Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

Author Topic: Norton 360 Spyware.Perfect removal alert.  (Read 10998 times)

0 Members and 1 Guest are viewing this topic.

ShaBow

    Topic Starter


    Greenhorn

  • Tia
    Norton 360 Spyware.Perfect removal alert.
    « on: June 27, 2010, 02:21:38 PM »
    My Norton scan yesterday alerted me that Spyware.Perfect had been found and removed. I understand this to be a keylogger software program which I did not install. Nobody has access to my computer. I have run all your malware programs and have logs. Also tried using the Computer Hope Hijack this process tool, but a little to complicated for me to understand. I have included the logs. Hope I did everything right.  ;D Thanks in advance for your help.

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 06/27/2010 at 01:46 PM

    Application Version : 4.39.1002

    Core Rules Database Version : 5124
    Trace Rules Database Version: 2936

    Scan type       : Complete Scan
    Total Scan Time : 02:15:06

    Memory items scanned      : 662
    Memory threats detected   : 0
    Registry items scanned    : 20576
    Registry threats detected : 0
    File items scanned        : 191519
    File threats detected     : 1

    Adware.Tracking Cookie
       .doubleclick.net [ C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\dilwetd3.default\cookies.sqlite ]

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4052

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 8.0.6001.18928

    6/27/2010 2:24:38 PM
    mbam-log-2010-06-27 (14-24-38).txt

    Scan type: Quick scan
    Objects scanned: 119265
    Time elapsed: 5 minute(s), 59 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 2:54:18 PM, on 6/27/2010
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v8.00 (8.00.6001.18928)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe
    C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
    C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\Program Files (x86)\Norton 360 Premier Edition\Engine\3.8.0.41\ccSvcHst.exe
    C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
    C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Windows\SysWOW64\DllHost.exe
    C:\Program Files (x86)\Norton 360 Premier Edition\Engine\3.8.0.41\ccSvcHst.exe
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
    C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
    C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe
    C:\Program Files (x86)\Toshiba\Utilities\KeNotify.exe
    C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe
    C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
    C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe
    C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    c:\PROGRA~2\MICROS~1\wkcalrem.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Trend Micro\HiJackThis\sniper.exe.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
    O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\3.8.0.41\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\3.8.0.41\IPSBHO.DLL
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll
    O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\3.8.0.41\coIEPlg.dll
    O3 - Toolbar: Avery Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
    O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
    O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
    O4 - HKLM\..\Run: [cfFncEnabler.exe] cfFncEnabler.exe
    O4 - HKLM\..\Run: [KeNotify] "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe"
    O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
    O4 - HKLM\..\Run: [PCMAgent] "C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe"
    O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent
    O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
    O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\windows sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: MasterCook: Select Image - C:\Program Files (x86)\MasterCook 9\Web\MCIEContext.hta
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: MasterCook Web Import Bar - {E6EF5071-7647-4E85-9785-87B6CF5CB561} - C:\Windows\SysWOW64\shdocvw.dll
    O15 - Trusted Zone: http://www.convergysworkathome.com
    O16 - DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} (WNICheck2 Class) - http://www.convergysworkathome.com/AppHardT.CAB
    O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\3.8.0.41\coIEPlg.dll
    O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Unknown owner - C:\Windows\system32\agr64svc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe
    O23 - Service: ConfigFree Gadget Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
    O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
    O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\3.8.0.41\ccSvcHst.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
    O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
    O23 - Service: SmartFaceVWatchSrv - Toshiba - C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files (x86)\Common Files\Symantec Shared\Support Controls\ssrc.exe
    O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
    O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
    O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
    O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 13691 bytes


    Dr Jay

    • Malware Removal Specialist


    • Specialist
    • Moderator emeritus
    • Thanked: 119
    • Experience: Guru
    • OS: Windows 10
    Re: Norton 360 Spyware.Perfect removal alert.
    « Reply #1 on: June 27, 2010, 02:23:47 PM »
    Hello, and welcome to Computer Hope.

    Please note the following information about the malware forum:
    • Only the Malware Specialist Team is allowed to give advice on removing malware from your computer.
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by the staff I noted above.
    • Please do not attach logs or post them in Quote/Code boxes unless requested.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, reply to this topic with the word BUMP
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

    Please visit this webpage for a tutorial on downloading and running ComboFix:

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    See the area: Using ComboFix, and when done, post the log back here.
    ~Dr Jay

    ShaBow

      Topic Starter


      Greenhorn

    • Tia
      Re: Norton 360 Spyware.Perfect removal alert.
      « Reply #2 on: June 27, 2010, 02:41:43 PM »
      Tried using ComboFix got this error msg: Incompatible OS. ComboFix only works for workstations with Windows 2000 or XP. I think because I have 64bit OS? Top of error box says for Win32 only.

      Dr Jay

      • Malware Removal Specialist


      • Specialist
      • Moderator emeritus
      • Thanked: 119
      • Experience: Guru
      • OS: Windows 10
      Re: Norton 360 Spyware.Perfect removal alert.
      « Reply #3 on: June 27, 2010, 08:33:36 PM »
      Please download MySystem-Search from here: Download mirror
      • Save the file to your Desktop.
      • Double-click on mss.exe
      • Allow it to run, and follow the prompts.
      • Once done, it will launch a log.
      • Post it in your next reply.
      Note: the logs are long. Please use more than one post, if necessary.
      ~Dr Jay

      ShaBow

        Topic Starter


        Greenhorn

      • Tia
        Re: Norton 360 Spyware.Perfect removal alert.
        « Reply #4 on: June 28, 2010, 07:15:37 AM »
        Thank you Jay

        MySystem-Search
         
         
        MSS v1.5
         
         
        Basic System Information
         
        Username: Sharon - Date: 06/28/2010 - Time:  9:12:23

        Microsoft Windows [Version 6.0.6002]
        Processor type: Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
        Total processors: 2
        Computer Name: SHARON-PC
        Logon Server: \\SHARON-PC
         
         
        CD Emulation Drivers running?
         
         
         
        Peer-to-Peer applications?
         
         
         
        File associations
         
        .exe=exefile
        .scr=scrfile
        .pif=piffile
        .com=comfile
        .bat=batfile
        .cmd=cmdfile
        .log=txtfile
        .txt=txtfile
        .reg=regfile
        .sys=sysfile
        .dll=dllfile
        .ini=inifile
        .inf=inffile
         
         
        Running processes
         

        Image Name                     PID Session Name        Session#    Mem Usage
        ========================= ======== ================ =========== ============
        System Idle Process              0 Services                   0         24 K
        System                           4 Services                   0     51,888 K
        smss.exe                       584 Services                   0      2,068 K
        csrss.exe                      656 Services                   0     14,092 K
        wininit.exe                    692 Services                   0      9,480 K
        csrss.exe                      712 Console                    1     10,012 K
        winlogon.exe                   748 Console                    1     11,940 K
        services.exe                   792 Services                   0      9,172 K
        lsass.exe                      804 Services                   0      2,540 K
        lsm.exe                        812 Services                   0      6,156 K
        svchost.exe                    964 Services                   0     10,264 K
        PresentationFontCache.exe     1008 Services                   0     85,140 K
        svchost.exe                    388 Services                   0     10,744 K
        svchost.exe                    704 Services                   0     27,320 K
        svchost.exe                    808 Services                   0    197,684 K
        svchost.exe                    972 Services                   0    117,452 K
        audiodg.exe                   1096 Services                   0     19,776 K
        svchost.exe                   1128 Services                   0      8,360 K
        SLsvc.exe                     1144 Services                   0     13,840 K
        svchost.exe                   1192 Services                   0     19,036 K
        svchost.exe                   1356 Services                   0     39,412 K
        wlanext.exe                   1536 Services                   0     18,756 K
        spoolsv.exe                   1608 Services                   0     17,824 K
        svchost.exe                   1656 Services                   0     26,084 K
        agr64svc.exe                  1856 Services                   0      3,604 K
        AppleMobileDeviceService.     1876 Services                   0      6,128 K
        mDNSResponder.exe             1888 Services                   0      6,924 K
        BDTUpdateService.exe          1908 Services                   0      4,364 K
        CFProcSRVC.exe                1924 Services                   0      9,928 K
        CFSvcs.exe                    1976 Services                   0      3,964 K
        EvtEng.exe                    2032 Services                   0     18,648 K
        ccSvcHst.exe                  1316 Services                   0     12,632 K
        svchost.exe                   1732 Services                   0      6,704 K
        RegSrvc.exe                   2160 Services                   0      6,672 K
        svchost.exe                   2424 Services                   0      9,612 K
        TMachInfo.exe                 2496 Services                   0     38,044 K
        TNaviSrv.exe                  2564 Services                   0      5,192 K
        TODDSrv.exe                   2652 Services                   0      5,208 K
        TosCoSrv.exe                  2672 Services                   0      5,324 K
        TosBtSrv.exe                  2764 Services                   0      5,132 K
        TosIPCSrv.exe                 2788 Services                   0      4,576 K
        ULCDRSvr.exe                  2824 Services                   0      4,416 K
        dllhost.exe                   2832 Services                   0      6,220 K
        svchost.exe                   2852 Services                   0      4,844 K
        WLIDSVC.EXE                   2884 Services                   0     15,964 K
        SearchIndexer.exe             2948 Services                   0     62,348 K
        taskeng.exe                   3032 Services                   0      9,836 K
        WLIDSVCM.EXE                  3648 Services                   0      4,060 K
        SmartFaceVWatchSrv.exe        3932 Services                   0     17,084 K
        WmiPrvSE.exe                  3460 Services                   0      9,424 K
        ccSvcHst.exe                  3772 Console                    1      5,100 K
        dwm.exe                       3268 Console                    1     52,444 K
        taskeng.exe                   3900 Console                    1     17,384 K
        explorer.exe                  3924 Console                    1    106,588 K
        igfxtray.exe                  4596 Console                    1     12,484 K
        hkcmd.exe                     4704 Console                    1      7,236 K
        igfxpers.exe                  4780 Console                    1      6,852 K
        igfxsrvc.exe                  4848 Console                    1      9,720 K
        Apoint.exe                    4920 Console                    1     11,940 K
        TPwrMain.exe                  4932 Console                    1      9,736 K
        ApMsgFwd.exe                  4976 Console                    1      4,648 K
        SmoothView.exe                5020 Console                    1      4,356 K
        TCrdMain.exe                  5092 Console                    1     23,520 K
        RAVCpl64.exe                  3448 Console                    1     20,344 K
        TOSCDSPD.exe                  3588 Console                    1      5,888 K
        GoogleToolbarNotifier.exe     2480 Console                    1      2,436 K
        sidebar.exe                    996 Console                    1     47,668 K
        ehtray.exe                    4092 Console                    1      2,988 K
        ehmsas.exe                    4444 Console                    1      5,532 K
        SSScheduler.exe               1044 Console                    1      6,244 K
        ONENOTEM.EXE                  1676 Console                    1      2,376 K
        NDSTray.exe                   2432 Console                    1      7,412 K
        KeNotify.exe                   256 Console                    1     10,220 K
        ToshibaServiceStation.exe     4240 Console                    1     71,796 K
        PCMAgent.exe                  4636 Console                    1     10,860 K
        traybar.exe                   4668 Console                    1      8,516 K
        sidebar.exe                   3524 Console                    1     47,980 K
        CFSwMgr.exe                   4572 Console                    1     10,684 K
        CLMLSvc.exe                   5008 Console                    1     18,392 K
        iTunesHelper.exe              1824 Console                    1     15,220 K
        iPodService.exe               4540 Services                   0      7,848 K
        ApntEx.exe                    5552 Console                    1      5,648 K
        WkCalRem.exe                  3332 Console                    1      4,528 K
        splwow64.exe                  2392 Console                    1     11,220 K
        SASCore64.exe                 5148 Services                   0      3,876 K
        SUPERAntiSpyware.exe          5012 Console                    1        820 K
        bfgclient.exe                 3384 Console                    1     39,784 K
        firefox.exe                   3484 Console                    1    139,612 K
        plugin-container.exe          4260 Console                    1     25,544 K
        SearchProtocolHost.exe        3852 Services                   0     10,908 K
        SearchFilterHost.exe          2860 Services                   0      6,792 K
        mss.exe                       2324 Console                    1      5,004 K
        cmd.exe                       2872 Console                    1      3,432 K
        tasklist.exe                  3064 Console                    1      6,012 K
        WmiPrvSE.exe                   592 Services                   0      7,488 K
         
         
        Hidden objects
         
        PATH: C:\windows
         
        Installer
        msdownld.tmp
        WindowsShell.Manifest
         
         
        PATH: C:\windows\system32
         
         
         
        PATH: C:\windows\system32\drivers
         
        fbd.sys
         
         
        PATH: C:\
         
        $Recycle.Bin
        Boot
        bootmgr
        Config.Msi
        Documents and Settings
        hiberfil.sys
        MSOCache
        pagefile.sys
        ProgramData
        System Volume Information
         
         
        User Profile check
         
        Public
        Sharon
         

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
            ProfilesDirectory    REG_EXPAND_SZ    %SystemDrive%\Users
            Default    REG_EXPAND_SZ    %SystemDrive%\Users\Default
            Public    REG_EXPAND_SZ    %SystemDrive%\Users\Public
            ProgramData    REG_EXPAND_SZ    %SystemDrive%\ProgramData

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18
            Flags    REG_DWORD    0xc
            State    REG_DWORD    0x0
            RefCount    REG_DWORD    0x1
            Sid    REG_BINARY    010100000000000512000000
            ProfileImagePath    REG_EXPAND_SZ    %systemroot%\system32\config\systemprofile

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19
            ProfileImagePath    REG_EXPAND_SZ    %SystemRoot%\ServiceProfiles\LocalService
            Flags    REG_DWORD    0x0
            State    REG_DWORD    0x0

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20
            ProfileImagePath    REG_EXPAND_SZ    %SystemRoot%\ServiceProfiles\NetworkService
            Flags    REG_DWORD    0x0
            State    REG_DWORD    0x0

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-776699227-4283417703-54896960-1000
            ProfileImagePath    REG_EXPAND_SZ    C:\Users\Sharon
            Flags    REG_DWORD    0x0
            State    REG_DWORD    0x100
            Sid    REG_BINARY    0105000000000005150000005B7D4B2E67C44FF F40A94503E8030000
            ProfileLoadTimeLow    REG_DWORD    0x0
            ProfileLoadTimeHigh    REG_DWORD    0x0
            RefCount    REG_DWORD    0x1
            RunLogonScriptSync    REG_DWORD    0x0

         
         
        Current Scheduled Tasks
         
        PATH: C:\Windows\Tasks
         
        SCHEDLGU.TXT
        SA.DAT
         
         
        Windows Drivers and NT-Services
         
         Volume in drive C is SQ004805V04
         Volume Serial Number is 02A5-ACBE

         Directory of C:\Windows\System32\Drivers

        06/18/2009  02:25 PM                13 fbd.sys
                       1 File(s)             13 bytes
                       0 Dir(s)  215,423,160,320 bytes free
         Volume in drive C is SQ004805V04
         Volume Serial Number is 02A5-ACBE

         Directory of C:\Windows\System32\Drivers

        09/18/2006  05:26 PM         3,440,660 gm.dls
        09/18/2006  05:26 PM               646 gmreadme.txt
        11/02/2006  11:16 AM    <DIR>          UMDF
        11/02/2006  11:16 AM    <DIR>          en-US
        05/07/2008  02:30 PM            32,040 LPCFilter.sys
        04/24/2009  07:39 PM            22,656 BMLoad.sys
        04/29/2010  03:39 PM            38,224 mbamswissarmy.sys
        06/27/2010  02:18 PM    <DIR>          .
        06/27/2010  02:18 PM    <DIR>          ..
                       5 File(s)      3,534,226 bytes
                       4 Dir(s)  215,423,160,320 bytes free
         
         
        Virtual drives found?
         
         
         
        Environment variables
         
        ALLUSERSPROFILE=C:\ProgramData
        APPDATA=C:\Users\Sharon\AppData\Roaming
        asl.log=Destination=file;OnFirstLog=command,environment
        CLASSPATH=.;C:\Program Files (x86)\Java\jre1.6.0_06\lib\ext\QTJava.zip
        CommonProgramFiles=C:\Program Files (x86)\Common Files
        CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files
        CommonProgramW6432=C:\Program Files\Common Files
        COMPUTERNAME=SHARON-PC
        ComSpec=C:\Windows\system32\cmd.exe
        DFSTRACINGON=FALSE
        FP_NO_HOST_CHECK=NO
        HOMEDRIVE=C:
        HOMEPATH=\Users\Sharon
        LOCALAPPDATA=C:\Users\Sharon\AppData\Local
        LOGONSERVER=\\SHARON-PC
        MOZ_CRASHREPORTER_DATA_DIRECTORY=C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Crash Reports
        MOZ_CRASHREPORTER_RESTART_ARG_0=C:\Program Files (x86)\Mozilla Firefox\firefox.exe
        MOZ_CRASHREPORTER_STRINGS_OVERRIDE=C:\Program Files (x86)\Mozilla Firefox\crashreporter-override.ini
        NUMBER_OF_PROCESSORS=2
        OS=Windows_NT
        Path=C:\Program Files (x86)\Mozilla Firefox;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~2\COMMON~1\ULEADS~1\MPEG;C:\Program Files\Intel\WiFi\bin\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\Common Files\Microsoft Shared\Windows Live
        PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
        PROCESSOR_ARCHITECTURE=x86
        PROCESSOR_ARCHITEW6432=AMD64
        PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
        PROCESSOR_LEVEL=6
        PROCESSOR_REVISION=170a
        ProgramData=C:\ProgramData
        ProgramFiles=C:\Program Files (x86)
        ProgramFiles(x86)=C:\Program Files (x86)
        ProgramW6432=C:\Program Files
        PROMPT=$P$G
        PUBLIC=C:\Users\Public
        QTJAVA=C:\Program Files (x86)\Java\jre1.6.0_06\lib\ext\QTJava.zip
        SESSIONNAME=Console
        SystemDrive=C:
        SystemRoot=C:\Windows
        TEMP=C:\Users\Sharon\AppData\Local\Temp
        TMP=C:\Users\Sharon\AppData\Local\Temp
        TRACE_FORMAT_SEARCH_PATH=\\NTREL202.ntdev.corp.microsoft.com\34FB5F65-FFEB-4B61-BF0E-A6A76C450FAA\TraceFormat
        USERDOMAIN=Sharon-PC
        USERNAME=Sharon
        USERPROFILE=C:\Users\Sharon
        windir=C:\Windows
         
         
        Stealth malware?
         
         
        Internet Explorer
         

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main
            Start Page    REG_SZ    http://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
            AutoHide    REG_SZ    yes
            Default_Page_URL    REG_SZ    http://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
            Default_Secondary_Page_URL    REG_MULTI_SZ   
            Default_Search_URL    REG_SZ    http://go.microsoft.com/fwlink/?LinkId=54896
            Search Page    REG_SZ    http://go.microsoft.com/fwlink/?LinkId=54896
            Extensions Off Page    REG_SZ    about:NoAdd-ons
            Security Risk Page    REG_SZ    about:SecurityRisk
            Enable_Disk_Cache    REG_SZ    yes
            Cache_Percent_of_Disk    REG_BINARY    0A000000
            Delete_Temp_Files_On_Exit    REG_SZ    yes
            Local Page    REG_SZ    C:\Windows\SysWOW64\blank.htm
            Anchor_Visitation_Horizon    REG_BINARY    01000000
            Use_Async_DNS    REG_SZ    yes
            Placeholder_Width    REG_BINARY    1A000000
            Placeholder_Height    REG_BINARY    1A000000

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\ErrorThresholds
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\UrlTemplate

        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
            IE5_UA_Backup_Flag    REG_SZ    5.0
            User Agent    REG_SZ    Mozilla/4.0 (compatible; MSIE 8.0; Win32)
            EmailName    REG_SZ    IEUser@
            AutoConfigProxy    REG_SZ    wininet.dll
            MimeExclusionListForCache    REG_SZ    multipart/mixed multipart/x-mixed-replace multipart/x-byteranges
            UseSchannelDirectly    REG_BINARY    01000000
            EnableHttp1_1    REG_DWORD    0x1
            PrivDiscUiShown    REG_DWORD    0x1
            WarnOnIntranet    REG_DWORD    0x1
            WarnOnPost    REG_BINARY    01000000
            UrlEncoding    REG_DWORD    0x0
            SecureProtocols    REG_DWORD    0x28
            PrivacyAdvanced    REG_DWORD    0x0
            ZonesSecurityUpgradeDone    REG_DWORD    0x1
            DisableCachingOfSSLPages    REG_DWORD    0x0
            WarnonZoneCrossing    REG_DWORD    0x0
            CertificateRevocation    REG_DWORD    0x1
            EnableNegotiate    REG_DWORD    0x1
            MigrateProxy    REG_DWORD    0x1
            ProxyEnable    REG_DWORD    0x0
            ZonesSecurityUpgrade    REG_BINARY    AD22F6DB1AFAC901
            MaxConnectionsPerServer    REG_DWORD    0xa
            MaxConnectionsPer1_0Server    REG_DWORD    0xa
            GlobalUserOffline    REG_DWORD    0x0
            SyncMode5    REG_DWORD    0x4
            EnableAutodial    REG_DWORD    0x0
            NoNetAutodial    REG_DWORD    0x0
            ProxyOverride    REG_SZ    *.local

        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0
        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities
        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache
        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Http Filters
        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones
        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P
        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Passport
        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Protocols
        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Url History
        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad
        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones

        HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
            Disable Script Debugger    REG_SZ    yes
            Anchor Underline    REG_SZ    yes
            Cache_Update_Frequency    REG_SZ    Once_Per_Session
            Display Inline Images    REG_SZ    yes
            Do404Search    REG_BINARY    01000000
            Local Page    REG_SZ    C:\Windows\system32\blank.htm
            Save_Session_History_On_Exit    REG_SZ    no
            Show_FullURL    REG_SZ    no
            Show_StatusBar    REG_SZ    yes
            Show_ToolBar    REG_SZ    yes
            Show_URLinStatusBar    REG_SZ    yes
            Show_URLToolBar    REG_SZ    yes
            Use_DlgBox_Colors    REG_SZ    yes
            Search Page    REG_SZ    http://go.microsoft.com/fwlink/?LinkId=54896
            XMLHTTP    REG_DWORD    0x1
            NoUpdateCheck    REG_DWORD    0x1
            UseClearType    REG_SZ    no
            Enable Browser Extensions    REG_SZ    yes
            Play_Background_Sounds    REG_SZ    yes
            Play_Animations    REG_SZ    yes
            Start Page    REG_SZ    http://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
            Default_Page_URL    REG_SZ    http://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
            CompatibilityFlags    REG_DWORD    0x0
            FullScreen    REG_SZ    no
            SearchMigrated    REG_DWORD    0x0
            Window_Placement    REG_BINARY    2C0000000000000001000000FFFFFFFFFFFFFFF FFFFFFFFFFFFFFFFF59000000D50000007F0400 00B7030000
            Use FormSuggest    REG_SZ    no
            NotifyDownloadComplete    REG_SZ    yes
            StartPageCache    REG_DWORD    0x1
            RunOnceComplete    REG_DWORD    0x1
            RunOnceHasShown    REG_DWORD    0x1
            Secondary Start Pages    REG_MULTI_SZ    http://www.google.com/
            AlwaysShowMenus    REG_DWORD    0x1
            StatusBarWeb    REG_DWORD    0x0
            ShowedCheckBrowser    REG_SZ    Yes
            Check_Associations    REG_SZ    no
            IE8RunOnceLastShown    REG_DWORD    0x1
            IE8RunOnceLastShown_TIMESTAMP    REG_BINARY    205DB27FCEFCC901
            IE8RunOncePerInstallCompleted    REG_DWORD    0x1
            IE8RunOnceCompletionTime    REG_BINARY    F098EFA4CEFCC901
            IE8TourShown    REG_DWORD    0x1
            IE8TourShownTime    REG_BINARY    80F8F0A4CEFCC901
            FormSuggest PW Ask    REG_SZ    no

        HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default Feeds
        HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl
        HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch

        HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks
            {CFBFAE00-17A6-11D0-99CB-00C04FD64497}    REG_SZ   


        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
            {2318C2B1-4965-11d4-9B18-009027A5CD4F}    REG_BINARY    00
            {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}    REG_SZ    Norton Toolbar
            {D4027C7F-154A-4066-A1AD-4243D8127440}    REG_BINARY    00
            {472734EA-242A-422B-ADF8-83D1E48CC825}    REG_SZ    PC Tools Browser Guard


        HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel
        HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\MasterCook: Select Image
         
         
        Protocol hijack?
         
         
         
        Security Center
         

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc
            oobe_av    REG_DWORD    0x1


        HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile
            EnableFirewall    REG_DWORD    0x0
            DisableNotifications    REG_DWORD    0x0

        HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications
        HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts
        HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging

        HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
            EnableFirewall    REG_DWORD    0x0
            DisableNotifications    REG_DWORD    0x0

        HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications
        HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts
        HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging

        HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile
            EnableFirewall    REG_DWORD    0x0
            DisableNotifications    REG_DWORD    0x0

        HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications
        HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\GloballyOpenPorts
        HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging
         
         
        Uninstall List
         

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BFG-2 Tasty
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BFG-Burger Bustle
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BFG-Hotdog Hotshot
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BFG-Ice Cream Craze
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BFG-Mall-a-Palooza
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BFG-Sally's Salon
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BFG-Sally's Spa
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BFG-Top Chef
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BFGC
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Browser Defender_is1
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CCleaner
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HOMESTUDENTR
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield Uninstall Information
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{FB98D390-54A4-4CD1-93D3-FBC96A6F07A3}
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB954156
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB979332
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Malwarebytes' Anti-Malware_is1
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\McAfee Security Scan
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox (3.6.6)
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\N360
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Revo Uninstaller
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Rhapsody
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Security Task Manager
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Spyware Doctor
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SymcData-idsdefs
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TOSHIBA Game Console
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WildTangent toshiba Master Uninstall
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Media Encoder 9
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WT047338
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WT047347
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WT047349
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WT047351
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WT047534
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WT047932
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WT047938
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WT050981
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WT068453
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WT074152
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WT081295
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WT082374
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{008D69EB-70FF-46AB-9C75-924620DF191A}
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{066CFFF8-12BF-4390-A673-75F95EFF188E}
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{18455581-E099-4BA8-BC6B-F34B2F06600C}
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{224821ED-CADA-4A8A-AC8D-3734CC0F0931}
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2318C2B1-4965-11d4-9B18-009027A5CD4F}
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2637C347-9DAD-11D6-9EA2-00055D0CA761}
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26604C7E-A313-4D12-867F-7C6E7820BE4C}
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83216020FF}
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2EA45803-BEB7-46C4-9ADC-46A5F9E7BB77}
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160060}
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37563E8A-F8C5-482E-8E61-2C39D7CCACA9}
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37C866E4-AA67-4725-9E95-A39968DD7960}
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{45A66726-69BC-466B-A7A4-12FCBA4883D7}
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{48FF6DE6-0619-4562-B4B1-21F161FE0DE0}
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4C3F3228-13BE-41D0-A782-3DDE7CB2479A}
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5279374D-87FE-4879-9385-F17278EBB9D3}
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{553255F3-78FD-40F1-A6F8-6882140265FE}
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{620BBA5E-F848-4D56-8BDA-584E44584C5E}
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{622E6F16-0904-49B6-BBE1-4CC836314CCF}
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{697AFC77-F318-4CD4-BF16-F50F4C1072DA}
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7299052b-02a4-4627-81f2-1818da5d550d}
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{770657D0-A123-3C07-8E44-1C83EC895118}
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{890EF3F8-742F-46BD-9E8E-084B3A1F4364}
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0016-0409-0000-0000000FF1CE}
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0018-0409-0000-0000000FF1CE}
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001B-0409-0000-0000000FF1CE}
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0409-0000-0000000FF1CE}
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-040C-0000-0000000FF1CE}
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0C0A-0000-0000000FF1CE}
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0020-0409-0000-0000000FF1CE}
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-002C-0409-0000-0000000FF1CE}
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0409-0000-0000000FF1CE}
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00A1-0409-0000-0000000FF1CE}
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0115-0409-0000-0000000FF1CE}
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0112C750-A06F-4F92-9C40-E5C1EA9A70EB}
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{329050A9-EF80-40F9-B633-74508F54C1FF}
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{7F207DCA-3399-40CB-A968-6E5991B1421A}
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{B0EC5722-241F-4CDA-83B4-AA5846B6F9F4}
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C3F9A0DC-A5D1-4BB6-870E-2953E5A2487B}
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E8766951-2B6C-4022-86E8-80D2D1762B76}
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{F5B70033-E79C-4569-90BF-BC9B4E4F3F46}
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{FCD742B9-7A55-44BC-A776-F795F21FEDDC}
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{95120000-00AF-0409-0000-0000000FF1CE}
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9A25302D-30C0-39D9-BD6F-21E6EC160475}
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A644254B-92F6-4970-8635-AB0775371E72}
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AA8B2587-7198-44E6-858D-20EA0E833C9D}
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC6569FA-6919-442A-8552-073BE69E247A}
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1033-7B44-A81300000003}
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1033-7B44-A81300000003}_814
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C523D256-313D-4866-B36A-F3DE528246EF}
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB350003
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB953595
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB958484
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB960043
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E1E56B8A-1AAF-422A-91DB-625059FB9863}
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F751C062-87DA-4D33-8A12-6E7F1D4C051C}
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FB98D390-54A4-4CD1-93D3-FBC96A6F07A3}

        HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Move Media Player
         
         
        Adobe Products
         

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX
            DisplayName    REG_SZ    Adobe Flash Player 10 ActiveX
            DisplayVersion    REG_SZ    10.0.45.2
            Publisher    REG_SZ    Adobe Systems Incorporated
            URLInfoAbout    REG_SZ    http://www.adobe.com/go/getflashplayer
            VersionMajor    REG_SZ    10
            VersionMinor    REG_SZ    0
            HelpLink    REG_SZ    http://www.adobe.com/go/flashplayer_support/
            URLUpdateInfo    REG_SZ    http://www.adobe.com/go/flashplayer/
            DisplayIcon    REG_SZ    C:\Windows\SysWOW64\Macromed\Flash\uninstall_activeX.exe
            UninstallString    REG_SZ    C:\Windows\SysWOW64\Macromed\Flash\uninstall_activeX.exe
            RequiresIESysFile    REG_SZ    4.70.0.1155
            NoModify    REG_DWORD    0x1
            NoRepair    REG_DWORD    0x1


        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin
            DisplayName    REG_SZ    Adobe Flash Player 10 Plugin
            Publisher    REG_SZ    Adobe Systems Incorporated
            DisplayVersion    REG_SZ    10.1.53.64
            HelpLink    REG_SZ    http://www.adobe.com/go/flashplayer_support/
            NoModify    REG_DWORD    0x1
            NoRepair    REG_DWORD    0x1
            RequiresIESysFile    REG_SZ    4.70.0.1155
            URLInfoAbout    REG_SZ    http://www.adobe.com
            URLUpdateInfo    REG_SZ    http://www.adobe.com/go/getflashplayer/
            VersionMajor    REG_DWORD    0xa
            VersionMinor    REG_DWORD    0x1
            UninstallString    REG_SZ    C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_Plugin.exe -maintain plugin
            DisplayIcon    REG_SZ    C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_Plugin.exe
            EstimatedSize    REG_DWORD    0x1800

         
         
        Autorun
         

        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
            TOSCDSPD    REG_SZ    C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
            swg    REG_SZ    "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
            Sidebar    REG_SZ    C:\Program Files\windows sidebar\sidebar.exe /autoRun
            ehTray.exe    REG_SZ    C:\Windows\ehome\ehTray.exe
            WMPNSCFG    REG_SZ    C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe


        HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
            ITSecMng    REG_EXPAND_SZ    %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
            NDSTray.exe    REG_SZ    NDSTray.exe
            cfFncEnabler.exe    REG_SZ    cfFncEnabler.exe
            KeNotify    REG_SZ    "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe"
            ToshibaServiceStation    REG_SZ    "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
            PCMAgent    REG_SZ    "C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe"
            Camera Assistant Software    REG_SZ    "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
            Adobe Reader Speed Launcher    REG_SZ    "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
            CLMLServer    REG_SZ    "C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe"
            QuickTime Task    REG_SZ    "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
            iTunesHelper    REG_SZ    "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
            AppleSyncN

        Dr Jay

        • Malware Removal Specialist


        • Specialist
        • Moderator emeritus
        • Thanked: 119
        • Experience: Guru
        • OS: Windows 10
        Re: Norton 360 Spyware.Perfect removal alert.
        « Reply #5 on: June 28, 2010, 03:37:02 PM »
        You did not post a complete log. Please re-run the tool, then post all of the log.
        ~Dr Jay

        ShaBow

          Topic Starter


          Greenhorn

        • Tia
          Re: Norton 360 Spyware.Perfect removal alert.
          « Reply #6 on: June 29, 2010, 08:27:06 AM »
          MySystem-Search
           
           
          MSS v1.5
           
           
          Basic System Information
           
          Username: Sharon - Date: 06/28/2010 - Time:  9:12:23

          Microsoft Windows [Version 6.0.6002]
          Processor type: Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
          Total processors: 2
          Computer Name: SHARON-PC
          Logon Server: \\SHARON-PC
           
           
          CD Emulation Drivers running?
           
           
           
          Peer-to-Peer applications?
           
           
           
          File associations
           
          .exe=exefile
          .scr=scrfile
          .pif=piffile
          .com=comfile
          .bat=batfile
          .cmd=cmdfile
          .log=txtfile
          .txt=txtfile
          .reg=regfile
          .sys=sysfile
          .dll=dllfile
          .ini=inifile
          .inf=inffile
           
           
          Running processes
           

          Image Name                     PID Session Name        Session#    Mem Usage
          ========================= ======== ================ =========== ============
          System Idle Process              0 Services                   0         24 K
          System                           4 Services                   0     51,888 K
          smss.exe                       584 Services                   0      2,068 K
          csrss.exe                      656 Services                   0     14,092 K
          wininit.exe                    692 Services                   0      9,480 K
          csrss.exe                      712 Console                    1     10,012 K
          winlogon.exe                   748 Console                    1     11,940 K
          services.exe                   792 Services                   0      9,172 K
          lsass.exe                      804 Services                   0      2,540 K
          lsm.exe                        812 Services                   0      6,156 K
          svchost.exe                    964 Services                   0     10,264 K
          PresentationFontCache.exe     1008 Services                   0     85,140 K
          svchost.exe                    388 Services                   0     10,744 K
          svchost.exe                    704 Services                   0     27,320 K
          svchost.exe                    808 Services                   0    197,684 K
          svchost.exe                    972 Services                   0    117,452 K
          audiodg.exe                   1096 Services                   0     19,776 K
          svchost.exe                   1128 Services                   0      8,360 K
          SLsvc.exe                     1144 Services                   0     13,840 K
          svchost.exe                   1192 Services                   0     19,036 K
          svchost.exe                   1356 Services                   0     39,412 K
          wlanext.exe                   1536 Services                   0     18,756 K
          spoolsv.exe                   1608 Services                   0     17,824 K
          svchost.exe                   1656 Services                   0     26,084 K
          agr64svc.exe                  1856 Services                   0      3,604 K
          AppleMobileDeviceService.     1876 Services                   0      6,128 K
          mDNSResponder.exe             1888 Services                   0      6,924 K
          BDTUpdateService.exe          1908 Services                   0      4,364 K
          CFProcSRVC.exe                1924 Services                   0      9,928 K
          CFSvcs.exe                    1976 Services                   0      3,964 K
          EvtEng.exe                    2032 Services                   0     18,648 K
          ccSvcHst.exe                  1316 Services                   0     12,632 K
          svchost.exe                   1732 Services                   0      6,704 K
          RegSrvc.exe                   2160 Services                   0      6,672 K
          svchost.exe                   2424 Services                   0      9,612 K
          TMachInfo.exe                 2496 Services                   0     38,044 K
          TNaviSrv.exe                  2564 Services                   0      5,192 K
          TODDSrv.exe                   2652 Services                   0      5,208 K
          TosCoSrv.exe                  2672 Services                   0      5,324 K
          TosBtSrv.exe                  2764 Services                   0      5,132 K
          TosIPCSrv.exe                 2788 Services                   0      4,576 K
          ULCDRSvr.exe                  2824 Services                   0      4,416 K
          dllhost.exe                   2832 Services                   0      6,220 K
          svchost.exe                   2852 Services                   0      4,844 K
          WLIDSVC.EXE                   2884 Services                   0     15,964 K
          SearchIndexer.exe             2948 Services                   0     62,348 K
          taskeng.exe                   3032 Services                   0      9,836 K
          WLIDSVCM.EXE                  3648 Services                   0      4,060 K
          SmartFaceVWatchSrv.exe        3932 Services                   0     17,084 K
          WmiPrvSE.exe                  3460 Services                   0      9,424 K
          ccSvcHst.exe                  3772 Console                    1      5,100 K
          dwm.exe                       3268 Console                    1     52,444 K
          taskeng.exe                   3900 Console                    1     17,384 K
          explorer.exe                  3924 Console                    1    106,588 K
          igfxtray.exe                  4596 Console                    1     12,484 K
          hkcmd.exe                     4704 Console                    1      7,236 K
          igfxpers.exe                  4780 Console                    1      6,852 K
          igfxsrvc.exe                  4848 Console                    1      9,720 K
          Apoint.exe                    4920 Console                    1     11,940 K
          TPwrMain.exe                  4932 Console                    1      9,736 K
          ApMsgFwd.exe                  4976 Console                    1      4,648 K
          SmoothView.exe                5020 Console                    1      4,356 K
          TCrdMain.exe                  5092 Console                    1     23,520 K
          RAVCpl64.exe                  3448 Console                    1     20,344 K
          TOSCDSPD.exe                  3588 Console                    1      5,888 K
          GoogleToolbarNotifier.exe     2480 Console                    1      2,436 K
          sidebar.exe                    996 Console                    1     47,668 K
          ehtray.exe                    4092 Console                    1      2,988 K
          ehmsas.exe                    4444 Console                    1      5,532 K
          SSScheduler.exe               1044 Console                    1      6,244 K
          ONENOTEM.EXE                  1676 Console                    1      2,376 K
          NDSTray.exe                   2432 Console                    1      7,412 K
          KeNotify.exe                   256 Console                    1     10,220 K
          ToshibaServiceStation.exe     4240 Console                    1     71,796 K
          PCMAgent.exe                  4636 Console                    1     10,860 K
          traybar.exe                   4668 Console                    1      8,516 K
          sidebar.exe                   3524 Console                    1     47,980 K
          CFSwMgr.exe                   4572 Console                    1     10,684 K
          CLMLSvc.exe                   5008 Console                    1     18,392 K
          iTunesHelper.exe              1824 Console                    1     15,220 K
          iPodService.exe               4540 Services                   0      7,848 K
          ApntEx.exe                    5552 Console                    1      5,648 K
          WkCalRem.exe                  3332 Console                    1      4,528 K
          splwow64.exe                  2392 Console                    1     11,220 K
          SASCore64.exe                 5148 Services                   0      3,876 K
          SUPERAntiSpyware.exe          5012 Console                    1        820 K
          bfgclient.exe                 3384 Console                    1     39,784 K
          firefox.exe                   3484 Console                    1    139,612 K
          plugin-container.exe          4260 Console                    1     25,544 K
          SearchProtocolHost.exe        3852 Services                   0     10,908 K
          SearchFilterHost.exe          2860 Services                   0      6,792 K
          mss.exe                       2324 Console                    1      5,004 K
          cmd.exe                       2872 Console                    1      3,432 K
          tasklist.exe                  3064 Console                    1      6,012 K
          WmiPrvSE.exe                   592 Services                   0      7,488 K
           
           
          Hidden objects
           
          PATH: C:\windows
           
          Installer
          msdownld.tmp
          WindowsShell.Manifest
           
           
          PATH: C:\windows\system32
           
           
           
          PATH: C:\windows\system32\drivers
           
          fbd.sys
           
           
          PATH: C:\
           
          $Recycle.Bin
          Boot
          bootmgr
          Config.Msi
          Documents and Settings
          hiberfil.sys
          MSOCache
          pagefile.sys
          ProgramData
          System Volume Information
           
           
          User Profile check
           
          Public
          Sharon
           

          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
              ProfilesDirectory    REG_EXPAND_SZ    %SystemDrive%\Users
              Default    REG_EXPAND_SZ    %SystemDrive%\Users\Default
              Public    REG_EXPAND_SZ    %SystemDrive%\Users\Public
              ProgramData    REG_EXPAND_SZ    %SystemDrive%\ProgramData

          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18
              Flags    REG_DWORD    0xc
              State    REG_DWORD    0x0
              RefCount    REG_DWORD    0x1
              Sid    REG_BINARY    010100000000000512000000
              ProfileImagePath    REG_EXPAND_SZ    %systemroot%\system32\config\systemprofile

          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19
              ProfileImagePath    REG_EXPAND_SZ    %SystemRoot%\ServiceProfiles\LocalService
              Flags    REG_DWORD    0x0
              State    REG_DWORD    0x0

          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20
              ProfileImagePath    REG_EXPAND_SZ    %SystemRoot%\ServiceProfiles\NetworkService
              Flags    REG_DWORD    0x0
              State    REG_DWORD    0x0

          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-776699227-4283417703-54896960-1000
              ProfileImagePath    REG_EXPAND_SZ    C:\Users\Sharon
              Flags    REG_DWORD    0x0
              State    REG_DWORD    0x100
              Sid    REG_BINARY    0105000000000005150000005B7D4B2E67C44FF F40A94503E8030000
              ProfileLoadTimeLow    REG_DWORD    0x0
              ProfileLoadTimeHigh    REG_DWORD    0x0
              RefCount    REG_DWORD    0x1
              RunLogonScriptSync    REG_DWORD    0x0

           
           
          Current Scheduled Tasks
           
          PATH: C:\Windows\Tasks
           
          SCHEDLGU.TXT
          SA.DAT
           
           
          Windows Drivers and NT-Services
           
           Volume in drive C is SQ004805V04
           Volume Serial Number is 02A5-ACBE

           Directory of C:\Windows\System32\Drivers

          06/18/2009  02:25 PM                13 fbd.sys
                         1 File(s)             13 bytes
                         0 Dir(s)  215,423,160,320 bytes free
           Volume in drive C is SQ004805V04
           Volume Serial Number is 02A5-ACBE

           Directory of C:\Windows\System32\Drivers

          09/18/2006  05:26 PM         3,440,660 gm.dls
          09/18/2006  05:26 PM               646 gmreadme.txt
          11/02/2006  11:16 AM    <DIR>          UMDF
          11/02/2006  11:16 AM    <DIR>          en-US
          05/07/2008  02:30 PM            32,040 LPCFilter.sys
          04/24/2009  07:39 PM            22,656 BMLoad.sys
          04/29/2010  03:39 PM            38,224 mbamswissarmy.sys
          06/27/2010  02:18 PM    <DIR>          .
          06/27/2010  02:18 PM    <DIR>          ..
                         5 File(s)      3,534,226 bytes
                         4 Dir(s)  215,423,160,320 bytes free
           
           
          Virtual drives found?
           
           
           
          Environment variables
           
          ALLUSERSPROFILE=C:\ProgramData
          APPDATA=C:\Users\Sharon\AppData\Roaming
          asl.log=Destination=file;OnFirstLog=command,environment
          CLASSPATH=.;C:\Program Files (x86)\Java\jre1.6.0_06\lib\ext\QTJava.zip
          CommonProgramFiles=C:\Program Files (x86)\Common Files
          CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files
          CommonProgramW6432=C:\Program Files\Common Files
          COMPUTERNAME=SHARON-PC
          ComSpec=C:\Windows\system32\cmd.exe
          DFSTRACINGON=FALSE
          FP_NO_HOST_CHECK=NO
          HOMEDRIVE=C:
          HOMEPATH=\Users\Sharon
          LOCALAPPDATA=C:\Users\Sharon\AppData\Local
          LOGONSERVER=\\SHARON-PC
          MOZ_CRASHREPORTER_DATA_DIRECTORY=C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Crash Reports
          MOZ_CRASHREPORTER_RESTART_ARG_0=C:\Program Files (x86)\Mozilla Firefox\firefox.exe
          MOZ_CRASHREPORTER_STRINGS_OVERRIDE=C:\Program Files (x86)\Mozilla Firefox\crashreporter-override.ini
          NUMBER_OF_PROCESSORS=2
          OS=Windows_NT
          Path=C:\Program Files (x86)\Mozilla Firefox;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~2\COMMON~1\ULEADS~1\MPEG;C:\Program Files\Intel\WiFi\bin\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\Common Files\Microsoft Shared\Windows Live
          PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
          PROCESSOR_ARCHITECTURE=x86
          PROCESSOR_ARCHITEW6432=AMD64
          PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
          PROCESSOR_LEVEL=6
          PROCESSOR_REVISION=170a
          ProgramData=C:\ProgramData
          ProgramFiles=C:\Program Files (x86)
          ProgramFiles(x86)=C:\Program Files (x86)
          ProgramW6432=C:\Program Files
          PROMPT=$P$G
          PUBLIC=C:\Users\Public
          QTJAVA=C:\Program Files (x86)\Java\jre1.6.0_06\lib\ext\QTJava.zip
          SESSIONNAME=Console
          SystemDrive=C:
          SystemRoot=C:\Windows
          TEMP=C:\Users\Sharon\AppData\Local\Temp
          TMP=C:\Users\Sharon\AppData\Local\Temp
          TRACE_FORMAT_SEARCH_PATH=\\NTREL202.ntdev.corp.microsoft.com\34FB5F65-FFEB-4B61-BF0E-A6A76C450FAA\TraceFormat
          USERDOMAIN=Sharon-PC
          USERNAME=Sharon
          USERPROFILE=C:\Users\Sharon
          windir=C:\Windows
           
           
          Stealth malware?
           
           
          Internet Explorer
           

          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main
              Start Page    REG_SZ    http://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
              AutoHide    REG_SZ    yes
              Default_Page_URL    REG_SZ    http://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
              Default_Secondary_Page_URL    REG_MULTI_SZ   
              Default_Search_URL    REG_SZ    http://go.microsoft.com/fwlink/?LinkId=54896
              Search Page    REG_SZ    http://go.microsoft.com/fwlink/?LinkId=54896
              Extensions Off Page    REG_SZ    about:NoAdd-ons
              Security Risk Page    REG_SZ    about:SecurityRisk
              Enable_Disk_Cache    REG_SZ    yes
              Cache_Percent_of_Disk    REG_BINARY    0A000000
              Delete_Temp_Files_On_Exit    REG_SZ    yes
              Local Page    REG_SZ    C:\Windows\SysWOW64\blank.htm
              Anchor_Visitation_Horizon    REG_BINARY    01000000
              Use_Async_DNS    REG_SZ    yes
              Placeholder_Width    REG_BINARY    1A000000
              Placeholder_Height    REG_BINARY    1A000000

          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\ErrorThresholds
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\UrlTemplate

          HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
              IE5_UA_Backup_Flag    REG_SZ    5.0
              User Agent    REG_SZ    Mozilla/4.0 (compatible; MSIE 8.0; Win32)
              EmailName    REG_SZ    IEUser@
              AutoConfigProxy    REG_SZ    wininet.dll
              MimeExclusionListForCache    REG_SZ    multipart/mixed multipart/x-mixed-replace multipart/x-byteranges
              UseSchannelDirectly    REG_BINARY    01000000
              EnableHttp1_1    REG_DWORD    0x1
              PrivDiscUiShown    REG_DWORD    0x1
              WarnOnIntranet    REG_DWORD    0x1
              WarnOnPost    REG_BINARY    01000000
              UrlEncoding    REG_DWORD    0x0
              SecureProtocols    REG_DWORD    0x28
              PrivacyAdvanced    REG_DWORD    0x0
              ZonesSecurityUpgradeDone    REG_DWORD    0x1
              DisableCachingOfSSLPages    REG_DWORD    0x0
              WarnonZoneCrossing    REG_DWORD    0x0
              CertificateRevocation    REG_DWORD    0x1
              EnableNegotiate    REG_DWORD    0x1
              MigrateProxy    REG_DWORD    0x1
              ProxyEnable    REG_DWORD    0x0
              ZonesSecurityUpgrade    REG_BINARY    AD22F6DB1AFAC901
              MaxConnectionsPerServer    REG_DWORD    0xa
              MaxConnectionsPer1_0Server    REG_DWORD    0xa
              GlobalUserOffline    REG_DWORD    0x0
              SyncMode5    REG_DWORD    0x4
              EnableAutodial    REG_DWORD    0x0
              NoNetAutodial    REG_DWORD    0x0
              ProxyOverride    REG_SZ    *.local

          HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0
          HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities
          HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache
          HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
          HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Http Filters
          HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones
          HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P
          HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Passport
          HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Protocols
          HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Url History
          HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad
          HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
          HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones

          HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
              Disable Script Debugger    REG_SZ    yes
              Anchor Underline    REG_SZ    yes
              Cache_Update_Frequency    REG_SZ    Once_Per_Session
              Display Inline Images    REG_SZ    yes
              Do404Search    REG_BINARY    01000000
              Local Page    REG_SZ    C:\Windows\system32\blank.htm
              Save_Session_History_On_Exit    REG_SZ    no
              Show_FullURL    REG_SZ    no
              Show_StatusBar    REG_SZ    yes
              Show_ToolBar    REG_SZ    yes
              Show_URLinStatusBar    REG_SZ    yes
              Show_URLToolBar    REG_SZ    yes
              Use_DlgBox_Colors    REG_SZ    yes
              Search Page    REG_SZ    http://go.microsoft.com/fwlink/?LinkId=54896
              XMLHTTP    REG_DWORD    0x1
              NoUpdateCheck    REG_DWORD    0x1
              UseClearType    REG_SZ    no
              Enable Browser Extensions    REG_SZ    yes
              Play_Background_Sounds    REG_SZ    yes
              Play_Animations    REG_SZ    yes
              Start Page    REG_SZ    http://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
              Default_Page_URL    REG_SZ    http://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
              CompatibilityFlags    REG_DWORD    0x0
              FullScreen    REG_SZ    no
              SearchMigrated    REG_DWORD    0x0
              Window_Placement    REG_BINARY    2C0000000000000001000000FFFFFFFFFFFFFFF FFFFFFFFFFFFFFFFF59000000D50000007F0400 00B7030000
              Use FormSuggest    REG_SZ    no
              NotifyDownloadComplete    REG_SZ    yes
              StartPageCache    REG_DWORD    0x1
              RunOnceComplete    REG_DWORD    0x1
              RunOnceHasShown    REG_DWORD    0x1
              Secondary Start Pages    REG_MULTI_SZ    http://www.google.com/
              AlwaysShowMenus    REG_DWORD    0x1
              StatusBarWeb    REG_DWORD    0x0
              ShowedCheckBrowser    REG_SZ    Yes
              Check_Associations    REG_SZ    no
              IE8RunOnceLastShown    REG_DWORD    0x1
              IE8RunOnceLastShown_TIMESTAMP    REG_BINARY    205DB27FCEFCC901
              IE8RunOncePerInstallCompleted    REG_DWORD    0x1
              IE8RunOnceCompletionTime    REG_BINARY    F098EFA4CEFCC901
              IE8TourShown    REG_DWORD    0x1
              IE8TourShownTime    REG_BINARY    80F8F0A4CEFCC901
              FormSuggest PW Ask    REG_SZ    no

          HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default Feeds
          HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl
          HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch

          HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks
              {CFBFAE00-17A6-11D0-99CB-00C04FD64497}    REG_SZ   


          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}

          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
              {2318C2B1-4965-11d4-9B18-009027A5CD4F}    REG_BINARY    00
              {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}    REG_SZ    Norton Toolbar
              {D4027C7F-154A-4066-A1AD-4243D8127440}    REG_BINARY    00
              {472734EA-242A-422B-ADF8-83D1E48CC825}    REG_SZ    PC Tools Browser Guard


          HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel
          HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\MasterCook: Select Image
           
           
          Protocol hijack?
           
           
           
          Security Center
           

          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc

          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc
              oobe_av    REG_DWORD    0x1


          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile
              EnableFirewall    REG_DWORD    0x0
              DisableNotifications    REG_DWORD    0x0

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications
          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts
          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
              EnableFirewall    REG_DWORD    0x0
              DisableNotifications    REG_DWORD    0x0

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications
          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts
          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile
              EnableFirewall    REG_DWORD    0x0
              DisableNotifications    REG_DWORD    0x0

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications
          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\GloballyOpenPorts
          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging
           
           
          Uninstall List
           

          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BFG-2 Tasty
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BFG-Burger Bustle
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BFG-Hotdog Hotshot
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BFG-Ice Cream Craze
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BFG-Mall-a-Palooza
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BFG-Sally's Salon
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BFG-Sally's Spa
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BFG-Top Chef
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BFGC
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Browser Defender_is1
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CCleaner
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HOMESTUDENTR
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield Uninstall Information
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{FB98D390-54A4-4CD1-93D3-FBC96A6F07A3}
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB954156
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB979332
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Malwarebytes' Anti-Malware_is1
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\McAfee Security Scan
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox (3.6.6)
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\N360
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Revo Uninstaller
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Rhapsody
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Security Task Manager
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Spyware Doctor
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SymcData-idsdefs
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TOSHIBA Game Console
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WildTangent toshiba Master Uninstall
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Media Encoder 9
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WT047338
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WT047347
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WT047349
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WT047351
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WT047534
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WT047932
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WT047938
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WT050981
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WT068453
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WT074152
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WT081295
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WT082374
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{008D69EB-70FF-46AB-9C75-924620DF191A}
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{066CFFF8-12BF-4390-A673-75F95EFF188E}
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{18455581-E099-4BA8-BC6B-F34B2F06600C}
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{224821ED-CADA-4A8A-AC8D-3734CC0F0931}
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2318C2B1-4965-11d4-9B18-009027A5CD4F}
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2637C347-9DAD-11D6-9EA2-00055D0CA761}
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26604C7E-A313-4D12-867F-7C6E7820BE4C}
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83216020FF}
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2EA45803-BEB7-46C4-9ADC-46A5F9E7BB77}
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160060}
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37563E8A-F8C5-482E-8E61-2C39D7CCACA9}
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37C866E4-AA67-4725-9E95-A39968DD7960}
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{45A66726-69BC-466B-A7A4-12FCBA4883D7}
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{48FF6DE6-0619-4562-B4B1-21F161FE0DE0}
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4C3F3228-13BE-41D0-A782-3DDE7CB2479A}
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5279374D-87FE-4879-9385-F17278EBB9D3}
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{553255F3-78FD-40F1-A6F8-6882140265FE}
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{620BBA5E-F848-4D56-8BDA-584E44584C5E}
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{622E6F16-0904-49B6-BBE1-4CC836314CCF}
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{697AFC77-F318-4CD4-BF16-F50F4C1072DA}
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7299052b-02a4-4627-81f2-1818da5d550d}
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{770657D0-A123-3C07-8E44-1C83EC895118}
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{890EF3F8-742F-46BD-9E8E-084B3A1F4364}
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0016-0409-0000-0000000FF1CE}
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0018-0409-0000-0000000FF1CE}
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001B-0409-0000-0000000FF1CE}
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0409-0000-0000000FF1CE}
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-040C-0000-0000000FF1CE}
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0C0A-0000-0000000FF1CE}
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0020-0409-0000-0000000FF1CE}
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-002C-0409-0000-0000000FF1CE}
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0409-0000-0000000FF1CE}
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00A1-0409-0000-0000000FF1CE}
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0115-0409-0000-0000000FF1CE}
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0112C750-A06F-4F92-9C40-E5C1EA9A70EB}
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{329050A9-EF80-40F9-B633-74508F54C1FF}
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{7F207DCA-3399-40CB-A968-6E5991B1421A}
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{B0EC5722-241F-4CDA-83B4-AA5846B6F9F4}
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C3F9A0DC-A5D1-4BB6-870E-2953E5A2487B}
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E8766951-2B6C-4022-86E8-80D2D1762B76}
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{F5B70033-E79C-4569-90BF-BC9B4E4F3F46}
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{FCD742B9-7A55-44BC-A776-F795F21FEDDC}
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{95120000-00AF-0409-0000-0000000FF1CE}
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9A25302D-30C0-39D9-BD6F-21E6EC160475}
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A644254B-92F6-4970-8635-AB0775371E72}
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AA8B2587-7198-44E6-858D-20EA0E833C9D}
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC6569FA-6919-442A-8552-073BE69E247A}
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1033-7B44-A81300000003}
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1033-7B44-A81300000003}_814
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C523D256-313D-4866-B36A-F3DE528246EF}
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB350003
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB953595
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB958484
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB960043
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E1E56B8A-1AAF-422A-91DB-625059FB9863}
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F751C062-87DA-4D33-8A12-6E7F1D4C051C}
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FB98D390-54A4-4CD1-93D3-FBC96A6F07A3}

          HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Move Media Player
           
           
          Adobe Products
           

          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX
              DisplayName    REG_SZ    Adobe Flash Player 10 ActiveX
              DisplayVersion    REG_SZ    10.0.45.2
              Publisher    REG_SZ    Adobe Systems Incorporated
              URLInfoAbout    REG_SZ    http://www.adobe.com/go/getflashplayer
              VersionMajor    REG_SZ    10
              VersionMinor    REG_SZ    0
              HelpLink    REG_SZ    http://www.adobe.com/go/flashplayer_support/
              URLUpdateInfo    REG_SZ    http://www.adobe.com/go/flashplayer/
              DisplayIcon    REG_SZ    C:\Windows\SysWOW64\Macromed\Flash\uninstall_activeX.exe
              UninstallString    REG_SZ    C:\Windows\SysWOW64\Macromed\Flash\uninstall_activeX.exe
              RequiresIESysFile    REG_SZ    4.70.0.1155
              NoModify    REG_DWORD    0x1
              NoRepair    REG_DWORD    0x1


          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin
              DisplayName    REG_SZ    Adobe Flash Player 10 Plugin
              Publisher    REG_SZ    Adobe Systems Incorporated
              DisplayVersion    REG_SZ    10.1.53.64
              HelpLink    REG_SZ    http://www.adobe.com/go/flashplayer_support/
              NoModify    REG_DWORD    0x1
              NoRepair    REG_DWORD    0x1
              RequiresIESysFile    REG_SZ    4.70.0.1155
              URLInfoAbout    REG_SZ    http://www.adobe.com
              URLUpdateInfo    REG_SZ    http://www.adobe.com/go/getflashplayer/
              VersionMajor    REG_DWORD    0xa
              VersionMinor    REG_DWORD    0x1
              UninstallString    REG_SZ    C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_Plugin.exe -maintain plugin
              DisplayIcon    REG_SZ    C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_Plugin.exe
              EstimatedSize    REG_DWORD    0x1800

           
           
          Autorun
           

          HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
              TOSCDSPD    REG_SZ    C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
              swg    REG_SZ    "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
              Sidebar    REG_SZ    C:\Program Files\windows sidebar\sidebar.exe /autoRun
              ehTray.exe    REG_SZ    C:\Windows\ehome\ehTray.exe
              WMPNSCFG    REG_SZ    C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe


          HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
              ITSecMng    REG_EXPAND_SZ    %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
              NDSTray.exe    REG_SZ    NDSTray.exe
              cfFncEnabler.exe    REG_SZ    cfFncEnabler.exe
              KeNotify    REG_SZ    "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe"
              ToshibaServiceStation    REG_SZ    "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
              PCMAgent    REG_SZ    "C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe"
              Camera Assistant Software    REG_SZ    "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
              Adobe Reader Speed Launcher    REG_SZ    "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
              CLMLServer    REG_SZ    "C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe"
              QuickTime Task    REG_SZ    "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
              iTunesHelper    REG_SZ    "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

          ShaBow

            Topic Starter


            Greenhorn

          • Tia
            Re: Norton 360 Spyware.Perfect removal alert.
            « Reply #7 on: June 29, 2010, 08:28:43 AM »
            AppleSyncNotifier    REG_SZ    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
                SunJavaUpdateSched    REG_SZ    "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

            HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents
             
             QuickTime Task    REG_SZ    "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
                iTunesHelper    REG_SZ    "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
                AppleSyncN
            Restrictions - Internet Explorer
             
             
             
            Restrictions - REGEDIT
             

            HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
                DisableRegistryTools    REG_DWORD    0x0

             
             
            Restrictions - Explorer
             

             
             
            DNS Settings
             

            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{c328fed4-6a85-11db-9fbd-806e6f6e6963}
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D4A16FAA-7A09-45E9-A04B-815D684C8859}
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DD57A70D-EC2F-49E7-BD4E-5AE639FF4EBD}

            Windows IP Configuration

               Host Name . . . . . . . . . . . . : Sharon-PC
               Primary Dns Suffix  . . . . . . . :
               Node Type . . . . . . . . . . . . : Broadcast
               IP Routing Enabled. . . . . . . . : No
               WINS Proxy Enabled. . . . . . . . : No
               DNS Suffix Search List. . . . . . : gateway.2wire.net

            Wireless LAN adapter Wireless Network Connection:

               Connection-specific DNS Suffix  . : gateway.2wire.net
               Description . . . . . . . . . . . : Intel(R) Wireless WiFi Link 5100
               Physical Address. . . . . . . . . : 00-22-FA-4E-ED-0A
               DHCP Enabled. . . . . . . . . . . : Yes
               Autoconfiguration Enabled . . . . : Yes
               Link-local IPv6 Address . . . . . : fe80::5c44:74d1:9b77:8ecd%11(Preferred)
               IPv4 Address. . . . . . . . . . . : 192.168.1.66(Preferred)
               Subnet Mask . . . . . . . . . . . : 255.255.255.0
               Lease Obtained. . . . . . . . . . : Saturday, June 26, 2010 11:53:15 AM
               Lease Expires . . . . . . . . . . : Tuesday, June 29, 2010 7:26:42 AM
               Default Gateway . . . . . . . . . : 192.168.1.254
               DHCP Server . . . . . . . . . . . : 192.168.1.254
               DHCPv6 IAID . . . . . . . . . . . : 301998842
               DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-11-80-71-FC-00-23-5A-0A-28-DC
               DNS Servers . . . . . . . . . . . : 192.168.1.254
               NetBIOS over Tcpip. . . . . . . . : Enabled

            Ethernet adapter Local Area Connection:

               Media State . . . . . . . . . . . : Media disconnected
               Connection-specific DNS Suffix  . : globalsuite.net
               Description . . . . . . . . . . . : Realtek RTL8102E Family PCI-E Fast Ethernet NIC (NDIS 6.0)
               Physical Address. . . . . . . . . : 00-23-5A-0A-28-DC
               DHCP Enabled. . . . . . . . . . . : Yes
               Autoconfiguration Enabled . . . . : Yes

            Tunnel adapter Local Area Connection* 6:

               Media State . . . . . . . . . . . : Media disconnected
               Connection-specific DNS Suffix  . :
               Description . . . . . . . . . . . : 6TO4 Adapter
               Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
               DHCP Enabled. . . . . . . . . . . : No
               Autoconfiguration Enabled . . . . : Yes

            Tunnel adapter Local Area Connection* 7:

               Media State . . . . . . . . . . . : Media disconnected
               Connection-specific DNS Suffix  . :
               Description . . . . . . . . . . . : isatap.globalsuite.net
               Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
               DHCP Enabled. . . . . . . . . . . : No
               Autoconfiguration Enabled . . . . : Yes

            Tunnel adapter Local Area Connection* 11:

               Media State . . . . . . . . . . . : Media disconnected
               Connection-specific DNS Suffix  . :
               Description . . . . . . . . . . . : isatap.gateway.2wire.net
               Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
               DHCP Enabled. . . . . . . . . . . : No
               Autoconfiguration Enabled . . . . : Yes
             
             
            AppInit DLLs
             

            HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
                AppInit_DLLs    REG_SZ   

             
             
            Shell Service Object Delay Load
             

            HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
                WebCheck    REG_SZ    {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

             
             
             
            Shell Execute Hooks
             

             
             
            Image File Execution Options
             

            HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions
            HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IEInstal.exe
             
             
            Security Providers
             
             
             
            Local Security Authority
             

            HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
                auditbaseobjects    REG_DWORD    0x0
                auditbasedirectories    REG_DWORD    0x0
                crashonauditfail    REG_DWORD    0x0
                fullprivilegeauditing    REG_BINARY    00
                Bounds    REG_BINARY    0030000000200000
                LimitBlankPasswordUse    REG_DWORD    0x1
                LmCompatibilityLevel    REG_DWORD    0x3
                NoLmHash    REG_DWORD    0x1
                Notification Packages    REG_MULTI_SZ    scecli
                Security Packages    REG_MULTI_SZ    kerberos\0msv1_0\0schannel\0wdigest\0tspkg
                Authentication Packages    REG_MULTI_SZ    msv1_0
                LsaPid    REG_DWORD    0x324
                SecureBoot    REG_DWORD    0x1
                ProductType    REG_DWORD    0x3
                disabledomaincreds    REG_DWORD    0x0
                everyoneincludesanonymous    REG_DWORD    0x0
                forceguest    REG_DWORD    0x0
                restrictanonymous    REG_DWORD    0x0
                restrictanonymoussam    REG_DWORD    0x1

            HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\AccessProviders
            HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Audit
            HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Credssp
            HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Data
            HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\FipsAlgorithmPolicy
            HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\GBG
            HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\JD
            HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Kerberos
            HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\MSV1_0
            HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Skew1
            HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SSO
            HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SspiCache
             
             
            AppCert DLLs
             
             
             
            App Paths
             

            HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\AcroRd32.exe
                (Default)    REG_SZ    C:\Program Files (x86)\Adobe\Reader 8.0\Reader\AcroRd32.exe
                Path    REG_SZ    C:\Program Files (x86)\Adobe\Reader 8.0\Reader\

            HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\BIP_Camera.exe
                (Default)    REG_SZ    C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\BIP_Camera.exe
                Path    REG_SZ    C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\

            HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\BIP_Camera1.exe
                (Default)    REG_SZ    C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\BIP_Camera1.exe
                Path    REG_SZ    C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\

            HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\ccleaner.exe
                (Default)    REG_SZ    C:\Program Files (x86)\CCleaner\ccleaner.exe
                Path    REG_SZ    C:\Program Files (x86)\CCleaner

            HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\cfFncEnabler.exe
                Path    REG_SZ    C:\Program Files (x86)\TOSHIBA\ConfigFree\cfFncEnabler.exe
                (Default)    REG_SZ    C:\Program Files (x86)\TOSHIBA\ConfigFree\cfFncEnabler.exe

            HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\CFSvcs.exe
                Path    REG_SZ    C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
                (Default)    REG_SZ    C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe

            HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\cmmgr32.exe
                CmstpExtensionDll    REG_SZ    C:\Windows\SysWOW64\cmcfg32.dll
                CmNative    REG_DWORD    0x2

            HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\DVDMF.exe
                (Default)    REG_SZ    C:\Program Files (x86)\Ulead Systems\DVD MovieFactory for TOSHIBA\Ulead DVD MovieFactory 5\DVDMF.exe
                Path    REG_SZ    C:\Program Files (x86)\Ulead Systems\DVD MovieFactory for TOSHIBA\Ulead DVD MovieFactory 5

            HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\DVDTweakFit.exe
                Path    REG_SZ    c:\program files (x86)\ulead systems\dvd moviefactory for toshiba\Ulead DVD Tweak and Fit 2.1
                (Default)    REG_SZ    c:\program files (x86)\ulead systems\dvd moviefactory for toshiba\Ulead DVD Tweak and Fit 2.1\DVDTweakFit.exe

            HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\DVDVR.exe
                Path    REG_SZ    c:\program files (x86)\ulead systems\dvd moviefactory for toshiba\Ulead DVD DiscRecorder 2.2
                (Default)    REG_SZ    c:\program files (x86)\ulead systems\dvd moviefactory for toshiba\Ulead DVD DiscRecorder 2.2\DVDVR.exe

            HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\ECCenter.exe
                Path    REG_SZ    C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\
                (Default)    REG_SZ    C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\ECCenter.exe

            HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\ECCenter1.exe
                (Default)    REG_SZ    C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\ECCenter1.exe
                Path    REG_SZ    C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\

            HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\excel.exe
                (Default)    REG_SZ    C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE
                Path    REG_SZ    C:\Program Files (x86)\Microsoft Office\Office12\
                SaveURL    REG_SZ    1
                useURL    REG_SZ    1

            HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\firefox.exe
                (Default)    REG_SZ    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
                Path    REG_SZ    C:\Program Files (x86)\Mozilla Firefox

            HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\IEXPLORE.EXE
                (Default)    REG_SZ    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                Path    REG_SZ    C:\Program Files (x86)\Internet Explorer;

            HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\install.exe
                BlockOnTSNonInstallMode    REG_DWORD    0x1

            HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\iTunes.exe
                (Default)    REG_SZ    C:\Program Files (x86)\iTunes\iTunes.exe

            HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\javaws.exe
                (Default)    REG_SZ    C:\Program Files (x86)\Java\jre6\bin\javaws.exe
                Path    REG_SZ    C:\Program Files (x86)\Java\jre6\bin

            HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\mbam.exe
                (Default)    REG_SZ    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
                Path    REG_SZ    C:\Program Files (x86)\Malwarebytes' Anti-Malware

            HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MCUI32.exe
                Path    REG_SZ    C:\Program Files (x86)\Norton 360 Premier Edition\Engine\3.8.0.41
                (Default)    REG_SZ    C:\Program Files (x86)\Norton 360 Premier Edition\Engine\3.8.0.41\MCUI32.exe

            HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\mplayer2.exe
                (Default)    REG_EXPAND_SZ    %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
                Path    REG_EXPAND_SZ    %ProgramFiles(x86)%\Windows Media Player

            HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\msimn.exe
                (Default)    REG_EXPAND_SZ    %ProgramFiles%\Windows Mail\WinMail.exe

            HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MsoHtmEd.exe
                useURL    REG_SZ    1

            HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\msoxmled.exe
                (Default)    REG_SZ    C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSOXMLED.EXE
                useURL    REG_SZ    1

            HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\msworks.exe
                (Default)    REG_SZ    c:\Program Files (x86)\Microsoft Works\msworks.exe
                Path    REG_SZ    c:\Program Files (x86)\Microsoft Works\

            HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\NAVW32.EXE
                (Default)    REG_SZ    C:\Program Files (x86)\Norton 360 Premier Edition\Engine\3.8.0.41\Navw32.exe

            HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\NAVWNT.EXE
                (Default)    REG_SZ    C:\Program Files (x86)\Norton 360 Premier Edition\Engine\3.8.0.41\Navwnt.exe

            HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\NDSTray.exe
                (Default)    REG_SZ    C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
                Path    REG_SZ    C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe

            HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\None
                Path    REG_SZ    C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA
                (Default)    REG_SZ    C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PowerCinema.exe

            HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\ois.exe
                (Default)    REG_SZ    C:\PROGRA~2\MICROS~2\Office12\OIS.EXE
                Path    REG_SZ    C:\Program Files (x86)\Microsoft Office\Office12\
                SaveURL    REG_SZ    0
                useURL    REG_SZ    1

            HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\OneNote.exe
                (Default)    REG_SZ    C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE
                Path    REG_SZ    C:\Program Files (x86)\Microsoft Office\Office12\
                SaveURL    REG_SZ    1
                useURL    REG_SZ    1

            HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\pbrush.exe
                (Default)    REG_EXPAND_SZ    %SystemRoot%\System32\mspaint.exe
                Path    REG_EXPAND_SZ    %SystemRoot%\System32

            HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\PCDiag.exe
                Path    REG_SZ    C:\Program Files (x86)\Toshiba\PCDiag\
                (Default)    REG_SZ    C:\Program Files (x86)\Toshiba\PCDiag\PCDiag.exe

            HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\PictureViewer.exe
                Path    REG_SZ    C:\Program Files (x86)\QuickTime\
                (Default)    REG_SZ    C:\Program Files (x86)\QuickTime\PictureViewer.exe

            HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\PowerCinema
                Path    REG_SZ    C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA
                (Default)    REG_SZ    C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PowerCinema.exe

            HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\PowerCinema.exe
                Path    REG_SZ    C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA
                (Default)    REG_SZ    C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PowerCinema.exe

            HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\powerpnt.exe
                (Default)    REG_SZ    C:\PROGRA~2\MICROS~2\Office12\POWERPNT.EXE
                Path    REG_SZ    C:\Program Files (x86)\Microsoft Office\Office12\
                useURL    REG_SZ    1
                SaveURL    REG_SZ    1

            HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\QuickTimePlayer.exe
                (Default)    REG_SZ    C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe
                Path    REG_SZ    C:\Program Files (x86)\QuickTime\

            HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\revouninstaller.exe
                (Default)    REG_SZ    C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\revouninstaller.exe

            HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Rhapsody.exe
                Path    REG_SZ    C:\PROGRA~2\Rhapsody\
                (Default)    REG_SZ    C:\PROGRA~2\Rhapsody\rhapsody.exe
                Version    REG_SZ    4.0.5.231

            HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Safari.exe
                (Default)    REG_SZ    C:\Program Files (x86)\Safari\Safari.exe

            HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\setup.exe
                BlockOnTSNonInstallMode    REG_DWORD    0x1

            HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\sidebar.exe
                (Default)    REG_EXPAND_SZ    "%ProgramFiles%\Windows Sidebar\sidebar.exe"

            HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\table30.exe
                UseShortName    REG_SZ   

            HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\TabTip.exe
                (Default)    REG_EXPAND_SZ    %CommonProgramFiles%\microsoft shared\ink\TabTip.exe

            HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\TosBtMng.exe
                Path    REG_SZ    C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\
                (Default)    REG_SZ    C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

            HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\TosBtMng1.exe
                Path    REG_SZ    C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\
                (Default)    REG_SZ    C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe

            HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\tosBtProc.exe
                Path    REG_SZ    C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\
                (Default)    REG_SZ    C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe

            HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\TosBtProc1.exe
                Path    REG_SZ    C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\
                (Default)    REG_SZ    C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtProc1.exe

            HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\TosDVD.exe
                (Default)    REG_SZ    C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TosDVD.exe
                Path    REG_SZ    C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER

            HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\TosHDDVD.exe
                (Default)    REG_SZ    C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TosHDDVD.exe
                Path    REG_SZ    C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER

            HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\TosSrWsN.exe
                (Default)    REG_SZ    C:\Program Files\TOSHIBA\Speech System NLS\TosSrWsN.exe
                path    REG_SZ    C:\Program Files\TOSHIBA\Speech System NLS;C:\Program Files\TOSHIBA\Speech System NLS\System

            HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\TosvceN.exe
                (Default)    REG_SZ    C:\Program Files\TOSHIBA\Speech System NLS\TosvceN.exe
                path    REG_SZ    C:\Program Files\TOSHIBA\Speech System NLS;C:\Program Files\TOSHIBA\Speech System NLS\System

            HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\ToswbrN.exe
                (Default)    REG_SZ    C:\Program Files\TOSHIBA\Speech System NLS\ToswbrN.exe
                path    REG_SZ    C:\Program Files\TOSHIBA\Speech System NLS;C:\Program Files\TOSHIBA\Speech System NLS\System

            HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wab.exe
                (Default)    REG_EXPAND_SZ    %ProgramFiles(x86)%\Windows Mail\wab.exe
                Path    REG_EXPAND_SZ    %ProgramFiles(x86)%\Windows Mail

            HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wabmig.exe
                (Default)    REG_EXPAND_SZ    %ProgramFiles(x86)%\Windows Mail\wabmig.exe

            HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WinCal.exe
                (Default)    REG_EXPAND_SZ    "%ProgramFiles%\Windows Calendar\wincal.exe"

            HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WinMail.exe
                (Default)    REG_EXPAND_SZ    %ProgramFiles%\Windows Mail\WinMail.exe

            HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Winword.exe
                (Default)    REG_SZ    C:\PROGRA~2\MICROS~2\Office12\WINWORD.EXE
                Path    REG_SZ    C:\Program Files (x86)\Microsoft Office\Office12\
                useURL    REG_SZ    1
                SaveURL    REG_SZ    1

            HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WirelessFTP.exe
                Path    REG_SZ    C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\
                (Default)    REG_SZ    C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\WirelessFTP.exe

            HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WirelessFTP1.exe
                (Default)    REG_SZ    C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\WirelessFTP1.exe
                Path    REG_SZ    C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\

            HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WKSAB.EXE
                (Default)    REG_SZ    c:\Program Files (x86)\Microsoft Works\WKSAB.exe
                Path    REG_SZ    c:\Program Files (x86)\Microsoft Works\

            HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wkscal.exe
                (Default)    REG_SZ    c:\PROGRA~2\MICROS~1\WksCal.exe
                Path    REG_SZ    c:\Program Files (x86)\Microsoft Works\

            HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wksdb.exe
                (Default)    REG_SZ    c:\Program Files (x86)\Microsoft Works\wksdb.exe
                Path    REG_SZ    c:\Program Files (x86)\Microsoft Works\

            HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WKSSB.EXE
                (Default)    REG_SZ    c:\Program Files (x86)\Microsoft Works\WKSSB.exe
                Path    REG_SZ    c:\Program Files (x86)\Microsoft Works\

            HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wksss.exe
                (Default)    REG_SZ    c:\Program Files (x86)\Microsoft Works\wksss.exe
                Path    REG_SZ    c:\Program Files (x86)\Microsoft Works\

            HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wkswp.exe
                (Default)    REG_SZ    c:\Program Files (x86)\Microsoft Works\wkswp.exe
                Path    REG_SZ    c:\Program Files (x86)\Microsoft Works\

            HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wmenc.exe
                Path    REG_SZ    C:\Program Files (x86)\Windows Media Components\Encoder\
                (Default)    REG_SZ    C:\Program Files (x86)\Windows Media Components\Encoder\WMEnc.exe

            HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wmplayer.exe
                (Default)    REG_EXPAND_SZ    %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
                Path    REG_EXPAND_SZ    %ProgramFiles(x86)%\Windows Media Player

            HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WORDPAD.EXE
                (Default)    REG_EXPAND_SZ    "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE"

            HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WRITE.EXE
                (Default)    REG_EXPAND_SZ    "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE"

            HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\XPSViewer.exe
                (Default)    REG_SZ    "C:\Windows\SysWOW64\XPSViewer\XPSViewer.exe"

             
             
            Mozilla
             

            HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox

            HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions
                {20a82645-c095-46ed-80e3-08825760534b}    REG_SZ    c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
                {7BA52691-1876-45ce-9EE6-54BCB3B04BBC}    REG_SZ    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\

            HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox
                (Default)    REG_SZ    1.9.2.6
                CurrentVersion    REG_SZ    3.6.6 (en-US)

            HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox\3.6.6 (en-US)
                (Default)    REG_SZ    3.6.6 (en-US)

            HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox\3.6.6 (en-US)\Main
                Install Directory    REG_SZ    C:\Program Files (x86)\Mozilla Firefox
                PathToExe    REG_SZ    C:\Program Files (x86)\Mozilla Firefox\firefox.exe

            HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox\3.6.6 (en-US)\Uninstall
                Description    REG_SZ    Mozilla Firefox (3.6.6)

            HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.6.6
                GeckoVer    REG_SZ    1.9.2.6

            HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.6.6\bin
                PathToExe    REG_SZ    C:\Program Files (x86)\Mozilla Firefox\firefox.exe

            HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.6.6\extensions
                Components    REG_SZ    C:\Program Files (x86)\Mozilla Firefox\components
                Plugins    REG_SZ    C:\Program Files (x86)\Mozilla Firefox\plugins

             
             
            Shared Task Scheduler
             

            HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
                {8C7461EF-2B13-11d2-BE35-3078302C2030}    REG_SZ    Component Categories cache daemon

             
             
            SafeBoot
             
             
             
            SafeBootMinimal
             

            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}
             
             
            SafeBootNetwork
             

            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\!SASCORE
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppInfo
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BFE
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bowser
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dfsc
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dot3Svc
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Eaphost
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\IKEEXT
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KeyIso
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSDrv
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSSvc
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb10
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb20
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NativeWifiP
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\netprofm
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NlaSvc
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nsi
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nsiproxy.sys
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NTDS
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PolicyAgent
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ProfSvc
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdbss
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpencdd.sys
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sacsvr
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCardSvr
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sdauxservice
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sdcoreservice
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SWPRV
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SymEFA.sys
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TabletInputService
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TBS
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TrustedInstaller
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDS
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vga.sys
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vgasave.sys
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgr.sys
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgrx.sys
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinDefend
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wlansvc
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfPf
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfRd
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfSvc
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfUsbccidDriver
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}
             
             
            File Rename Operations - Session
             

             
             
            Known DLLs - Session
             

            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDlls
                clbcatq    REG_SZ    clbcatq.dll
                ole32    REG_SZ    ole32.dll
                advapi32    REG_SZ    advapi32.dll
                COMDLG32    REG_SZ    COMDLG32.dll
                DllDirectory    REG_EXPAND_SZ    %SystemRoot%\system32
                DllDirectory32    REG_EXPAND_SZ    %SystemRoot%\syswow64
                gdi32    REG_SZ    gdi32.dll
                IERTUTIL    REG_SZ    IERTUTIL.dll
                IMAGEHLP    REG_SZ    IMAGEHLP.dll
                IMM32    REG_SZ    IMM32.dll
                kernel32    REG_SZ    kernel32.dll
                LPK    REG_SZ    LPK.dll
                MSCTF    REG_SZ    MSCTF.dll
                MSVCRT    REG_SZ    MSVCRT.dll
                NORMALIZ    REG_SZ    NORMALIZ.dll
                NSI    REG_SZ    NSI.dll
                OLEAUT32    REG_SZ    OLEAUT32.dll
                rpcrt4    REG_SZ    rpcrt4.dll
                Setupapi    REG_SZ    Setupapi.dll
                SHELL32    REG_SZ    SHELL32.dll
                SHLWAPI    REG_SZ    SHLWAPI.dll
                URLMON    REG_SZ    URLMON.dll
                user32    REG_SZ    user32.dll
                USP10    REG_SZ    USP10.dll
                WININET    REG_SZ    WININET.dll
                WLDAP32    REG_SZ    WLDAP32.dll
                WS2_32    REG_SZ    WS2_32.dll

             
             
            Downloaded program files (ActiveX)
             

            HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}
            HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{A084A130-28AE-4B32-B51A-1C8CE164BC88}
            HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
            HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
            HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
             
            PATH: C:\windows\Downloaded Program Files
            AppHardT.INF
            desktop.ini
             
             
            Mountpoints
             

            HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C
            HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC
            HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D
            HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E
            HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F
            HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2d492a47-bf72-11de-99d7-806e6f6e6963}
            HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{658d4afa-82f8-11de-8fc9-00235a0a28dc}
            HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{658d4aff-82f8-11de-8fc9-00235a0a28dc}
            HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8acfaf3a-5e92-11de-a372-00235a0a28dc}
            HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8acfaf3d-5e92-11de-a372-00235a0a28dc}
            HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b1d147cc-9d3a-11de-933b-806e6f6e6963}
            HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b743dadc-2f06-11de-990b-806e6f6e6963}
            HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b743dae0-2f06-11de-990b-806e6f6e6963}
            HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dae2c4b8-1220-11df-8675-00235a0a28dc}
             
             
            Winlogon
             

            HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
                Shell    REG_SZ    explorer.exe
                Userinit    REG_SZ    C:\Windows\system32\userinit.exe,
                VmApplet    REG_SZ    rundll32 shell32,Control_RunDLL "sysdm.cpl"
                ReportBootOk    REG_SZ    1
                AutoRestartShell    REG_DWORD    0x1
                LegalNoticeCaption    REG_SZ   
                LegalNoticeText    REG_SZ   
                PowerdownAfterShutdown    REG_SZ    0
                ShutdownWithoutLogon    REG_SZ    0
                cachedlogonscount    REG_SZ    10
                forceunlocklogon    REG_DWORD    0x0
                passwordexpirywarning    REG_DWORD    0xe
                Background    REG_SZ    0 0 0
                DebugServerCommand    REG_SZ    no
                WinStationsDisabled    REG_SZ    0

            HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions
             
             
            {END OF FILE}

            Sorry Jay, got all the files this time. 

            Dr Jay

            • Malware Removal Specialist


            • Specialist
            • Moderator emeritus
            • Thanked: 119
            • Experience: Guru
            • OS: Windows 10
            Re: Norton 360 Spyware.Perfect removal alert.
            « Reply #8 on: June 29, 2010, 12:54:22 PM »
            Please download Malwarebytes Anti-Malware from Malwarebytes.org.
            Alternate link: BleepingComputer.com.
            (Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

            Double Click mbam-setup.exe to install the application.

            (Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)
            • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
            • If an update is found, it will download and install the latest version.
            • Once the program has loaded, select "Perform Quick Scan", then click Scan.
            • The scan may take some time to finish,so please be patient.
            • When the scan is complete, click OK, then Show Results to view the results.
            • Make sure that everything is checked, and click Remove Selected.
            • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If you are prompted to restart, please allow it to restart your computer. Failure to do this, will cause the infection to still be active on the computer.
            • Please save the log to a location you will remember.
            • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
            • The log can also be found at C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
            • Copy and paste the entire report in your next reply.
            ~Dr Jay

            ShaBow

              Topic Starter


              Greenhorn

            • Tia
              Re: Norton 360 Spyware.Perfect removal alert.
              « Reply #9 on: June 29, 2010, 02:12:33 PM »
              Sorry Jay, here is an updated version of Malwarebytes scan.

              Malwarebytes' Anti-Malware 1.46
              www.malwarebytes.org

              Database version: 4258

              Windows 6.0.6002 Service Pack 2
              Internet Explorer 8.0.6001.18928

              6/29/2010 4:01:03 PM
              mbam-log-2010-06-29 (16-01-03).txt

              Scan type: Quick scan
              Objects scanned: 128293
              Time elapsed: 6 minute(s), 7 second(s)

              Memory Processes Infected: 0
              Memory Modules Infected: 0
              Registry Keys Infected: 0
              Registry Values Infected: 0
              Registry Data Items Infected: 0
              Folders Infected: 0
              Files Infected: 0

              Memory Processes Infected:
              (No malicious items detected)

              Memory Modules Infected:
              (No malicious items detected)

              Registry Keys Infected:
              (No malicious items detected)

              Registry Values Infected:
              (No malicious items detected)

              Registry Data Items Infected:
              (No malicious items detected)

              Folders Infected:
              (No malicious items detected)

              Files Infected:
              (No malicious items detected)

              Dr Jay

              • Malware Removal Specialist


              • Specialist
              • Moderator emeritus
              • Thanked: 119
              • Experience: Guru
              • OS: Windows 10
              Re: Norton 360 Spyware.Perfect removal alert.
              « Reply #10 on: June 29, 2010, 08:45:11 PM »
              Please run a free online scan with the ESET Online Scanner
              • Tick the box next to YES, I accept the Terms of Use
              • Click Start
              • When asked, allow the ActiveX control to install
              • Click Start
              • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
              • Click Scan (This scan can take several hours, so please be patient)
              • Once the scan is completed, you may close the window
              • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
              • Copy and paste that log as a reply to this topic
              ~Dr Jay

              ShaBow

                Topic Starter


                Greenhorn

              • Tia
                Re: Norton 360 Spyware.Perfect removal alert.
                « Reply #11 on: June 30, 2010, 10:36:08 AM »
                ESETSmartInstaller@High as downloader log:
                all ok
                # version=7
                # OnlineScannerApp.exe=1.0.0.1
                # OnlineScanner.ocx=1.0.0.6211
                # api_version=3.0.2
                # EOSSerial=a7267281a3ea76449179e051644ec30d
                # end=finished
                # remove_checked=true
                # archives_checked=false
                # unwanted_checked=true
                # unsafe_checked=false
                # antistealth_checked=true
                # utc_time=2010-06-30 02:41:32
                # local_time=2010-06-30 10:41:32 (-0500, Eastern Daylight Time)
                # country="United States"
                # lang=1033
                # osver=6.0.6002 NT Service Pack 2
                # compatibility_mode=512 16777215 100 0 0 0 0 0
                # compatibility_mode=2560 16777215 100 0 0 0 0 0
                # compatibility_mode=3589 16777213 100 96 231926 26050956 0 0
                # compatibility_mode=5892 16776574 100 56 30214537 114501075 0 0
                # compatibility_mode=8192 67108863 100 0 0 0 0 0
                # scanned=193772
                # found=1
                # cleaned=1
                # scan_time=6524
                C:\Users\Sharon\Downloads\SetupGamevance.exe   a variant of Win32/Adware.Gamevance.AB application (cleaned by deleting - quarantined)   00000000000000000000000000000000   C

                Dr Jay

                • Malware Removal Specialist


                • Specialist
                • Moderator emeritus
                • Thanked: 119
                • Experience: Guru
                • OS: Windows 10
                Re: Norton 360 Spyware.Perfect removal alert.
                « Reply #12 on: June 30, 2010, 12:10:09 PM »
                Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:
                • Select Start > All Programs > Accessories > System tools > System Restore.
                • On the dialogue box that appears select Create a Restore Point
                • Click NEXT
                • Enter a name e.g. Clean
                • Click CREATE
                You now have a clean restore point, to get rid of the bad ones:
                • Select Start > All Programs > Accessories > System tools > Disk Cleanup.
                • In the Drop down box that appears select your main drive e.g. C
                • Click OK
                • The System will do some calculation and the display a dialogue box with TABS
                • Select the More Options Tab.
                • At the bottom will be a system restore box with a CLEANUP button click this
                • Accept the Warning and select OK again, the program will close and you are done
                To remove all of the tools we used and the files and folders they created, please do the following:
                Please download OTC.exe by OldTimer:
                • Save it to your Desktop.
                • Double click OTC.exe.
                • Click the CleanUp! button.
                • If you are prompted to Reboot during the cleanup, select Yes.
                • The tool will delete itself once it finishes.
                Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

                ==

                Please download TFC by OldTimer to your desktop
                • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
                • It will close all programs when run, so make sure you have saved all your work before you begin.
                • Click the Start
                  button to begin the process. Depending on how often you clean temp
                  files, execution time should be anywhere from a few seconds to a minute
                  or two. Let it run uninterrupted to completion.
                • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.
                ==

                Download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
                • Save it to your Desktop.
                • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
                • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
                ~Dr Jay

                ShaBow

                  Topic Starter


                  Greenhorn

                • Tia
                  Re: Norton 360 Spyware.Perfect removal alert.
                  « Reply #13 on: June 30, 2010, 02:16:12 PM »
                  Thanks for all your help Jay. One question if I could? My initial concern was a keylogger virus, did you see anything that indicated that's what I had?

                   Results of screen317's Security Check version 0.99.4 
                   Windows Vista  (UAC is enabled)
                   Out of date service pack!!
                   Internet Explorer 8 
                  ``````````````````````````````
                  Antivirus/Firewall Check:

                   Windows Firewall Disabled! 
                   Norton 360     
                   McAfee Security Scan Plus   
                   WMI entry may not exist for antivirus; attempting automatic update.
                  ```````````````````````````````
                  Anti-malware/Other Utilities Check:

                   Malwarebytes' Anti-Malware   
                   CCleaner     
                   Java(TM) 6 Update 20 
                   Java(TM) 6 Update 6 
                   Out of date Java installed!
                   Adobe Flash Player 10.1.53.64 
                  Adobe Reader 8.1.5
                  Out of date Adobe Reader installed!
                  ````````````````````````````````
                  Process Check: 
                  objlist.exe by Laurent

                   Norton ccSvcHst.exe
                  ````````````````````````````````
                  DNS Vulnerability Check:

                   GREAT! (Not vulnerable to DNS cache poisoning)

                  ``````````End of Log````````````

                  Dr Jay

                  • Malware Removal Specialist


                  • Specialist
                  • Moderator emeritus
                  • Thanked: 119
                  • Experience: Guru
                  • OS: Windows 10
                  Re: Norton 360 Spyware.Perfect removal alert.
                  « Reply #14 on: June 30, 2010, 02:25:50 PM »
                  No keylogger found.

                  Please consider updating to Windows Vista Service Packs 1 & 2.
                  Windows Vista Service Packs 1 & 2 contain all the updates released since the first release plus support for new types of hardware and emerging hardware standards.
                  It is now available via Windows Update or as a standalone installation here.

                  ======================================

                  Please download the newest version of Adobe Acrobat Reader from Adobe.com

                  Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
                  Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
                  Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

                  Once old versions are gone, please install the newest version.

                  ==

                  Please download the newest version of Java from Java.com.

                  Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
                  Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
                  Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them.

                  Once old versions are gone, please install the newest version.

                  ==============================

                  Please read the following information that I have provided, which will help you prevent malicious software in the future. Please keep in mind, malware is a continuous danger on the Internet. It is highly important to stay safe while browsing, to prevent re-infection.

                  Software recommendations

                  AntiSpyware
                  • SpywareBlaster
                    SpywareBlaster is a program that prevents spyware from installing on your computer. A tutorial on using SpywareBlaster may be found here.
                  • Spybot - Search & Destroy.
                    Spybot - Search & Destroy is a spyware and adware removal program. It also has realtime protection, TeaTimer to help safeguard your computer against spyware. (The link for Spybot - Search & Destroy contains a tutorial that will help you download, install, and begin using Spybot).
                  NOTE: Please keep ALL of these programs up-to-date and run them whenever you suspect a problem to prevent malware problems.

                  Resident Protection help
                  A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall, and scanning anti-spyware program at a time. Passive protectors such as SpywareBlaster can be run with any of them.

                  Securing your computer
                  • Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft.  To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
                  • hpHosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is your local computer's loopback address, meaning it will be difficult to infect your computer in the future.
                  Please consider using an alternate browser
                  Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScript, can make it even more secure. Opera is another good option.

                  If you are interested:
                  See this page for more info about malware and prevention.

                  That is all.

                  Any more questions?
                  ~Dr Jay