Solve : Vista security 2012 virus?

1.	Solve : Vista security 2012 virus?
Answer» Ok. Let's try this one. Please download the Sophos Anti-Rootkit Scanner and save it to your desktop. You will need to enter your name, e-mail address and location in order to access the download page. Once you have downloaded the file, double click the sarsfx icon Review the licence agreement and click on the Accept button The scanner will prompt you to extract the files to C:\SOPHTEMP - DO NOT change this location, simply click the Install button Once the files have been extracted; using Windows Explorer, navigate to C:\SOPHTEMP and double click on the blue shield icon called sargui Ensure that there are checkmarks next to Running processes, Windows registry and Local hard drives, then click Start scan Allow the program to scan your computer - please be patient as it may take some time Once the scan has completed a window will pop-up with the results of the scan - click OK to this In the main window, you will see each of the entries found by the scan (if any) If the scanner generated any warning messages, please click on each warning and copy and paste the text of it into this thread for me to review Once you have posted any warning messages here, you can close the scanner and wait for me to get back to you If you have not had any warnings, any entries which can be cleaned up by the scanner will have a box with a green checkmark in it next to the entry To clean up these entries click on the Clean up checked items button If you accidentally check a file NOT recommended for clean up, you will get a warning message and if necessary can re-select the entries you want to clean up Once you have cleaned the selected files, you will be prompted to re-boot your computer - please do so When you have re-booted,and tell me how your computer is running now I don't think I got any warning messages there are 4 files but each one says it is removable but clean up is not recommended. They are all from a copy of a game that was given to me so if that is the problem I have no problems uninstalling it from my computer. While this scan was running AVG popped up twice and said it found a few things and asked if I wanted to quarentine them or leave them be. I didn't think to write down the names of the files at the time but I just let them be since that scan was running. I'd like to scan your machine with ESET OnlineScan •Hold down Control and click on the following link to open ESET OnlineScan in a new window. ESET OnlineScan •Click the button. •For alternate browsers only: (Microsoft Internet Explorer users can skip these steps) Click on to download the ESET Smart Installer. Save it to your desktop. Double click on the icon on your desktop. •Check •Click the button. •Accept any security warnings from your browser. •Check •Push the Start button. •ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. •When the scan completes, push •Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply. •Push the button. •Push A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt tried running this and it gets stuck in the Initialization process. I just stops and says "can not get update. Is proxy configured?"Ok. Please try this one. Run the BitDefender Online scanner Agree to the license and then select Scan. DO NOT CHANGE THE OPTIONS TO SHOW ALL FILES SCANNED. That will make your logs huge and we don't need to see clean files. Once Bitdefender completes the scan: Click-on the Detected Problems tab. Then select Click here to export the scan report. When the window comes up to save the report, change the Save as type: box to: *Text (Tab Delimited) (.txt) and then in the File name box enter change to bdscan then click Save. This will save a file named bdscan.txt. I would suggest saving it to the Desktop so you can easily find it. (take notice of where you save it so you can find it later). This bdcan.txt file will actually contain HTML code that we can easily view later while reviewing your log. All we have to do is rename the file to bdscan.html. If you do not follow these step, you will have an incorrect log or worse a log summary which is useless to us. Post the bdscan.txt file as an Attachment. Okay I clicked that link and I ran the quick scan however the instructions you gave me don't quite match what I saw. I never saw an option to to show all files scanned. After it ran it said it found 1 infected file. However I see no Detected Problems tab and I clicked on the link that said "Found 1 infected file" and it gave me the following log. So I don't know if this helps but that's all I got. QuickScan Beta 32-bit v0.9.9.99 ------------------------------- Scan date: Thu Aug 25 18:45:14 2011 Machine ID: C8CD3BCA Found 1 infected file! ---------------------- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe --> Gen:Variant.Kates.2 --> HKLM\Software\Microsoft\Windows\CurrentVersion\Run\"SunJavaUpdateSched" Processes --------- AVG Internet Security 4360 C:\Program Files (x86)\AVG\AVG10\avgtray.exe AVG Internet Security 1396 C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe AVG Internet Security 3516 C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe AVGIDSMonitor.exe 4844 C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe Bluetooth Stack for Windows by Toshiba 4880 C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe ConfigFree 1256 C:\Program Files (x86)\Toshiba\ConfigFree\CFProcSRVC.exe ConfigFree(TM) 1852 C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe ConfigFree(TM) 3016 C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe ConfigFree(TM) Tray 5076 C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe CyberLink MediaLibray Service 4276 C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe CyberLink PowerCinema 4252 C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe Dropbox 4556 C:\Users\Amber\AppData\Roaming\Dropbox\bin\Dropbox.exe En-us 4504 C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe Flash® Player Installer/Uninstaller 4780 C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10t_ActiveX.exe KeNotify Application 4136 C:\Program Files (x86)\Toshiba\Utilities\KeNotify.exe Microsoft Search Enhancement Pack 2312 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe Microsoft® Windows® Operating SYSTEM 3956 C:\Windows\SysWOW64\PING.EXE NVIDIA Update Components 5540 C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe OpenOffice.org 3.3 5060 C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin OpenOffice.org 3.3 4612 C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe pinger.exe 2220 C:\Toshiba\IVP\ISM\pinger.exe RAID Event Monitor 4240 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe RAID Monitor 2932 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe Spybot - Search & Destroy 3024 C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe Stereo Vision Control Panel API Server 744 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe swupdtmr.exe 2416 C:\Toshiba\IVP\swupdate\swupdtmr.exe TeaTimer.exe 4532 C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe TOSHIBA DVD Player 2452 C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe Ulead Systems ULCDRSvr 2608 C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe Windows® Internet Explorer 4012 C:\Program Files (x86)\Internet Explorer\iexplore.exe Windows® Internet Explorer 3776 C:\Program Files (x86)\Internet Explorer\iexplore.exe Windows® Internet Explorer 5068 C:\Program Files (x86)\Internet Explorer\iexplore.exe Windows® Internet Explorer 1712 C:\Program Files (x86)\Internet Explorer\iexplore.exe Windows® Internet Explorer 5668 C:\Program Files (x86)\Internet Explorer\iexplore.exe Network activity ---------------- Process iexplore.exe (1712) connected on port 80 (HTTP) --> 65.55.17.26 Process iexplore.exe (1712) connected on port 80 (HTTP) --> 65.55.17.26 Process iexplore.exe (1712) connected on port 80 (HTTP) --> 64.215.172.244 Process iexplore.exe (1712) connected on port 80 (HTTP) --> 64.215.172.244 Process iexplore.exe (1712) connected on port 80 (HTTP) --> 96.17.70.66 Process iexplore.exe (1712) connected on port 80 (HTTP) --> 65.55.239.163 Process iexplore.exe (1712) connected on port 80 (HTTP) --> 65.55.239.163 Process iexplore.exe (1712) connected on port 80 (HTTP) --> 65.55.5.232 Process iexplore.exe (1712) connected on port 80 (HTTP) --> 65.55.5.232 Process iexplore.exe (1712) connected on port 80 (HTTP) --> 65.55.5.233 Process iexplore.exe (1712) connected on port 80 (HTTP) --> 65.55.5.233 Process iexplore.exe (1712) connected on port 80 (HTTP) --> 74.125.224.91 Process iexplore.exe (1712) connected on port 80 (HTTP) --> 74.125.224.91 Process iexplore.exe (1712) connected on port 80 (HTTP) --> 64.215.172.244 Process iexplore.exe (1712) connected on port 80 (HTTP) --> 65.55.87.11 Process iexplore.exe (1712) connected on port 80 (HTTP) --> 69.72.169.241 Process iexplore.exe (3776) connected on port 80 (HTTP) --> 65.55.17.26 Process iexplore.exe (3776) connected on port 80 (HTTP) --> 65.55.17.26 Process iexplore.exe (3776) connected on port 80 (HTTP) --> 64.215.172.244 Process iexplore.exe (3776) connected on port 80 (HTTP) --> 64.215.172.244 Process iexplore.exe (3776) connected on port 80 (HTTP) --> 65.55.87.131 Process iexplore.exe (3776) connected on port 80 (HTTP) --> 65.55.239.163 Process iexplore.exe (3776) connected on port 80 (HTTP) --> 96.17.70.11 Process iexplore.exe (3776) connected on port 80 (HTTP) --> 65.55.239.163 Process iexplore.exe (3776) connected on port 80 (HTTP) --> 65.55.239.163 Process iexplore.exe (3776) connected on port 80 (HTTP) --> 65.55.239.163 Process iexplore.exe (3776) connected on port 80 (HTTP) --> 64.215.172.237 Process iexplore.exe (3776) connected on port 80 (HTTP) --> 65.55.5.232 Process iexplore.exe (3776) connected on port 80 (HTTP) --> 65.55.5.232 Process iexplore.exe (3776) connected on port 80 (HTTP) --> 65.55.5.232 Process iexplore.exe (3776) connected on port 80 (HTTP) --> 65.55.5.233 Process iexplore.exe (3776) connected on port 80 (HTTP) --> 65.55.5.233 Process iexplore.exe (3776) connected on port 80 (HTTP) --> 65.55.5.233 Process iexplore.exe (3776) connected on port 80 (HTTP) --> 65.55.87.59 Process iexplore.exe (3776) connected on port 80 (HTTP) --> 65.55.87.140 Process iexplore.exe (3776) connected on port 80 (HTTP) --> 74.125.224.91 Process iexplore.exe (3776) connected on port 80 (HTTP) --> 74.125.224.91 Process iexplore.exe (3776) connected on port 80 (HTTP) --> 74.125.224.155 Process iexplore.exe (3776) connected on port 80 (HTTP) --> 74.125.224.155 Process iexplore.exe (3776) connected on port 80 (HTTP) --> 65.55.87.130 Process iexplore.exe (3776) connected on port 80 (HTTP) --> 65.55.87.140 Process Dropbox.exe (4556) connected on port 80 (HTTP) --> 199.47.216.144 Process iexplore.exe (5068) connected on port 80 (HTTP) --> 74.125.127.95 Process iexplore.exe (5068) connected on port 80 (HTTP) --> 74.125.127.95 Process iexplore.exe (5068) connected on port 80 (HTTP) --> 96.17.70.35 Process iexplore.exe (5068) connected on port 80 (HTTP) --> 96.17.70.35 Process iexplore.exe (5068) connected on port 80 (HTTP) --> 96.17.70.35 Process iexplore.exe (5068) connected on port 80 (HTTP) --> 96.17.70.35 Process iexplore.exe (5068) connected on port 80 (HTTP) --> 96.17.70.35 Process iexplore.exe (5068) connected on port 80 (HTTP) --> 96.17.70.35 Process iexplore.exe (5068) connected on port 80 (HTTP) --> 74.86.64.162 Process iexplore.exe (5068) connected on port 80 (HTTP) --> 96.6.95.139 Process iexplore.exe (5068) connected on port 80 (HTTP) --> 184.28.64.124 Process iexplore.exe (5068) connected on port 80 (HTTP) --> 184.28.64.124 Process iexplore.exe (5068) connected on port 80 (HTTP) --> 74.125.224.139 Process iexplore.exe (5068) connected on port 80 (HTTP) --> 74.125.224.139 Process iexplore.exe (5068) connected on port 443 (HTTP over SSL) --> 74.125.53.96 Process iexplore.exe (5068) connected on port 443 (HTTP over SSL) --> 74.125.224.159 Process iexplore.exe (5068) connected on port 443 (HTTP over SSL) --> 74.125.224.159 Process iexplore.exe (5068) connected on port 443 (HTTP over SSL) --> 74.125.224.141 Process iexplore.exe (5068) connected on port 443 (HTTP over SSL) --> 74.125.224.141 Process iexplore.exe (5068) connected on port 80 (HTTP) --> 96.17.70.136 Process iexplore.exe (5068) connected on port 80 (HTTP) --> 74.125.53.96 Process iexplore.exe (5068) connected on port 80 (HTTP) --> 74.125.224.153 Process iexplore.exe (5068) connected on port 80 (HTTP) --> 74.125.224.153 Process iexplore.exe (5068) connected on port 80 (HTTP) --> 69.171.228.39 Process iexplore.exe (5068) connected on port 80 (HTTP) --> 69.171.228.39 Process iexplore.exe (5068) connected on port 80 (HTTP) --> 96.17.70.19 Process iexplore.exe (5068) connected on port 80 (HTTP) --> 96.17.70.19 Process iexplore.exe (5068) connected on port 80 (HTTP) --> 96.17.70.19 Process iexplore.exe (5068) connected on port 80 (HTTP) --> 66.132.220.193 Process iexplore.exe (5068) connected on port 80 (HTTP) --> 199.68.156.31 Process iexplore.exe (5068) connected on port 80 (HTTP) --> 199.68.156.83 Process iexplore.exe (5068) connected on port 80 (HTTP) --> 216.137.35.114 Process iexplore.exe (5068) connected on port 80 (HTTP) --> 216.137.35.114 Process iexplore.exe (5068) connected on port 80 (HTTP) --> 216.137.35.114 Process iexplore.exe (5068) connected on port 80 (HTTP) --> 216.137.35.114 Process iexplore.exe (5068) connected on port 80 (HTTP) --> 216.137.35.114 Process iexplore.exe (5068) connected on port 80 (HTTP) --> 216.137.35.127 Process iexplore.exe (5068) connected on port 80 (HTTP) --> 216.137.35.127 Process iexplore.exe (5068) connected on port 80 (HTTP) --> 74.125.224.36 Process iexplore.exe (5068) connected on port 80 (HTTP) --> 74.125.224.36 Process Dropbox.exe (4556) listens on ports: 17500 Autoruns and critical files --------------------------- HWSetup C:\Program Files\TOSHIBA\Utilities\HWSetup.exe AVG Internet Security C:\Program Files (x86)\AVG\AVG10\avgtray.exe Bluetooth Stack for Windows by Toshiba C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe Chicony traybar C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe CyberLink MediaLibray Service C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe CyberLink PowerCinema C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe Dropbox C:\Users\Amber\AppData\Roaming\Dropbox\bin\Dropbox.exe En-us C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe jusched.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe KeNotify Application C:\Program Files (x86)\Toshiba\Utilities\KeNotify.exe Microsoft® Windows® Operating System c:\windows\system32\browseui.dll Microsoft® Windows® Operating System C:\Windows\system32\Mystify.scr quickstart.exe C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe SVPWUTIL Application C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe TeaTimer.exe C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe Windows Live Messenger C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe Windows® Internet Explorer c:\windows\syswow64\webcheck.dll (verified) Microsoft® Windows® Operating System c:\windows\system32\userinit.exe Browser plugins --------------- AcroIEHelper Library C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll AVG Internet Security c:\program files (x86)\avg\avg10\avgssie.dll Bing Bar c:\program files (x86)\msn toolbar\platform\6.3.2322.0\npwinext.dll BitDefender QuickScan C:\Windows\Downloaded Program Files\qsax.dll Conduit Toolbar c:\program files (x86)\conduitengine\conduitengine.dll Conduit Toolbar c:\program files (x86)\utorrentbar\tbutor.dll Java(TM) Platform SE 6 U26 C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll Java(TM) Platform SE 6 U26 C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll Microsoft Search Enhancement Pack c:\program files (x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll Microsoft® CoReXT C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll NVIDIA 3D Vision C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll NVIDIA 3D VISION C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll SDHelper.dll C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll Silverlight Plug-In c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll System REQUIREMENTS Lab C:\Windows\Downloaded Program Files\sysreqlab_nvd.dll Windows Live Messenger Companion c:\program files (x86)\windows live\companion\companioncore.dll Windows Live Photo Gallery C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll Windows Presentation Foundation c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll Windows® Internet Explorer c:\windows\syswow64\ieframe.dll (verified) Microsoft® Windows® Operating System C:\Windows\System32\mswsock.dll (verified) Microsoft® Windows® Operating System C:\Windows\system32\napinsp.dll (verified) Microsoft® Windows® Operating System C:\Windows\system32\NLAapi.dll (verified) Microsoft® Windows® Operating System C:\Windows\system32\pnrpnsp.dll (verified) Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll Missing files ------------- File not found: NDSTray.exe --> HKLM\Software\Microsoft\Windows\CurrentVersion\Run\"NDSTray.exe" Scan ---- MD5: de81240bd5476bb8aa2261349ab32ff8 C:\Program Files (x86)\AVG\AVG10\avgamnot.dll MD5: ac7e2d24a082bea90b3a884647fedff5 C:\Program Files (x86)\AVG\AVG10\avgcfgx.dll MD5: b01e5e3cfb0ce27cbef9011eb09a0a71 C:\Program Files (x86)\AVG\AVG10\avgcslx.dll MD5: 8f2e5f841df279c41fa011e8f2e945bc C:\Program Files (x86)\AVG\AVG10\avgidpsdkx.dll MD5: 199f9addb1c1e633169b9f6cb40d7724 C:\Program Files (x86)\AVG\AVG10\avglngx.dll MD5: 3fa61ef87e49fface4ed58c4f1a98eb1 C:\Program Files (x86)\AVG\AVG10\avglogx.dll MD5: e8efbf473a01ddcb363576fb4ccc40f8 C:\Program Files (x86)\AVG\AVG10\avgsched.dll MD5: 90f4c3d61c6722bb0962962dbc29ad7a C:\Program Files (x86)\AVG\AVG10\avgsrmx.dll MD5: 4109b81aedeed60102542554f4e69f10 c:\program files (x86)\avg\avg10\avgssie.dll MD5: 140f771cada8724200434c39918f2ea0 C:\Program Files (x86)\AVG\AVG10\avgtray.exe MD5: 61b12427ccbf5512e3439664c00d5fcd C:\Program Files (x86)\AVG\AVG10\avguires.dll MD5: f5d2494cee652b5d0d75ba5a77309b66 C:\Program Files (x86)\AVG\AVG10\avgwd.dll MD5: fc2bc51120a945f7c70376495e4e7737 C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe MD5: 80aec7987f4f315dc8b65fa1a42ff554 C:\Program Files (x86)\AVG\AVG10\avgwdwsc.dll MD5: 37dff4cee590b6d081efe18fb2c377db C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe MD5: 350a0c2cc411a6b0982604c8893c3e93 C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe MD5: c11f6a1f61481e24be3fdc06ea6f7d2a C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll MD5: 25b1e852ff65f5400e2d0c965d01c3bf C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe MD5: 6bf01e200063d7274f3af06d226671f5 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll MD5: da579734b4375740efee86ffdfed57a7 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\wlidcli.dll MD5: 332d341d92b933600d41953b08360dfb C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe MD5: d9a0ce26ada5bd15b1b03a752ddf14a6 c:\program files (x86)\conduitengine\conduitengine.dll MD5: 8755df630f5477ee1a3ccb00d0a3d0cd C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMediaLibrary.dll MD5: 166d74046ce5d2b0696a335b8a8633e1 C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe MD5: d6b5c9dc1df4a8140bd2fc4bb26a5031 C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvcPS.dll MD5: b1cda377b2c8dcd8fa3db8501647031d C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\Common\CLRCEngine3.dll MD5: 9b271ead0ae5907eabc3a7be072c323e C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe MD5: 0ecc0901aebcb6b5c5c551c67e4e026a C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAMon_ENU.dll MD5: cb686f44bf955ea02520710a56874fa4 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe MD5: 974ee55b9a17d606a783add021aa65ad C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\ISDI.dll MD5: ac31c3fc0b28f54f4873c5136be525f8 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\PlugInRAID_ENU.dll MD5: a1659e4d08fe8d0f0bc61960d8c0369e C:\Program Files (x86)\Internet Explorer\ieproxy.dll MD5: 7d8e146a863d62c8f88128a30872a18f C:\Program Files (x86)\Internet Explorer\IEShims.dll MD5: 904e13ba41af2e353a32cf351ca53639 C:\Program Files (x86)\Internet Explorer\iexplore.exe MD5: e7d55e121ff1951cb86c7e0dc6a33877 C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll MD5: 1040bd9bf3ddab7cda2346f8375480a2 C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll MD5: 74ca33b3daac6c4f1de9df67ff61b9ec c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\agcore.dll MD5: c3e42cbf8215171a524d123a54ae3233 c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll MD5: 16a252022535b680046f6e34e136d378 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe MD5: a4ad1aa4c57409480c1d84bbca6becf0 c:\program files (x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll MD5: da7763dbf7d7679b52a3f1484fbd3fb7 c:\program files (x86)\msn toolbar\platform\6.3.2322.0\npwinext.dll MD5: cff7b34d91fcc4b05e61a8ebf5987b12 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll MD5: 7fea176d89ef2063128e6d906c9e1f11 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll MD5: 6086b60f2e36d06a063cb07ed0524332 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe MD5: e7818cd4fb51284c948d68a7a85a69b8 C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe MD5: ccf523b951afaa0147f22e2a7aae4976 C:\Program Files (x86)\NXP\FM Radio\OpenLibSysX64.sys MD5: 9a62bcaa15bf7f2b289cc5a50fbdde49 C:\Program Files (x86)\OpenOffice.org 3\program\basegfxmi.dll MD5: 4b2f87de85b721ab4051443cf79a926f C:\Program Files (x86)\OpenOffice.org 3\program\comphelp4MSC.dll MD5: 42ed1f2f4cb5f25ea9aa608429f2e45a C:\Program Files (x86)\OpenOffice.org 3\program\configmgr.uno.dll MD5: 29467c0949f41a414918e1ebb371bec4 C:\Program Files (x86)\OpenOffice.org 3\program\deploymentmiscmi.dll MD5: 97a4c67dc092e7edeaf296bc80cdcffb C:\Program Files (x86)\OpenOffice.org 3\program\emsermi.dll MD5: c0bdeafdb1ceba29dc444ffb08fc4f4a C:\Program Files (x86)\OpenOffice.org 3\program\fwemi.dll MD5: 7a3371350068d50cd55a55ac7c109b41 C:\Program Files (x86)\OpenOffice.org 3\program\fwimi.dll MD5: 368ae415c04fc2ea99aa3e43b79319ee C:\Program Files (x86)\OpenOffice.org 3\program\fwkmi.dll MD5: d62b776209a6fe8a712f2b914bd696e3 C:\Program Files (x86)\OpenOffice.org 3\program\i18nisolang1MSC.dll MD5: 7147a3ad6f43c75e0737eb8396ce84ed C:\Program Files (x86)\OpenOffice.org 3\program\i18npapermi.dll MD5: 18d9bc9be65494bcc4b5c274dee681d5 C:\Program Files (x86)\OpenOffice.org 3\program\i18npool.uno.dll MD5: 33a73277383831bfee37c36cc7d7918a C:\Program Files (x86)\OpenOffice.org 3\program\i18nutilMSC.dll MD5: 9fd93f8c9e800a01dec03c0f985719bf C:\Program Files (x86)\OpenOffice.org 3\program\icudt40.dll MD5: 495e820cac608b05a76e14efaab92692 C:\Program Files (x86)\OpenOffice.org 3\program\icuin40.dll MD5: 5bdeb78f1c8f89e5820ea9df80a30beb C:\Program Files (x86)\OpenOffice.org 3\program\icuuc40.dll MD5: f85d55d1a0f08c098034899ff812c07a C:\Program Files (x86)\OpenOffice.org 3\program\libdb47.dll MD5: 59b11c7e3525c7222271e000ab33f694 C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll MD5: 5b7fcc26067bad888870234c7abc74ad C:\Program Files (x86)\OpenOffice.org 3\program\localebe1.uno.dll MD5: eed8e244d73e86a05562b597d3559208 C:\Program Files (x86)\OpenOffice.org 3\program\oleautobridge.uno.dll MD5: 6d6df7fdf72e2f47140ddd5e56dbdaf4 C:\Program Files (x86)\OpenOffice.org 3\program\oooimprovementmi.dll MD5: f7dce54077ee9d8a351c4b1ffa866ee7 C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe MD5: 7c27f5ad651035a99aa84ccf0f6e9b43 C:\Program Files (x86)\OpenOffice.org 3\program\saxmi.dll MD5: 007402c0a0f353ab297897cf42b8f151 C:\Program Files (x86)\OpenOffice.org 3\program\sbmi.dll MD5: ac0f6a47f9ad9788f9fc9ff86fe470d3 C:\Program Files (x86)\OpenOffice.org 3\program\sfxmi.dll MD5: 2337ec951c4af6e1af65d10bd9615beb C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin MD5: 11e8d8272fdbe213ade3dad91427ce35 C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe MD5: eec33ec9c51e95f2a0b3667513597566 C:\Program Files (x86)\OpenOffice.org 3\program\sofficeapp.dll MD5: 52d2d656a6c354c63c1d43cb97a84fcd C:\Program Files (x86)\OpenOffice.org 3\program\sotmi.dll MD5: 45e1212280f611c21b4de033d1d7c420 C:\Program Files (x86)\OpenOffice.org 3\program\svlmi.dll MD5: 4447f1e6f1552f8162063f60b69ee67a C:\Program Files (x86)\OpenOffice.org 3\program\svtmi.dll MD5: e29cef43fdaf8598302180174dc61388 C:\Program Files (x86)\OpenOffice.org 3\program\tkmi.dll MD5: cadebeb36d91229ea468e40704e0607a C:\Program Files (x86)\OpenOffice.org 3\program\tlmi.dll MD5: e1e6c70b09630486c9b31e265d6bc3e1 C:\Program Files (x86)\OpenOffice.org 3\program\ucb1.dll MD5: 53d36c9e672280e63331a7db93ff24d3 C:\Program Files (x86)\OpenOffice.org 3\program\ucbhelper4MSC.dll MD5: a0bf508f0ad56275530778d9655f4013 C:\Program Files (x86)\OpenOffice.org 3\program\ucpfile1.dll MD5: 381c38d5a96dc48df531f83a6566840c C:\Program Files (x86)\OpenOffice.org 3\program\utlmi.dll MD5: 008034f50f1cf56ea6b028f9f3f5e8b6 C:\Program Files (x86)\OpenOffice.org 3\program\vclmi.dll MD5: d9dfc0a179981dd82fa1e575ba4a071d C:\Program Files (x86)\OpenOffice.org 3\program\vos3MSC.dll MD5: ddb5aff679932c1616305a7292178947 C:\Program Files (x86)\OpenOffice.org 3\program\xcrmi.dll MD5: 2045e825effe34ce14305f92075f2ffc C:\Program Files (x86)\OpenOffice.org 3\URE\bin\bootstrap.uno.dll MD5: ead61b24a7183cad672ca911310b0a98 C:\Program Files (x86)\OpenOffice.org 3\URE\bin\cppu3.dll MD5: 25bd70c53c7da635f58e32ffcb9145b5 C:\Program Files (x86)\OpenOffice.org 3\URE\bin\cppuhelper3MSC.dll MD5: 9c5c49d3c4dbc3a76bc16ef3825467c8 C:\Program Files (x86)\OpenOffice.org 3\URE\bin\jvmfwk3.dll MD5: 32b01485db7ad870c49c56135345766e C:\Program Files (x86)\OpenOffice.org 3\URE\bin\msci_uno.dll MD5: f8f8961b601fa7bafd9578b542299284 C:\Program Files (x86)\OpenOffice.org 3\URE\bin\reg3.dll MD5: 535a2814b074947101a1d1501d557199 C:\Program Files (x86)\OpenOffice.org 3\URE\bin\sal3.dll MD5: 4b6e83cd4163bb13fd82146f3f68caeb C:\Program Files (x86)\OpenOffice.org 3\URE\bin\salhelper3MSC.dll MD5: 75f27f38a18b6c980c89d32450b4e690 C:\Program Files (x86)\OpenOffice.org 3\URE\bin\stlport_vc7145.dll MD5: 4fe48fc083fd237a632d0b9fb7ae7b5c C:\Program Files (x86)\OpenOffice.org 3\URE\bin\stocservices.uno.dll MD5: e622be084fab62a57493810f7c8c0378 C:\Program Files (x86)\OpenOffice.org 3\URE\bin\store3.dll MD5: 1358c3c04f2480b57e536b3aca6d93e2 C:\Program Files (x86)\OpenOffice.org 3\URE\bin\uwinapi.dll MD5: 390679f7a217a5e73d756276c40ae887 C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe MD5: 3eafdd637416393722aa98e940dfd0a0 C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe MD5: ce0999910d37f61f2314c998f4f9d1d4 C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe MD5: 4e5a8546709591d31ba086ca2a69cecd C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe MD5: 7df1e7b35c39d656850cfe237503f3f7 C:\Program Files (x86)\Toshiba\ConfigFree\CFP2API.dll MD5: 5ac8a997e8d9c131b5f90b4f3ccfae34 C:\Program Files (x86)\Toshiba\ConfigFree\CFProcSRVC.exe MD5: d10d01b2dfcd8d2f32a32ed29e8da1c2 C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe MD5: 9a815510679c7ecd04ed194a9c9c25e5 C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe MD5: 53835c26153df03322b6378addf070b4 C:\Program Files (x86)\Toshiba\ConfigFree\CFUPNP.dll MD5: e0d99e3acef09bd225912f977290a0d1 C:\Program Files (x86)\TOSHIBA\ConfigFree\CFWLAPI.dll MD5: 7e3479c704f208c85954d9e7442533c4 C:\Program Files (x86)\TOSHIBA\ConfigFree\CFWRP_CS.dll MD5: 386206f09d969f809b76b8e10355f703 C:\Program Files (x86)\TOSHIBA\ConfigFree\CFWRPAR_CS.dll MD5: f3e8e67dc455012aaad4364cbc3bca0b C:\Program Files (x86)\TOSHIBA\ConfigFree\IpAdrSet.dll MD5: e114083008a623323c8d9df5550f82d2 C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSAPI.dll MD5: ab62a8f77c0e2ec8bfdac6bb379b3ecb C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSNLS.dll MD5: 0172f917a624d08620a8ae94f5950a30 C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSParts.dll MD5: 6e3fefb74326a230237613f2b035c71f C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe MD5: 7a3e47a6f167e6b9835a6dc2ca20c9d8 C:\Program Files (x86)\Toshiba\ConfigFree\OpenProp.dll MD5: fd9515297d79e1ac8965e384467b6f6b C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe MD5: afd400aebcab252c99e60991ff00d9d2 C:\Program Files (x86)\Toshiba\Utilities\KeNotify.exe MD5: a7e2ff99e82eca03a16f5d31c820f697 C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe MD5: d9a0ce26ada5bd15b1b03a752ddf14a6 c:\program files (x86)\utorrentbar\tbutor.dll MD5: 47bdbce3e2d819b17ab9fa4539b9df71 c:\program files (x86)\windows live\companion\companioncore.dll MD5: 4ce9dac1518ff7e77bd213e6394b9d77 C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe MD5: 6f0dab13529bcb7c0f8a3082a8b1cde9 C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe MD5: ac421a44de902f2627f1e63793ed89cd C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll MD5: b1db5edb658f3ff4f13ac069ce622893 C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe MD5: 7a917120a62bcf2883fdd5c352447556 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe MD5: 7e47c328fc4768cb8beafbcfafa70362 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE MD5: 7cd2f2c63693ef90b73f5362a52cae26 C:\Program Files\Intel\WiFi\bin\EvtEng.exe MD5: 7d9d615201a483d6fa99491c2e655a5a C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE MD5: 3289766038db2cb14d07dc84392138d5 C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS MD5: 58a38e75f3316a83c23df6173d41f2b5 C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS MD5: e17a81e6ad0e89630a3b0f2ed5cbbdf5 C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe MD5: 071f0d1f23b82b56939fb036b8f4456f C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe MD5: 19d979b9f6373a7cb17ebb7594feb819 C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe MD5: 137149b37e9c9dbde30e4c40867252e4 C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe MD5: 9a0e769cb3ac06b5ef443cfb6228b137 C:\Program Files\TOSHIBA\Utilities\HWSetup.exe MD5: 06c8fa1cf39de6a735b54d906ba791c6 C:\Program Files\Windows Live\Mesh\wlcrasvc.exe MD5: 6dbf2ac2bdaff355995ab25eccc4cfe1 C:\Toshiba\IVP\ISM\pinger.exe MD5: e1292c1ed4deb17b8a9b586d22cb2061 C:\Toshiba\IVP\swupdate\swupdtmr.exe MD5: fe36976864a30ea91e14d024f8bf7dd8 C:\Users\Amber\AppData\Roaming\Dropbox\bin\Dropbox.exe MD5: 0b02d9aa67eea2c5524943b69418512e C:\Users\Amber\AppData\Roaming\Dropbox\bin\PYTHON25.DLL MD5: 823451876778f382b23afe20ef2ddc20 C:\Windows\Downloaded Program Files\qsax.dll MD5: 14ce384d2e27b64c256bda4dc39c312d C:\Windows\ehome\ehRecvr.exe MD5: b93159c1313d66fdfbbe876f5189cd52 C:\Windows\ehome\ehsched.exe MD5: f5ee2527d74449868e3c3227a59bcd28 C:\Windows\ehome\ehstart.dll MD5: ce07a466201096f021cd09d631b21540 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe MD5: 749f5f8cedca70f2a512945325fc489d C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe MD5: 74751dda198165947fd7454d83f49825 C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe MD5: bc5b0be5af3510b0fd8c140ee42c6d3e C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe MD5: ab87eeffd18f2baafc274e7075ea6c67 c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll MD5: 66328b08ef5a9305d8ede36b93930369 C:\Windows\servicing\TrustedInstaller.exe MD5: e9b9c1b98c8d6d48407e1c1203eac659 C:\Windows\system32\adsldpc.dll MD5: da7478ba9e41b60b3d5da456e253002a C:\Windows\system32\audioeng.dll MD5: 4acf748a8e576761e4c610acab67b1bc C:\Windows\system32\bcrypt.dll MD5: 74f26fc01b180d4a99a168ed69c30a53 C:\Windows\system32\cmd.exe MD5: 93e317d7ad783d8eaee2e3500bfe889d C:\Windows\system32\credui.dll MD5: 3dfeec45e5f22993216083fb777719d5 C:\Windows\system32\d2d1.dll MD5: 8b02d2ecc7ef6e1f6af08459e3f741f6 C:\Windows\system32\d3d10.dll MD5: 29e4ea31c6debe5efb384eefa4f1ef63 C:\Windows\system32\d3d10_1.dll MD5: 556f1cbe9ba19e2ccd6f8d9af71af5c7 C:\Windows\system32\d3d10_1core.dll MD5: 9c7094f537782a82b6a29b4a7172e180 C:\Windows\system32\d3d10core.dll MD5: 85e861d0b88db2b54acb0839654c09f7 C:\Windows\system32\DNSAPI.dll MD5: 9c551a9121639a9779862cb8a6cabf03 C:\Windows\system32\DRIVERS\LPCFilter.sys MD5: 6843926aff733d46a04f9d4e1c1a6b14 C:\Windows\system32\DWrite.dll MD5: aaae543c535ed596ecad2ab8761c2c6f C:\Windows\system32\dxgi.dll MD5: 05b6a5ce1c7767c32df35966107cb1ec C:\Windows\system32\hhctrl.ocx MD5: d5c9f778d0ed2954eb83e1cf87dc0b65 C:\Windows\system32\IEFRAME.dll MD5: 417011fac541c62837d29d1c9f834156 C:\Windows\system32\IEUI.dll MD5: 68563ac389f92ee79f1c714288ba1dce C:\Windows\system32\ImgUtil.dll MD5: b8fbe5f40b09f5d20e1e5ccfef893d62 C:\Windows\system32\IMM32.DLL MD5: 7d62fa39463aa90ee0b32401038b26a5 C:\Windows\system32\jsproxy.dll MD5: ef24642d5fb52a1eef56de9e47cbb993 C:\Windows\system32\MFC42.DLL MD5: f35a584e947a5b401feb0fe01db4a0d7 C:\Windows\system32\MFC71.DLL MD5: 56e315acfb08a177b4d01e42b9044db5 C:\Windows\system32\MPRAPI.dll MD5: 7940c04ce581288a3498d57ec4ee47d2 C:\Windows\system32\msfeeds.dll MD5: e6d5c7e4aac0c682169aa5021386eff3 C:\Windows\system32\MSHTML.dll MD5: 35aae2e841aa1a949775168e119482c9 C:\Windows\system32\msls31.dll MD5: 39ba737ebf8e7da1cd019fe95333fd70 C:\Windows\system32\Mystify.scr MD5: aabe6452dfff3baa664a33795b2166fc C:\Windows\system32\nvwgf2um.dll MD5: 862363973dcbcc31dd161ef41a69153c C:\Windows\system32\ODBC32.dll MD5: 2dd6af8e97f59c9d39329bbc2a81f13f C:\Windows\system32\RASDLG.dll MD5: ab530fdd34c67b497a20171d1234cfe9 C:\Windows\system32\RICHED32.DLL MD5: 0a990afb9f2726323d61c8ecb8b70b17 C:\Windows\system32\security.dll MD5: 167ac31450c0c53a01fa1491e94d7678 C:\Windows\System32\shdocvw.dll MD5: c7230fbee14437716701c15be02c27b8 C:\Windows\System32\shsvcs.dll MD5: 2cdef39641bc63a337b6ea13e61b32c6 C:\Windows\system32\TosBdAPI.dll MD5: c385d4d4ec16e637aa4d2d18a06e80c9 C:\Windows\system32\TosBtAPI.dll MD5: 88b630f6aeb5a11f6ad064930b38c2c0 C:\Windows\system32\UxTheme.dll MD5: 83c2f5076e1b4a63c04f2b14ee7cad47 C:\Windows\system32\wbem\wbemdisp.dll MD5: 2c3b09e586bda2cc49a292be7badc589 C:\Windows\system32\wbem\wmiutils.dll MD5: 5ec8fb83f31aa2d6f421f02c3f4f4475 C:\Windows\system32\WINSPOOL.DRV MD5: 28b9dba6201aeddc65c15fa48939804a C:\Windows\system32\wmp.dll MD5: 9441a231c0aa0712f7cf3b10d9cfcf76 C:\Windows\system32\wmploc.dll MD5: 1908cc7673f72601affdca022689cedf C:\Windows\system32\xmllite.dll MD5: 85e861d0b88db2b54acb0839654c09f7 C:\Windows\Syswow64\DNSAPI.dll MD5: 4312debdacbe338f0b90e7f08e7672be C:\Windows\SysWOW64\Dxtmsft.dll MD5: ca493a92da9880b6f1a89c3dbd54ba5b C:\Windows\SysWOW64\Dxtrans.dll MD5: 9a75518600fba10980ee94267ca98489 C:\Windows\SysWOW64\gameux.dll MD5: 05c8c8767e29163fc251164ff6839ea5 C:\Windows\syswow64\GDI32.dll MD5: ee9d715af1b928982f417238b9914484 C:\Windows\SysWOW64\ieapfltr.dll MD5: d5c9f778d0ed2954eb83e1cf87dc0b65 c:\windows\syswow64\ieframe.dll MD5: ab0e44c70c5c732c1e312eaeabecc1d5 C:\Windows\syswow64\iertutil.dll MD5: b8fbe5f40b09f5d20e1e5ccfef893d62 C:\Windows\syswow64\IMM32.dll MD5: 4be78e80530451f5ff970bd109c6df77 C:\Windows\SysWOW64\jscript9.dll MD5: 7f4caeac24592fa9f574e1f8cd1d0604 C:\Windows\syswow64\kernel32.dll MD5: df37346ea13082e3e1b423b54014e641 C:\Windows\syswow64\LPK.DLL MD5: efbef826c183cf8edab324ce514d69b7 C:\Windows\SysWOW64\Macromed\Flash\Flash10t.ocx MD5: 73d4dea1a876f78feb83862d514bfe63 C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10t_ActiveX.dll MD5: 0ab420b203bfc541de65cfbd88470d3a C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10t_ActiveX.exe MD5: 56007cfc52167c26e4a3f899b8d29ccd C:\Windows\SysWOW64\ntdll.dll MD5: 9586e7cb2255a8b097a7e4538202585e C:\Windows\syswow64\ole32.dll MD5: de4cd76c254e143f40e62952788d3be7 C:\Windows\syswow64\OLEAUT32.dll MD5: 0ed8727ea0172860f47258456c06caea C:\Windows\SysWow64\perfhost.exe MD5: 015e1f472a5633520903353375f7e69d C:\Windows\SysWOW64\PING.EXE MD5: 0abe67004eb4c162f4456e64f90a11fd C:\Windows\syswow64\RPCRT4.dll MD5: 2ab58991862153a248779174d4e4212b C:\Windows\SysWOW64\schannel.dll MD5: 33ae914c24f546aabf281ba7b138186d C:\Windows\syswow64\SHELL32.dll MD5: 9176285122b7b849fec2aa1b72a8f7a8 C:\Windows\syswow64\SHLWAPI.dll MD5: d217b0da82fdd942c048749993275ac6 C:\Windows\syswow64\urlmon.dll MD5: d29fdb5dedbdc1bd882164dc6dc4dd53 C:\Windows\syswow64\USER32.dll MD5: 80fff14f1757b9af8be9d314fc1ae88b C:\Windows\syswow64\USP10.dll MD5: 88b630f6aeb5a11f6ad064930b38c2c0 C:\Windows\SysWOW64\UxTheme.dll MD5: 5193de33f3284c447e0d31dafbf92570 c:\windows\syswow64\webcheck.dll MD5: 2c7332c222d1fe1fc57d622699a8c001 C:\Windows\syswow64\WININET.dll MD5: 1d109ed0d660654ea7ff1574558031c4 C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcm80.dll MD5: c9564cf4976e7e96b4052737aa2492b4 C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll MD5: 1f5afd468eb5e09e9ed75a087529eab5 C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80.DLL MD5: e2c48cd0132d4d1dc7d0df9a6bef686a C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80U.DLL MD5: 28a09777d2d952122567a8a82f1a2c7b C:\Windows\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\MFC80ENU.DLL MD5: 4c39358ebdd2ffcd9132a30e1ec31e16 C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCP90.dll MD5: cdbe9690cf2b8409facad94fac9479c9 C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll MD5: ca6ade4f7761bb15b3325356dc3b82bb C:\Windows\WinSxS\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_4bf7e3e2bf9ada4c\mfc90u.dll MD5: fbfca1a574d47ee575448b719cbbf2e4 C:\Windows\WinSxS\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_49768ef57548175e\MFC90ENU.DLL MD5: 35acd5ea63d75e97dd0e9a1629e582b2 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6002.18305_none_88f3a38569c2c436\COMCTL32.dll MD5: be3c082837866c4c291adaf163c10ea6 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll MD5: b5b09091b0e33c396ceec8995515bd41 C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll The following file(s) must be uploaded for server-side scanning: C:\Program Files (x86)\OpenOffice.org 3\program\svlmi.dll C:\Program Files (x86)\OpenOffice.org 3\program\fwemi.dll C:\Program Files (x86)\OpenOffice.org 3\program\deploymentmiscmi.dll C:\Program Files (x86)\OpenOffice.org 3\program\i18nutilMSC.dll C:\Program Files (x86)\OpenOffice.org 3\program\ucpfile1.dll C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\OpenOffice.org 3\program\libdb47.dll C:\Program Files (x86)\OpenOffice.org 3\program\oooimprovementmi.dll C:\Program Files (x86)\OpenOffice.org 3\URE\bin\cppu3.dll C:\Program Files (x86)\OpenOffice.org 3\program\basegfxmi.dll C:\Program Files (x86)\OpenOffice.org 3\program\xcrmi.dll C:\Program Files (x86)\OpenOffice.org 3\program\vos3MSC.dll C:\Program Files (x86)\OpenOffice.org 3\URE\bin\store3.dll C:\Program Files (x86)\OpenOffice.org 3\URE\bin\msci_uno.dll C:\Program Files (x86)\OpenOffice.org 3\program\oleautobridge.uno.dll C:\Program Files (x86)\OpenOffice.org 3\program\sotmi.dll C:\Program Files (x86)\OpenOffice.org 3\program\i18npapermi.dll C:\Program Files (x86)\OpenOffice.org 3\program\emsermi.dll C:\Program Files (x86)\OpenOffice.org 3\program\localebe1.uno.dll C:\Program Files (x86)\OpenOffice.org 3\URE\bin\uwinapi.dll C:\Program Files (x86)\OpenOffice.org 3\program\icuuc40.dll C:\Program Files (x86)\OpenOffice.org 3\URE\bin\stlport_vc7145.dll C:\Program Files (x86)\OpenOffice.org 3\URE\bin\stocservices.uno.dll C:\Program Files (x86)\OpenOffice.org 3\program\configmgr.uno.dll C:\Program Files (x86)\OpenOffice.org 3\program\utlmi.dll C:\Program Files (x86)\OpenOffice.org 3\URE\bin\reg3.dll C:\Program Files (x86)\OpenOffice.org 3\program\comphelp4MSC.dll C:\Program Files (x86)\OpenOffice.org 3\program\ucbhelper4MSC.dll C:\Program Files (x86)\OpenOffice.org 3\program\ucb1.dll C:\Program Files (x86)\OpenOffice.org 3\URE\bin\salhelper3MSC.dll C:\Program Files (x86)\OpenOffice.org 3\URE\bin\jvmfwk3.dll C:\Program Files (x86)\OpenOffice.org 3\URE\bin\cppuhelper3MSC.dll C:\Program Files (x86)\OpenOffice.org 3\URE\bin\bootstrap.uno.dll C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll C:\Program Files (x86)\OpenOffice.org 3\program\fwimi.dll C:\Program Files (x86)\OpenOffice.org 3\program\sofficeapp.dll C:\Program Files (x86)\OpenOffice.org 3\program\tlmi.dll C:\Program Files (x86)\OpenOffice.org 3\program\i18nisolang1MSC.dll Upload started - 35 file(s) jusched.exe (39428) salhelper3MSC.dll (13312) localebe1.uno.dll (24064) i18nisolang1MSC.dll (26112) i18npapermi.dll (29184) msci_uno.dll (51712) store3.dll (53248) i18nutilMSC.dll (66560) oooimprovementmi.dll (83968) uwinapi.dll (86016) jvmfwk3.dll (92160) stocservices.uno.dll (92672) reg3.dll (92672) vos3MSC.dll (94208) deploymentmiscmi.dll (135680) cppu3.dll (142848) emsermi.dll (148480) ucb1.dll (212992) sotmi.dll (256000) ucpfile1.dll (257024) oleautobridge.uno.dll (287232) fwimi.dll (311296) ucbhelper4MSC.dll (358912) sofficeapp.dll (379904) configmgr.uno.dll (396800) cppuhelper3MSC.dll (432128) bootstrap.uno.dll (452608) tlmi.dll (529408) xcrmi.dll (531456) stlport_vc7145.dll (597504) basegfxmi.dll (700928) svlmi.dll (777216) libdb47.dll (832000) fwemi.dll (869888) icuuc40.dll (951296) Upload speed - 113 KB/s Upload finished - 35 uploaded, 0 failed Scan finished - communication took 90 sec Total traffic - 9.95 MB sent, 0.72 KB recvd Scanned 407 files and modules - 139 seconds ============================================================================== Quote however the instructions you gave me don't quite match what I saw This is an old canned speech that I'm using and the program probably has changed. The main thing is that you got the log. Good job. Please run this scan for me. BTW, how's the computer running now? Run the F-Secure Online Scanner for Viruses, Spyware and Rootkits. Note: This Scanner is for Internet Explorer Only! •Click on Online Services and then Online Scanner •Accept the License Agreement. •Once the ActiveX installs,Click Full System Scan •Once the download completes,the scan will begin automatically. •The scan will take some time to finish,so please be patient. •When the scan completes, click the Automatic cleaning (recommended) button. •Click the Show Report** button and Copy&Paste the entire report in your next reply. My computer is running pretty good actually. I've had AVG pop up a few times wanting to quarentine a couple files but it's only been during scans that were running so I have left it alone because I didn't want to interrupt the scan. Other than that I haven't had any more issues in the last few days. Scanning Report Friday, August 26, 2011 19:54:32 - 21:17:44 Computer name: AMBER-PC Scanning type: Scan system for malware, spyware and rootkits Target: C:\ -------------------------------------------------------------------------------- 1 malware found TrackingCookie.Webtrends (spyware) System (Disinfected) -------------------------------------------------------------------------------- Statistics Scanned: Files: 120496 System: 5116 Not scanned: 47 Actions: Disinfected: 1 Renamed: 0 Deleted: 0 Not cleaned: 0 Submitted: 0 Files not scanned: C:\HIBERFIL.SYS C:\PAGEFILE.SYS C:\WINDOWS\SYSTEM32\DRIVERS\SPTD.SYS C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT C:\WINDOWS\SYSTEM32\CONFIG\SAM C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM C:\WINDOWS\SYSTEM32\CONFIG\SECURITY C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE C:\WINDOWS\SYSTEM32\CONFIG\COMPONENTS C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\COMPONENTS C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\DEFAULT C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SAM C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SECURITY C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SOFTWARE C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SYSTEM C:\WINDOWS\SYSTEM32\CATROOT2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATDB C:\WINDOWS\SYSTEM32\CATROOT2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\CATDB C:\SYSTEM VOLUME INFORMATION\{1299DB9B-CEB2-11E0-A746-001EEC3DE1B0}{3808876B-C176-4E48-B7AE-04046E6CC752} C:\SYSTEM VOLUME INFORMATION\{1CD89F6F-CF7B-11E0-B7C1-001EEC3DE1B0}{3808876B-C176-4E48-B7AE-04046E6CC752} C:\SYSTEM VOLUME INFORMATION\{20A90029-CC43-11E0-97AF-001EEC3DE1B0}{3808876B-C176-4E48-B7AE-04046E6CC752} C:\SYSTEM VOLUME INFORMATION\{20A90037-CC43-11E0-97AF-001EEC3DE1B0}{3808876B-C176-4E48-B7AE-04046E6CC752} C:\SYSTEM VOLUME INFORMATION\{267F3139-C932-11E0-9F82-001EEC3DE1B0}{3808876B-C176-4E48-B7AE-04046E6CC752} C:\SYSTEM VOLUME INFORMATION\{29387294-CC52-11E0-8230-001EEC3DE1B0}{3808876B-C176-4E48-B7AE-04046E6CC752} C:\SYSTEM VOLUME INFORMATION\{29387298-CC52-11E0-8230-001EEC3DE1B0}{3808876B-C176-4E48-B7AE-04046E6CC752} C:\SYSTEM VOLUME INFORMATION\{1B83358B-B635-11E0-A230-001EEC3DE1B0}{3808876B-C176-4E48-B7AE-04046E6CC752} C:\SYSTEM VOLUME INFORMATION\{490D2353-CDEC-11E0-9BA8-001EEC3DE1B0}{3808876B-C176-4E48-B7AE-04046E6CC752} C:\SYSTEM VOLUME INFORMATION\{490D2360-CDEC-11E0-9BA8-001EEC3DE1B0}{3808876B-C176-4E48-B7AE-04046E6CC752} C:\SYSTEM VOLUME INFORMATION\{3808876B-C176-4E48-B7AE-04046E6CC752} C:\SYSTEM VOLUME INFORMATION\{5D13C5D8-BB90-11E0-AE43-001EEC3DE1B0}{3808876B-C176-4E48-B7AE-04046E6CC752} C:\SYSTEM VOLUME INFORMATION\{63AE920C-B7F2-11E0-BD42-001EEC3DE1B0}{3808876B-C176-4E48-B7AE-04046E6CC752} C:\SYSTEM VOLUME INFORMATION\{671E6E1B-CB5B-11E0-B6CA-001EEC3DE1B0}{3808876B-C176-4E48-B7AE-04046E6CC752} C:\SYSTEM VOLUME INFORMATION\{671E6E29-CB5B-11E0-B6CA-001EEC3DE1B0}{3808876B-C176-4E48-B7AE-04046E6CC752} C:\SYSTEM VOLUME INFORMATION\{6C834577-C16E-11E0-9C37-001EEC3DE1B0}{3808876B-C176-4E48-B7AE-04046E6CC752} C:\SYSTEM VOLUME INFORMATION\{6C8345B1-C16E-11E0-9C37-001EEC3DE1B0}{3808876B-C176-4E48-B7AE-04046E6CC752} C:\SYSTEM VOLUME INFORMATION\{50D2F3C1-C877-11E0-A002-001EEC3DE1B0}{3808876B-C176-4E48-B7AE-04046E6CC752} C:\SYSTEM VOLUME INFORMATION\{6E9DB58C-B4C6-11E0-B7FB-001EEC3DE1B0}{3808876B-C176-4E48-B7AE-04046E6CC752} C:\SYSTEM VOLUME INFORMATION\{7C68BD1A-C490-11E0-BB21-001EEC3DE1B0}{3808876B-C176-4E48-B7AE-04046E6CC752} C:\SYSTEM VOLUME INFORMATION\{86F24C33-C7B0-11E0-B90F-001EEC3DE1B0}{3808876B-C176-4E48-B7AE-04046E6CC752} C:\SYSTEM VOLUME INFORMATION\{8A6FF7E5-B6E8-11E0-9F7E-001EEC3DE1B0}{3808876B-C176-4E48-B7AE-04046E6CC752} C:\SYSTEM VOLUME INFORMATION\{8E26F00C-BC8F-11E0-8D57-001EEC3DE1B0}{3808876B-C176-4E48-B7AE-04046E6CC752} C:\SYSTEM VOLUME INFORMATION\{6C8345B5-C16E-11E0-9C37-001EEC3DE1B0}{3808876B-C176-4E48-B7AE-04046E6CC752} C:\SYSTEM VOLUME INFORMATION\{A1BE2E39-CB50-11E0-93F5-001EEC3DE1B0}{3808876B-C176-4E48-B7AE-04046E6CC752} C:\SYSTEM VOLUME INFORMATION\{ADC52BA2-B569-11E0-98C1-001EEC3DE1B0}{3808876B-C176-4E48-B7AE-04046E6CC752} C:\SYSTEM VOLUME INFORMATION\{A1BE2E49-CB50-11E0-93F5-001EEC3DE1B0}{3808876B-C176-4E48-B7AE-04046E6CC752} C:\SYSTEM VOLUME INFORMATION\{DBA90858-C3C5-11E0-8FDC-001EEC3DE1B0}{3808876B-C176-4E48-B7AE-04046E6CC752} C:\PROGRAM FILES (X86)\COMMON FILES\JAVA\JAVA UPDATE\JUSCHED.EXE C:\BOOT\BCD -------------------------------------------------------------------------------- Options Scanning engines: Scanning options: Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR Use advanced heuristics -------------------------------------------------------------------------------- Copyright © 1998-2009 Product support \| Send virus sample to F-Secure Scanning Report Friday, August 26, 2011 19:54:32 - 21:17:44 Computer name: AMBER-PC Scanning type: Scan system for malware, spyware and rootkits Target: C:\ -------------------------------------------------------------------------------- 1 malware found TrackingCookie.Webtrends (spyware) System (Disinfected) -------------------------------------------------------------------------------- Statistics Scanned: Files: 120496 System: 5116 Not scanned: 47 Actions: Disinfected: 1 Renamed: 0 Deleted: 0 Not cleaned: 0 Submitted: 0 Files not scanned: C:\HIBERFIL.SYS C:\PAGEFILE.SYS C:\WINDOWS\SYSTEM32\DRIVERS\SPTD.SYS C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT C:\WINDOWS\SYSTEM32\CONFIG\SAM C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM C:\WINDOWS\SYSTEM32\CONFIG\SECURITY C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE C:\WINDOWS\SYSTEM32\CONFIG\COMPONENTS C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\COMPONENTS C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\DEFAULT C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SAM C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SECURITY C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SOFTWARE C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SYSTEM C:\WINDOWS\SYSTEM32\CATROOT2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATDB C:\WINDOWS\SYSTEM32\CATROOT2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\CATDB C:\SYSTEM VOLUME INFORMATION\{1299DB9B-CEB2-11E0-A746-001EEC3DE1B0}{3808876B-C176-4E48-B7AE-04046E6CC752} C:\SYSTEM VOLUME INFORMATION\{1CD89F6F-CF7B-11E0-B7C1-001EEC3DE1B0}{3808876B-C176-4E48-B7AE-04046E6CC752} C:\SYSTEM VOLUME INFORMATION\{20A90029-CC43-11E0-97AF-001EEC3DE1B0}{3808876B-C176-4E48-B7AE-04046E6CC752} C:\SYSTEM VOLUME INFORMATION\{20A90037-CC43-11E0-97AF-001EEC3DE1B0}{3808876B-C176-4E48-B7AE-04046E6CC752} C:\SYSTEM VOLUME INFORMATION\{267F3139-C932-11E0-9F82-001EEC3DE1B0}{3808876B-C176-4E48-B7AE-04046E6CC752} C:\SYSTEM VOLUME INFORMATION\{29387294-CC52-11E0-8230-001EEC3DE1B0}{3808876B-C176-4E48-B7AE-04046E6CC752} C:\SYSTEM VOLUME INFORMATION\{29387298-CC52-11E0-8230-001EEC3DE1B0}{3808876B-C176-4E48-B7AE-04046E6CC752} C:\SYSTEM VOLUME INFORMATION\{1B83358B-B635-11E0-A230-001EEC3DE1B0}{3808876B-C176-4E48-B7AE-04046E6CC752} C:\SYSTEM VOLUME INFORMATION\{490D2353-CDEC-11E0-9BA8-001EEC3DE1B0}{3808876B-C176-4E48-B7AE-04046E6CC752} C:\SYSTEM VOLUME INFORMATION\{490D2360-CDEC-11E0-9BA8-001EEC3DE1B0}{3808876B-C176-4E48-B7AE-04046E6CC752} C:\SYSTEM VOLUME INFORMATION\{3808876B-C176-4E48-B7AE-04046E6CC752} C:\SYSTEM VOLUME INFORMATION\{5D13C5D8-BB90-11E0-AE43-001EEC3DE1B0}{3808876B-C176-4E48-B7AE-04046E6CC752} C:\SYSTEM VOLUME INFORMATION\{63AE920C-B7F2-11E0-BD42-001EEC3DE1B0}{3808876B-C176-4E48-B7AE-04046E6CC752} C:\SYSTEM VOLUME INFORMATION\{671E6E1B-CB5B-11E0-B6CA-001EEC3DE1B0}{3808876B-C176-4E48-B7AE-04046E6CC752} C:\SYSTEM VOLUME INFORMATION\{671E6E29-CB5B-11E0-B6CA-001EEC3DE1B0}{3808876B-C176-4E48-B7AE-04046E6CC752} C:\SYSTEM VOLUME INFORMATION\{6C834577-C16E-11E0-9C37-001EEC3DE1B0}{3808876B-C176-4E48-B7AE-04046E6CC752} C:\SYSTEM VOLUME INFORMATION\{6C8345B1-C16E-11E0-9C37-001EEC3DE1B0}{3808876B-C176-4E48-B7AE-04046E6CC752} C:\SYSTEM VOLUME INFORMATION\{50D2F3C1-C877-11E0-A002-001EEC3DE1B0}{3808876B-C176-4E48-B7AE-04046E6CC752} C:\SYSTEM VOLUME INFORMATION\{6E9DB58C-B4C6-11E0-B7FB-001EEC3DE1B0}{3808876B-C176-4E48-B7AE-04046E6CC752} C:\SYSTEM VOLUME INFORMATION\{7C68BD1A-C490-11E0-BB21-001EEC3DE1B0}{3808876B-C176-4E48-B7AE-04046E6CC752} C:\SYSTEM VOLUME INFORMATION\{86F24C33-C7B0-11E0-B90F-001EEC3DE1B0}{3808876B-C176-4E48-B7AE-04046E6CC752} C:\SYSTEM VOLUME INFORMATION\{8A6FF7E5-B6E8-11E0-9F7E-001EEC3DE1B0}{3808876B-C176-4E48-B7AE-04046E6CC752} C:\SYSTEM VOLUME INFORMATION\{8E26F00C-BC8F-11E0-8D57-001EEC3DE1B0}{3808876B-C176-4E48-B7AE-04046E6CC752} C:\SYSTEM VOLUME INFORMATION\{6C8345B5-C16E-11E0-9C37-001EEC3DE1B0}{3808876B-C176-4E48-B7AE-04046E6CC752} C:\SYSTEM VOLUME INFORMATION\{A1BE2E39-CB50-11E0-93F5-001EEC3DE1B0}{3808876B-C176-4E48-B7AE-04046E6CC752} C:\SYSTEM VOLUME INFORMATION\{ADC52BA2-B569-11E0-98C1-001EEC3DE1B0}{3808876B-C176-4E48-B7AE-04046E6CC752} C:\SYSTEM VOLUME INFORMATION\{A1BE2E49-CB50-11E0-93F5-001EEC3DE1B0}{3808876B-C176-4E48-B7AE-04046E6CC752} C:\SYSTEM VOLUME INFORMATION\{DBA90858-C3C5-11E0-8FDC-001EEC3DE1B0}{3808876B-C176-4E48-B7AE-04046E6CC752} C:\PROGRAM FILES (X86)\COMMON FILES\JAVA\JAVA UPDATE\JUSCHED.EXE C:\BOOT\BCD -------------------------------------------------------------------------------- Options Scanning engines: Scanning options: Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR Use advanced heuristics That looks good. We can do some cleanup. Update Your Java (JRE) Old versions of Java have vulnerabilities that malware can use to infect your system. First Verify your Java Version If there are any other version(s) installed then update now. Get the new version (if needed) If your version is out of date install the newest version of the Sun Java Runtime Environment. Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update. Be sure to close ALL open web browsers before starting the installation. Remove any old versions 1. Download JavaRa and unzip the file to your Desktop. 2. Open JavaRA.exe and choose Remove Older Versions 3. Once complete exit JavaRA. Additional Note: The Java Quick STARTER (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer. ************************************************* To uninstall ComboFix Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane. In the field, type in ComboFix /uninstall (Note: Make sure there's a space between the word ComboFix and the forward-slash.) Then, press Enter, or click OK. This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore. ************************************************ To remove the tools we used and the files and folders they created do the following: Double click OTL.exe. Click the CleanUp button. Select Yes when the "Begin cleanup Process?" prompt appears. If you are prompted to Reboot during the cleanup, select Yes. The tool will delete itself once it finishes. Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually. ************************************************ Clean out your temporary internet files and temp files. Download TFC by OldTimer to your desktop. Double-click TFC.exe to run it. Note: If you are running on Vista, right-click on the file and choose Run As Administrator TFC** will close all programs when run, so make sure you have saved all your work before you begin. * Click the Start button to begin the cleaning process. * Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. * Please let TFC run uninterrupted until it is finished. Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning. ******************************************************* Looking over your log it seems you don't have any evidence of a third party firewall. Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors. Remember only install ONE firewall 1) Comodo Personal Firewall (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one) 2) Online Armor 3) Agnitum Outpost 4) PC Tools Firewall Plus If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time. ************************************************** Use the Secunia Software Inspector to check for out of date software. •Click Start Now •Check the box next to Enable thorough system inspection. •Click Start** •Allow the scan to finish and scroll down to see if any updates are needed. •Update anything listed. . ---------- Go to Microsoft Windows Update and get all critical updates. ---------- I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free. SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly. Safe Surfing! Got through all that without any problems. Thanks for all your help! Quote from: Elyse_2301 on August 28, 2011, 08:53:27 PM Got through all that without any problems. Thanks for all your help! You're welcome. I will lock this thread. If you need it re-opened, please send me a pm.

Answer»

Ok. Let's try this one.

Please download the Sophos Anti-Rootkit Scanner and save it to your desktop.

You will need to enter your name, e-mail address and location in order to access the download page.

Once you have downloaded the file, double click the sarsfx icon
Review the licence agreement and click on the Accept button
The scanner will prompt you to extract the files to C:\SOPHTEMP - DO NOT change this location, simply click the Install button
Once the files have been extracted; using Windows Explorer, navigate to C:\SOPHTEMP and double click on the blue shield icon called sargui
Ensure that there are checkmarks next to Running processes, Windows registry and Local hard drives, then click Start scan
Allow the program to scan your computer - please be patient as it may take some time
Once the scan has completed a window will pop-up with the results of the scan - click OK to this
In the main window, you will see each of the entries found by the scan (if any)

If the scanner generated any warning messages, please click on each warning and copy and paste the text of it into this thread for me to review
Once you have posted any warning messages here, you can close the scanner and wait for me to get back to you

If you have not had any warnings, any entries which can be cleaned up by the scanner will have a box with a green checkmark in it next to the entry
To clean up these entries click on the Clean up checked items button
If you accidentally check a file NOT recommended for clean up, you will get a warning message and if necessary can re-select the entries you want to clean up
Once you have cleaned the selected files, you will be prompted to re-boot your computer - please do so
When you have re-booted,and tell me how your computer is running now

I don't think I got any warning messages there are 4 files but each one says it is removable but clean up is not recommended. They are all from a copy of a game that was given to me so if that is the problem I have no problems uninstalling it from my computer.

While this scan was running AVG popped up twice and said it found a few things and asked if I wanted to quarentine them or leave them be. I didn't think to write down the names of the files at the time but I just let them be since that scan was running. I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on to download the ESET Smart Installer. Save it to your desktop.
Double click on the icon on your desktop.

•Check
•Click the button.
•Accept any security warnings from your browser.
•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
tried running this and it gets stuck in the Initialization process. I just stops and says "can not get update. Is proxy configured?"Ok. Please try this one.

Run the BitDefender Online scanner

Agree to the license and then select Scan. DO NOT CHANGE THE OPTIONS TO SHOW ALL FILES SCANNED. That will make your logs huge and we don't need to see clean files.

Once Bitdefender completes the scan:
Click-on the Detected Problems tab.
Then select Click here to export the scan report.

When the window comes up to save the report, change the Save as type: box to:
Text (Tab Delimited) (*.txt) and then in the File name box enter change to bdscan then click Save.

This will save a file named bdscan.txt. I would suggest saving it to the Desktop so you can easily find it. (take notice of where you save it so you can find it later).
This bdcan.txt file will actually contain HTML code that we can easily view later while reviewing your log. All we have to do is rename the file to bdscan.html.

If you do not follow these step, you will have an incorrect log or worse a log summary which is useless to us.

Post the bdscan.txt file as an Attachment.
Okay I clicked that link and I ran the quick scan however the instructions you gave me don't quite match what I saw. I never saw an option to to show all files scanned. After it ran it said it found 1 infected file. However I see no Detected Problems tab and I clicked on the link that said "Found 1 infected file" and it gave me the following log. So I don't know if this helps but that's all I got.

QuickScan Beta 32-bit v0.9.9.99
-------------------------------
Scan date: Thu Aug 25 18:45:14 2011
Machine ID: C8CD3BCA

Found 1 infected file!
----------------------

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe --> Gen:Variant.Kates.2
--> HKLM\Software\Microsoft\Windows\CurrentVersion\Run\"SunJavaUpdateSched"

Processes
---------
AVG Internet Security 4360 C:\Program Files (x86)\AVG\AVG10\avgtray.exe
AVG Internet Security 1396 C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
AVG Internet Security 3516 C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
AVGIDSMonitor.exe 4844 C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
Bluetooth Stack for Windows by Toshiba 4880 C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
ConfigFree 1256 C:\Program Files (x86)\Toshiba\ConfigFree\CFProcSRVC.exe
ConfigFree(TM) 1852 C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe
ConfigFree(TM) 3016 C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe
ConfigFree(TM) Tray 5076 C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe
CyberLink MediaLibray Service 4276 C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe
CyberLink PowerCinema 4252 C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe
Dropbox 4556 C:\Users\Amber\AppData\Roaming\Dropbox\bin\Dropbox.exe
En-us 4504 C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
Flash® Player Installer/Uninstaller 4780 C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10t_ActiveX.exe
KeNotify Application 4136 C:\Program Files (x86)\Toshiba\Utilities\KeNotify.exe
Microsoft Search Enhancement Pack 2312 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
Microsoft® Windows® Operating SYSTEM 3956 C:\Windows\SysWOW64\PING.EXE
NVIDIA Update Components 5540 C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
OpenOffice.org 3.3 5060 C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
OpenOffice.org 3.3 4612 C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
pinger.exe 2220 C:\Toshiba\IVP\ISM\pinger.exe
RAID Event Monitor 4240 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
RAID Monitor 2932 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
Spybot - Search & Destroy 3024 C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
Stereo Vision Control Panel API Server 744 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
swupdtmr.exe 2416 C:\Toshiba\IVP\swupdate\swupdtmr.exe
TeaTimer.exe 4532 C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
TOSHIBA DVD Player 2452 C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
Ulead Systems ULCDRSvr 2608 C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
Windows® Internet Explorer 4012 C:\Program Files (x86)\Internet Explorer\iexplore.exe
Windows® Internet Explorer 3776 C:\Program Files (x86)\Internet Explorer\iexplore.exe
Windows® Internet Explorer 5068 C:\Program Files (x86)\Internet Explorer\iexplore.exe
Windows® Internet Explorer 1712 C:\Program Files (x86)\Internet Explorer\iexplore.exe
Windows® Internet Explorer 5668 C:\Program Files (x86)\Internet Explorer\iexplore.exe

Network activity
----------------
Process iexplore.exe (1712) connected on port 80 (HTTP) --> 65.55.17.26
Process iexplore.exe (1712) connected on port 80 (HTTP) --> 65.55.17.26
Process iexplore.exe (1712) connected on port 80 (HTTP) --> 64.215.172.244
Process iexplore.exe (1712) connected on port 80 (HTTP) --> 64.215.172.244
Process iexplore.exe (1712) connected on port 80 (HTTP) --> 96.17.70.66
Process iexplore.exe (1712) connected on port 80 (HTTP) --> 65.55.239.163
Process iexplore.exe (1712) connected on port 80 (HTTP) --> 65.55.239.163
Process iexplore.exe (1712) connected on port 80 (HTTP) --> 65.55.5.232
Process iexplore.exe (1712) connected on port 80 (HTTP) --> 65.55.5.232
Process iexplore.exe (1712) connected on port 80 (HTTP) --> 65.55.5.233
Process iexplore.exe (1712) connected on port 80 (HTTP) --> 65.55.5.233
Process iexplore.exe (1712) connected on port 80 (HTTP) --> 74.125.224.91
Process iexplore.exe (1712) connected on port 80 (HTTP) --> 74.125.224.91
Process iexplore.exe (1712) connected on port 80 (HTTP) --> 64.215.172.244
Process iexplore.exe (1712) connected on port 80 (HTTP) --> 65.55.87.11
Process iexplore.exe (1712) connected on port 80 (HTTP) --> 69.72.169.241
Process iexplore.exe (3776) connected on port 80 (HTTP) --> 65.55.17.26
Process iexplore.exe (3776) connected on port 80 (HTTP) --> 65.55.17.26
Process iexplore.exe (3776) connected on port 80 (HTTP) --> 64.215.172.244
Process iexplore.exe (3776) connected on port 80 (HTTP) --> 64.215.172.244
Process iexplore.exe (3776) connected on port 80 (HTTP) --> 65.55.87.131
Process iexplore.exe (3776) connected on port 80 (HTTP) --> 65.55.239.163
Process iexplore.exe (3776) connected on port 80 (HTTP) --> 96.17.70.11
Process iexplore.exe (3776) connected on port 80 (HTTP) --> 65.55.239.163
Process iexplore.exe (3776) connected on port 80 (HTTP) --> 65.55.239.163
Process iexplore.exe (3776) connected on port 80 (HTTP) --> 65.55.239.163
Process iexplore.exe (3776) connected on port 80 (HTTP) --> 64.215.172.237
Process iexplore.exe (3776) connected on port 80 (HTTP) --> 65.55.5.232
Process iexplore.exe (3776) connected on port 80 (HTTP) --> 65.55.5.232
Process iexplore.exe (3776) connected on port 80 (HTTP) --> 65.55.5.232
Process iexplore.exe (3776) connected on port 80 (HTTP) --> 65.55.5.233
Process iexplore.exe (3776) connected on port 80 (HTTP) --> 65.55.5.233
Process iexplore.exe (3776) connected on port 80 (HTTP) --> 65.55.5.233
Process iexplore.exe (3776) connected on port 80 (HTTP) --> 65.55.87.59
Process iexplore.exe (3776) connected on port 80 (HTTP) --> 65.55.87.140
Process iexplore.exe (3776) connected on port 80 (HTTP) --> 74.125.224.91
Process iexplore.exe (3776) connected on port 80 (HTTP) --> 74.125.224.91
Process iexplore.exe (3776) connected on port 80 (HTTP) --> 74.125.224.155
Process iexplore.exe (3776) connected on port 80 (HTTP) --> 74.125.224.155
Process iexplore.exe (3776) connected on port 80 (HTTP) --> 65.55.87.130
Process iexplore.exe (3776) connected on port 80 (HTTP) --> 65.55.87.140
Process Dropbox.exe (4556) connected on port 80 (HTTP) --> 199.47.216.144
Process iexplore.exe (5068) connected on port 80 (HTTP) --> 74.125.127.95
Process iexplore.exe (5068) connected on port 80 (HTTP) --> 74.125.127.95
Process iexplore.exe (5068) connected on port 80 (HTTP) --> 96.17.70.35
Process iexplore.exe (5068) connected on port 80 (HTTP) --> 96.17.70.35
Process iexplore.exe (5068) connected on port 80 (HTTP) --> 96.17.70.35
Process iexplore.exe (5068) connected on port 80 (HTTP) --> 96.17.70.35
Process iexplore.exe (5068) connected on port 80 (HTTP) --> 96.17.70.35
Process iexplore.exe (5068) connected on port 80 (HTTP) --> 96.17.70.35
Process iexplore.exe (5068) connected on port 80 (HTTP) --> 74.86.64.162
Process iexplore.exe (5068) connected on port 80 (HTTP) --> 96.6.95.139
Process iexplore.exe (5068) connected on port 80 (HTTP) --> 184.28.64.124
Process iexplore.exe (5068) connected on port 80 (HTTP) --> 184.28.64.124
Process iexplore.exe (5068) connected on port 80 (HTTP) --> 74.125.224.139
Process iexplore.exe (5068) connected on port 80 (HTTP) --> 74.125.224.139
Process iexplore.exe (5068) connected on port 443 (HTTP over SSL) --> 74.125.53.96
Process iexplore.exe (5068) connected on port 443 (HTTP over SSL) --> 74.125.224.159
Process iexplore.exe (5068) connected on port 443 (HTTP over SSL) --> 74.125.224.159
Process iexplore.exe (5068) connected on port 443 (HTTP over SSL) --> 74.125.224.141
Process iexplore.exe (5068) connected on port 443 (HTTP over SSL) --> 74.125.224.141
Process iexplore.exe (5068) connected on port 80 (HTTP) --> 96.17.70.136
Process iexplore.exe (5068) connected on port 80 (HTTP) --> 74.125.53.96
Process iexplore.exe (5068) connected on port 80 (HTTP) --> 74.125.224.153
Process iexplore.exe (5068) connected on port 80 (HTTP) --> 74.125.224.153
Process iexplore.exe (5068) connected on port 80 (HTTP) --> 69.171.228.39
Process iexplore.exe (5068) connected on port 80 (HTTP) --> 69.171.228.39
Process iexplore.exe (5068) connected on port 80 (HTTP) --> 96.17.70.19
Process iexplore.exe (5068) connected on port 80 (HTTP) --> 96.17.70.19
Process iexplore.exe (5068) connected on port 80 (HTTP) --> 96.17.70.19
Process iexplore.exe (5068) connected on port 80 (HTTP) --> 66.132.220.193
Process iexplore.exe (5068) connected on port 80 (HTTP) --> 199.68.156.31
Process iexplore.exe (5068) connected on port 80 (HTTP) --> 199.68.156.83
Process iexplore.exe (5068) connected on port 80 (HTTP) --> 216.137.35.114
Process iexplore.exe (5068) connected on port 80 (HTTP) --> 216.137.35.114
Process iexplore.exe (5068) connected on port 80 (HTTP) --> 216.137.35.114
Process iexplore.exe (5068) connected on port 80 (HTTP) --> 216.137.35.114
Process iexplore.exe (5068) connected on port 80 (HTTP) --> 216.137.35.114
Process iexplore.exe (5068) connected on port 80 (HTTP) --> 216.137.35.127
Process iexplore.exe (5068) connected on port 80 (HTTP) --> 216.137.35.127
Process iexplore.exe (5068) connected on port 80 (HTTP) --> 74.125.224.36
Process iexplore.exe (5068) connected on port 80 (HTTP) --> 74.125.224.36

Process Dropbox.exe (4556) listens on ports: 17500

Autoruns and critical files
---------------------------
HWSetup C:\Program Files\TOSHIBA\Utilities\HWSetup.exe
AVG Internet Security C:\Program Files (x86)\AVG\AVG10\avgtray.exe
Bluetooth Stack for Windows by Toshiba C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
Chicony traybar C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
CyberLink MediaLibray Service C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe
CyberLink PowerCinema C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe
Dropbox C:\Users\Amber\AppData\Roaming\Dropbox\bin\Dropbox.exe
En-us C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
jusched.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
KeNotify Application C:\Program Files (x86)\Toshiba\Utilities\KeNotify.exe
Microsoft® Windows® Operating System c:\windows\system32\browseui.dll
Microsoft® Windows® Operating System C:\Windows\system32\Mystify.scr
quickstart.exe C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
SVPWUTIL Application C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe
TeaTimer.exe C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
Windows Live Messenger C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
Windows® Internet Explorer c:\windows\syswow64\webcheck.dll
(verified) Microsoft® Windows® Operating System c:\windows\system32\userinit.exe

Browser plugins
---------------
AcroIEHelper Library C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
AVG Internet Security c:\program files (x86)\avg\avg10\avgssie.dll
Bing Bar c:\program files (x86)\msn toolbar\platform\6.3.2322.0\npwinext.dll
BitDefender QuickScan C:\Windows\Downloaded Program Files\qsax.dll
Conduit Toolbar c:\program files (x86)\conduitengine\conduitengine.dll
Conduit Toolbar c:\program files (x86)\utorrentbar\tbutor.dll
Java(TM) Platform SE 6 U26 C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
Java(TM) Platform SE 6 U26 C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
Microsoft Search Enhancement Pack c:\program files (x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll
Microsoft® CoReXT C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
NVIDIA 3D Vision C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
NVIDIA 3D VISION C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
SDHelper.dll C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
Silverlight Plug-In c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
System REQUIREMENTS Lab C:\Windows\Downloaded Program Files\sysreqlab_nvd.dll
Windows Live Messenger Companion c:\program files (x86)\windows live\companion\companioncore.dll
Windows Live Photo Gallery C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
Windows Presentation Foundation c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
Windows® Internet Explorer c:\windows\syswow64\ieframe.dll
(verified) Microsoft® Windows® Operating System C:\Windows\System32\mswsock.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\napinsp.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\NLAapi.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\pnrpnsp.dll
(verified) Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll

Missing files
-------------
File not found: NDSTray.exe
--> HKLM\Software\Microsoft\Windows\CurrentVersion\Run\"NDSTray.exe"

Scan
----
MD5: de81240bd5476bb8aa2261349ab32ff8 C:\Program Files (x86)\AVG\AVG10\avgamnot.dll
MD5: ac7e2d24a082bea90b3a884647fedff5 C:\Program Files (x86)\AVG\AVG10\avgcfgx.dll
MD5: b01e5e3cfb0ce27cbef9011eb09a0a71 C:\Program Files (x86)\AVG\AVG10\avgcslx.dll
MD5: 8f2e5f841df279c41fa011e8f2e945bc C:\Program Files (x86)\AVG\AVG10\avgidpsdkx.dll
MD5: 199f9addb1c1e633169b9f6cb40d7724 C:\Program Files (x86)\AVG\AVG10\avglngx.dll
MD5: 3fa61ef87e49fface4ed58c4f1a98eb1 C:\Program Files (x86)\AVG\AVG10\avglogx.dll
MD5: e8efbf473a01ddcb363576fb4ccc40f8 C:\Program Files (x86)\AVG\AVG10\avgsched.dll
MD5: 90f4c3d61c6722bb0962962dbc29ad7a C:\Program Files (x86)\AVG\AVG10\avgsrmx.dll
MD5: 4109b81aedeed60102542554f4e69f10 c:\program files (x86)\avg\avg10\avgssie.dll
MD5: 140f771cada8724200434c39918f2ea0 C:\Program Files (x86)\AVG\AVG10\avgtray.exe
MD5: 61b12427ccbf5512e3439664c00d5fcd C:\Program Files (x86)\AVG\AVG10\avguires.dll
MD5: f5d2494cee652b5d0d75ba5a77309b66 C:\Program Files (x86)\AVG\AVG10\avgwd.dll
MD5: fc2bc51120a945f7c70376495e4e7737 C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
MD5: 80aec7987f4f315dc8b65fa1a42ff554 C:\Program Files (x86)\AVG\AVG10\avgwdwsc.dll
MD5: 37dff4cee590b6d081efe18fb2c377db C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
MD5: 350a0c2cc411a6b0982604c8893c3e93 C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
MD5: c11f6a1f61481e24be3fdc06ea6f7d2a C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
MD5: 25b1e852ff65f5400e2d0c965d01c3bf C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
MD5: 6bf01e200063d7274f3af06d226671f5 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
MD5: da579734b4375740efee86ffdfed57a7 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\wlidcli.dll
MD5: 332d341d92b933600d41953b08360dfb C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
MD5: d9a0ce26ada5bd15b1b03a752ddf14a6 c:\program files (x86)\conduitengine\conduitengine.dll
MD5: 8755df630f5477ee1a3ccb00d0a3d0cd C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMediaLibrary.dll
MD5: 166d74046ce5d2b0696a335b8a8633e1 C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe
MD5: d6b5c9dc1df4a8140bd2fc4bb26a5031 C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvcPS.dll
MD5: b1cda377b2c8dcd8fa3db8501647031d C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\Common\CLRCEngine3.dll
MD5: 9b271ead0ae5907eabc3a7be072c323e C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe
MD5: 0ecc0901aebcb6b5c5c551c67e4e026a C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAMon_ENU.dll
MD5: cb686f44bf955ea02520710a56874fa4 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
MD5: 974ee55b9a17d606a783add021aa65ad C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\ISDI.dll
MD5: ac31c3fc0b28f54f4873c5136be525f8 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\PlugInRAID_ENU.dll
MD5: a1659e4d08fe8d0f0bc61960d8c0369e C:\Program Files (x86)\Internet Explorer\ieproxy.dll
MD5: 7d8e146a863d62c8f88128a30872a18f C:\Program Files (x86)\Internet Explorer\IEShims.dll
MD5: 904e13ba41af2e353a32cf351ca53639 C:\Program Files (x86)\Internet Explorer\iexplore.exe
MD5: e7d55e121ff1951cb86c7e0dc6a33877 C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
MD5: 1040bd9bf3ddab7cda2346f8375480a2 C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
MD5: 74ca33b3daac6c4f1de9df67ff61b9ec c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\agcore.dll
MD5: c3e42cbf8215171a524d123a54ae3233 c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
MD5: 16a252022535b680046f6e34e136d378 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
MD5: a4ad1aa4c57409480c1d84bbca6becf0 c:\program files (x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll
MD5: da7763dbf7d7679b52a3f1484fbd3fb7 c:\program files (x86)\msn toolbar\platform\6.3.2322.0\npwinext.dll
MD5: cff7b34d91fcc4b05e61a8ebf5987b12 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
MD5: 7fea176d89ef2063128e6d906c9e1f11 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
MD5: 6086b60f2e36d06a063cb07ed0524332 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
MD5: e7818cd4fb51284c948d68a7a85a69b8 C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
MD5: ccf523b951afaa0147f22e2a7aae4976 C:\Program Files (x86)\NXP\FM Radio\OpenLibSysX64.sys
MD5: 9a62bcaa15bf7f2b289cc5a50fbdde49 C:\Program Files (x86)\OpenOffice.org 3\program\basegfxmi.dll
MD5: 4b2f87de85b721ab4051443cf79a926f C:\Program Files (x86)\OpenOffice.org 3\program\comphelp4MSC.dll
MD5: 42ed1f2f4cb5f25ea9aa608429f2e45a C:\Program Files (x86)\OpenOffice.org 3\program\configmgr.uno.dll
MD5: 29467c0949f41a414918e1ebb371bec4 C:\Program Files (x86)\OpenOffice.org 3\program\deploymentmiscmi.dll
MD5: 97a4c67dc092e7edeaf296bc80cdcffb C:\Program Files (x86)\OpenOffice.org 3\program\emsermi.dll
MD5: c0bdeafdb1ceba29dc444ffb08fc4f4a C:\Program Files (x86)\OpenOffice.org 3\program\fwemi.dll
MD5: 7a3371350068d50cd55a55ac7c109b41 C:\Program Files (x86)\OpenOffice.org 3\program\fwimi.dll
MD5: 368ae415c04fc2ea99aa3e43b79319ee C:\Program Files (x86)\OpenOffice.org 3\program\fwkmi.dll
MD5: d62b776209a6fe8a712f2b914bd696e3 C:\Program Files (x86)\OpenOffice.org 3\program\i18nisolang1MSC.dll
MD5: 7147a3ad6f43c75e0737eb8396ce84ed C:\Program Files (x86)\OpenOffice.org 3\program\i18npapermi.dll
MD5: 18d9bc9be65494bcc4b5c274dee681d5 C:\Program Files (x86)\OpenOffice.org 3\program\i18npool.uno.dll
MD5: 33a73277383831bfee37c36cc7d7918a C:\Program Files (x86)\OpenOffice.org 3\program\i18nutilMSC.dll
MD5: 9fd93f8c9e800a01dec03c0f985719bf C:\Program Files (x86)\OpenOffice.org 3\program\icudt40.dll
MD5: 495e820cac608b05a76e14efaab92692 C:\Program Files (x86)\OpenOffice.org 3\program\icuin40.dll
MD5: 5bdeb78f1c8f89e5820ea9df80a30beb C:\Program Files (x86)\OpenOffice.org 3\program\icuuc40.dll
MD5: f85d55d1a0f08c098034899ff812c07a C:\Program Files (x86)\OpenOffice.org 3\program\libdb47.dll
MD5: 59b11c7e3525c7222271e000ab33f694 C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MD5: 5b7fcc26067bad888870234c7abc74ad C:\Program Files (x86)\OpenOffice.org 3\program\localebe1.uno.dll
MD5: eed8e244d73e86a05562b597d3559208 C:\Program Files (x86)\OpenOffice.org 3\program\oleautobridge.uno.dll
MD5: 6d6df7fdf72e2f47140ddd5e56dbdaf4 C:\Program Files (x86)\OpenOffice.org 3\program\oooimprovementmi.dll
MD5: f7dce54077ee9d8a351c4b1ffa866ee7 C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
MD5: 7c27f5ad651035a99aa84ccf0f6e9b43 C:\Program Files (x86)\OpenOffice.org 3\program\saxmi.dll
MD5: 007402c0a0f353ab297897cf42b8f151 C:\Program Files (x86)\OpenOffice.org 3\program\sbmi.dll
MD5: ac0f6a47f9ad9788f9fc9ff86fe470d3 C:\Program Files (x86)\OpenOffice.org 3\program\sfxmi.dll
MD5: 2337ec951c4af6e1af65d10bd9615beb C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
MD5: 11e8d8272fdbe213ade3dad91427ce35 C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
MD5: eec33ec9c51e95f2a0b3667513597566 C:\Program Files (x86)\OpenOffice.org 3\program\sofficeapp.dll
MD5: 52d2d656a6c354c63c1d43cb97a84fcd C:\Program Files (x86)\OpenOffice.org 3\program\sotmi.dll
MD5: 45e1212280f611c21b4de033d1d7c420 C:\Program Files (x86)\OpenOffice.org 3\program\svlmi.dll
MD5: 4447f1e6f1552f8162063f60b69ee67a C:\Program Files (x86)\OpenOffice.org 3\program\svtmi.dll
MD5: e29cef43fdaf8598302180174dc61388 C:\Program Files (x86)\OpenOffice.org 3\program\tkmi.dll
MD5: cadebeb36d91229ea468e40704e0607a C:\Program Files (x86)\OpenOffice.org 3\program\tlmi.dll
MD5: e1e6c70b09630486c9b31e265d6bc3e1 C:\Program Files (x86)\OpenOffice.org 3\program\ucb1.dll
MD5: 53d36c9e672280e63331a7db93ff24d3 C:\Program Files (x86)\OpenOffice.org 3\program\ucbhelper4MSC.dll
MD5: a0bf508f0ad56275530778d9655f4013 C:\Program Files (x86)\OpenOffice.org 3\program\ucpfile1.dll
MD5: 381c38d5a96dc48df531f83a6566840c C:\Program Files (x86)\OpenOffice.org 3\program\utlmi.dll
MD5: 008034f50f1cf56ea6b028f9f3f5e8b6 C:\Program Files (x86)\OpenOffice.org 3\program\vclmi.dll
MD5: d9dfc0a179981dd82fa1e575ba4a071d C:\Program Files (x86)\OpenOffice.org 3\program\vos3MSC.dll
MD5: ddb5aff679932c1616305a7292178947 C:\Program Files (x86)\OpenOffice.org 3\program\xcrmi.dll
MD5: 2045e825effe34ce14305f92075f2ffc C:\Program Files (x86)\OpenOffice.org 3\URE\bin\bootstrap.uno.dll
MD5: ead61b24a7183cad672ca911310b0a98 C:\Program Files (x86)\OpenOffice.org 3\URE\bin\cppu3.dll
MD5: 25bd70c53c7da635f58e32ffcb9145b5 C:\Program Files (x86)\OpenOffice.org 3\URE\bin\cppuhelper3MSC.dll
MD5: 9c5c49d3c4dbc3a76bc16ef3825467c8 C:\Program Files (x86)\OpenOffice.org 3\URE\bin\jvmfwk3.dll
MD5: 32b01485db7ad870c49c56135345766e C:\Program Files (x86)\OpenOffice.org 3\URE\bin\msci_uno.dll
MD5: f8f8961b601fa7bafd9578b542299284 C:\Program Files (x86)\OpenOffice.org 3\URE\bin\reg3.dll
MD5: 535a2814b074947101a1d1501d557199 C:\Program Files (x86)\OpenOffice.org 3\URE\bin\sal3.dll
MD5: 4b6e83cd4163bb13fd82146f3f68caeb C:\Program Files (x86)\OpenOffice.org 3\URE\bin\salhelper3MSC.dll
MD5: 75f27f38a18b6c980c89d32450b4e690 C:\Program Files (x86)\OpenOffice.org 3\URE\bin\stlport_vc7145.dll
MD5: 4fe48fc083fd237a632d0b9fb7ae7b5c C:\Program Files (x86)\OpenOffice.org 3\URE\bin\stocservices.uno.dll
MD5: e622be084fab62a57493810f7c8c0378 C:\Program Files (x86)\OpenOffice.org 3\URE\bin\store3.dll
MD5: 1358c3c04f2480b57e536b3aca6d93e2 C:\Program Files (x86)\OpenOffice.org 3\URE\bin\uwinapi.dll
MD5: 390679f7a217a5e73d756276c40ae887 C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
MD5: 3eafdd637416393722aa98e940dfd0a0 C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
MD5: ce0999910d37f61f2314c998f4f9d1d4 C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
MD5: 4e5a8546709591d31ba086ca2a69cecd C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
MD5: 7df1e7b35c39d656850cfe237503f3f7 C:\Program Files (x86)\Toshiba\ConfigFree\CFP2API.dll
MD5: 5ac8a997e8d9c131b5f90b4f3ccfae34 C:\Program Files (x86)\Toshiba\ConfigFree\CFProcSRVC.exe
MD5: d10d01b2dfcd8d2f32a32ed29e8da1c2 C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe
MD5: 9a815510679c7ecd04ed194a9c9c25e5 C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe
MD5: 53835c26153df03322b6378addf070b4 C:\Program Files (x86)\Toshiba\ConfigFree\CFUPNP.dll
MD5: e0d99e3acef09bd225912f977290a0d1 C:\Program Files (x86)\TOSHIBA\ConfigFree\CFWLAPI.dll
MD5: 7e3479c704f208c85954d9e7442533c4 C:\Program Files (x86)\TOSHIBA\ConfigFree\CFWRP_CS.dll
MD5: 386206f09d969f809b76b8e10355f703 C:\Program Files (x86)\TOSHIBA\ConfigFree\CFWRPAR_CS.dll
MD5: f3e8e67dc455012aaad4364cbc3bca0b C:\Program Files (x86)\TOSHIBA\ConfigFree\IpAdrSet.dll
MD5: e114083008a623323c8d9df5550f82d2 C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSAPI.dll
MD5: ab62a8f77c0e2ec8bfdac6bb379b3ecb C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSNLS.dll
MD5: 0172f917a624d08620a8ae94f5950a30 C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSParts.dll
MD5: 6e3fefb74326a230237613f2b035c71f C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe
MD5: 7a3e47a6f167e6b9835a6dc2ca20c9d8 C:\Program Files (x86)\Toshiba\ConfigFree\OpenProp.dll
MD5: fd9515297d79e1ac8965e384467b6f6b C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
MD5: afd400aebcab252c99e60991ff00d9d2 C:\Program Files (x86)\Toshiba\Utilities\KeNotify.exe
MD5: a7e2ff99e82eca03a16f5d31c820f697 C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe
MD5: d9a0ce26ada5bd15b1b03a752ddf14a6 c:\program files (x86)\utorrentbar\tbutor.dll
MD5: 47bdbce3e2d819b17ab9fa4539b9df71 c:\program files (x86)\windows live\companion\companioncore.dll
MD5: 4ce9dac1518ff7e77bd213e6394b9d77 C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
MD5: 6f0dab13529bcb7c0f8a3082a8b1cde9 C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
MD5: ac421a44de902f2627f1e63793ed89cd C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
MD5: b1db5edb658f3ff4f13ac069ce622893 C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
MD5: 7a917120a62bcf2883fdd5c352447556 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
MD5: 7e47c328fc4768cb8beafbcfafa70362 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
MD5: 7cd2f2c63693ef90b73f5362a52cae26 C:\Program Files\Intel\WiFi\bin\EvtEng.exe
MD5: 7d9d615201a483d6fa99491c2e655a5a C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
MD5: 3289766038db2cb14d07dc84392138d5 C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
MD5: 58a38e75f3316a83c23df6173d41f2b5 C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
MD5: e17a81e6ad0e89630a3b0f2ed5cbbdf5 C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
MD5: 071f0d1f23b82b56939fb036b8f4456f C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
MD5: 19d979b9f6373a7cb17ebb7594feb819 C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
MD5: 137149b37e9c9dbde30e4c40867252e4 C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
MD5: 9a0e769cb3ac06b5ef443cfb6228b137 C:\Program Files\TOSHIBA\Utilities\HWSetup.exe
MD5: 06c8fa1cf39de6a735b54d906ba791c6 C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
MD5: 6dbf2ac2bdaff355995ab25eccc4cfe1 C:\Toshiba\IVP\ISM\pinger.exe
MD5: e1292c1ed4deb17b8a9b586d22cb2061 C:\Toshiba\IVP\swupdate\swupdtmr.exe
MD5: fe36976864a30ea91e14d024f8bf7dd8 C:\Users\Amber\AppData\Roaming\Dropbox\bin\Dropbox.exe
MD5: 0b02d9aa67eea2c5524943b69418512e C:\Users\Amber\AppData\Roaming\Dropbox\bin\PYTHON25.DLL
MD5: 823451876778f382b23afe20ef2ddc20 C:\Windows\Downloaded Program Files\qsax.dll
MD5: 14ce384d2e27b64c256bda4dc39c312d C:\Windows\ehome\ehRecvr.exe
MD5: b93159c1313d66fdfbbe876f5189cd52 C:\Windows\ehome\ehsched.exe
MD5: f5ee2527d74449868e3c3227a59bcd28 C:\Windows\ehome\ehstart.dll
MD5: ce07a466201096f021cd09d631b21540 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
MD5: 749f5f8cedca70f2a512945325fc489d C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
MD5: 74751dda198165947fd7454d83f49825 C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
MD5: bc5b0be5af3510b0fd8c140ee42c6d3e C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
MD5: ab87eeffd18f2baafc274e7075ea6c67 c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
MD5: 66328b08ef5a9305d8ede36b93930369 C:\Windows\servicing\TrustedInstaller.exe
MD5: e9b9c1b98c8d6d48407e1c1203eac659 C:\Windows\system32\adsldpc.dll
MD5: da7478ba9e41b60b3d5da456e253002a C:\Windows\system32\audioeng.dll
MD5: 4acf748a8e576761e4c610acab67b1bc C:\Windows\system32\bcrypt.dll
MD5: 74f26fc01b180d4a99a168ed69c30a53 C:\Windows\system32\cmd.exe
MD5: 93e317d7ad783d8eaee2e3500bfe889d C:\Windows\system32\credui.dll
MD5: 3dfeec45e5f22993216083fb777719d5 C:\Windows\system32\d2d1.dll
MD5: 8b02d2ecc7ef6e1f6af08459e3f741f6 C:\Windows\system32\d3d10.dll
MD5: 29e4ea31c6debe5efb384eefa4f1ef63 C:\Windows\system32\d3d10_1.dll
MD5: 556f1cbe9ba19e2ccd6f8d9af71af5c7 C:\Windows\system32\d3d10_1core.dll
MD5: 9c7094f537782a82b6a29b4a7172e180 C:\Windows\system32\d3d10core.dll
MD5: 85e861d0b88db2b54acb0839654c09f7 C:\Windows\system32\DNSAPI.dll
MD5: 9c551a9121639a9779862cb8a6cabf03 C:\Windows\system32\DRIVERS\LPCFilter.sys
MD5: 6843926aff733d46a04f9d4e1c1a6b14 C:\Windows\system32\DWrite.dll
MD5: aaae543c535ed596ecad2ab8761c2c6f C:\Windows\system32\dxgi.dll
MD5: 05b6a5ce1c7767c32df35966107cb1ec C:\Windows\system32\hhctrl.ocx
MD5: d5c9f778d0ed2954eb83e1cf87dc0b65 C:\Windows\system32\IEFRAME.dll
MD5: 417011fac541c62837d29d1c9f834156 C:\Windows\system32\IEUI.dll
MD5: 68563ac389f92ee79f1c714288ba1dce C:\Windows\system32\ImgUtil.dll
MD5: b8fbe5f40b09f5d20e1e5ccfef893d62 C:\Windows\system32\IMM32.DLL
MD5: 7d62fa39463aa90ee0b32401038b26a5 C:\Windows\system32\jsproxy.dll
MD5: ef24642d5fb52a1eef56de9e47cbb993 C:\Windows\system32\MFC42.DLL
MD5: f35a584e947a5b401feb0fe01db4a0d7 C:\Windows\system32\MFC71.DLL
MD5: 56e315acfb08a177b4d01e42b9044db5 C:\Windows\system32\MPRAPI.dll
MD5: 7940c04ce581288a3498d57ec4ee47d2 C:\Windows\system32\msfeeds.dll
MD5: e6d5c7e4aac0c682169aa5021386eff3 C:\Windows\system32\MSHTML.dll
MD5: 35aae2e841aa1a949775168e119482c9 C:\Windows\system32\msls31.dll
MD5: 39ba737ebf8e7da1cd019fe95333fd70 C:\Windows\system32\Mystify.scr
MD5: aabe6452dfff3baa664a33795b2166fc C:\Windows\system32\nvwgf2um.dll
MD5: 862363973dcbcc31dd161ef41a69153c C:\Windows\system32\ODBC32.dll
MD5: 2dd6af8e97f59c9d39329bbc2a81f13f C:\Windows\system32\RASDLG.dll
MD5: ab530fdd34c67b497a20171d1234cfe9 C:\Windows\system32\RICHED32.DLL
MD5: 0a990afb9f2726323d61c8ecb8b70b17 C:\Windows\system32\security.dll
MD5: 167ac31450c0c53a01fa1491e94d7678 C:\Windows\System32\shdocvw.dll
MD5: c7230fbee14437716701c15be02c27b8 C:\Windows\System32\shsvcs.dll
MD5: 2cdef39641bc63a337b6ea13e61b32c6 C:\Windows\system32\TosBdAPI.dll
MD5: c385d4d4ec16e637aa4d2d18a06e80c9 C:\Windows\system32\TosBtAPI.dll
MD5: 88b630f6aeb5a11f6ad064930b38c2c0 C:\Windows\system32\UxTheme.dll
MD5: 83c2f5076e1b4a63c04f2b14ee7cad47 C:\Windows\system32\wbem\wbemdisp.dll
MD5: 2c3b09e586bda2cc49a292be7badc589 C:\Windows\system32\wbem\wmiutils.dll
MD5: 5ec8fb83f31aa2d6f421f02c3f4f4475 C:\Windows\system32\WINSPOOL.DRV
MD5: 28b9dba6201aeddc65c15fa48939804a C:\Windows\system32\wmp.dll
MD5: 9441a231c0aa0712f7cf3b10d9cfcf76 C:\Windows\system32\wmploc.dll
MD5: 1908cc7673f72601affdca022689cedf C:\Windows\system32\xmllite.dll
MD5: 85e861d0b88db2b54acb0839654c09f7 C:\Windows\Syswow64\DNSAPI.dll
MD5: 4312debdacbe338f0b90e7f08e7672be C:\Windows\SysWOW64\Dxtmsft.dll
MD5: ca493a92da9880b6f1a89c3dbd54ba5b C:\Windows\SysWOW64\Dxtrans.dll
MD5: 9a75518600fba10980ee94267ca98489 C:\Windows\SysWOW64\gameux.dll
MD5: 05c8c8767e29163fc251164ff6839ea5 C:\Windows\syswow64\GDI32.dll
MD5: ee9d715af1b928982f417238b9914484 C:\Windows\SysWOW64\ieapfltr.dll
MD5: d5c9f778d0ed2954eb83e1cf87dc0b65 c:\windows\syswow64\ieframe.dll
MD5: ab0e44c70c5c732c1e312eaeabecc1d5 C:\Windows\syswow64\iertutil.dll
MD5: b8fbe5f40b09f5d20e1e5ccfef893d62 C:\Windows\syswow64\IMM32.dll
MD5: 4be78e80530451f5ff970bd109c6df77 C:\Windows\SysWOW64\jscript9.dll
MD5: 7f4caeac24592fa9f574e1f8cd1d0604 C:\Windows\syswow64\kernel32.dll
MD5: df37346ea13082e3e1b423b54014e641 C:\Windows\syswow64\LPK.DLL
MD5: efbef826c183cf8edab324ce514d69b7 C:\Windows\SysWOW64\Macromed\Flash\Flash10t.ocx
MD5: 73d4dea1a876f78feb83862d514bfe63 C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10t_ActiveX.dll
MD5: 0ab420b203bfc541de65cfbd88470d3a C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10t_ActiveX.exe
MD5: 56007cfc52167c26e4a3f899b8d29ccd C:\Windows\SysWOW64\ntdll.dll
MD5: 9586e7cb2255a8b097a7e4538202585e C:\Windows\syswow64\ole32.dll
MD5: de4cd76c254e143f40e62952788d3be7 C:\Windows\syswow64\OLEAUT32.dll
MD5: 0ed8727ea0172860f47258456c06caea C:\Windows\SysWow64\perfhost.exe
MD5: 015e1f472a5633520903353375f7e69d C:\Windows\SysWOW64\PING.EXE
MD5: 0abe67004eb4c162f4456e64f90a11fd C:\Windows\syswow64\RPCRT4.dll
MD5: 2ab58991862153a248779174d4e4212b C:\Windows\SysWOW64\schannel.dll
MD5: 33ae914c24f546aabf281ba7b138186d C:\Windows\syswow64\SHELL32.dll
MD5: 9176285122b7b849fec2aa1b72a8f7a8 C:\Windows\syswow64\SHLWAPI.dll
MD5: d217b0da82fdd942c048749993275ac6 C:\Windows\syswow64\urlmon.dll
MD5: d29fdb5dedbdc1bd882164dc6dc4dd53 C:\Windows\syswow64\USER32.dll
MD5: 80fff14f1757b9af8be9d314fc1ae88b C:\Windows\syswow64\USP10.dll
MD5: 88b630f6aeb5a11f6ad064930b38c2c0 C:\Windows\SysWOW64\UxTheme.dll
MD5: 5193de33f3284c447e0d31dafbf92570 c:\windows\syswow64\webcheck.dll
MD5: 2c7332c222d1fe1fc57d622699a8c001 C:\Windows\syswow64\WININET.dll
MD5: 1d109ed0d660654ea7ff1574558031c4 C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcm80.dll
MD5: c9564cf4976e7e96b4052737aa2492b4 C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll
MD5: 1f5afd468eb5e09e9ed75a087529eab5 C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80.DLL
MD5: e2c48cd0132d4d1dc7d0df9a6bef686a C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80U.DLL
MD5: 28a09777d2d952122567a8a82f1a2c7b C:\Windows\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\MFC80ENU.DLL
MD5: 4c39358ebdd2ffcd9132a30e1ec31e16 C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCP90.dll
MD5: cdbe9690cf2b8409facad94fac9479c9 C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll
MD5: ca6ade4f7761bb15b3325356dc3b82bb C:\Windows\WinSxS\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_4bf7e3e2bf9ada4c\mfc90u.dll
MD5: fbfca1a574d47ee575448b719cbbf2e4 C:\Windows\WinSxS\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_49768ef57548175e\MFC90ENU.DLL
MD5: 35acd5ea63d75e97dd0e9a1629e582b2 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6002.18305_none_88f3a38569c2c436\COMCTL32.dll
MD5: be3c082837866c4c291adaf163c10ea6 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MD5: b5b09091b0e33c396ceec8995515bd41 C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll

The following file(s) must be uploaded for server-side scanning:
C:\Program Files (x86)\OpenOffice.org 3\program\svlmi.dll
C:\Program Files (x86)\OpenOffice.org 3\program\fwemi.dll
C:\Program Files (x86)\OpenOffice.org 3\program\deploymentmiscmi.dll
C:\Program Files (x86)\OpenOffice.org 3\program\i18nutilMSC.dll
C:\Program Files (x86)\OpenOffice.org 3\program\ucpfile1.dll
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\OpenOffice.org 3\program\libdb47.dll
C:\Program Files (x86)\OpenOffice.org 3\program\oooimprovementmi.dll
C:\Program Files (x86)\OpenOffice.org 3\URE\bin\cppu3.dll
C:\Program Files (x86)\OpenOffice.org 3\program\basegfxmi.dll
C:\Program Files (x86)\OpenOffice.org 3\program\xcrmi.dll
C:\Program Files (x86)\OpenOffice.org 3\program\vos3MSC.dll
C:\Program Files (x86)\OpenOffice.org 3\URE\bin\store3.dll
C:\Program Files (x86)\OpenOffice.org 3\URE\bin\msci_uno.dll
C:\Program Files (x86)\OpenOffice.org 3\program\oleautobridge.uno.dll
C:\Program Files (x86)\OpenOffice.org 3\program\sotmi.dll
C:\Program Files (x86)\OpenOffice.org 3\program\i18npapermi.dll
C:\Program Files (x86)\OpenOffice.org 3\program\emsermi.dll
C:\Program Files (x86)\OpenOffice.org 3\program\localebe1.uno.dll
C:\Program Files (x86)\OpenOffice.org 3\URE\bin\uwinapi.dll
C:\Program Files (x86)\OpenOffice.org 3\program\icuuc40.dll
C:\Program Files (x86)\OpenOffice.org 3\URE\bin\stlport_vc7145.dll
C:\Program Files (x86)\OpenOffice.org 3\URE\bin\stocservices.uno.dll
C:\Program Files (x86)\OpenOffice.org 3\program\configmgr.uno.dll
C:\Program Files (x86)\OpenOffice.org 3\program\utlmi.dll
C:\Program Files (x86)\OpenOffice.org 3\URE\bin\reg3.dll
C:\Program Files (x86)\OpenOffice.org 3\program\comphelp4MSC.dll
C:\Program Files (x86)\OpenOffice.org 3\program\ucbhelper4MSC.dll
C:\Program Files (x86)\OpenOffice.org 3\program\ucb1.dll
C:\Program Files (x86)\OpenOffice.org 3\URE\bin\salhelper3MSC.dll
C:\Program Files (x86)\OpenOffice.org 3\URE\bin\jvmfwk3.dll
C:\Program Files (x86)\OpenOffice.org 3\URE\bin\cppuhelper3MSC.dll
C:\Program Files (x86)\OpenOffice.org 3\URE\bin\bootstrap.uno.dll
C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
C:\Program Files (x86)\OpenOffice.org 3\program\fwimi.dll
C:\Program Files (x86)\OpenOffice.org 3\program\sofficeapp.dll
C:\Program Files (x86)\OpenOffice.org 3\program\tlmi.dll
C:\Program Files (x86)\OpenOffice.org 3\program\i18nisolang1MSC.dll

Upload started - 35 file(s)
jusched.exe (39428)
salhelper3MSC.dll (13312)
localebe1.uno.dll (24064)
i18nisolang1MSC.dll (26112)
i18npapermi.dll (29184)
msci_uno.dll (51712)
store3.dll (53248)
i18nutilMSC.dll (66560)
oooimprovementmi.dll (83968)
uwinapi.dll (86016)
jvmfwk3.dll (92160)
stocservices.uno.dll (92672)
reg3.dll (92672)
vos3MSC.dll (94208)
deploymentmiscmi.dll (135680)
cppu3.dll (142848)
emsermi.dll (148480)
ucb1.dll (212992)
sotmi.dll (256000)
ucpfile1.dll (257024)
oleautobridge.uno.dll (287232)
fwimi.dll (311296)
ucbhelper4MSC.dll (358912)
sofficeapp.dll (379904)
configmgr.uno.dll (396800)
cppuhelper3MSC.dll (432128)
bootstrap.uno.dll (452608)
tlmi.dll (529408)
xcrmi.dll (531456)
stlport_vc7145.dll (597504)
basegfxmi.dll (700928)
svlmi.dll (777216)
libdb47.dll (832000)
fwemi.dll (869888)
icuuc40.dll (951296)
Upload speed - 113 KB/s
Upload finished - 35 uploaded, 0 failed

Scan finished - communication took 90 sec
Total traffic - 9.95 MB sent, 0.72 KB recvd
Scanned 407 files and modules - 139 seconds

==============================================================================

Quote

however the instructions you gave me don't quite match what I saw

This is an old canned speech that I'm using and the program probably has changed. The main thing is that you got the log. Good job.
Please run this scan for me.
BTW, how's the computer running now?

Run the F-Secure Online Scanner for Viruses, Spyware and Rootkits.

Note: This Scanner is for Internet Explorer Only!

•Click on Online Services and then Online Scanner
•Accept the License Agreement.
•Once the ActiveX installs,Click Full System Scan
•Once the download completes,the scan will begin automatically.
•The scan will take some time to finish,so please be patient.
•When the scan completes, click the Automatic cleaning (recommended) button.

•Click the Show Report button and Copy&Paste the entire report in your next reply.
My computer is running pretty good actually. I've had AVG pop up a few times wanting to quarentine a couple files but it's only been during scans that were running so I have left it alone because I didn't want to interrupt the scan. Other than that I haven't had any more issues in the last few days.

Scanning Report
Friday, August 26, 2011 19:54:32 - 21:17:44
Computer name: AMBER-PC
Scanning type: Scan system for malware, spyware and rootkits
Target: C:\

--------------------------------------------------------------------------------

1 malware found
TrackingCookie.Webtrends (spyware)
System (Disinfected)

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 120496
System: 5116
Not scanned: 47
Actions:
Disinfected: 1
Renamed: 0
Deleted: 0
Not cleaned: 0
Submitted: 0
Files not scanned:
C:\HIBERFIL.SYS
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\DRIVERS\SPTD.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\SAM
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\COMPONENTS
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\COMPONENTS
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SAM
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SYSTEM
C:\WINDOWS\SYSTEM32\CATROOT2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATDB
C:\WINDOWS\SYSTEM32\CATROOT2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\CATDB
C:\SYSTEM VOLUME INFORMATION\{1299DB9B-CEB2-11E0-A746-001EEC3DE1B0}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{1CD89F6F-CF7B-11E0-B7C1-001EEC3DE1B0}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{20A90029-CC43-11E0-97AF-001EEC3DE1B0}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{20A90037-CC43-11E0-97AF-001EEC3DE1B0}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{267F3139-C932-11E0-9F82-001EEC3DE1B0}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{29387294-CC52-11E0-8230-001EEC3DE1B0}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{29387298-CC52-11E0-8230-001EEC3DE1B0}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{1B83358B-B635-11E0-A230-001EEC3DE1B0}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{490D2353-CDEC-11E0-9BA8-001EEC3DE1B0}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{490D2360-CDEC-11E0-9BA8-001EEC3DE1B0}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{5D13C5D8-BB90-11E0-AE43-001EEC3DE1B0}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{63AE920C-B7F2-11E0-BD42-001EEC3DE1B0}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{671E6E1B-CB5B-11E0-B6CA-001EEC3DE1B0}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{671E6E29-CB5B-11E0-B6CA-001EEC3DE1B0}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{6C834577-C16E-11E0-9C37-001EEC3DE1B0}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{6C8345B1-C16E-11E0-9C37-001EEC3DE1B0}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{50D2F3C1-C877-11E0-A002-001EEC3DE1B0}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{6E9DB58C-B4C6-11E0-B7FB-001EEC3DE1B0}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{7C68BD1A-C490-11E0-BB21-001EEC3DE1B0}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{86F24C33-C7B0-11E0-B90F-001EEC3DE1B0}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{8A6FF7E5-B6E8-11E0-9F7E-001EEC3DE1B0}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{8E26F00C-BC8F-11E0-8D57-001EEC3DE1B0}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{6C8345B5-C16E-11E0-9C37-001EEC3DE1B0}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{A1BE2E39-CB50-11E0-93F5-001EEC3DE1B0}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{ADC52BA2-B569-11E0-98C1-001EEC3DE1B0}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{A1BE2E49-CB50-11E0-93F5-001EEC3DE1B0}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{DBA90858-C3C5-11E0-8FDC-001EEC3DE1B0}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\PROGRAM FILES (X86)\COMMON FILES\JAVA\JAVA UPDATE\JUSCHED.EXE
C:\BOOT\BCD

--------------------------------------------------------------------------------

Options
Scanning engines:
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
Use advanced heuristics

--------------------------------------------------------------------------------

Copyright © 1998-2009 Product support | Send virus sample to F-Secure
Scanning Report
Friday, August 26, 2011 19:54:32 - 21:17:44
Computer name: AMBER-PC
Scanning type: Scan system for malware, spyware and rootkits
Target: C:\

--------------------------------------------------------------------------------

1 malware found
TrackingCookie.Webtrends (spyware)
System (Disinfected)

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 120496
System: 5116
Not scanned: 47
Actions:
Disinfected: 1
Renamed: 0
Deleted: 0
Not cleaned: 0
Submitted: 0
Files not scanned:
C:\HIBERFIL.SYS
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\DRIVERS\SPTD.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\SAM
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\COMPONENTS
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\COMPONENTS
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SAM
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SYSTEM
C:\WINDOWS\SYSTEM32\CATROOT2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATDB
C:\WINDOWS\SYSTEM32\CATROOT2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\CATDB
C:\SYSTEM VOLUME INFORMATION\{1299DB9B-CEB2-11E0-A746-001EEC3DE1B0}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{1CD89F6F-CF7B-11E0-B7C1-001EEC3DE1B0}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{20A90029-CC43-11E0-97AF-001EEC3DE1B0}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{20A90037-CC43-11E0-97AF-001EEC3DE1B0}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{267F3139-C932-11E0-9F82-001EEC3DE1B0}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{29387294-CC52-11E0-8230-001EEC3DE1B0}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{29387298-CC52-11E0-8230-001EEC3DE1B0}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{1B83358B-B635-11E0-A230-001EEC3DE1B0}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{490D2353-CDEC-11E0-9BA8-001EEC3DE1B0}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{490D2360-CDEC-11E0-9BA8-001EEC3DE1B0}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{5D13C5D8-BB90-11E0-AE43-001EEC3DE1B0}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{63AE920C-B7F2-11E0-BD42-001EEC3DE1B0}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{671E6E1B-CB5B-11E0-B6CA-001EEC3DE1B0}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{671E6E29-CB5B-11E0-B6CA-001EEC3DE1B0}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{6C834577-C16E-11E0-9C37-001EEC3DE1B0}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{6C8345B1-C16E-11E0-9C37-001EEC3DE1B0}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{50D2F3C1-C877-11E0-A002-001EEC3DE1B0}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{6E9DB58C-B4C6-11E0-B7FB-001EEC3DE1B0}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{7C68BD1A-C490-11E0-BB21-001EEC3DE1B0}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{86F24C33-C7B0-11E0-B90F-001EEC3DE1B0}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{8A6FF7E5-B6E8-11E0-9F7E-001EEC3DE1B0}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{8E26F00C-BC8F-11E0-8D57-001EEC3DE1B0}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{6C8345B5-C16E-11E0-9C37-001EEC3DE1B0}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{A1BE2E39-CB50-11E0-93F5-001EEC3DE1B0}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{ADC52BA2-B569-11E0-98C1-001EEC3DE1B0}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{A1BE2E49-CB50-11E0-93F5-001EEC3DE1B0}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{DBA90858-C3C5-11E0-8FDC-001EEC3DE1B0}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\PROGRAM FILES (X86)\COMMON FILES\JAVA\JAVA UPDATE\JUSCHED.EXE
C:\BOOT\BCD

--------------------------------------------------------------------------------

Options
Scanning engines:
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
Use advanced heuristics
That looks good. We can do some cleanup.

Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.

First Verify your Java Version

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java Runtime Environment.

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.

Additional Note: The Java Quick STARTER (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
***************************************************

To uninstall ComboFix

Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
In the field, type in ComboFix /uninstall

(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

Then, press Enter, or click OK.
This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.

****************************************************
To remove the tools we used and the files and folders they created do the following:
Double click OTL.exe.

Click the CleanUp button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
****************************************************
Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
*********************************************************
Looking over your log it seems you don't have any evidence of a third party firewall.

Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors.

Remember only install ONE firewall

1) Comodo Personal Firewall (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one)
2) Online Armor
3) Agnitum Outpost
4) PC Tools Firewall Plus

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.
******************************************************
Use the Secunia Software Inspector to check for out of date software.

•Click Start Now

•Check the box next to Enable thorough system inspection.

•Click Start

•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!
Got through all that without any problems.

Thanks for all your help! Quote from: Elyse_2301 on August 28, 2011, 08:53:27 PM

Got through all that without any problems.

Thanks for all your help!

You're welcome. I will lock this thread. If you need it re-opened, please send me a pm.

Solve : Vista security 2012 virus?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment