Print Page - Norton 360 Spyware.Perfect removal alert.

My Norton scan yesterday alerted me that Spyware.Perfect had been found and removed. I understand this to be a keylogger software program which I did not install. Nobody has access to my computer. I have run all your malware programs and have logs. Also tried using the Computer Hope Hijack this process tool, but a little to complicated for me to understand. I have included the logs. Hope I did everything right. ;D Thanks in advance for your help.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/27/2010 at 01:46 PM

Application Version : 4.39.1002

Core Rules Database Version : 5124
Trace Rules Database Version: 2936

Scan type : Complete Scan
Total Scan Time : 02:15:06

Memory items scanned : 662
Memory threats detected : 0
Registry items scanned : 20576
Registry threats detected : 0
File items scanned : 191519
File threats detected : 1

Adware.Tracking Cookie
.doubleclick.net [ C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\dilwetd3.default\cookies.sqlite ]

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928

6/27/2010 2:24:38 PM
mbam-log-2010-06-27 (14-24-38).txt

Scan type: Quick scan
Objects scanned: 119265
Time elapsed: 5 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:54:18 PM, on 6/27/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files (x86)\Norton 360 Premier Edition\Engine\3.8.0.41\ccSvcHst.exe
C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Norton 360 Premier Edition\Engine\3.8.0.41\ccSvcHst.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files (x86)\Toshiba\Utilities\KeNotify.exe
C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
c:\PROGRA~2\MICROS~1\wkcalrem.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\sniper.exe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\3.8.0.41\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\3.8.0.41\IPSBHO.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\3.8.0.41\coIEPlg.dll
O3 - Toolbar: Avery Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [cfFncEnabler.exe] cfFncEnabler.exe
O4 - HKLM\..\Run: [KeNotify] "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe"
O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
O4 - HKLM\..\Run: [PCMAgent] "C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe"
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\windows sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: MasterCook: Select Image - C:\Program Files (x86)\MasterCook 9\Web\MCIEContext.hta
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: MasterCook Web Import Bar - {E6EF5071-7647-4E85-9785-87B6CF5CB561} - C:\Windows\SysWOW64\shdocvw.dll
O15 - Trusted Zone: http://www.convergysworkathome.com
O16 - DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} (WNICheck2 Class) - http://www.convergysworkathome.com/AppHardT.CAB
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\3.8.0.41\coIEPlg.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Unknown owner - C:\Windows\system32\agr64svc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: ConfigFree Gadget Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\3.8.0.41\ccSvcHst.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: SmartFaceVWatchSrv - Toshiba - C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files (x86)\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13691 bytes

Hello, and welcome to Computer Hope.

Please note the following information about the malware forum:

Only the Malware Specialist Team is allowed to give advice on removing malware from your computer.
From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by the staff I noted above.
Please do not attach logs or post them in Quote/Code boxes unless requested.
Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
If you have already asked for help somewhere, please post the link to the topic you were helped.
We try our best to reply quickly, but for any reason we do not reply in two days, reply to this topic with the word BUMP
Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

Please visit this webpage for a tutorial on downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

See the area: Using ComboFix, and when done, post the log back here.

Tried using ComboFix got this error msg: Incompatible OS. ComboFix only works for workstations with Windows 2000 or XP. I think because I have 64bit OS? Top of error box says for Win32 only.

Please download MySystem-Search from here: Download mirror (http://www.drivehq.com/file/df.aspx/publish/GPuser/DragonMasterJay/mss.exe)

Save the file to your Desktop.
Double-click on mss.exe
Allow it to run, and follow the prompts.
Once done, it will launch a log.
Post it in your next reply.

Note: the logs are long. Please use more than one post, if necessary.

Thank you Jay

MySystem-Search

MSS v1.5

Basic System Information

Username: Sharon - Date: 06/28/2010 - Time: 9:12:23

Microsoft Windows [Version 6.0.6002]
Processor type: Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
Total processors: 2
Computer Name: SHARON-PC
Logon Server: \\SHARON-PC

CD Emulation Drivers running?

Peer-to-Peer applications?

File associations

.exe=exefile
.scr=scrfile
.pif=piffile
.com=comfile
.bat=batfile
.cmd=cmdfile
.log=txtfile
.txt=txtfile
.reg=regfile
.sys=sysfile
.dll=dllfile
.ini=inifile
.inf=inffile

Running processes

Image Name PID Session Name Session# Mem Usage
========================= ======== ================ =========== ============
System Idle Process 0 Services 0 24 K
System 4 Services 0 51,888 K
smss.exe 584 Services 0 2,068 K
csrss.exe 656 Services 0 14,092 K
wininit.exe 692 Services 0 9,480 K
csrss.exe 712 Console 1 10,012 K
winlogon.exe 748 Console 1 11,940 K
services.exe 792 Services 0 9,172 K
lsass.exe 804 Services 0 2,540 K
lsm.exe 812 Services 0 6,156 K
svchost.exe 964 Services 0 10,264 K
PresentationFontCache.exe 1008 Services 0 85,140 K
svchost.exe 388 Services 0 10,744 K
svchost.exe 704 Services 0 27,320 K
svchost.exe 808 Services 0 197,684 K
svchost.exe 972 Services 0 117,452 K
audiodg.exe 1096 Services 0 19,776 K
svchost.exe 1128 Services 0 8,360 K
SLsvc.exe 1144 Services 0 13,840 K
svchost.exe 1192 Services 0 19,036 K
svchost.exe 1356 Services 0 39,412 K
wlanext.exe 1536 Services 0 18,756 K
spoolsv.exe 1608 Services 0 17,824 K
svchost.exe 1656 Services 0 26,084 K
agr64svc.exe 1856 Services 0 3,604 K
AppleMobileDeviceService. 1876 Services 0 6,128 K
mDNSResponder.exe 1888 Services 0 6,924 K
BDTUpdateService.exe 1908 Services 0 4,364 K
CFProcSRVC.exe 1924 Services 0 9,928 K
CFSvcs.exe 1976 Services 0 3,964 K
EvtEng.exe 2032 Services 0 18,648 K
ccSvcHst.exe 1316 Services 0 12,632 K
svchost.exe 1732 Services 0 6,704 K
RegSrvc.exe 2160 Services 0 6,672 K
svchost.exe 2424 Services 0 9,612 K
TMachInfo.exe 2496 Services 0 38,044 K
TNaviSrv.exe 2564 Services 0 5,192 K
TODDSrv.exe 2652 Services 0 5,208 K
TosCoSrv.exe 2672 Services 0 5,324 K
TosBtSrv.exe 2764 Services 0 5,132 K
TosIPCSrv.exe 2788 Services 0 4,576 K
ULCDRSvr.exe 2824 Services 0 4,416 K
dllhost.exe 2832 Services 0 6,220 K
svchost.exe 2852 Services 0 4,844 K
WLIDSVC.EXE 2884 Services 0 15,964 K
SearchIndexer.exe 2948 Services 0 62,348 K
taskeng.exe 3032 Services 0 9,836 K
WLIDSVCM.EXE 3648 Services 0 4,060 K
SmartFaceVWatchSrv.exe 3932 Services 0 17,084 K
WmiPrvSE.exe 3460 Services 0 9,424 K
ccSvcHst.exe 3772 Console 1 5,100 K
dwm.exe 3268 Console 1 52,444 K
taskeng.exe 3900 Console 1 17,384 K
explorer.exe 3924 Console 1 106,588 K
igfxtray.exe 4596 Console 1 12,484 K
hkcmd.exe 4704 Console 1 7,236 K
igfxpers.exe 4780 Console 1 6,852 K
igfxsrvc.exe 4848 Console 1 9,720 K
Apoint.exe 4920 Console 1 11,940 K
TPwrMain.exe 4932 Console 1 9,736 K
ApMsgFwd.exe 4976 Console 1 4,648 K
SmoothView.exe 5020 Console 1 4,356 K
TCrdMain.exe 5092 Console 1 23,520 K
RAVCpl64.exe 3448 Console 1 20,344 K
TOSCDSPD.exe 3588 Console 1 5,888 K
GoogleToolbarNotifier.exe 2480 Console 1 2,436 K
sidebar.exe 996 Console 1 47,668 K
ehtray.exe 4092 Console 1 2,988 K
ehmsas.exe 4444 Console 1 5,532 K
SSScheduler.exe 1044 Console 1 6,244 K
ONENOTEM.EXE 1676 Console 1 2,376 K
NDSTray.exe 2432 Console 1 7,412 K
KeNotify.exe 256 Console 1 10,220 K
ToshibaServiceStation.exe 4240 Console 1 71,796 K
PCMAgent.exe 4636 Console 1 10,860 K
traybar.exe 4668 Console 1 8,516 K
sidebar.exe 3524 Console 1 47,980 K
CFSwMgr.exe 4572 Console 1 10,684 K
CLMLSvc.exe 5008 Console 1 18,392 K
iTunesHelper.exe 1824 Console 1 15,220 K
iPodService.exe 4540 Services 0 7,848 K
ApntEx.exe 5552 Console 1 5,648 K
WkCalRem.exe 3332 Console 1 4,528 K
splwow64.exe 2392 Console 1 11,220 K
SASCore64.exe 5148 Services 0 3,876 K
SUPERAntiSpyware.exe 5012 Console 1 820 K
bfgclient.exe 3384 Console 1 39,784 K
firefox.exe 3484 Console 1 139,612 K
plugin-container.exe 4260 Console 1 25,544 K
SearchProtocolHost.exe 3852 Services 0 10,908 K
SearchFilterHost.exe 2860 Services 0 6,792 K
mss.exe 2324 Console 1 5,004 K
cmd.exe 2872 Console 1 3,432 K
tasklist.exe 3064 Console 1 6,012 K
WmiPrvSE.exe 592 Services 0 7,488 K

Hidden objects

PATH: C:\windows

Installer
msdownld.tmp
WindowsShell.Manifest

PATH: C:\windows\system32

PATH: C:\windows\system32\drivers

fbd.sys

PATH: C:\

$Recycle.Bin
Boot
bootmgr
Config.Msi
Documents and Settings
hiberfil.sys
MSOCache
pagefile.sys
ProgramData
System Volume Information

User Profile check

Public
Sharon

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
ProfilesDirectory REG_EXPAND_SZ %SystemDrive%\Users
Default REG_EXPAND_SZ %SystemDrive%\Users\Default
Public REG_EXPAND_SZ %SystemDrive%\Users\Public
ProgramData REG_EXPAND_SZ %SystemDrive%\ProgramData

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18
Flags REG_DWORD 0xc
State REG_DWORD 0x0
RefCount REG_DWORD 0x1
Sid REG_BINARY 010100000000000512000000
ProfileImagePath REG_EXPAND_SZ %systemroot%\system32\config\systemprofile

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19
ProfileImagePath REG_EXPAND_SZ %SystemRoot%\ServiceProfiles\LocalService
Flags REG_DWORD 0x0
State REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20
ProfileImagePath REG_EXPAND_SZ %SystemRoot%\ServiceProfiles\NetworkService
Flags REG_DWORD 0x0
State REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-776699227-4283417703-54896960-1000
ProfileImagePath REG_EXPAND_SZ C:\Users\Sharon
Flags REG_DWORD 0x0
State REG_DWORD 0x100
Sid REG_BINARY 0105000000000005150000005B7D4B2E67C44FF F40A94503E8030000
ProfileLoadTimeLow REG_DWORD 0x0
ProfileLoadTimeHigh REG_DWORD 0x0
RefCount REG_DWORD 0x1
RunLogonScriptSync REG_DWORD 0x0

Current Scheduled Tasks

PATH: C:\Windows\Tasks

SCHEDLGU.TXT
SA.DAT

Windows Drivers and NT-Services

Volume in drive C is SQ004805V04
Volume Serial Number is 02A5-ACBE

Directory of C:\Windows\System32\Drivers

06/18/2009 02:25 PM 13 fbd.sys
1 File(s) 13 bytes
0 Dir(s) 215,423,160,320 bytes free
Volume in drive C is SQ004805V04
Volume Serial Number is 02A5-ACBE

Directory of C:\Windows\System32\Drivers

09/18/2006 05:26 PM 3,440,660 gm.dls
09/18/2006 05:26 PM 646 gmreadme.txt
11/02/2006 11:16 AM <DIR> UMDF
11/02/2006 11:16 AM <DIR> en-US
05/07/2008 02:30 PM 32,040 LPCFilter.sys
04/24/2009 07:39 PM 22,656 BMLoad.sys
04/29/2010 03:39 PM 38,224 mbamswissarmy.sys
06/27/2010 02:18 PM <DIR> .
06/27/2010 02:18 PM <DIR> ..
5 File(s) 3,534,226 bytes
4 Dir(s) 215,423,160,320 bytes free

Virtual drives found?

Environment variables

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Sharon\AppData\Roaming
asl.log=Destination=file;OnFirstLog=command,environment
CLASSPATH=.;C:\Program Files (x86)\Java\jre1.6.0_06\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files (x86)\Common Files
CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files
CommonProgramW6432=C:\Program Files\Common Files
COMPUTERNAME=SHARON-PC
ComSpec=C:\Windows\system32\cmd.exe
DFSTRACINGON=FALSE
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Sharon
LOCALAPPDATA=C:\Users\Sharon\AppData\Local
LOGONSERVER=\\SHARON-PC
MOZ_CRASHREPORTER_DATA_DIRECTORY=C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Crash Reports
MOZ_CRASHREPORTER_RESTART_ARG_0=C:\Program Files (x86)\Mozilla Firefox\firefox.exe
MOZ_CRASHREPORTER_STRINGS_OVERRIDE=C:\Program Files (x86)\Mozilla Firefox\crashreporter-override.ini
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files (x86)\Mozilla Firefox;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~2\COMMON~1\ULEADS~1\MPEG;C:\Program Files\Intel\WiFi\bin\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\Common Files\Microsoft Shared\Windows Live
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_ARCHITEW6432=AMD64
PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=170a
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files (x86)
ProgramFiles(x86)=C:\Program Files (x86)
ProgramW6432=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files (x86)\Java\jre1.6.0_06\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\Sharon\AppData\Local\Temp
TMP=C:\Users\Sharon\AppData\Local\Temp
TRACE_FORMAT_SEARCH_PATH=\\NTREL202.ntdev.corp.microsoft.com\34FB5F65-FFEB-4B61-BF0E-A6A76C450FAA\TraceFormat
USERDOMAIN=Sharon-PC
USERNAME=Sharon
USERPROFILE=C:\Users\Sharon
windir=C:\Windows

Stealth malware?

Internet Explorer

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main
Start Page REG_SZ http://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
AutoHide REG_SZ yes
Default_Page_URL REG_SZ http://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
Default_Secondary_Page_URL REG_MULTI_SZ
Default_Search_URL REG_SZ http://go.microsoft.com/fwlink/?LinkId=54896
Search Page REG_SZ http://go.microsoft.com/fwlink/?LinkId=54896
Extensions Off Page REG_SZ about:NoAdd-ons
Security Risk Page REG_SZ about:SecurityRisk
Enable_Disk_Cache REG_SZ yes
Cache_Percent_of_Disk REG_BINARY 0A000000
Delete_Temp_Files_On_Exit REG_SZ yes
Local Page REG_SZ C:\Windows\SysWOW64\blank.htm
Anchor_Visitation_Horizon REG_BINARY 01000000
Use_Async_DNS REG_SZ yes
Placeholder_Width REG_BINARY 1A000000
Placeholder_Height REG_BINARY 1A000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\ErrorThresholds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\UrlTemplate

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
IE5_UA_Backup_Flag REG_SZ 5.0
User Agent REG_SZ Mozilla/4.0 (compatible; MSIE 8.0; Win32)
EmailName REG_SZ IEUser@
AutoConfigProxy REG_SZ wininet.dll
MimeExclusionListForCache REG_SZ multipart/mixed multipart/x-mixed-replace multipart/x-byteranges
UseSchannelDirectly REG_BINARY 01000000
EnableHttp1_1 REG_DWORD 0x1
PrivDiscUiShown REG_DWORD 0x1
WarnOnIntranet REG_DWORD 0x1
WarnOnPost REG_BINARY 01000000
UrlEncoding REG_DWORD 0x0
SecureProtocols REG_DWORD 0x28
PrivacyAdvanced REG_DWORD 0x0
ZonesSecurityUpgradeDone REG_DWORD 0x1
DisableCachingOfSSLPages REG_DWORD 0x0
WarnonZoneCrossing REG_DWORD 0x0
CertificateRevocation REG_DWORD 0x1
EnableNegotiate REG_DWORD 0x1
MigrateProxy REG_DWORD 0x1
ProxyEnable REG_DWORD 0x0
ZonesSecurityUpgrade REG_BINARY AD22F6DB1AFAC901
MaxConnectionsPerServer REG_DWORD 0xa
MaxConnectionsPer1_0Server REG_DWORD 0xa
GlobalUserOffline REG_DWORD 0x0
SyncMode5 REG_DWORD 0x4
EnableAutodial REG_DWORD 0x0
NoNetAutodial REG_DWORD 0x0
ProxyOverride REG_SZ *.local

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Http Filters
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Passport
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Protocols
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Url History
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
Disable Script Debugger REG_SZ yes
Anchor Underline REG_SZ yes
Cache_Update_Frequency REG_SZ Once_Per_Session
Display Inline Images REG_SZ yes
Do404Search REG_BINARY 01000000
Local Page REG_SZ C:\Windows\system32\blank.htm
Save_Session_History_On_Exit REG_SZ no
Show_FullURL REG_SZ no
Show_StatusBar REG_SZ yes
Show_ToolBar REG_SZ yes
Show_URLinStatusBar REG_SZ yes
Show_URLToolBar REG_SZ yes
Use_DlgBox_Colors REG_SZ yes
Search Page REG_SZ http://go.microsoft.com/fwlink/?LinkId=54896
XMLHTTP REG_DWORD 0x1
NoUpdateCheck REG_DWORD 0x1
UseClearType REG_SZ no
Enable Browser Extensions REG_SZ yes
Play_Background_Sounds REG_SZ yes
Play_Animations REG_SZ yes
Start Page REG_SZ http://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
Default_Page_URL REG_SZ http://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
CompatibilityFlags REG_DWORD 0x0
FullScreen REG_SZ no
SearchMigrated REG_DWORD 0x0
Window_Placement REG_BINARY 2C0000000000000001000000FFFFFFFFFFFFFFF FFFFFFFFFFFFFFFFF59000000D50000007F0400 00B7030000
Use FormSuggest REG_SZ no
NotifyDownloadComplete REG_SZ yes
StartPageCache REG_DWORD 0x1
RunOnceComplete REG_DWORD 0x1
RunOnceHasShown REG_DWORD 0x1
Secondary Start Pages REG_MULTI_SZ http://www.google.com/
AlwaysShowMenus REG_DWORD 0x1
StatusBarWeb REG_DWORD 0x0
ShowedCheckBrowser REG_SZ Yes
Check_Associations REG_SZ no
IE8RunOnceLastShown REG_DWORD 0x1
IE8RunOnceLastShown_TIMESTAMP REG_BINARY 205DB27FCEFCC901
IE8RunOncePerInstallCompleted REG_DWORD 0x1
IE8RunOnceCompletionTime REG_BINARY F098EFA4CEFCC901
IE8TourShown REG_DWORD 0x1
IE8TourShownTime REG_BINARY 80F8F0A4CEFCC901
FormSuggest PW Ask REG_SZ no

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default Feeds
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks
{CFBFAE00-17A6-11D0-99CB-00C04FD64497} REG_SZ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
{2318C2B1-4965-11d4-9B18-009027A5CD4F} REG_BINARY 00
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} REG_SZ Norton Toolbar
{D4027C7F-154A-4066-A1AD-4243D8127440} REG_BINARY 00
{472734EA-242A-422B-ADF8-83D1E48CC825} REG_SZ PC Tools Browser Guard

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\MasterCook: Select Image

Protocol hijack?

Security Center

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc
oobe_av REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile
EnableFirewall REG_DWORD 0x0
DisableNotifications REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
EnableFirewall REG_DWORD 0x0
DisableNotifications REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile
EnableFirewall REG_DWORD 0x0
DisableNotifications REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\GloballyOpenPorts
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging

Uninstall List

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BFG-2 Tasty
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BFG-Burger Bustle
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BFG-Hotdog Hotshot
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BFG-Ice Cream Craze
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BFG-Mall-a-Palooza
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BFG-Sally's Salon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BFG-Sally's Spa
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BFG-Top Chef
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BFGC
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Browser Defender_is1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CCleaner
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HOMESTUDENTR
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield Uninstall Information
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{FB98D390-54A4-4CD1-93D3-FBC96A6F07A3}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB954156
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB979332
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Malwarebytes' Anti-Malware_is1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\McAfee Security Scan
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox (3.6.6)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\N360
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Revo Uninstaller
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Rhapsody
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Security Task Manager
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Spyware Doctor
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SymcData-idsdefs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TOSHIBA Game Console
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WildTangent toshiba Master Uninstall
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Media Encoder 9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WT047338
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WT047347
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WT047349
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WT047351
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WT047534
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WT047932
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WT047938
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WT050981
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WT068453
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WT074152
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WT081295
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WT082374
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{008D69EB-70FF-46AB-9C75-924620DF191A}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{066CFFF8-12BF-4390-A673-75F95EFF188E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{18455581-E099-4BA8-BC6B-F34B2F06600C}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{224821ED-CADA-4A8A-AC8D-3734CC0F0931}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2318C2B1-4965-11d4-9B18-009027A5CD4F}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2637C347-9DAD-11D6-9EA2-00055D0CA761}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26604C7E-A313-4D12-867F-7C6E7820BE4C}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83216020FF}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2EA45803-BEB7-46C4-9ADC-46A5F9E7BB77}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160060}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37563E8A-F8C5-482E-8E61-2C39D7CCACA9}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37C866E4-AA67-4725-9E95-A39968DD7960}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{45A66726-69BC-466B-A7A4-12FCBA4883D7}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{48FF6DE6-0619-4562-B4B1-21F161FE0DE0}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4C3F3228-13BE-41D0-A782-3DDE7CB2479A}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5279374D-87FE-4879-9385-F17278EBB9D3}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{553255F3-78FD-40F1-A6F8-6882140265FE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{620BBA5E-F848-4D56-8BDA-584E44584C5E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{622E6F16-0904-49B6-BBE1-4CC836314CCF}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{697AFC77-F318-4CD4-BF16-F50F4C1072DA}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7299052b-02a4-4627-81f2-1818da5d550d}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{770657D0-A123-3C07-8E44-1C83EC895118}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{890EF3F8-742F-46BD-9E8E-084B3A1F4364}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0016-0409-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0018-0409-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001B-0409-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0409-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-040C-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0C0A-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0020-0409-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-002C-0409-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0409-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00A1-0409-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0115-0409-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0112C750-A06F-4F92-9C40-E5C1EA9A70EB}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{329050A9-EF80-40F9-B633-74508F54C1FF}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{7F207DCA-3399-40CB-A968-6E5991B1421A}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{B0EC5722-241F-4CDA-83B4-AA5846B6F9F4}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C3F9A0DC-A5D1-4BB6-870E-2953E5A2487B}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E8766951-2B6C-4022-86E8-80D2D1762B76}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{F5B70033-E79C-4569-90BF-BC9B4E4F3F46}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{FCD742B9-7A55-44BC-A776-F795F21FEDDC}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{95120000-00AF-0409-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9A25302D-30C0-39D9-BD6F-21E6EC160475}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A644254B-92F6-4970-8635-AB0775371E72}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AA8B2587-7198-44E6-858D-20EA0E833C9D}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC6569FA-6919-442A-8552-073BE69E247A}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1033-7B44-A81300000003}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1033-7B44-A81300000003}_814
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C523D256-313D-4866-B36A-F3DE528246EF}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB350003
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB953595
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB958484
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB960043
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E1E56B8A-1AAF-422A-91DB-625059FB9863}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F751C062-87DA-4D33-8A12-6E7F1D4C051C}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FB98D390-54A4-4CD1-93D3-FBC96A6F07A3}

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Move Media Player

Adobe Products

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX
DisplayName REG_SZ Adobe Flash Player 10 ActiveX
DisplayVersion REG_SZ 10.0.45.2
Publisher REG_SZ Adobe Systems Incorporated
URLInfoAbout REG_SZ http://www.adobe.com/go/getflashplayer
VersionMajor REG_SZ 10
VersionMinor REG_SZ 0
HelpLink REG_SZ http://www.adobe.com/go/flashplayer_support/
URLUpdateInfo REG_SZ http://www.adobe.com/go/flashplayer/
DisplayIcon REG_SZ C:\Windows\SysWOW64\Macromed\Flash\uninstall_activeX.exe
UninstallString REG_SZ C:\Windows\SysWOW64\Macromed\Flash\uninstall_activeX.exe
RequiresIESysFile REG_SZ 4.70.0.1155
NoModify REG_DWORD 0x1
NoRepair REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin
DisplayName REG_SZ Adobe Flash Player 10 Plugin
Publisher REG_SZ Adobe Systems Incorporated
DisplayVersion REG_SZ 10.1.53.64
HelpLink REG_SZ http://www.adobe.com/go/flashplayer_support/
NoModify REG_DWORD 0x1
NoRepair REG_DWORD 0x1
RequiresIESysFile REG_SZ 4.70.0.1155
URLInfoAbout REG_SZ http://www.adobe.com
URLUpdateInfo REG_SZ http://www.adobe.com/go/getflashplayer/
VersionMajor REG_DWORD 0xa
VersionMinor REG_DWORD 0x1
UninstallString REG_SZ C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_Plugin.exe -maintain plugin
DisplayIcon REG_SZ C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_Plugin.exe
EstimatedSize REG_DWORD 0x1800

Autorun

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD REG_SZ C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
swg REG_SZ "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
Sidebar REG_SZ C:\Program Files\windows sidebar\sidebar.exe /autoRun
ehTray.exe REG_SZ C:\Windows\ehome\ehTray.exe
WMPNSCFG REG_SZ C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
ITSecMng REG_EXPAND_SZ %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
NDSTray.exe REG_SZ NDSTray.exe
cfFncEnabler.exe REG_SZ cfFncEnabler.exe
KeNotify REG_SZ "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe"
ToshibaServiceStation REG_SZ "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
PCMAgent REG_SZ "C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe"
Camera Assistant Software REG_SZ "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
Adobe Reader Speed Launcher REG_SZ "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
CLMLServer REG_SZ "C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe"
QuickTime Task REG_SZ "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
iTunesHelper REG_SZ "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
AppleSyncN

You did not post a complete log. Please re-run the tool, then post all of the log.

MySystem-Search

MSS v1.5

Basic System Information

Username: Sharon - Date: 06/28/2010 - Time: 9:12:23

Microsoft Windows [Version 6.0.6002]
Processor type: Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
Total processors: 2
Computer Name: SHARON-PC
Logon Server: \\SHARON-PC

CD Emulation Drivers running?

Peer-to-Peer applications?

File associations

.exe=exefile
.scr=scrfile
.pif=piffile
.com=comfile
.bat=batfile
.cmd=cmdfile
.log=txtfile
.txt=txtfile
.reg=regfile
.sys=sysfile
.dll=dllfile
.ini=inifile
.inf=inffile

Running processes

Image Name PID Session Name Session# Mem Usage
========================= ======== ================ =========== ============
System Idle Process 0 Services 0 24 K
System 4 Services 0 51,888 K
smss.exe 584 Services 0 2,068 K
csrss.exe 656 Services 0 14,092 K
wininit.exe 692 Services 0 9,480 K
csrss.exe 712 Console 1 10,012 K
winlogon.exe 748 Console 1 11,940 K
services.exe 792 Services 0 9,172 K
lsass.exe 804 Services 0 2,540 K
lsm.exe 812 Services 0 6,156 K
svchost.exe 964 Services 0 10,264 K
PresentationFontCache.exe 1008 Services 0 85,140 K
svchost.exe 388 Services 0 10,744 K
svchost.exe 704 Services 0 27,320 K
svchost.exe 808 Services 0 197,684 K
svchost.exe 972 Services 0 117,452 K
audiodg.exe 1096 Services 0 19,776 K
svchost.exe 1128 Services 0 8,360 K
SLsvc.exe 1144 Services 0 13,840 K
svchost.exe 1192 Services 0 19,036 K
svchost.exe 1356 Services 0 39,412 K
wlanext.exe 1536 Services 0 18,756 K
spoolsv.exe 1608 Services 0 17,824 K
svchost.exe 1656 Services 0 26,084 K
agr64svc.exe 1856 Services 0 3,604 K
AppleMobileDeviceService. 1876 Services 0 6,128 K
mDNSResponder.exe 1888 Services 0 6,924 K
BDTUpdateService.exe 1908 Services 0 4,364 K
CFProcSRVC.exe 1924 Services 0 9,928 K
CFSvcs.exe 1976 Services 0 3,964 K
EvtEng.exe 2032 Services 0 18,648 K
ccSvcHst.exe 1316 Services 0 12,632 K
svchost.exe 1732 Services 0 6,704 K
RegSrvc.exe 2160 Services 0 6,672 K
svchost.exe 2424 Services 0 9,612 K
TMachInfo.exe 2496 Services 0 38,044 K
TNaviSrv.exe 2564 Services 0 5,192 K
TODDSrv.exe 2652 Services 0 5,208 K
TosCoSrv.exe 2672 Services 0 5,324 K
TosBtSrv.exe 2764 Services 0 5,132 K
TosIPCSrv.exe 2788 Services 0 4,576 K
ULCDRSvr.exe 2824 Services 0 4,416 K
dllhost.exe 2832 Services 0 6,220 K
svchost.exe 2852 Services 0 4,844 K
WLIDSVC.EXE 2884 Services 0 15,964 K
SearchIndexer.exe 2948 Services 0 62,348 K
taskeng.exe 3032 Services 0 9,836 K
WLIDSVCM.EXE 3648 Services 0 4,060 K
SmartFaceVWatchSrv.exe 3932 Services 0 17,084 K
WmiPrvSE.exe 3460 Services 0 9,424 K
ccSvcHst.exe 3772 Console 1 5,100 K
dwm.exe 3268 Console 1 52,444 K
taskeng.exe 3900 Console 1 17,384 K
explorer.exe 3924 Console 1 106,588 K
igfxtray.exe 4596 Console 1 12,484 K
hkcmd.exe 4704 Console 1 7,236 K
igfxpers.exe 4780 Console 1 6,852 K
igfxsrvc.exe 4848 Console 1 9,720 K
Apoint.exe 4920 Console 1 11,940 K
TPwrMain.exe 4932 Console 1 9,736 K
ApMsgFwd.exe 4976 Console 1 4,648 K
SmoothView.exe 5020 Console 1 4,356 K
TCrdMain.exe 5092 Console 1 23,520 K
RAVCpl64.exe 3448 Console 1 20,344 K
TOSCDSPD.exe 3588 Console 1 5,888 K
GoogleToolbarNotifier.exe 2480 Console 1 2,436 K
sidebar.exe 996 Console 1 47,668 K
ehtray.exe 4092 Console 1 2,988 K
ehmsas.exe 4444 Console 1 5,532 K
SSScheduler.exe 1044 Console 1 6,244 K
ONENOTEM.EXE 1676 Console 1 2,376 K
NDSTray.exe 2432 Console 1 7,412 K
KeNotify.exe 256 Console 1 10,220 K
ToshibaServiceStation.exe 4240 Console 1 71,796 K
PCMAgent.exe 4636 Console 1 10,860 K
traybar.exe 4668 Console 1 8,516 K
sidebar.exe 3524 Console 1 47,980 K
CFSwMgr.exe 4572 Console 1 10,684 K
CLMLSvc.exe 5008 Console 1 18,392 K
iTunesHelper.exe 1824 Console 1 15,220 K
iPodService.exe 4540 Services 0 7,848 K
ApntEx.exe 5552 Console 1 5,648 K
WkCalRem.exe 3332 Console 1 4,528 K
splwow64.exe 2392 Console 1 11,220 K
SASCore64.exe 5148 Services 0 3,876 K
SUPERAntiSpyware.exe 5012 Console 1 820 K
bfgclient.exe 3384 Console 1 39,784 K
firefox.exe 3484 Console 1 139,612 K
plugin-container.exe 4260 Console 1 25,544 K
SearchProtocolHost.exe 3852 Services 0 10,908 K
SearchFilterHost.exe 2860 Services 0 6,792 K
mss.exe 2324 Console 1 5,004 K
cmd.exe 2872 Console 1 3,432 K
tasklist.exe 3064 Console 1 6,012 K
WmiPrvSE.exe 592 Services 0 7,488 K

Hidden objects

PATH: C:\windows

Installer
msdownld.tmp
WindowsShell.Manifest

PATH: C:\windows\system32

PATH: C:\windows\system32\drivers

fbd.sys

PATH: C:\

$Recycle.Bin
Boot
bootmgr
Config.Msi
Documents and Settings
hiberfil.sys
MSOCache
pagefile.sys
ProgramData
System Volume Information

User Profile check

Public
Sharon

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
ProfilesDirectory REG_EXPAND_SZ %SystemDrive%\Users
Default REG_EXPAND_SZ %SystemDrive%\Users\Default
Public REG_EXPAND_SZ %SystemDrive%\Users\Public
ProgramData REG_EXPAND_SZ %SystemDrive%\ProgramData

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18
Flags REG_DWORD 0xc
State REG_DWORD 0x0
RefCount REG_DWORD 0x1
Sid REG_BINARY 010100000000000512000000
ProfileImagePath REG_EXPAND_SZ %systemroot%\system32\config\systemprofile

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19
ProfileImagePath REG_EXPAND_SZ %SystemRoot%\ServiceProfiles\LocalService
Flags REG_DWORD 0x0
State REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20
ProfileImagePath REG_EXPAND_SZ %SystemRoot%\ServiceProfiles\NetworkService
Flags REG_DWORD 0x0
State REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-776699227-4283417703-54896960-1000
ProfileImagePath REG_EXPAND_SZ C:\Users\Sharon
Flags REG_DWORD 0x0
State REG_DWORD 0x100
Sid REG_BINARY 0105000000000005150000005B7D4B2E67C44FF F40A94503E8030000
ProfileLoadTimeLow REG_DWORD 0x0
ProfileLoadTimeHigh REG_DWORD 0x0
RefCount REG_DWORD 0x1
RunLogonScriptSync REG_DWORD 0x0

Current Scheduled Tasks

PATH: C:\Windows\Tasks

SCHEDLGU.TXT
SA.DAT

Windows Drivers and NT-Services

Volume in drive C is SQ004805V04
Volume Serial Number is 02A5-ACBE

Directory of C:\Windows\System32\Drivers

06/18/2009 02:25 PM 13 fbd.sys
1 File(s) 13 bytes
0 Dir(s) 215,423,160,320 bytes free
Volume in drive C is SQ004805V04
Volume Serial Number is 02A5-ACBE

Directory of C:\Windows\System32\Drivers

09/18/2006 05:26 PM 3,440,660 gm.dls
09/18/2006 05:26 PM 646 gmreadme.txt
11/02/2006 11:16 AM <DIR> UMDF
11/02/2006 11:16 AM <DIR> en-US
05/07/2008 02:30 PM 32,040 LPCFilter.sys
04/24/2009 07:39 PM 22,656 BMLoad.sys
04/29/2010 03:39 PM 38,224 mbamswissarmy.sys
06/27/2010 02:18 PM <DIR> .
06/27/2010 02:18 PM <DIR> ..
5 File(s) 3,534,226 bytes
4 Dir(s) 215,423,160,320 bytes free

Virtual drives found?

Environment variables

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Sharon\AppData\Roaming
asl.log=Destination=file;OnFirstLog=command,environment
CLASSPATH=.;C:\Program Files (x86)\Java\jre1.6.0_06\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files (x86)\Common Files
CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files
CommonProgramW6432=C:\Program Files\Common Files
COMPUTERNAME=SHARON-PC
ComSpec=C:\Windows\system32\cmd.exe
DFSTRACINGON=FALSE
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Sharon
LOCALAPPDATA=C:\Users\Sharon\AppData\Local
LOGONSERVER=\\SHARON-PC
MOZ_CRASHREPORTER_DATA_DIRECTORY=C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Crash Reports
MOZ_CRASHREPORTER_RESTART_ARG_0=C:\Program Files (x86)\Mozilla Firefox\firefox.exe
MOZ_CRASHREPORTER_STRINGS_OVERRIDE=C:\Program Files (x86)\Mozilla Firefox\crashreporter-override.ini
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files (x86)\Mozilla Firefox;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~2\COMMON~1\ULEADS~1\MPEG;C:\Program Files\Intel\WiFi\bin\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\Common Files\Microsoft Shared\Windows Live
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_ARCHITEW6432=AMD64
PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=170a
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files (x86)
ProgramFiles(x86)=C:\Program Files (x86)
ProgramW6432=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files (x86)\Java\jre1.6.0_06\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\Sharon\AppData\Local\Temp
TMP=C:\Users\Sharon\AppData\Local\Temp
TRACE_FORMAT_SEARCH_PATH=\\NTREL202.ntdev.corp.microsoft.com\34FB5F65-FFEB-4B61-BF0E-A6A76C450FAA\TraceFormat
USERDOMAIN=Sharon-PC
USERNAME=Sharon
USERPROFILE=C:\Users\Sharon
windir=C:\Windows

Stealth malware?

Internet Explorer

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main
Start Page REG_SZ http://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
AutoHide REG_SZ yes
Default_Page_URL REG_SZ http://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
Default_Secondary_Page_URL REG_MULTI_SZ
Default_Search_URL REG_SZ http://go.microsoft.com/fwlink/?LinkId=54896
Search Page REG_SZ http://go.microsoft.com/fwlink/?LinkId=54896
Extensions Off Page REG_SZ about:NoAdd-ons
Security Risk Page REG_SZ about:SecurityRisk
Enable_Disk_Cache REG_SZ yes
Cache_Percent_of_Disk REG_BINARY 0A000000
Delete_Temp_Files_On_Exit REG_SZ yes
Local Page REG_SZ C:\Windows\SysWOW64\blank.htm
Anchor_Visitation_Horizon REG_BINARY 01000000
Use_Async_DNS REG_SZ yes
Placeholder_Width REG_BINARY 1A000000
Placeholder_Height REG_BINARY 1A000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\ErrorThresholds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\UrlTemplate

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
IE5_UA_Backup_Flag REG_SZ 5.0
User Agent REG_SZ Mozilla/4.0 (compatible; MSIE 8.0; Win32)
EmailName REG_SZ IEUser@
AutoConfigProxy REG_SZ wininet.dll
MimeExclusionListForCache REG_SZ multipart/mixed multipart/x-mixed-replace multipart/x-byteranges
UseSchannelDirectly REG_BINARY 01000000
EnableHttp1_1 REG_DWORD 0x1
PrivDiscUiShown REG_DWORD 0x1
WarnOnIntranet REG_DWORD 0x1
WarnOnPost REG_BINARY 01000000
UrlEncoding REG_DWORD 0x0
SecureProtocols REG_DWORD 0x28
PrivacyAdvanced REG_DWORD 0x0
ZonesSecurityUpgradeDone REG_DWORD 0x1
DisableCachingOfSSLPages REG_DWORD 0x0
WarnonZoneCrossing REG_DWORD 0x0
CertificateRevocation REG_DWORD 0x1
EnableNegotiate REG_DWORD 0x1
MigrateProxy REG_DWORD 0x1
ProxyEnable REG_DWORD 0x0
ZonesSecurityUpgrade REG_BINARY AD22F6DB1AFAC901
MaxConnectionsPerServer REG_DWORD 0xa
MaxConnectionsPer1_0Server REG_DWORD 0xa
GlobalUserOffline REG_DWORD 0x0
SyncMode5 REG_DWORD 0x4
EnableAutodial REG_DWORD 0x0
NoNetAutodial REG_DWORD 0x0
ProxyOverride REG_SZ *.local

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Http Filters
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Passport
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Protocols
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Url History
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
Disable Script Debugger REG_SZ yes
Anchor Underline REG_SZ yes
Cache_Update_Frequency REG_SZ Once_Per_Session
Display Inline Images REG_SZ yes
Do404Search REG_BINARY 01000000
Local Page REG_SZ C:\Windows\system32\blank.htm
Save_Session_History_On_Exit REG_SZ no
Show_FullURL REG_SZ no
Show_StatusBar REG_SZ yes
Show_ToolBar REG_SZ yes
Show_URLinStatusBar REG_SZ yes
Show_URLToolBar REG_SZ yes
Use_DlgBox_Colors REG_SZ yes
Search Page REG_SZ http://go.microsoft.com/fwlink/?LinkId=54896
XMLHTTP REG_DWORD 0x1
NoUpdateCheck REG_DWORD 0x1
UseClearType REG_SZ no
Enable Browser Extensions REG_SZ yes
Play_Background_Sounds REG_SZ yes
Play_Animations REG_SZ yes
Start Page REG_SZ http://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
Default_Page_URL REG_SZ http://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
CompatibilityFlags REG_DWORD 0x0
FullScreen REG_SZ no
SearchMigrated REG_DWORD 0x0
Window_Placement REG_BINARY 2C0000000000000001000000FFFFFFFFFFFFFFF FFFFFFFFFFFFFFFFF59000000D50000007F0400 00B7030000
Use FormSuggest REG_SZ no
NotifyDownloadComplete REG_SZ yes
StartPageCache REG_DWORD 0x1
RunOnceComplete REG_DWORD 0x1
RunOnceHasShown REG_DWORD 0x1
Secondary Start Pages REG_MULTI_SZ http://www.google.com/
AlwaysShowMenus REG_DWORD 0x1
StatusBarWeb REG_DWORD 0x0
ShowedCheckBrowser REG_SZ Yes
Check_Associations REG_SZ no
IE8RunOnceLastShown REG_DWORD 0x1
IE8RunOnceLastShown_TIMESTAMP REG_BINARY 205DB27FCEFCC901
IE8RunOncePerInstallCompleted REG_DWORD 0x1
IE8RunOnceCompletionTime REG_BINARY F098EFA4CEFCC901
IE8TourShown REG_DWORD 0x1
IE8TourShownTime REG_BINARY 80F8F0A4CEFCC901
FormSuggest PW Ask REG_SZ no

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default Feeds
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks
{CFBFAE00-17A6-11D0-99CB-00C04FD64497} REG_SZ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
{2318C2B1-4965-11d4-9B18-009027A5CD4F} REG_BINARY 00
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} REG_SZ Norton Toolbar
{D4027C7F-154A-4066-A1AD-4243D8127440} REG_BINARY 00
{472734EA-242A-422B-ADF8-83D1E48CC825} REG_SZ PC Tools Browser Guard

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\MasterCook: Select Image

Protocol hijack?

Security Center

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc
oobe_av REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile
EnableFirewall REG_DWORD 0x0
DisableNotifications REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
EnableFirewall REG_DWORD 0x0
DisableNotifications REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile
EnableFirewall REG_DWORD 0x0
DisableNotifications REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\GloballyOpenPorts
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging

Uninstall List

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BFG-2 Tasty
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BFG-Burger Bustle
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BFG-Hotdog Hotshot
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BFG-Ice Cream Craze
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BFG-Mall-a-Palooza
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BFG-Sally's Salon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BFG-Sally's Spa
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BFG-Top Chef
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BFGC
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Browser Defender_is1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CCleaner
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HOMESTUDENTR
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield Uninstall Information
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{FB98D390-54A4-4CD1-93D3-FBC96A6F07A3}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB954156
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB979332
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Malwarebytes' Anti-Malware_is1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\McAfee Security Scan
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox (3.6.6)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\N360
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Revo Uninstaller
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Rhapsody
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Security Task Manager
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Spyware Doctor
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SymcData-idsdefs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TOSHIBA Game Console
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WildTangent toshiba Master Uninstall
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Media Encoder 9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WT047338
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WT047347
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WT047349
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WT047351
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WT047534
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WT047932
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WT047938
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WT050981
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WT068453
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WT074152
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WT081295
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WT082374
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{008D69EB-70FF-46AB-9C75-924620DF191A}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{066CFFF8-12BF-4390-A673-75F95EFF188E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{18455581-E099-4BA8-BC6B-F34B2F06600C}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{224821ED-CADA-4A8A-AC8D-3734CC0F0931}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2318C2B1-4965-11d4-9B18-009027A5CD4F}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2637C347-9DAD-11D6-9EA2-00055D0CA761}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26604C7E-A313-4D12-867F-7C6E7820BE4C}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83216020FF}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2EA45803-BEB7-46C4-9ADC-46A5F9E7BB77}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160060}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37563E8A-F8C5-482E-8E61-2C39D7CCACA9}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37C866E4-AA67-4725-9E95-A39968DD7960}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{45A66726-69BC-466B-A7A4-12FCBA4883D7}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{48FF6DE6-0619-4562-B4B1-21F161FE0DE0}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4C3F3228-13BE-41D0-A782-3DDE7CB2479A}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5279374D-87FE-4879-9385-F17278EBB9D3}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{553255F3-78FD-40F1-A6F8-6882140265FE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{620BBA5E-F848-4D56-8BDA-584E44584C5E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{622E6F16-0904-49B6-BBE1-4CC836314CCF}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{697AFC77-F318-4CD4-BF16-F50F4C1072DA}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7299052b-02a4-4627-81f2-1818da5d550d}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{770657D0-A123-3C07-8E44-1C83EC895118}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{890EF3F8-742F-46BD-9E8E-084B3A1F4364}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0016-0409-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0018-0409-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001B-0409-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0409-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-040C-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0C0A-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0020-0409-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-002C-0409-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0409-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00A1-0409-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0115-0409-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0112C750-A06F-4F92-9C40-E5C1EA9A70EB}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{329050A9-EF80-40F9-B633-74508F54C1FF}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{7F207DCA-3399-40CB-A968-6E5991B1421A}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{B0EC5722-241F-4CDA-83B4-AA5846B6F9F4}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C3F9A0DC-A5D1-4BB6-870E-2953E5A2487B}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E8766951-2B6C-4022-86E8-80D2D1762B76}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{F5B70033-E79C-4569-90BF-BC9B4E4F3F46}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{FCD742B9-7A55-44BC-A776-F795F21FEDDC}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{95120000-00AF-0409-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9A25302D-30C0-39D9-BD6F-21E6EC160475}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A644254B-92F6-4970-8635-AB0775371E72}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AA8B2587-7198-44E6-858D-20EA0E833C9D}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC6569FA-6919-442A-8552-073BE69E247A}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1033-7B44-A81300000003}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1033-7B44-A81300000003}_814
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C523D256-313D-4866-B36A-F3DE528246EF}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB350003
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB953595
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB958484
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB960043
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E1E56B8A-1AAF-422A-91DB-625059FB9863}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F751C062-87DA-4D33-8A12-6E7F1D4C051C}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FB98D390-54A4-4CD1-93D3-FBC96A6F07A3}

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Move Media Player

Adobe Products

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX
DisplayName REG_SZ Adobe Flash Player 10 ActiveX
DisplayVersion REG_SZ 10.0.45.2
Publisher REG_SZ Adobe Systems Incorporated
URLInfoAbout REG_SZ http://www.adobe.com/go/getflashplayer
VersionMajor REG_SZ 10
VersionMinor REG_SZ 0
HelpLink REG_SZ http://www.adobe.com/go/flashplayer_support/
URLUpdateInfo REG_SZ http://www.adobe.com/go/flashplayer/
DisplayIcon REG_SZ C:\Windows\SysWOW64\Macromed\Flash\uninstall_activeX.exe
UninstallString REG_SZ C:\Windows\SysWOW64\Macromed\Flash\uninstall_activeX.exe
RequiresIESysFile REG_SZ 4.70.0.1155
NoModify REG_DWORD 0x1
NoRepair REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin
DisplayName REG_SZ Adobe Flash Player 10 Plugin
Publisher REG_SZ Adobe Systems Incorporated
DisplayVersion REG_SZ 10.1.53.64
HelpLink REG_SZ http://www.adobe.com/go/flashplayer_support/
NoModify REG_DWORD 0x1
NoRepair REG_DWORD 0x1
RequiresIESysFile REG_SZ 4.70.0.1155
URLInfoAbout REG_SZ http://www.adobe.com
URLUpdateInfo REG_SZ http://www.adobe.com/go/getflashplayer/
VersionMajor REG_DWORD 0xa
VersionMinor REG_DWORD 0x1
UninstallString REG_SZ C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_Plugin.exe -maintain plugin
DisplayIcon REG_SZ C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_Plugin.exe
EstimatedSize REG_DWORD 0x1800

Autorun

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD REG_SZ C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
swg REG_SZ "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
Sidebar REG_SZ C:\Program Files\windows sidebar\sidebar.exe /autoRun
ehTray.exe REG_SZ C:\Windows\ehome\ehTray.exe
WMPNSCFG REG_SZ C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
ITSecMng REG_EXPAND_SZ %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
NDSTray.exe REG_SZ NDSTray.exe
cfFncEnabler.exe REG_SZ cfFncEnabler.exe
KeNotify REG_SZ "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe"
ToshibaServiceStation REG_SZ "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
PCMAgent REG_SZ "C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe"
Camera Assistant Software REG_SZ "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
Adobe Reader Speed Launcher REG_SZ "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
CLMLServer REG_SZ "C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe"
QuickTime Task REG_SZ "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
iTunesHelper REG_SZ "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

AppleSyncNotifier REG_SZ C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
SunJavaUpdateSched REG_SZ "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents

QuickTime Task REG_SZ "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
iTunesHelper REG_SZ "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
AppleSyncN
Restrictions - Internet Explorer

Restrictions - REGEDIT

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
DisableRegistryTools REG_DWORD 0x0

Restrictions - Explorer

DNS Settings

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{c328fed4-6a85-11db-9fbd-806e6f6e6963}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D4A16FAA-7A09-45E9-A04B-815D684C8859}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DD57A70D-EC2F-49E7-BD4E-5AE639FF4EBD}

Windows IP Configuration

Host Name . . . . . . . . . . . . : Sharon-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : gateway.2wire.net

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : gateway.2wire.net
Description . . . . . . . . . . . : Intel(R) Wireless WiFi Link 5100
Physical Address. . . . . . . . . : 00-22-FA-4E-ED-0A
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::5c44:74d1:9b77:8ecd%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.66(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Saturday, June 26, 2010 11:53:15 AM
Lease Expires . . . . . . . . . . : Tuesday, June 29, 2010 7:26:42 AM
Default Gateway . . . . . . . . . : 192.168.1.254
DHCP Server . . . . . . . . . . . : 192.168.1.254
DHCPv6 IAID . . . . . . . . . . . : 301998842
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-11-80-71-FC-00-23-5A-0A-28-DC
DNS Servers . . . . . . . . . . . : 192.168.1.254
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : globalsuite.net
Description . . . . . . . . . . . : Realtek RTL8102E Family PCI-E Fast Ethernet NIC (NDIS 6.0)
Physical Address. . . . . . . . . : 00-23-5A-0A-28-DC
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.globalsuite.net
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.gateway.2wire.net
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

AppInit DLLs

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
AppInit_DLLs REG_SZ

Shell Service Object Delay Load

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
WebCheck REG_SZ {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

Shell Execute Hooks

Image File Execution Options

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IEInstal.exe

Security Providers

Local Security Authority

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
auditbaseobjects REG_DWORD 0x0
auditbasedirectories REG_DWORD 0x0
crashonauditfail REG_DWORD 0x0
fullprivilegeauditing REG_BINARY 00
Bounds REG_BINARY 0030000000200000
LimitBlankPasswordUse REG_DWORD 0x1
LmCompatibilityLevel REG_DWORD 0x3
NoLmHash REG_DWORD 0x1
Notification Packages REG_MULTI_SZ scecli
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0tspkg
Authentication Packages REG_MULTI_SZ msv1_0
LsaPid REG_DWORD 0x324
SecureBoot REG_DWORD 0x1
ProductType REG_DWORD 0x3
disabledomaincreds REG_DWORD 0x0
everyoneincludesanonymous REG_DWORD 0x0
forceguest REG_DWORD 0x0
restrictanonymous REG_DWORD 0x0
restrictanonymoussam REG_DWORD 0x1

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\AccessProviders
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Audit
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Credssp
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Data
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\GBG
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\JD
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Kerberos
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\MSV1_0
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Skew1
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SSO
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SspiCache

AppCert DLLs

App Paths

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\AcroRd32.exe
(Default) REG_SZ C:\Program Files (x86)\Adobe\Reader 8.0\Reader\AcroRd32.exe
Path REG_SZ C:\Program Files (x86)\Adobe\Reader 8.0\Reader\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\BIP_Camera.exe
(Default) REG_SZ C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\BIP_Camera.exe
Path REG_SZ C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\BIP_Camera1.exe
(Default) REG_SZ C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\BIP_Camera1.exe
Path REG_SZ C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\ccleaner.exe
(Default) REG_SZ C:\Program Files (x86)\CCleaner\ccleaner.exe
Path REG_SZ C:\Program Files (x86)\CCleaner

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\cfFncEnabler.exe
Path REG_SZ C:\Program Files (x86)\TOSHIBA\ConfigFree\cfFncEnabler.exe
(Default) REG_SZ C:\Program Files (x86)\TOSHIBA\ConfigFree\cfFncEnabler.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\CFSvcs.exe
Path REG_SZ C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(Default) REG_SZ C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\cmmgr32.exe
CmstpExtensionDll REG_SZ C:\Windows\SysWOW64\cmcfg32.dll
CmNative REG_DWORD 0x2

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\DVDMF.exe
(Default) REG_SZ C:\Program Files (x86)\Ulead Systems\DVD MovieFactory for TOSHIBA\Ulead DVD MovieFactory 5\DVDMF.exe
Path REG_SZ C:\Program Files (x86)\Ulead Systems\DVD MovieFactory for TOSHIBA\Ulead DVD MovieFactory 5

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\DVDTweakFit.exe
Path REG_SZ c:\program files (x86)\ulead systems\dvd moviefactory for toshiba\Ulead DVD Tweak and Fit 2.1
(Default) REG_SZ c:\program files (x86)\ulead systems\dvd moviefactory for toshiba\Ulead DVD Tweak and Fit 2.1\DVDTweakFit.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\DVDVR.exe
Path REG_SZ c:\program files (x86)\ulead systems\dvd moviefactory for toshiba\Ulead DVD DiscRecorder 2.2
(Default) REG_SZ c:\program files (x86)\ulead systems\dvd moviefactory for toshiba\Ulead DVD DiscRecorder 2.2\DVDVR.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\ECCenter.exe
Path REG_SZ C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\
(Default) REG_SZ C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\ECCenter.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\ECCenter1.exe
(Default) REG_SZ C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\ECCenter1.exe
Path REG_SZ C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\excel.exe
(Default) REG_SZ C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE
Path REG_SZ C:\Program Files (x86)\Microsoft Office\Office12\
SaveURL REG_SZ 1
useURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\firefox.exe
(Default) REG_SZ C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Path REG_SZ C:\Program Files (x86)\Mozilla Firefox

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\IEXPLORE.EXE
(Default) REG_SZ C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Path REG_SZ C:\Program Files (x86)\Internet Explorer;

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\install.exe
BlockOnTSNonInstallMode REG_DWORD 0x1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\iTunes.exe
(Default) REG_SZ C:\Program Files (x86)\iTunes\iTunes.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\javaws.exe
(Default) REG_SZ C:\Program Files (x86)\Java\jre6\bin\javaws.exe
Path REG_SZ C:\Program Files (x86)\Java\jre6\bin

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\mbam.exe
(Default) REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
Path REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MCUI32.exe
Path REG_SZ C:\Program Files (x86)\Norton 360 Premier Edition\Engine\3.8.0.41
(Default) REG_SZ C:\Program Files (x86)\Norton 360 Premier Edition\Engine\3.8.0.41\MCUI32.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\mplayer2.exe
(Default) REG_EXPAND_SZ %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
Path REG_EXPAND_SZ %ProgramFiles(x86)%\Windows Media Player

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\msimn.exe
(Default) REG_EXPAND_SZ %ProgramFiles%\Windows Mail\WinMail.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MsoHtmEd.exe
useURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\msoxmled.exe
(Default) REG_SZ C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSOXMLED.EXE
useURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\msworks.exe
(Default) REG_SZ c:\Program Files (x86)\Microsoft Works\msworks.exe
Path REG_SZ c:\Program Files (x86)\Microsoft Works\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\NAVW32.EXE
(Default) REG_SZ C:\Program Files (x86)\Norton 360 Premier Edition\Engine\3.8.0.41\Navw32.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\NAVWNT.EXE
(Default) REG_SZ C:\Program Files (x86)\Norton 360 Premier Edition\Engine\3.8.0.41\Navwnt.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\NDSTray.exe
(Default) REG_SZ C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
Path REG_SZ C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\None
Path REG_SZ C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA
(Default) REG_SZ C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PowerCinema.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\ois.exe
(Default) REG_SZ C:\PROGRA~2\MICROS~2\Office12\OIS.EXE
Path REG_SZ C:\Program Files (x86)\Microsoft Office\Office12\
SaveURL REG_SZ 0
useURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\OneNote.exe
(Default) REG_SZ C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE
Path REG_SZ C:\Program Files (x86)\Microsoft Office\Office12\
SaveURL REG_SZ 1
useURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\pbrush.exe
(Default) REG_EXPAND_SZ %SystemRoot%\System32\mspaint.exe
Path REG_EXPAND_SZ %SystemRoot%\System32

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\PCDiag.exe
Path REG_SZ C:\Program Files (x86)\Toshiba\PCDiag\
(Default) REG_SZ C:\Program Files (x86)\Toshiba\PCDiag\PCDiag.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\PictureViewer.exe
Path REG_SZ C:\Program Files (x86)\QuickTime\
(Default) REG_SZ C:\Program Files (x86)\QuickTime\PictureViewer.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\PowerCinema
Path REG_SZ C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA
(Default) REG_SZ C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PowerCinema.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\PowerCinema.exe
Path REG_SZ C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA
(Default) REG_SZ C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PowerCinema.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\powerpnt.exe
(Default) REG_SZ C:\PROGRA~2\MICROS~2\Office12\POWERPNT.EXE
Path REG_SZ C:\Program Files (x86)\Microsoft Office\Office12\
useURL REG_SZ 1
SaveURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\QuickTimePlayer.exe
(Default) REG_SZ C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe
Path REG_SZ C:\Program Files (x86)\QuickTime\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\revouninstaller.exe
(Default) REG_SZ C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\revouninstaller.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Rhapsody.exe
Path REG_SZ C:\PROGRA~2\Rhapsody\
(Default) REG_SZ C:\PROGRA~2\Rhapsody\rhapsody.exe
Version REG_SZ 4.0.5.231

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Safari.exe
(Default) REG_SZ C:\Program Files (x86)\Safari\Safari.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\setup.exe
BlockOnTSNonInstallMode REG_DWORD 0x1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\sidebar.exe
(Default) REG_EXPAND_SZ "%ProgramFiles%\Windows Sidebar\sidebar.exe"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\table30.exe
UseShortName REG_SZ

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\TabTip.exe
(Default) REG_EXPAND_SZ %CommonProgramFiles%\microsoft shared\ink\TabTip.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\TosBtMng.exe
Path REG_SZ C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\
(Default) REG_SZ C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\TosBtMng1.exe
Path REG_SZ C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\
(Default) REG_SZ C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\tosBtProc.exe
Path REG_SZ C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\
(Default) REG_SZ C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\TosBtProc1.exe
Path REG_SZ C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\
(Default) REG_SZ C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtProc1.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\TosDVD.exe
(Default) REG_SZ C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TosDVD.exe
Path REG_SZ C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\TosHDDVD.exe
(Default) REG_SZ C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TosHDDVD.exe
Path REG_SZ C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\TosSrWsN.exe
(Default) REG_SZ C:\Program Files\TOSHIBA\Speech System NLS\TosSrWsN.exe
path REG_SZ C:\Program Files\TOSHIBA\Speech System NLS;C:\Program Files\TOSHIBA\Speech System NLS\System

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\TosvceN.exe
(Default) REG_SZ C:\Program Files\TOSHIBA\Speech System NLS\TosvceN.exe
path REG_SZ C:\Program Files\TOSHIBA\Speech System NLS;C:\Program Files\TOSHIBA\Speech System NLS\System

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\ToswbrN.exe
(Default) REG_SZ C:\Program Files\TOSHIBA\Speech System NLS\ToswbrN.exe
path REG_SZ C:\Program Files\TOSHIBA\Speech System NLS;C:\Program Files\TOSHIBA\Speech System NLS\System

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wab.exe
(Default) REG_EXPAND_SZ %ProgramFiles(x86)%\Windows Mail\wab.exe
Path REG_EXPAND_SZ %ProgramFiles(x86)%\Windows Mail

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wabmig.exe
(Default) REG_EXPAND_SZ %ProgramFiles(x86)%\Windows Mail\wabmig.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WinCal.exe
(Default) REG_EXPAND_SZ "%ProgramFiles%\Windows Calendar\wincal.exe"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WinMail.exe
(Default) REG_EXPAND_SZ %ProgramFiles%\Windows Mail\WinMail.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Winword.exe
(Default) REG_SZ C:\PROGRA~2\MICROS~2\Office12\WINWORD.EXE
Path REG_SZ C:\Program Files (x86)\Microsoft Office\Office12\
useURL REG_SZ 1
SaveURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WirelessFTP.exe
Path REG_SZ C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\
(Default) REG_SZ C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\WirelessFTP.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WirelessFTP1.exe
(Default) REG_SZ C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\WirelessFTP1.exe
Path REG_SZ C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WKSAB.EXE
(Default) REG_SZ c:\Program Files (x86)\Microsoft Works\WKSAB.exe
Path REG_SZ c:\Program Files (x86)\Microsoft Works\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wkscal.exe
(Default) REG_SZ c:\PROGRA~2\MICROS~1\WksCal.exe
Path REG_SZ c:\Program Files (x86)\Microsoft Works\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wksdb.exe
(Default) REG_SZ c:\Program Files (x86)\Microsoft Works\wksdb.exe
Path REG_SZ c:\Program Files (x86)\Microsoft Works\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WKSSB.EXE
(Default) REG_SZ c:\Program Files (x86)\Microsoft Works\WKSSB.exe
Path REG_SZ c:\Program Files (x86)\Microsoft Works\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wksss.exe
(Default) REG_SZ c:\Program Files (x86)\Microsoft Works\wksss.exe
Path REG_SZ c:\Program Files (x86)\Microsoft Works\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wkswp.exe
(Default) REG_SZ c:\Program Files (x86)\Microsoft Works\wkswp.exe
Path REG_SZ c:\Program Files (x86)\Microsoft Works\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wmenc.exe
Path REG_SZ C:\Program Files (x86)\Windows Media Components\Encoder\
(Default) REG_SZ C:\Program Files (x86)\Windows Media Components\Encoder\WMEnc.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wmplayer.exe
(Default) REG_EXPAND_SZ %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
Path REG_EXPAND_SZ %ProgramFiles(x86)%\Windows Media Player

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WORDPAD.EXE
(Default) REG_EXPAND_SZ "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WRITE.EXE
(Default) REG_EXPAND_SZ "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\XPSViewer.exe
(Default) REG_SZ "C:\Windows\SysWOW64\XPSViewer\XPSViewer.exe"

Mozilla

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions
{20a82645-c095-46ed-80e3-08825760534b} REG_SZ c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
{7BA52691-1876-45ce-9EE6-54BCB3B04BBC} REG_SZ C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox
(Default) REG_SZ 1.9.2.6
CurrentVersion REG_SZ 3.6.6 (en-US)

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox\3.6.6 (en-US)
(Default) REG_SZ 3.6.6 (en-US)

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox\3.6.6 (en-US)\Main
Install Directory REG_SZ C:\Program Files (x86)\Mozilla Firefox
PathToExe REG_SZ C:\Program Files (x86)\Mozilla Firefox\firefox.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox\3.6.6 (en-US)\Uninstall
Description REG_SZ Mozilla Firefox (3.6.6)

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.6.6
GeckoVer REG_SZ 1.9.2.6

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.6.6\bin
PathToExe REG_SZ C:\Program Files (x86)\Mozilla Firefox\firefox.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.6.6\extensions
Components REG_SZ C:\Program Files (x86)\Mozilla Firefox\components
Plugins REG_SZ C:\Program Files (x86)\Mozilla Firefox\plugins

Shared Task Scheduler

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
{8C7461EF-2B13-11d2-BE35-3078302C2030} REG_SZ Component Categories cache daemon

SafeBoot

SafeBootMinimal

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}

SafeBootNetwork

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\!SASCORE
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppInfo
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BFE
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bowser
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dfsc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dot3Svc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Eaphost
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\IKEEXT
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KeyIso
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSDrv
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb10
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb20
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NativeWifiP
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\netprofm
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NlaSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nsi
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nsiproxy.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NTDS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PolicyAgent
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ProfSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdbss
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpencdd.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sacsvr
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCardSvr
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sdauxservice
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sdcoreservice
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SWPRV
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SymEFA.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TabletInputService
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TBS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TrustedInstaller
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vga.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vgasave.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgr.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgrx.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinDefend
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wlansvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfPf
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfRd
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfUsbccidDriver
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}

File Rename Operations - Session

Known DLLs - Session

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDlls
clbcatq REG_SZ clbcatq.dll
ole32 REG_SZ ole32.dll
advapi32 REG_SZ advapi32.dll
COMDLG32 REG_SZ COMDLG32.dll
DllDirectory REG_EXPAND_SZ %SystemRoot%\system32
DllDirectory32 REG_EXPAND_SZ %SystemRoot%\syswow64
gdi32 REG_SZ gdi32.dll
IERTUTIL REG_SZ IERTUTIL.dll
IMAGEHLP REG_SZ IMAGEHLP.dll
IMM32 REG_SZ IMM32.dll
kernel32 REG_SZ kernel32.dll
LPK REG_SZ LPK.dll
MSCTF REG_SZ MSCTF.dll
MSVCRT REG_SZ MSVCRT.dll
NORMALIZ REG_SZ NORMALIZ.dll
NSI REG_SZ NSI.dll
OLEAUT32 REG_SZ OLEAUT32.dll
rpcrt4 REG_SZ rpcrt4.dll
Setupapi REG_SZ Setupapi.dll
SHELL32 REG_SZ SHELL32.dll
SHLWAPI REG_SZ SHLWAPI.dll
URLMON REG_SZ URLMON.dll
user32 REG_SZ user32.dll
USP10 REG_SZ USP10.dll
WININET REG_SZ WININET.dll
WLDAP32 REG_SZ WLDAP32.dll
WS2_32 REG_SZ WS2_32.dll

Downloaded program files (ActiveX)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{A084A130-28AE-4B32-B51A-1C8CE164BC88}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}

PATH: C:\windows\Downloaded Program Files
AppHardT.INF
desktop.ini

Mountpoints

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2d492a47-bf72-11de-99d7-806e6f6e6963}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{658d4afa-82f8-11de-8fc9-00235a0a28dc}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{658d4aff-82f8-11de-8fc9-00235a0a28dc}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8acfaf3a-5e92-11de-a372-00235a0a28dc}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8acfaf3d-5e92-11de-a372-00235a0a28dc}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b1d147cc-9d3a-11de-933b-806e6f6e6963}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b743dadc-2f06-11de-990b-806e6f6e6963}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b743dae0-2f06-11de-990b-806e6f6e6963}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dae2c4b8-1220-11df-8675-00235a0a28dc}

Winlogon

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Shell REG_SZ explorer.exe
Userinit REG_SZ C:\Windows\system32\userinit.exe,
VmApplet REG_SZ rundll32 shell32,Control_RunDLL "sysdm.cpl"
ReportBootOk REG_SZ 1
AutoRestartShell REG_DWORD 0x1
LegalNoticeCaption REG_SZ
LegalNoticeText REG_SZ
PowerdownAfterShutdown REG_SZ 0
ShutdownWithoutLogon REG_SZ 0
cachedlogonscount REG_SZ 10
forceunlocklogon REG_DWORD 0x0
passwordexpirywarning REG_DWORD 0xe
Background REG_SZ 0 0 0
DebugServerCommand REG_SZ no
WinStationsDisabled REG_SZ 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions

{END OF FILE}

Sorry Jay, got all the files this time.

(http://www.malwarebytes.org/forums/style_images/1/bf_new.gif) Please download Malwarebytes Anti-Malware from Malwarebytes.org (http://www.malwarebytes.org/mbam/program/mbam-setup.exe).
Alternate link: BleepingComputer.com (http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe).
(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

Double Click mbam-setup.exe to install the application.

(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If you are prompted to restart, please allow it to restart your computer. Failure to do this, will cause the infection to still be active on the computer.
Please save the log to a location you will remember.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
The log can also be found at C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
Copy and paste the entire report in your next reply.

Sorry Jay, here is an updated version of Malwarebytes scan.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4258

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928

6/29/2010 4:01:03 PM
mbam-log-2010-06-29 (16-01-03).txt

Scan type: Quick scan
Objects scanned: 128293
Time elapsed: 6 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Please run a free online scan with the ESET Online Scanner (http://www.eset.com/onlinescan/)

Tick the box next to YES, I accept the Terms of Use
Click Start
When asked, allow the ActiveX control to install
Click Start
Make sure that the options Remove found threats and the option Scan unwanted applications is checked
Click Scan (This scan can take several hours, so please be patient)
Once the scan is completed, you may close the window
Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=a7267281a3ea76449179e051644ec30d
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-06-30 02:41:32
# local_time=2010-06-30 10:41:32 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=3589 16777213 100 96 231926 26050956 0 0
# compatibility_mode=5892 16776574 100 56 30214537 114501075 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=193772
# found=1
# cleaned=1
# scan_time=6524
C:\Users\Sharon\Downloads\SetupGamevance.exe a variant of Win32/Adware.Gamevance.AB application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:

Select Start > All Programs > Accessories > System tools > System Restore.
On the dialogue box that appears select Create a Restore Point
Click NEXT
Enter a name e.g. Clean
Click CREATE

You now have a clean restore point, to get rid of the bad ones:

Select Start > All Programs > Accessories > System tools > Disk Cleanup.
In the Drop down box that appears select your main drive e.g. C
Click OK
The System will do some calculation and the display a dialogue box with TABS
Select the More Options Tab.
At the bottom will be a system restore box with a CLEANUP button click this
Accept the Warning and select OK again, the program will close and you are done

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe (http://oldtimer.geekstogo.com/OTC.exe) by OldTimer:

Save it to your Desktop.
Double click OTC.exe.
Click the CleanUp! button.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

==

Please download TFC by OldTimer (http://oldtimer.geekstogo.com/TFC.exe) to your desktop

Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
It will close all programs when run, so make sure you have saved all your work before you begin.
Click the Start
button to begin the process. Depending on how often you clean temp
files, execution time should be anywhere from a few seconds to a minute
or two. Let it run uninterrupted to completion.
Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

==

Download Security Check by screen317 from SpywareInfoforum.org (http://screen317.spywareinfoforum.org/SecurityCheck.exe) or Changelog.fr (http://screen317.changelog.fr/SecurityCheck.exe).

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Thanks for all your help Jay. One question if I could? My initial concern was a keylogger virus, did you see anything that indicated that's what I had?

Results of screen317's Security Check version 0.99.4
Windows Vista (UAC is enabled)
Out of date service pack!! (http://support.microsoft.com/kb/935791)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
Norton 360
McAfee Security Scan Plus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 20
Java(TM) 6 Update 6
Out of date Java installed!
Adobe Flash Player 10.1.53.64
Adobe Reader 8.1.5
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Norton ccSvcHst.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

No keylogger found.

Please consider updating to Windows Vista Service Packs 1 & 2.
Windows Vista Service Packs 1 & 2 contain all the updates released since the first release plus support for new types of hardware and emerging hardware standards.
It is now available via Windows Update (http://support.microsoft.com/kb/935791#Method2) or as a standalone installation here (http://support.microsoft.com/kb/935791#Method3).

======================================

Please download the newest version of Adobe Acrobat Reader from Adobe.com (http://www.adobe.com/products/acrobat/readstep2.html)

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.

==

Please download the newest version of Java from Java.com (http://www.java.com/en/download/manual.jsp).

Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them.

Once old versions are gone, please install the newest version.

==============================

Please read the following information that I have provided, which will help you prevent malicious software in the future. Please keep in mind, malware is a continuous danger on the Internet. It is highly important to stay safe while browsing, to prevent re-infection.

Software recommendations

AntiSpyware

SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html)
SpywareBlaster is a program that prevents spyware from installing on your computer. A tutorial on using SpywareBlaster may be found here (http://www.bleepingcomputer.com/tutorials/tutorial49.html).
Spybot - Search & Destroy (http://www.safer-networking.org/en/tutorial/index.html).
Spybot - Search & Destroy is a spyware and adware removal program. It also has realtime protection, TeaTimer to help safeguard your computer against spyware. (The link for Spybot - Search & Destroy contains a tutorial that will help you download, install, and begin using Spybot).

NOTE: Please keep ALL of these programs up-to-date and run them whenever you suspect a problem to prevent malware problems.

Resident Protection help
A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall, and scanning anti-spyware program at a time. Passive protectors such as SpywareBlaster can be run with any of them.

Securing your computer

Windows Updates (http://update.microsoft.com) - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
hpHosts file (http://hosts-file.net) replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is your local computer's loopback address, meaning it will be difficult to infect your computer in the future.

Please consider using an alternate browser
Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScript, can make it even more secure. Opera is another good option.

If you are interested:

Firefox may be downloaded from here: http://www.getfirefox.com (http://www.getfirefox.com)
Opera is available here: http://www.opera.com/download/ (http://www.opera.com/download/)

See this page (http://www.helpmyos.com/learn-security-f40/preventing-malware-and-being-resistant-to-the-dangers-of-the-internet-t1516.htm) for more info about malware and prevention.

That is all.

Any more questions?

Computer Hope

Software => Computer viruses and spyware => Virus and spyware removal => Topic started by: ShaBow on June 27, 2010, 02:21:38 PM