript.dll
2011-04-14 22:10:55 ----A---- C:\Windows\system32\jscript.dll
2011-04-14 22:10:44 ----A---- C:\Windows\system32\winresume.exe
2011-04-14 22:10:43 ----A---- C:\Windows\system32\winload.exe
2011-04-14 22:10:43 ----A---- C:\Windows\system32\kdusb.dll
2011-04-14 22:10:43 ----A---- C:\Windows\system32\kdcom.dll
2011-04-14 22:10:43 ----A---- C:\Windows\system32\kd1394.dll
2011-04-14 22:09:51 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2011-04-14 22:09:51 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2011-04-14 22:09:51 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2011-04-14 22:09:51 ----A---- C:\Windows\system32\drivers\bowser.sys
2011-04-14 22:09:43 ----A---- C:\Windows\system32\inetcomm.dll
2011-04-14 22:09:42 ----A---- C:\Windows\SYSWOW64\inetcomm.dll
2011-04-14 22:09:30 ----A---- C:\Windows\system32\win32k.sys
2011-04-14 22:09:11 ----A---- C:\Windows\system32\mshtml.dll
2011-04-14 22:09:09 ----A---- C:\Windows\system32\ieframe.dll
2011-04-14 22:09:07 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2011-04-14 22:09:05 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2011-04-14 22:09:05 ----A---- C:\Windows\system32\urlmon.dll
2011-04-14 22:09:04 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2011-04-14 22:09:04 ----A---- C:\Windows\system32\wininet.dll
2011-04-14 22:09:03 ----A---- C:\Windows\SYSWOW64\wininet.dll
2011-04-14 22:09:02 ----A---- C:\Windows\system32\msfeeds.dll
2011-04-14 22:09:02 ----A---- C:\Windows\system32\iertutil.dll
2011-04-14 22:09:02 ----A---- C:\Windows\system32\iedkcs32.dll
2011-04-14 22:09:00 ----A---- C:\Windows\system32\occache.dll
2011-04-14 22:09:00 ----A---- C:\Windows\system32\mstime.dll
2011-04-14 22:08:59 ----A---- C:\Windows\system32\msfeedsbs.dll
2011-04-14 22:08:59 ----A---- C:\Windows\system32\ieui.dll
2011-04-14 22:08:59 ----A---- C:\Windows\system32\iernonce.dll
2011-04-14 22:08:59 ----A---- C:\Windows\system32\iepeers.dll
2011-04-14 22:08:58 ----A---- C:\Windows\system32\mshtmled.dll
2011-04-14 22:08:58 ----A---- C:\Windows\system32\licmgr10.dll
2011-04-14 22:08:58 ----A---- C:\Windows\system32\jsproxy.dll
2011-04-14 22:08:57 ----A---- C:\Windows\SYSWOW64\mstime.dll
2011-04-14 22:08:57 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2011-04-14 22:08:56 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2011-04-14 22:08:56 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2011-04-14 22:08:56 ----A---- C:\Windows\system32\ieUnatt.exe
2011-04-14 22:08:56 ----A---- C:\Windows\system32\iesysprep.dll
2011-04-14 22:08:55 ----A---- C:\Windows\SYSWOW64\occache.dll
2011-04-14 22:08:55 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2011-04-14 22:08:55 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2011-04-14 22:08:55 ----A---- C:\Windows\SYSWOW64\ieui.dll
2011-04-14 22:08:55 ----A---- C:\Windows\SYSWOW64\iesysprep.dll
2011-04-14 22:08:55 ----A---- C:\Windows\SYSWOW64\iepeers.dll
2011-04-14 22:08:55 ----A---- C:\Windows\system32\iesetup.dll
2011-04-14 22:08:54 ----A---- C:\Windows\SYSWOW64\msfeedsbs.dll
2011-04-14 22:08:54 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2011-04-14 22:08:54 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2011-04-14 22:08:53 ----A---- C:\Windows\SYSWOW64\msfeedssync.exe
2011-04-14 22:08:53 ----A---- C:\Windows\SYSWOW64\licmgr10.dll
2011-04-14 22:08:53 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2011-04-14 22:08:53 ----A---- C:\Windows\SYSWOW64\ie4uinit.exe
2011-04-14 22:08:53 ----A---- C:\Windows\system32\msfeedssync.exe
2011-04-14 22:08:53 ----A---- C:\Windows\system32\ie4uinit.exe
2011-04-14 22:08:43 ----A---- C:\Windows\SYSWOW64\atmfd.dll
2011-04-14 22:08:43 ----A---- C:\Windows\system32\atmfd.dll
2011-04-14 22:08:41 ----A---- C:\Windows\SYSWOW64\atmlib.dll
2011-04-14 22:08:41 ----A---- C:\Windows\system32\atmlib.dll
2011-04-14 22:08:33 ----A---- C:\Windows\system32\mfc42u.dll
2011-04-14 22:08:33 ----A---- C:\Windows\system32\mfc42.dll
2011-04-14 22:08:32 ----A---- C:\Windows\SYSWOW64\mfc42u.dll
2011-04-14 22:08:31 ----A---- C:\Windows\SYSWOW64\mfc42.dll
2011-04-14 22:08:21 ----A---- C:\Windows\system32\dnsapi.dll
2011-04-14 22:08:20 ----A---- C:\Windows\SYSWOW64\dnscacheugc.exe
2011-04-14 22:08:20 ----A---- C:\Windows\SYSWOW64\dnsapi.dll
2011-04-14 22:08:20 ----A---- C:\Windows\system32\dnsrslvr.dll
2011-04-14 22:08:20 ----A---- C:\Windows\system32\dnscacheugc.exe

======List of files/folders modified in the last 1 months======

2011-04-26 17:36:34 ----D---- C:\Windows\Prefetch
2011-04-26 17:36:14 ----D---- C:\Windows\Temp
2011-04-26 17:36:13 ----RD---- C:\Program Files
2011-04-26 17:30:15 ----RD---- C:\Program Files (x86)
2011-04-26 17:30:15 ----HD---- C:\ProgramData
2011-04-26 17:30:06 ----SD---- C:\Windows\Downloaded Program Files
2011-04-26 16:19:53 ----SHD---- C:\Windows\Installer
2011-04-26 11:09:22 ----D---- C:\Windows\system32\catroot
2011-04-26 11:09:20 ----D---- C:\Windows\winsxs
2011-04-26 11:06:28 ----D---- C:\Windows\system32\catroot2
2011-04-25 13:19:29 ----SHD---- C:\System Volume Information
2011-04-24 18:27:59 ----D---- C:\Windows
2011-04-24 17:17:24 ----D---- C:\Windows\SYSWOW64\drivers
2011-04-24 17:17:19 ----D---- C:\Windows\system32\drivers
2011-04-24 12:25:16 ----D---- C:\Program Files (x86)\McAfee
2011-04-23 19:01:00 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2011-04-23 13:28:41 ----D---- C:\Windows\Debug
2011-04-22 16:19:04 ----D---- C:\Windows\Tasks
2011-04-22 16:19:04 ----D---- C:\Windows\system32\Tasks
2011-04-19 17:51:38 ----D---- C:\Windows\system32\WDI
2011-04-15 04:44:58 ----D---- C:\Windows\Microsoft.NET
2011-04-15 04:43:56 ----RSD---- C:\Windows\assembly
2011-04-15 03:55:41 ----D---- C:\Windows\SysWOW64
2011-04-15 03:55:41 ----D---- C:\Windows\System32
2011-04-15 03:55:38 ----D---- C:\Windows\system32\Boot
2011-04-15 03:55:36 ----D---- C:\Program Files\Windows Mail
2011-04-15 03:55:36 ----D---- C:\Program Files (x86)\Windows Mail
2011-04-15 03:55:35 ----D---- C:\Program Files (x86)\Internet Explorer
2011-04-15 03:55:34 ----D---- C:\Windows\SYSWOW64\migration
2011-04-15 03:55:34 ----D---- C:\Program Files\Internet Explorer
2011-04-15 03:55:33 ----D---- C:\Windows\system32\migration
2011-04-15 03:38:24 ----D---- C:\ProgramData\Microsoft Help
2011-04-15 03:18:09 ----A---- C:\Windows\system32\mrt.exe
2011-04-15 03:06:56 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-04-15 03:06:55 ----D---- C:\Windows\inf
2011-04-12 10:49:18 ----D---- C:\Program Files\lx_Cats
2011-03-29 18:17:15 ----D---- C:\Windows\system32\wbem
2011-03-29 18:16:17 ----D---- C:\Windows\system32\config
2011-03-29 18:16:05 ----D---- C:\Windows\registration
2011-03-29 17:21:37 ----D---- C:\Windows\Logs
2011-03-27 15:27:50 ----D---- C:\Program Files (x86)\McAfee Security Scan

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2008-04-15 388120]
R0 mfehidk;McAfee Inc. mfehidk; C:\Windows\system32\drivers\mfehidk.sys [2010-10-13 529128]
R0 tos_sps64;TOSHIBA tos_sps64 Service; C:\Windows\system32\DRIVERS\tos_sps64.sys [2008-07-18 504912]
R0 TVALZ;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver; C:\Windows\system32\DRIVERS\TVALZ_O.SYS [2007-11-09 26968]
R1 mfenlfk;McAfee NDIS Light Filter; C:\Windows\system32\DRIVERS\mfenlfk.sys [2010-10-13 75032]
R1 mfewfpk;McAfee Inc. mfewfpk; C:\Windows\system32\drivers\mfewfpk.sys [2010-10-13 283360]
R1 MOBKFilter;MOBKFilter; C:\Windows\system32\DRIVERS\MOBK.sys [2010-04-13 66040]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-18 17024]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio64.sys [2007-10-17 10240]
R3 CAXHWAZL;CAXHWAZL; C:\Windows\system32\DRIVERS\CAXHWAZL.sys [2008-03-25 294400]
R3 cfwids;McAfee Inc. cfwids; C:\Windows\system32\drivers\cfwids.sys [2010-10-13 62800]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT64.sys [2008-03-03 222720]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\CAX_DPV.sys [2008-03-25 1487872]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2008-06-12 7911840]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI; C:\Windows\system32\drivers\IntcHdmi.sys [2008-06-19 126976]
R3 mfeapfk;McAfee Inc. mfeapfk; C:\Windows\system32\drivers\mfeapfk.sys [2010-10-13 121248]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\Windows\system32\drivers\mfeavfk.sys [2010-10-13 190136]
R3 mfefirek;McAfee Inc. mfefirek; C:\Windows\system32\drivers\mfefirek.sys [2010-10-13 441328]
R3 NETw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit; C:\Windows\system32\DRIVERS\NETw5v64.sys [2008-11-17 4751360]
R3 NuidFltr;NUID filter driver; C:\Windows\system32\DRIVERS\NuidFltr.sys [2009-05-09 15752]
R3 O2MDRDR;O2MDRDR; C:\Windows\system32\DRIVERS\o2mdx64.sys [2008-04-14 62040]
R3 O2SDRDR;O2SDRDR; C:\Windows\system32\DRIVERS\o2sdx64.sys [2008-04-07 51928]
R3 QIOMem;Generic IO & Memory Access; C:\Windows\system32\DRIVERS\QIOMem.sys [2007-04-09 9728]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2009-08-28 292400]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\Windows\system32\DRIVERS\tdcmdpst.sys [2007-12-11 27272]
R3 tosrfec;Bluetooth ACPI; C:\Windows\system32\DRIVERS\tosrfec.sys [2009-08-27 19824]
R3 usbvideo;Chicony USB 2.0 Camera; C:\Windows\System32\Drivers\usbvideo.sys [2008-01-20 168704]
R3 UVCFTR;UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [2007-12-20 28200]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\CAX_CNXT.sys [2008-03-25 740864]
R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x64.sys [2008-04-03 404992]
S3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-10 26112]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-20 115712]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2008-01-20 276480]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2008-01-20 34304]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 6144]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-01 273920]
S3 mfeavfk01;McAfee Inc.; C:\Windows\system32\drivers\mfeavfk01.sys []
S3 mferkdet;McAfee Inc. mferkdet; C:\Windows\system32\drivers\mferkdet.sys [2010-10-13 94864]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 11008]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 7040]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 6656]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 7936]
S3 PCASp50a64;PCASp50a64 NDIS Protocol Driver; C:\Windows\System32\Drivers\PCASp50a64.sys [2007-06-14 41280]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-10 178176]
S3 tosrfbd;Bluetooth RFBUS; C:\Windows\system32\DRIVERS\tosrfbd.sys [2008-04-23 165888]
S3 Tosrfcom;Tosrfcom; C:\Windows\system32\drivers\Tosrfcom.sys []
S3 Tosrfhid;Bluetooth RFHID; C:\Windows\system32\DRIVERS\Tosrfhid.sys [2008-03-19 88192]
S3 Tosrfusb;Bluetooth USB Controller; C:\Windows\system32\DRIVERS\tosrfusb.sys [2007-10-18 51328]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-09-30 46592]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 108544]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-20 8704]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-20 438328]
S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-20 111104]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2010-06-29 128752]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-20 27648]
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-20 27648]
R2 lxdj_device;lxdj_device; C:\Windows\system32\lxdjcoms.exe [2007-03-12 567216]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
R2 McMPFSvc;McAfee Personal Firewall Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
R2 mcmscsvc;McAfee Services; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
R2 McNaiAnn;McAfee VirusScan Announcer; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
R2 McNASvc;McAfee Network Agent; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
R2 McProxy;McAfee Proxy Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
R2 McShield;McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [2010-10-13 200056]
R2 mfefire;McAfee Firewall Core Service; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-10-13 245352]
R2 mfevtp;McAfee Validation Trust Protection Service; C:\Windows\system32\mfevtps.exe [2010-10-13 149032]
R2 MOBKbackup;McAfee Online Backup; C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [2010-04-13 231224]
R2 MSK80Service;McAfee Anti-Spam Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
R2 o2flash;O2Micro Flash Memory Card Service; c:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe [2007-02-12 65536]
R2 TelevisionFanaticService;TelevisionFanatic Service; C:\PROGRA~2\TELEVI~2\bar\1.bin\64barsvc.exe [2011-03-11 28766]
R2 TNaviSrv;TOSHIBA Navi Support Service; C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe [2008-07-18 83312]
R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe [2007-11-21 135168]
R2 TosCoSrv;TOSHIBA Power Saver; C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe [2008-02-06 434016]
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2008-04-11 158568]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service; C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-03 175104]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2006-08-23 49152]
R2 Winferno Subscription Service;Winferno Subscription Service; C:\Program Files (x86)\Common Files\Winferno\WSS\WSS.exe [2009-10-30 139264]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio64.exe [2007-10-17 412672]
R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv; C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [2008-04-24 84992]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-03-18 136176]
S3 GameConsoleService;GameConsoleService; C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe [2008-05-28 164600]
S3 gupdatem;Google Update Service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-03-18 136176]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-03-18 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
S3 McODS;McAfee Scanner; C:\Program Files\McAfee\VirusScan\mcods.exe [2010-10-07 509416]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-20 19968]
S3 WPFFontCache_v0400;@c:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]

-----------------EOF-----------------

sammygirlqt · « **Reply #6 on:** April 27, 2011, 03:08:41 AM »

Another scan:
info.txt logfile of random's system information tool 1.08 2011-04-26 17:36:45

======Uninstall list======

Update for Microsoft Office 2007 (KB2508958)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}
-->"C:\Program Files (x86)\InstallShield Installation Information\{A644254B-92F6-4970-8635-AB0775371E72}\setup.exe" --u:{A644254B-92F6-4970-8635-AB0775371E72}
-->"C:\Program Files (x86)\TOSHIBA Games\Bejeweled 2 Deluxe\Uninstall.exe"
-->"C:\Program Files (x86)\TOSHIBA Games\Burger Shop\Uninstall.exe"
-->"C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\Uninstall.exe"
-->C:\Program Files\Conexant\SmartAudio\SETUP64.EXE -U -ISmartAudio -SM=SMAUDIO.EXE,1801
-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{622E6F16-0904-49B6-BBE1-4CC836314CCF}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{697AFC77-F318-4CD4-BF16-F50F4C1072DA}\setup.exe" -l0x9
Acrobat.com-->msiexec /qb /x {E7C97E98-4C2D-BEAF-5D2F-CC45A2F95D90}
Acrobat.com-->MsiExec.exe /I{E7C97E98-4C2D-BEAF-5D2F-CC45A2F95D90}
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe Acrobat 4.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files (x86)\Common Files\Adobe\Acrobat 4.0\NT\Uninst.isu" -c"C:\Program Files (x86)\Common Files\Adobe\Acrobat 4.0\NT\Uninst.dll"
Adobe AIR-->c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10p_ActiveX.exe -maintain activex
Adobe Flash Player 10 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10m_Plugin.exe -maintain plugin
Adobe Reader 9.4.4-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A94000000001}
Bluetooth Stack for Windows by Toshiba-->MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
Camera Assistant Software for Toshiba-->C:\Program Files (x86)\InstallShield Installation Information\{37C866E4-AA67-4725-9E95-A39968DD7960}\setup.exe -runfromtemp -l0x0009
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
CD/DVD Drive Acoustic Silencer-->C:\Program Files (x86)\InstallShield Installation Information\{4C3F3228-13BE-41D0-A782-3DDE7CB2479A}\setup.exe -runfromtemp -l0x0009 -removeonly
Chinese Simplified Fonts Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-2447-0000-900000000003}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Conexant HD Audio-->C:\Program Files\CONEXANT\CNXT_AUDIO_HDA\UIU64a.exe -U -ITE1HERya.INF
DVD MovieFactory for TOSHIBA-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}\setup.exe" -l0x9
Flickr Uploadr 3.2.1-->"C:\Users\your\Videos\Pictures\2010-09-06\New Folder\Flickr Uploadr\uninstall.exe"
Google Toolbar for Internet Explorer-->"C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_2BE6CD75D520F20B.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
HDAUDIO Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5051&SUBSYS_1179\UIU64m.exe -U -ITE1HERym.INF
HDMI Control Manager-->C:\Program Files (x86)\InstallShield Installation Information\{63DA1F6A-2E65-4367-99B9-9E39FADEC446}\setup.exe -runfromtemp -l0x0409
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->c:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->c:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {08155812-0202-4D5F-A7FF-12A2782DC548} /qb+ REBOOTPROMPT=""
InstallVC90Support-->MsiExec.exe /X{6B9C32DB-DBCD-45A8-B901-3A92A99A2474}
Intel(R) Graphics Media Accelerator Driver-->C:\Windows\SysWOW64\igxpun.exe -uninstall
Intel® Matrix Storage Manager-->C:\Windows\SysWOW64\imsmudlg.exe -uninstall
Java(TM) 6 Update 22-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216020FF}
Java(TM) 6 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
K-Lite Codec Pack 6.6.6 (Full)-->"C:\Program Files (x86)\K-Lite Codec Pack\unins000.exe"
Lexmark 1400 Series-->C:\Program Files (x86)\Lexmark 1400 Series\Install\x64\Uninst.exe
Malwarebytes' Anti-Malware-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"
Marvell Miniport Driver-->MsiExec.exe /X{5254156F-AA77-499A-B7C1-D5581D44E788}
McAfee Online Backup-->C:\Program Files (x86)\McAfeeMOBK\MozyUninstaller.exe
McAfee Online Backup-->MsiExec.exe /X{CFF4500E-C5D6-695D-A027-B3D4DDED2CC3}
McAfee Security Scan Plus-->"C:\Program Files (x86)\McAfee Security Scan\uninstall.exe"
McAfee Total Protection-->C:\Program Files\McAfee\MSC\mcuihost.exe /body:misp://MSCJsRes.dll::uninstall.html /id:uninstall
McAfee Virtual Technician-->C:\Program Files (x86)\McAfee\Supportability\MVT\MVTInstaller.exe /uninstall
McAfee Virtual Technician-->MsiExec.exe /I{49FA793C-785E-47E9-93DF-BD442B0B45D1}
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework64\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /x64 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {E64BA721-2310-4B55-BE5A-2925F9706192}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-002A-0409-1000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0116-0409-1000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office Office 64-bit Components 2007-->MsiExec.exe /X{90120000-002A-0000-1000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Shared 64-bit MUI (English) 2007-->MsiExec.exe /X{90120000-002A-0409-1000-0000000FF1CE}
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0116-0409-1000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053-->MsiExec.exe /X{B6E3757B-5E77-3915-866A-CCFC4B8D194C}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable (x64)-->MsiExec.exe /X{071c9b48-7c32-4621-a0ac-3f809523288f}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218-->MsiExec.exe /X{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}
Microsoft Works-->MsiExec.exe /I{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
NetWaiting-->C:\Program Files (x86)\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\Setup.exe -runfromtemp -l0x0009 -removeonly
O2Micro Flash Memory Card Reader Driver (x64)-->MsiExec.exe /X{AE64AAFB-8C9A-482A-B2A9-3A420A65D5D5}
ParetoLogic FileCure-->C:\Program Files (x86)\ParetoLogic\FileCure\uninstall.exe
Photodex Presenter-->C:\Program Files (x86)\Photodex Presenter\remove.exe
Pop up Blocker Pro 7.0.6 (remove only)-->"C:\Program Files (x86)\Pop up Blocker Pro\uninst.exe"
Quilted Photo Xpress 2.0 (Demo)-->"C:\Program Files (x86)\QuiltedPhoto\unins000.exe"
Security Update for 2007 Microsoft Office System (KB2288621)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5C497F0B-2061-4CC9-A61C-6B45B867354D}
Security Update for 2007 Microsoft Office System (KB2288931)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {CD769337-C8AC-46DB-A7DC-643E50089263}
Security Update for 2007 Microsoft Office System (KB2345043)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {536FB502-775F-4494-BACE-C02CC90B7A5B}
Security Update for 2007 Microsoft Office System (KB2466156)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {CEF209AB-F96D-404F-B5CC-44057C057CA3}
Security Update for 2007 Microsoft Office System (KB2509488)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {AD0DE453-0804-4495-9C91-33D0F9AA5463}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)-->c:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {8EAF4926-5B5D-398A-BA46-4603D8095BDE} /qb+ REBOOTPROMPT=""
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FD8D7C9A-E56A-3E7B-BA6D-FE68F13296E3} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {F66C3466-1FDB-347C-B3AE-FB6C50627B10} /parameterfolder Client
Security Update for Microsoft Office Excel 2007 (KB2464583)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {151E2FEA-C3A6-4CB6-BE6B-16651FDF04BE}
Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}
Security Update for Microsoft Office PowerPoint 2007 (KB2464594)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {E6B7C11E-21E9-4BA0-9677-29AD603B953C}
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {D75E6D0C-BADF-4F41-98B2-0C0F02C15062}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Word 2007 (KB2344993)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7A5B74FA-7A92-4FC9-821A-2DD5D4E73E48}
Security Update for Windows Media Encoder (KB2447961)-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E} MSIPATCHREMOVE={6139D160-F916-4708-953E-68B213BE6B7A} /qb
Security Update for Windows Media Encoder (KB954156)-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E} MSIPATCHREMOVE={E836F1B7-43FB-46B0-A0D9-E4D2A5951659} /qb
Security Update for Windows Media Encoder (KB979332)-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E} MSIPATCHREMOVE={950E24CA-CA7E-4606-8F0D-DEDBC94F2A1E} /qb
SnapZip 2011-->"C:\Program Files (x86)\Winferno\SnapZip\unins000.exe"
SUPERAntiSpyware-->"C:\Program Files\SUPERAntiSpyware\Uninstall.exe"
Synaptics Pointing Device Driver-->rundll32.exe "%ProgramFiles%\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TelevisionFanatic-->rundll32 C:\PROGRA~2\TELEVI~2\bar\1.bin\64Bar.dll,O
Toshiba Assist-->C:\Program Files (x86)\InstallShield Installation Information\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}\setup.exe -runfromtemp -l0x0009 -removeonly
TOSHIBA Disc Creator-->MsiExec.exe /X{5DA0E02F-970B-424B-BF41-513A5018E4C0}
TOSHIBA DVD PLAYER-->C:\Program Files (x86)\InstallShield Installation Information\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}\setup.exe -runfromtemp -l0x0009 -ADDREMOVE -removeonly
TOSHIBA Extended Tiles for Windows Mobility Center-->C:\Program Files (x86)\InstallShield Installation Information\{617C36FD-0CBE-4600-84B2-441CEB12FADF}\setup.exe -runfromtemp -l0x0409
TOSHIBA Face Recognition-->"C:\Program Files (x86)\InstallShield Installation Information\{F67FA545-D8E5-4209-86B1-AEE045D1003F}\setup.exe" -runfromtemp -l0x0409 -removeonly
TOSHIBA Face Recognition-->MsiExec.exe /I{F67FA545-D8E5-4209-86B1-AEE045D1003F}
TOSHIBA Hardware Setup-->C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{E8B39B08-7FAB-48CC-89E9-37C5589E130C} /l1033
TOSHIBA Recovery Disc Creator-->MsiExec.exe /X{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}
Toshiba Registration-->MsiExec.exe /I{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}
TOSHIBA Speech System Applications-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}\Setup.exe" -l0x9
TOSHIBA Speech System SR Engine(U.S.) Version1.0-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{008D69EB-70FF-46AB-9C75-924620DF191A}\Setup.exe" -l0x9 UNINSTALL
TOSHIBA Speech System TTS Engine(U.S.) Version1.0-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}\Setup.exe" -l0x9
TOSHIBA Supervisor Password-->C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{DF0853CA-A1D0-4169-8472-F2822C8FA1EB} /l1033
TOSHIBA Value Added Package-->C:\Program Files (x86)\InstallShield Installation Information\{066CFFF8-12BF-4390-A673-75F95EFF188E}\setup.exe -runfromtemp -l0x0409
Uniblue RegistryBooster-->"C:\ProgramData\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}\bm_installer.exe" REMOVE=TRUE MODIFY=FALSE
Uniblue RegistryBooster-->C:\ProgramData\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}\bm_installer.exe
Update for 2007 Microsoft Office System (KB2284654)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {FB166E7C-8AA6-48C8-B726-1F25BEE7825A}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->c:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}
Update for Microsoft Office OneNote 2007 (KB980729)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {329050A9-EF80-40F9-B633-74508F54C1FF}
Update for Microsoft Office OneNote 2007 Help (KB963670)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2744EF05-38E1-4D5D-B333-E021EDAEA245}
Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}
WildTangent Games-->"C:\Program Files (x86)\TOSHIBA Games\Uninstall.exe"
Windows Media Encoder 9 Series-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}

======Hosts File======

127.0.0.1   localhost

======Security center information======

AS: Windows Defender
AS: SUPERAntiSpyware (disabled)

======System event log======

Computer Name: your-PC
Event Code: 4374
Message: Windows Servicing identified that package KB968389(Update) is not applicable for this system
Record Number: 75975
Source Name: Microsoft-Windows-Servicing
Time Written: 20100712213510.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: your-PC
Event Code: 4374
Message: Windows Servicing identified that package KB968389(Update) is not applicable for this system
Record Number: 75974
Source Name: Microsoft-Windows-Servicing
Time Written: 20100712213510.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: your-PC
Event Code: 4374
Message: Windows Servicing identified that package KB968389(Update) is not applicable for this system
Record Number: 75973
Source Name: Microsoft-Windows-Servicing
Time Written: 20100712213509.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: your-PC
Event Code: 4374
Message: Windows Servicing identified that package KB968389(Update) is not applicable for this system
Record Number: 75964
Source Name: Microsoft-Windows-Servicing
Time Written: 20100712213501.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: your-PC
Event Code: 4001
Message: WLAN AutoConfig service has successfully stopped.

Record Number: 75823
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20100712212554.024787-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

=====Application event log=====

Computer Name: your-PC
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 334
Source Name: Microsoft-Windows-WMI
Time Written: 20090116181316.000000-000
Event Type: Error
User:

Computer Name: your-PC
Event Code: 3086
Message: The system locale has changed. Existing data will be deleted and the index must be recreated.

Context: Windows Application, SystemIndex Catalog

Record Number: 314
Source Name: Microsoft-Windows-Search
Time Written: 20090116181218.000000-000
Event Type: Warning
User:

Computer Name: your-PC
Event Code: 1533
Message: Windows cannot delete the profile directory C:\Users\Administrator. This error may be caused by files in this directory being used by another program.

DETAIL - The directory is not empty.
Record Number: 306
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20090116180755.000000-000
Event Type: Error
User: NT AUTHORITY\SYSTEM

Computer Name: your-PC
Event Code: 1008
Message: The Windows Search Service is attempting to remove the old catalog.

Record Number: 294
Source Name: Microsoft-Windows-Search
Time Written: 20090116161211.000000-000
Event Type: Warning
User:

Computer Name: WIN-RD3DUW2YR80
Event Code: 1036
Message: InitializePrintProvider failed for provider inetpp.dll. This can occur because of system instability or a lack of system resources.
Record Number: 272
Source Name: Microsoft-Windows-SpoolerSpoolss
Time Written: 20090116155457.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

=====Security event log=====

Computer Name: WIN-RD3DUW2YR80
Event Code: 4648
Message: A logon was attempted using explicit credentials.

Subject:
   Security ID:      S-1-5-18
   Account Name:      WIN-RD3DUW2YR80$
   Account Domain:      WORKGROUP
   Logon ID:      0x3e7
   Logon GUID:      {00000000-0000-0000-0000-000000000000}

Account Whose Credentials Were Used:
   Account Name:      SYSTEM
   Account Domain:      NT AUTHORITY
   Logon GUID:      {00000000-0000-0000-0000-000000000000}

Target Server:
   Target Server Name:   localhost
   Additional Information:   localhost

Process Information:
   Process ID:      0x220
   Process Name:      C:\Windows\System32\services.exe

Network Information:
   Network Address:   -
   Port:         -

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Record Number: 336
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20080529223415.103812-000
Event Type: Audit Success
User:

Computer Name: WIN-RD3DUW2YR80
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
   Security ID:      S-1-5-18
   Account Name:      SYSTEM
   Account Domain:      NT AUTHORITY
   Logon ID:      0x3e7

Privileges:      SeAssignPrimaryTokenPrivilege
         SeTcbPrivilege
         SeSecurityPrivilege
         SeTakeOwnershipPrivilege
         SeLoadDriverPrivilege
         SeBackupPrivilege
         SeRestorePrivilege
         SeDebugPrivilege
         SeAuditPrivilege
         SeSystemEnvironmentPrivilege
         SeImpersonatePrivilege
Record Number: 335
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20080529223415.025812-000
Event Type: Audit Success
User:

Computer Name: WIN-RD3DUW2YR80
Event Code: 4624
Message: An account was successfully logged on.

Subject:
   Security ID:      S-1-5-18
   Account Name:      WIN-RD3DUW2YR80$
   Account Domain:      WORKGROUP
   Logon ID:      0x3e7

Logon Type:         5

New Logon:
   Security ID:      S-1-5-18
   Account Name:      SYSTEM
   Account Domain:      NT AUTHORITY
   Logon ID:      0x3e7
   Logon GUID:      {00000000-0000-0000-0000-000000000000}

Process Information:
   Process ID:      0x220
   Process Name:      C:\Windows\System32\services.exe

Network Information:
   Workstation Name:
   Source Network Address:   -
   Source Port:      -

Detailed Authentication Information:
   Logon Process:      Advapi
   Authentication Package:   Negotiate
   Transited Services:   -
   Package Name (NTLM only):   -
   Key Length:      0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
   - Transited services indicate which intermediate services have participated in this logon request.
   - Package name indicates which sub-protocol was used among the NTLM protocols.
   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 334
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20080529223415.025812-000
Event Type: Audit Success
User:

Computer Name: WIN-RD3DUW2YR80
Event Code: 4648
Message: A logon was attempted using explicit credentials.

Subject:
   Security ID:      S-1-5-18
   Account Name:      WIN-RD3DUW2YR80$
   Account Domain:      WORKGROUP
   Logon ID:      0x3e7
   Logon GUID:      {00000000-0000-0000-0000-000000000000}

Account Whose Credentials Were Used:
   Account Name:      SYSTEM
   Account Domain:      NT AUTHORITY
   Logon GUID:      {00000000-0000-0000-0000-000000000000}

Target Server:
   Target Server Name:   localhost
   Additional Information:   localhost

Process Information:
   Process ID:      0x220
   Process Name:      C:\Windows\System32\services.exe

Network Information:
   Network Address:   -
   Port:         -

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Record Number: 333
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20080529223415.025812-000
Event Type: Audit Success
User:

Computer Name: WIN-RD3DUW2YR80
Event Code: 1102
Message: The audit log was cleared.
Subject:
   Security ID:   S-1-5-21-3235602083-1156473005-3116676594-500
   Account Name:   Administrator
   Domain Name:   WIN-RD3DUW2YR80
   Logon ID:   0x24e64
Record Number: 332
Source Name: Microsoft-Windows-Eventlog
Time Written: 20080529223408.895012-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\PROGRA~2\COMMON~1\ULEADS~1\MPEG;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\34FB5F65-FFEB-4B61-BF0E-A6A76C450FAA\TraceFormat
"DFSTRACINGON"=FALSE
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\

-----------------EOF-----------------

Corrine · « **Reply #7 on:** April 27, 2011, 03:46:42 PM »

Hi, Hi, Sammygirl.

Thank you for the logs.

I strongly advise you to uninstall both Uniblue and ParetoLogic FileCure. I have seen too much damage done by so-called registry cleaner software and Uniblue is no exception, resulting in an unbootable PC. As to ParetoLogic software, it has a rather shady reputation, pretty much showing lots of errors and wanting payment in order to fix.

If you have a licensed version of Adobe Acrobat, you need to update it to the latest version, as the installed version is extremely out of date.

The next step is to take care of the vulnerable Java on your computer. Please uninstall the following:

Java(TM) 6 Update 22
Java(TM) 6 Update 6

Then download and install Java SE Runtime Environment (JRE) 6 Update 25. Download the Windows x64 version from: Java SE Runtime Environment 6u25

Note: UNCHECK any pre-checked toolbar and/or software options presented with the update. They are not part of the software update and are completely optional.

Download TFC to your desktop

Open the file and close any other windows.
It will close all programs itself when run, make sure to let it run uninterrupted.
Click the Start button to begin the process. The program should not take long to finish its job
Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

TFC requires a reboot immediately after running. Be sure to save any unsaved work before running TFC.

When that is complete, please scan with MBAM again, this time selecting the detected items for removal:

Launch Malwarebytes' Anti-Malware then click the Update tab and "Check for Updates
Once the update has been installed and the program has loaded, select Quick scan
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, EXCEPT items in System Restore as shown in this sample:
Click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See the Note below)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Please post contents of that file in your next reply.

** Note **

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

sammygirlqt · « **Reply #8 on:** April 28, 2011, 02:12:35 AM »

I have uninstalled Paretologic File Cure
Uniblue
Popup Blocker

I don't have a license for Adobe, only what came with the laptop.

Uninstalled
Java TM 6 Update 22
Java TM 6 UPdate 6

After I selected agreement, it says to download. There is a list of Product, File Size, Download. There are 14 items. Do I have to download each one? I don't follow you on unchecking prechecked items in tool bar and/or software options. I am not seeing this. Can you walk me through this?

Corrine · « **Reply #9 on:** April 28, 2011, 02:02:50 PM »

Hi, Sammygirl.

From the download page, you need to click to "Accept License Agreement". Then click the download for your 64-bit operating system. It is the one at the bottom of the list:

Windows x64 16.09 MB jre-6u25-windows-x64.exe

What I meant is to pay attention as you click through the options to install. Very often the Java installation will include a Bing or other toolbar or optional software. Just read the instructions as you are going through the installation.

sammygirlqt · « **Reply #10 on:** April 28, 2011, 11:00:00 PM »

Thanks for your help on the Java. Today, I can't get mbam to load. I get an error message. Sorry, I need some help again.

Corrine · « **Reply #11 on:** April 28, 2011, 11:29:45 PM »

What is the error message?

Are you able to launch and update other security software programs you have installed (i.e., Mcfee, SUPERAntiSpyware)?

sammygirlqt · « **Reply #12 on:** April 29, 2011, 01:38:57 AM »

I tried again to install. I tried to install Free Version MPAM.Malwarebytes.org, malwarex86 version 1.42,4.62MB.
MBAM_ERROR_EXPANDING_VARIABLES(0,453) Please report this error code to our support team. Then says install finished.
Windows cannot find MBAM-setup.exe an error has occured MBAM_ERROR_MISSING_FILE 3,0, MBAMSWISSARMY.SYS. The system cannot find the path.

My McAffee is installed and working
My SuperAntiSpyware is installed and working. I ran a quick scan and it detected no problems.
I saw on the Malware forum that there has been an error problem on installation.

sammygirlqt · « **Reply #13 on:** April 29, 2011, 02:52:52 AM »

I think I might have found why I can't install Malware....ravencajun had me install it and run a scan. I see that you are only able to use the Free scan one time, then you have to buy the program.

MikeW · « **Reply #14 on:** April 29, 2011, 08:32:14 AM »

Quote from: sammygirlqt on April 29, 2011, 02:52:52 AM

I think I might have found why I can't install Malware....ravencajun had me install it and run a scan. I see that you are only able to use the Free scan one time, then you have to buy the program.

Sounds like you installed a rogue then. Malwarebytes free works fully for lifetime. There is or was a conflict with Mcaffee

LandzDown Forum

News:

Author Topic: Trojan Attack (Read 2772 times)

sammygirlqt

Trojan Attack

R-C

Re: Trojan Attack

Corrine

Re: Trojan Attack

sammygirlqt

Re: Trojan Attack

sammygirlqt

Re: Trojan Attack

sammygirlqt

Re: Trojan Attack

sammygirlqt

Re: Trojan Attack

Corrine

Re: Trojan Attack

sammygirlqt

Re: Trojan Attack

Corrine

Re: Trojan Attack

sammygirlqt

Re: Trojan Attack

Corrine

Re: Trojan Attack

sammygirlqt

Re: Trojan Attack

sammygirlqt

Re: Trojan Attack

MikeW

Re: Trojan Attack