Jump to content

yosemitest

Honorary Members
  • Posts

    43
  • Joined

  • Last visited

Reputation

0 Neutral

Contact Methods

  • Website URL
    http://
  • ICQ
    0

Profile Information

  • Location
    Mississippi, USA
  1. Screen317, I haven't posted on the Online Armor Forum yet. I've been busy with a car repair to a rack-and pinion, and power steering pump. Sincerely, yosemitest.
  2. To screen317, I still have a problem. The other day, I left my computer up and running with the internet cable disconnected. When I came back to it several hours later, my Online Armor++ Firewall Program Access had been totally changed. All my preogram settings had been deleted and one new program had been set up with total access to everything. It was titled in unicode with several "y" with two dots over it. I'd have to let it happen again to give you the exact title, and then reload my drive from a ghost image. I don't know but I think, to get rid of it, I'm going to have to re-format all drives and then reload my computer. That's several days of work, and I'd like to save my data, but I don't know what's infected and what isn't infected. Should I try to copy my "E" drive to several flash drives and then format that drive and "C" drive at the same time? Sincerely, yosemitest.
  3. Screen317, Thanks for your honesty. I'll check with Online Armor++ forum. Sincerely, Yosemitest
  4. Screen317, Let me know what the other scans show. They showed no malicious programs detected. ComboFix isn't malicious; otherwise I wouldn't have instructed you to download it. The copy of ComboFix that was on the desktop was clean. It was only the copies in the System Volume Information that were corrupt, and they were backed up by ComboFix's backup as the program started and before it started the system scan, (I think). The copy that was on my desktop and in my Norton Ghost 12.0 image was clean. At least the "Online Armor++" Full Scan didn't detect anything on them. In addition, are you still being redirected? If so, to where and in which browsers? I'll keep a close watch for this, but I haven't noticed that happening since I reloaded my C Drive from the ghost image yesterday. But I haven't been on the internet very much, except to update my security programs, and clean up my e-mail. I'm learning more about how to use "Online Armor++" Firewall. I'm keeping a close eye on the Firewall Log, and I'm trying to block some of the outgoing calls that just "pop up" while I'm using "Opera Web Browser". I notice the port of the un-requested calls, either IN or OUT, and the number of the port. Then I edit that port out, but some of them keep getting put back in and I'm not the one authorizing them to be put back in. I don't know how to BLOCK out the call by the number called. An example is from the History log. C:\Program Files\My Opera Web Browser\opera.exe (?), Outgoing UDP access allowed to: 239.255.255.250:1900 From this entry I know to block the OUT 1900 port of opera.exe, but I don't know how to block the 239.255.255.250 . There have been several other "Firewall: Automatic Decisions" that were approved, that I'd like to stop or Block, but I don't quite know how. Sincerely, Yosemitest
  5. Hello screen317, I attempted what you asked and it didn't work. Meaning, I uninstalled Online Armor++ first. Then when it didn't work under Safe Mode, I tried it under Normal Mode, I even let it install the updated "ComboFix.exe". Now, after I reloaded my computer from the "Ghost Image of 7, now 8 days ago", an interesting thing happened. When I first restarted the computer, before the "Toshiba Start Screen", where you have the option of F-2 or F-12, and before the screen for the System Restore Option or normal Windows XP, there was a black screen with a flashing underline, like a "DOS" screen that was there for about 2 seconds. When Windows XP started and I logged in, then I reloaded "Online Armor++" and I updated it, when I did the full scan, it found the C:\Documents and Settings\All Users\Application Data\Symantec\hpc\:3898751835 Suspicious (alternate data stream) but it didn't find the C:\Documents and Settings\All Users\Application Data\TEMP\:5C321E34 Suspicious (alternate data stream) It found two copies of a Worm.Win32.Mabezat!IK, loaded into a file in "System Volume Information' for a backup to "Combofix.exe", and in a file for that file's ".bak" file. I used "RootRepeal.exe" to "Wipe" and "Force Delete" both of those files. There were four other files that had the ADS in them, that it found, and I extracted those Alternate Data Streams. I've been reloading updates to those programs that I Uninstalled and Reinstalled, and now I'm doing all the full scans. I should complete those scans by tonight. Sincerely, Yosemitest
  6. Good morning screen317, What is "WexTech AnswerWorks"? I attempted what you asked and it didn't work. I started yosemitest.com at 740am and it locked up at 802am. Then I restarted my computer in normal mode and started yosemitest.com at 831am and it locked up at 858am. So I uninstalled: SUPER Anti-Spyware Pro Lifetime Spybot-Search and Destroy SpywareBlaster Secunia PSI Updater Malwarebytes' Anti-Malware CCleaner RootRepeal,exe S@E.exe GMER.exe RSIT.exe dds.scr ATF-Cleaner rkill.scr MBRCheck.exe WexTech Answerworks I then restarted yosemitest.com at 1035am and watch it run. At about 915pm I went to bed. At 430am I work up and it had locked up my computer at 1028pm. It was still showing the screen message about "it should only take 10 minutes to run, but infected systems can take longer". At 425am I startred reloading C Drive with a ghost image of my computer from 7 days ago. It fininished at about 545am. I am so sick of this problem, I don't know what to do. Sincerely, yosemitest
  7. Hello screen317, I did what you said. I uninstalled Online Armor++ and started ComboFix in Safe mode at 01:30am. ComboFix locked up at 01:57am. I cut the power to my computer at 02:45 to restart it. I got Online Armor++ reloaded at 0349am. I don't know what else to do. I guess I'll start an attempt to save up enough money to buy an Apple Laptop. What's your most trusted firewall, antivirus, antimalware, anti-MBR Rootkit, system to buy, Vipre Antivirus Premium ? Sincerely, Yosemitest
  8. Screen317, Uninstalling "Online Armor++" sounds very scary, but I'm backed up. But before I do should I uninstall any of the following: Secunia PSI Updater Spybot - Search and Destroy SpywareBlaster SUPER Anti-Spyware Pro Lifetime Malwarebytes' Anti-Malware CCleaner RootRepeal.exe S@E.exe Maybe it would be easier if I give you control of my computer. Sincerely, Yosemitest
  9. It's been a long day, screen317, I tried ComboFix in Safe Mode and it locked up. I turned it on at 12:30pm andwatched it for about 30 minutes. I went to town and came back at 8:45pm. The computer clock showed 1:27pm, so that's when the computer locked up. I believe I need to know more about how to use more features of my "Online Armor++" Firewall. Under "Firewall" "Program Access" there's a column for "RAW" and a column for "ICMP" for each entry or program. Some of the choices in these columns are "? n/a ", "allow", and "block". I believe I have accidentally allowed this malware into my computer and it has a "pinger" to show when I'm on the internet to whoever is runing the malware, and they are sending packages into my computer in "RAW or ICMP" form. I don't know for sure, and I'm guessing. I just don't know what to do, and I'm getting very tired of fighting this problem. Is an Apple computer any safer? Sincerely, Yosemitest
  10. Screen317, My "Online Armor++" has "Antivirus" in it. I also have "SUPER Anti-Spyware Pro Lifetime" and I intent on buying the pay version of Malwarebytes, but for now I'm running the free version. I use SpywareBlaster and Spybot - Search and Destroy as well. Do you still think I need more "Antivirus"? I've used "Microsoft Security Essentials" before and didn't like it. It uses too much processor percentage, and slows my computer down. And if I uninstall "Online Armor++" or turn it's firewall off then I get into trouble. Every time I restart my computer, something reloads two files and many Alternate Data Streams. The files are: C:\Documents and Settings\All Users\Application Data\Symantec\hpc\:3898751835 Suspicious (alternate data stream) C:\Documents and Settings\All Users\Application Data\TEMP\:5C321E34 Suspicious (alternate data stream) I have used "RootRepeal.exe" to "Wipe" and "Force Delete" these two files many times, but they keep coming back. The problem I have, I believe, is directly related to these two files reappearing, even after I delete them. That is why I believe I have an MBR Rootkit, loading them every time I restart my computer. Sincerely, Yosemitest.
  11. Hello screen317, It seems that all of the "issues" here stem from paranoid firewall rules that have been set. You may be right, but how do I change them, and what do I change? I don't have Comodo to uninstall. I have Online Armor++. So I should allow "logon.scr"? And these "Packet dropped", what do I do about them? Are they on my computer? How do I find them if they are? Or are they already "Deleted"? Sincerely, Yosemitest
  12. Hi screen317, That's alot to respond to. Yes, I DO have financial info. Before I answer your questions, let me add that when I log onto the computer, my Online Armor++ Firewall Status Log show some red code info coming into my computer, but no name or address that it's coming from. Here's that log, and I think it's trouble, but I don't know. 12/11/10 02:32:15 UDP <- 169.254.238.22:68, 192.168.1.254:67 Rule not found. Packet dropped. 12/11/10 02:32:15 UDP <- 169.254.238.22:68, 192.168.1.254:67 Rule not found. Packet dropped. 12/11/10 02:32:15 UDP <- 169.254.238.22:68, 192.168.1.254:67 Rule not found. Packet dropped. 12/11/10 02:32:15 UDP <- 169.254.238.22:68, 192.168.1.254:67 Rule not found. Packet dropped. 12/11/10 02:32:15 UDP <- 169.254.238.22:68, 192.168.1.254:67 Rule not found. Packet dropped. 12/11/10 02:32:15 UDP <- 169.254.238.22:68, 192.168.1.254:67 Rule not found. Packet dropped. 12/11/10 02:32:15 UDP <- 169.254.238.22:68, 192.168.1.254:67 Rule not found. Packet dropped. How do I stop this? I still think that I have an MBR Rootkit Malware that's loaded on both my backup drive ("E" drive) and also on my main drive ("C" Drive). "logon.scr" Why did you choose to block it??? I didn't trust it, and thought if I blocked it, that it would stop all those "kernel events", and it did cut them down to a fewer number. And NO, I don't know what those "kernel events" are. When I researched "Keylogger detected: ati2evxx.exe 11/10/2010 0:09 Blocked C:\WINDOWS\system32\ati2evxx.exe" http://www.what-is-exe.com/filenames/ati2evxx-exe.html says it was probably installed with my ATI video driver. BUT, BECAUSE it has a threat potential, I blocked it, and as long as my firewall is on, it stays blocked. I'm afraid that if I remove it, I'll lose my computer screen function. But I don't know. My computer is 1999 to 2000 technology. You know, I don't mean to whine, but I really am tight on money. I want to buy an Apple Laptop, but I keep putting it off. I'm so sick of Windows, but I spend all this time fighting problems with Windows. I've got over 30 years of air traffic controller experience, and I've be around Windows and other operating systems as a "User" for may years. But I've never used an Apple Computer, and after all I've read and heard, I can't help but think that I'd have less trouble with an Apple. What do you think? Should I go ahead and make the payments on a new laptop from Apple? Sincerely, Yosemitest.
  13. Okay screen317, About half the time, when I turn on my computer, I'll lose the Realtek AC97 driver. If I kill the power, and restart the computer, on the restart, usually the Realtek sound system will come back. But, if I click start and turn the computer off, or choose to restart the computer, it won't return, and I'll have to reload from a ghost image. The Realtek sound system is hardwired into my motherboard on my Toshiba A75 S226 laptop. Second, my "Online Armor++" will not finish a full scan now. About thirty minutes into the scan, I get the notice from "Online Armor++" that "logon.scr" is blocked. So I go to view the history log in my "Online Armor++" and see "C:\WINDOWS\system32\winlogon.exe - > C:\WINDOWS\system32\logon.scr" Before I chose to block "logon.scr" this item was logged into my history file, I was getting entries almost every second. Below is a copy of the history file. That didn't work, so I'll attach the history log. I don't know all of what this means, but the kernel events, I did NOT choose. Is there a way to look at what my computer loads BEFORE it loads Windows XP SP3? Sincerely, Yosemitest Online_Armor_History.txt
  14. Hello screen 317, Here's the analysis for C:\WINDOWS\system32\logon.scr: 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware. File name: logon.scr Submission date: 2010-11-08 20:12:33 (UTC) Current status: finished Result: 0/ 43 (0.0%) VT Community not reviewed Safety score: - Compact Print results Antivirus Version Last Update Result AhnLab-V3 2010.11.09.00 2010.11.08 - AntiVir 7.10.13.172 2010.11.08 - Antiy-AVL 2.0.3.7 2010.11.08 - Authentium 5.2.0.5 2010.11.08 - Avast 4.8.1351.0 2010.11.08 - Avast5 5.0.594.0 2010.11.08 - AVG 9.0.0.851 2010.11.08 - BitDefender 7.2 2010.11.08 - CAT-QuickHeal 11.00 2010.11.04 - ClamAV 0.96.4.0-git 2010.11.08 - Comodo 6654 2010.11.08 - DrWeb 5.0.2.03300 2010.11.08 - Emsisoft 5.0.0.50 2010.11.08 - eSafe 7.0.17.0 2010.11.08 - eTrust-Vet 36.1.7961 2010.11.08 - F-Prot 4.6.2.117 2010.11.08 - F-Secure 9.0.16160.0 2010.11.08 - Fortinet 4.2.249.0 2010.11.08 - GData 21 2010.11.08 - Ikarus T3.1.1.90.0 2010.11.08 - Jiangmin 13.0.900 2010.11.08 - K7AntiVirus 9.67.2929 2010.11.08 - Kaspersky 7.0.0.125 2010.11.08 - McAfee 5.400.0.1158 2010.11.08 - McAfee-GW-Edition 2010.1C 2010.11.08 - Microsoft 1.6301 2010.11.08 - NOD32 5602 2010.11.08 - Norman 6.06.10 2010.11.08 - nProtect 2010-11-08.02 2010.11.08 - Panda 10.0.2.7 2010.11.08 - PCTools 7.0.3.5 2010.11.08 - Prevx 3.0 2010.11.08 - Rising 22.72.06.04 2010.11.08 - Sophos 4.59.0 2010.11.08 - Sunbelt 7254 2010.11.08 - SUPERAntiSpyware 4.40.0.1006 2010.11.08 - Symantec 20101.2.0.161 2010.11.08 - TheHacker 6.7.0.1.080 2010.11.08 - TrendMicro 9.120.0.1004 2010.11.08 - TrendMicro-HouseCall 9.120.0.1004 2010.11.08 - VBA32 3.12.14.1 2010.11.08 - ViRobot 2010.10.4.4074 2010.11.08 - VirusBuster 12.72.3.0 2010.11.08 - Additional information Show all MD5 : 9fad7dff67555ff1e06bc4a3893024a7 SHA1 : 0012fc30946cb2cd56bdb140ace7504065add85b SHA256: 029896c1949c60fbb58e21194b3b141dac5117d641bc59671c1b623d8041401c ssdeep: 3072:sD/XpaIC/jdelKE90KmIJQ3FKrKOYHhph3Z0ojWPTKGloGjHlJ7gB968Z7/CZTHP:sD/Xp q8z4K14huX File size : 220672 bytes First seen: 2008-04-23 19:04:02 Last seen : 2010-11-08 20:12:33 TrID: Win64 Executable Generic (63.0%) Win32 Executable MS Visual C++ (generic) (27.7%) Win32 Executable Generic (6.2%) Generic Win/DOS Executable (1.4%) DOS Executable Generic (1.4%) sigcheck: publisher....: Microsoft Corporation copyright....: © Microsoft Corporation. All rights reserved. product......: Microsoft_ Windows_ Operating System description..: Logon Screen Saver original name: logon internal name: logon file version.: 5.1.2600.5512 (xpsp.080413-2105) comments.....: n/a signers......: - signing date.: - verified.....: Unsigned PEInfo: PE structure information [[ basic data ]] entrypointaddress: 0x282E timedatestamp....: 0x480252AB (Sun Apr 13 18:36:27 2008) machinetype......: 0x14c (I386) [[ 3 section(s) ]] name, viradd, virsiz, rawdsiz, ntropy, md5 .text, 0x1000, 0x22EA, 0x2400, 6.18, 72eb87e8d5f42be2e84b835a081fd5d2 .data, 0x4000, 0x164, 0x200, 1.71, 6b8b14a8c940e6a15f82334e3d4cb1de .rsrc, 0x5000, 0x332A8, 0x33400, 3.89, 6c30ed79464c4ffacecd3b90e961fb45 [[ 7 import(s) ]] USER32.dll: PeekMessageW, SendMessageW, DialogBoxParamW, GetParent, IsWindow, SetCursor, GetForegroundWindow, TranslateMessage, GetMessageW, SetForegroundWindow, FindWindowW, GetClientRect, CharNextW, ReleaseDC, DispatchMessageW, LoadStringW, MessageBoxW, EndDialog, DefWindowProcW, ShowWindow, SetRect, FillRect, DrawIcon, LoadImageW, RegisterClassW, CreateWindowExW, SetTimer, PostMessageW, GetSystemMetrics, LoadIconW, InvalidateRect, SetWindowPos, BeginPaint, EndPaint, GetDC, RegisterWindowMessageW, SystemParametersInfoW, GetCursorPos, PostQuitMessage GDI32.dll: GetStockObject, SelectPalette, RealizePalette, BitBlt, GetObjectW, CreateCompatibleDC, SelectObject, GetDIBColorTable, CreatePalette, DeleteObject, GetClipBox SHLWAPI.dll: - msvcrt.dll: _controlfp, __set_app_type, __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _initterm, __getmainargs, __initenv, exit, _cexit, _XcptFilter, _exit, _c_exit, _except_handler3 ADVAPI32.dll: RegQueryValueExW, RegOpenKeyW, RegCloseKey KERNEL32.dll: QueryPerformanceCounter, LoadLibraryExW, FreeLibrary, ExitProcess, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, Sleep, GetProcAddress, GetModuleHandleW, LoadLibraryW, GlobalAlloc, GlobalLock, GetSystemPowerStatus, GetVersionExW, GlobalUnlock, GlobalFree, GetStartupInfoW, GetCommandLineW, GetModuleHandleA, GetTickCount COMCTL32.dll: InitCommonControlsEx VT Community This file has never been reviewed by any VT Community member. Be the first one to comment on it!C:\WINDOWS\system32\logon.scr Is there anything there? Sincerely, Yosemitest
  15. Chris Fistonich, I've done everything I know to do, to try and make ComboFix.exe work, and it doesn't work. I moved it to "C:\Combofix.exe" and it still freezes up. The only thing left to do is to un-install my "Online Armor++", Malwarebytes', Superantispyware Pro Lifetime, Spybot - Search and Destry, and SjpywareBlaster. And maybe un-install my "Java". What I've noticed is ... when trying to complete a full scan with "Online Armor++" and the computer locks up, before it locks up, and about 30 minutes into the scan, Online Armor++ history shows me the last action is "C:\WINDOWS\system32\winlogon.exe - > C:\WINDOWS\system32\logon.scr" and "Taskmanager" show me that "lsass.exe" is active. I'm not a computer expert, so I don't know what this means, but I thinks someone is trying to log into my computer through the internet. I've got "logon.scr" blocked. Now ComboFix.exe locks up my computer, also. DDS.Scr locks up my computer after the 51st colon across the "cmd screen". Malwarebytes' works and here's the las log. Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 5059 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 11/6/2010 8:32:21 AM mbam-log-2010-11-06 (08-32-21).txt Scan type: Quick scan Objects scanned: 162292 Time elapsed: 12 minute(s), 13 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 1 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel\Homepage (Hijack.Homepage) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) MBRCheck.exe works and here's it's last log: MBRCheck, version 1.2.3 © 2010, AD Command-line: Windows Version: Windows XP Home Edition Windows Information: Service Pack 3 (build 2600) Logical Drives Mask: 0x000001fc Kernel Drivers (total 160): 0x804D7000 \WINDOWS\system32\ntoskrnl.exe 0x806FF000 \WINDOWS\system32\hal.dll 0xF7987000 \WINDOWS\system32\KDCOM.DLL 0xF7897000 \WINDOWS\system32\BOOTVID.dll 0xF75A8000 ACPI.sys 0xF7989000 \WINDOWS\System32\DRIVERS\WMILIB.SYS 0xF7597000 pci.sys 0xF75F7000 isapnp.sys 0xF7607000 ohci1394.sys 0xF7617000 \WINDOWS\System32\DRIVERS\1394BUS.SYS 0xF789B000 compbatt.sys 0xF789F000 \WINDOWS\System32\DRIVERS\BATTC.SYS 0xF7A4F000 pciide.sys 0xF7707000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS 0xF74D9000 pcmcia.sys 0xF7627000 MountMgr.sys 0xF74BA000 ftdisk.sys 0xF78A3000 ACPIEC.sys 0xF7A50000 \WINDOWS\System32\DRIVERS\OPRGHDLR.SYS 0xF770F000 PartMgr.sys 0xF7637000 VolSnap.sys 0xF74A2000 atapi.sys 0xF7647000 disk.sys 0xF7657000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS 0xF7482000 fltmgr.sys 0xF746B000 DRVMCDB.SYS 0xF7667000 PxHelp20.sys 0xF7868000 symsnap.sys 0xF7851000 KSecDD.sys 0xF7B52000 Ntfs.sys 0xF795A000 NDIS.sys 0xF7837000 Mup.sys 0xF78A7000 atisgkaf.sys 0xF7687000 \SystemRoot\System32\DRIVERS\nic1394.sys 0xBA2E1000 \SystemRoot\System32\DRIVERS\intelppm.sys 0xF79B7000 \SystemRoot\System32\Drivers\hkdrv.sys 0xB9CF8000 \SystemRoot\System32\DRIVERS\ati2mtag.sys 0xB9CE4000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS 0xF77F7000 \SystemRoot\System32\DRIVERS\usbohci.sys 0xB9CC0000 \SystemRoot\System32\DRIVERS\USBPORT.SYS 0xF77FF000 \SystemRoot\System32\DRIVERS\usbehci.sys 0xBA2D1000 \SystemRoot\System32\DRIVERS\imapi.sys 0xBA7D4000 \SystemRoot\system32\drivers\pfc.sys 0xF79B9000 \SystemRoot\System32\Drivers\DLACDBHM.SYS 0xBA2C1000 \SystemRoot\System32\DRIVERS\cdrom.sys 0xF7697000 \SystemRoot\System32\DRIVERS\redbook.sys 0xB9C9D000 \SystemRoot\System32\DRIVERS\ks.sys 0xF7807000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys 0xF76A7000 \SystemRoot\System32\DRIVERS\i8042prt.sys 0xBA7CC000 \SystemRoot\System32\Drivers\DKbFltr.sys 0xF780F000 \SystemRoot\System32\DRIVERS\kbdclass.sys 0xB9C84000 \SystemRoot\System32\DRIVERS\Apfiltr.sys 0xF7817000 \SystemRoot\System32\DRIVERS\mouclass.sys 0xF76B7000 \SystemRoot\System32\DRIVERS\smcirda.sys 0xBA7C4000 \SystemRoot\System32\DRIVERS\irenum.sys 0xB9C70000 \SystemRoot\System32\DRIVERS\parport.sys 0xBA7BC000 \SystemRoot\System32\DRIVERS\CmBatt.sys 0xB9C13000 \SystemRoot\System32\DRIVERS\ar5211.sys 0xB9BF3000 \SystemRoot\system32\DRIVERS\Rtnicxp.sys 0xF76C7000 \SystemRoot\System32\DRIVERS\EMS7SK.sys 0xF76D7000 \SystemRoot\System32\DRIVERS\ESD7SK.sys 0xB9BA2000 \SystemRoot\System32\DRIVERS\ESM7SK.sys 0xB97B3000 \SystemRoot\system32\drivers\ALCXWDM.SYS 0xB978F000 \SystemRoot\system32\drivers\portcls.sys 0xF76E7000 \SystemRoot\system32\drivers\drmk.sys 0xB965A000 \SystemRoot\System32\DRIVERS\AGRSM.sys 0xF781F000 \SystemRoot\System32\Drivers\Modem.SYS 0xB9DCE000 \SystemRoot\System32\DRIVERS\audstub.sys 0xF773F000 \SystemRoot\System32\DRIVERS\rasirda.sys 0xF7747000 \SystemRoot\System32\DRIVERS\TDI.SYS 0xF76F7000 \SystemRoot\System32\DRIVERS\rasl2tp.sys 0xBA791000 \SystemRoot\System32\DRIVERS\ndistapi.sys 0xB961B000 \SystemRoot\System32\DRIVERS\ndiswan.sys 0xF7587000 \SystemRoot\System32\DRIVERS\raspppoe.sys 0xF7577000 \SystemRoot\System32\DRIVERS\raspptp.sys 0xF774F000 \SystemRoot\System32\DRIVERS\ptilink.sys 0xF7757000 \SystemRoot\System32\DRIVERS\raspti.sys 0xF7567000 \SystemRoot\System32\DRIVERS\termdd.sys 0xF79BB000 \SystemRoot\System32\DRIVERS\swenum.sys 0xB956D000 \SystemRoot\System32\DRIVERS\update.sys 0xBA789000 \SystemRoot\System32\DRIVERS\mssmbios.sys 0xF7547000 \SystemRoot\System32\Drivers\NDProxy.SYS 0xF7507000 \SystemRoot\System32\DRIVERS\usbhub.sys 0xF79BF000 \SystemRoot\System32\DRIVERS\USBD.SYS 0xF7777000 \SystemRoot\system32\DRIVERS\usbprint.sys 0xF777F000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0xF79C3000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0xF7A7E000 \SystemRoot\System32\Drivers\Null.SYS 0xF79C5000 \SystemRoot\System32\Drivers\Beep.SYS 0xF7787000 \SystemRoot\System32\Drivers\DLARTL_M.SYS 0xF778F000 \SystemRoot\System32\drivers\vga.sys 0xF79C7000 \SystemRoot\System32\Drivers\mnmdd.SYS 0xF79C9000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0xAF415000 \SystemRoot\System32\Drivers\meiudf.sys 0xAF404000 \SystemRoot\System32\Drivers\Udfs.SYS 0xF7797000 \SystemRoot\System32\Drivers\Msfs.SYS 0xF779F000 \SystemRoot\System32\Drivers\Npfs.SYS 0xF793B000 \SystemRoot\System32\DRIVERS\rasacd.sys 0xF77A7000 \??\C:\WINDOWS\system32\drivers\OAnet.sys 0xAF3F1000 \SystemRoot\System32\DRIVERS\ipsec.sys 0xF744B000 \SystemRoot\System32\DRIVERS\msgpc.sys 0xAF398000 \SystemRoot\System32\DRIVERS\tcpip.sys 0xAF372000 \SystemRoot\System32\DRIVERS\ipnat.sys 0xF743B000 \??\C:\WINDOWS\system32\drivers\OAmon.sys 0xF742B000 \SystemRoot\System32\DRIVERS\wanarp.sys 0xAF34A000 \SystemRoot\System32\DRIVERS\netbt.sys 0xAF300000 \SystemRoot\System32\drivers\afd.sys 0xF741B000 \SystemRoot\System32\DRIVERS\netbios.sys 0xF7887000 \SystemRoot\System32\DRIVERS\arp1394.sys 0xF79CB000 \SystemRoot\System32\Drivers\TPIoMngr.sys 0xF79CD000 \SystemRoot\System32\Drivers\SSIoMngr.sys 0xF79CF000 \SystemRoot\System32\Drivers\EPIoMngr.sys 0xF79D1000 \SystemRoot\System32\Drivers\EKIoMngr.sys 0xAF23E000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 0xF77AF000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 0xAF213000 \SystemRoot\System32\DRIVERS\rdbss.sys 0xF77B7000 \??\C:\WINDOWS\system32\drivers\oahlp32.sys 0xAF1E3000 \??\C:\WINDOWS\system32\drivers\OADriver.sys 0xAF173000 \SystemRoot\System32\DRIVERS\mrxsmb.sys 0xBA351000 \SystemRoot\System32\Drivers\Fips.SYS 0xF79D3000 \SystemRoot\System32\Drivers\ECioctl.sys 0xF77BF000 \SystemRoot\System32\DRIVERS\USBSTOR.SYS 0xBA7D8000 \SystemRoot\system32\DRIVERS\hidusb.sys 0xBA331000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0xF77C7000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0xBF800000 \SystemRoot\System32\win32k.sys 0xB9652000 \SystemRoot\System32\drivers\Dxapi.sys 0xF77CF000 \SystemRoot\System32\watchdog.sys 0xBF000000 \SystemRoot\System32\drivers\dxg.sys 0xBA093000 \SystemRoot\System32\drivers\dxgthk.sys 0xBF012000 \SystemRoot\System32\ati2dvag.dll 0xBF049000 \SystemRoot\System32\ati2cqag.dll 0xBF083000 \SystemRoot\System32\ati3d2ag.dll 0xBFFA0000 \SystemRoot\System32\ATMFD.DLL 0xAF2E0000 \SystemRoot\System32\Drivers\DRVNDDM.SYS 0xF7AA3000 \SystemRoot\System32\DLA\DLADResM.SYS 0xAEFB7000 \SystemRoot\System32\DLA\DLAIFS_M.SYS 0xF77DF000 \SystemRoot\System32\DLA\DLAOPIOM.SYS 0xF79E3000 \SystemRoot\System32\DLA\DLAPoolM.SYS 0xF79E5000 \??\C:\WINDOWS\System32\drivers\TBiosDrv.sys 0xF77E7000 \SystemRoot\System32\DLA\DLABMFSM.SYS 0xF77EF000 \SystemRoot\System32\DLA\DLABOIOM.SYS 0xAEF79000 \SystemRoot\System32\DLA\DLAUDFAM.SYS 0xAEF62000 \SystemRoot\System32\DLA\DLAUDF_M.SYS 0xAEE5C000 \SystemRoot\System32\DRIVERS\irda.sys 0xAEFDF000 \SystemRoot\System32\DRIVERS\mdc8021x.sys 0xAEFD7000 \SystemRoot\System32\DRIVERS\ndisuio.sys 0xAEFCF000 \SystemRoot\System32\DRIVERS\netdevio.sys 0xAECD0000 \SystemRoot\System32\Drivers\Fastfat.SYS 0xAEEAA000 \SystemRoot\System32\Drivers\Cdfs.SYS 0xAEAB3000 \SystemRoot\system32\drivers\wdmaud.sys 0xAED5C000 \SystemRoot\system32\drivers\sysaudio.sys 0xF7991000 \SystemRoot\System32\Drivers\ParVdm.SYS 0xF7993000 \SystemRoot\System32\Drivers\ASCTRM.SYS 0xAE7D9000 \SystemRoot\System32\DRIVERS\srv.sys 0xF7767000 \SystemRoot\system32\DRIVERS\v2imount.sys 0xAE400000 \SystemRoot\System32\Drivers\HTTP.sys 0xF79EB000 \SystemRoot\system32\DRIVERS\psi_mf.sys 0xAE040000 \SystemRoot\system32\drivers\kmixer.sys 0x7C900000 \WINDOWS\system32\ntdll.dll Processes (total 43): 0 System Idle Process 4 System 416 C:\WINDOWS\system32\smss.exe 468 csrss.exe 492 C:\WINDOWS\system32\winlogon.exe 536 C:\WINDOWS\system32\services.exe 548 C:\WINDOWS\system32\lsass.exe 772 C:\WINDOWS\system32\ati2evxx.exe 788 C:\WINDOWS\system32\svchost.exe 840 svchost.exe 932 C:\WINDOWS\system32\svchost.exe 980 C:\WINDOWS\system32\acs.exe 1036 svchost.exe 1104 svchost.exe 1240 C:\Program Files\Tall Emu\Online Armor\oacat.exe 1356 C:\Program Files\Tall Emu\Online Armor\oasrv.exe 1576 C:\WINDOWS\explorer.exe 1636 C:\Program Files\Tall Emu\Online Armor\a2\avgate.exe 1772 C:\WINDOWS\system32\spoolsv.exe 1452 C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe 1288 C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe 1536 C:\WINDOWS\system32\DVDRAMSV.exe 1616 C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe 1920 C:\Program Files\Java\jre6\bin\jqs.exe 1940 C:\Program Files\Common Files\Motive\McciCMService.exe 384 C:\Program Files\Norton Ghost\Agent\VProSvc.exe 800 C:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe 1424 C:\WINDOWS\system32\wuauclt.exe 2120 C:\WINDOWS\system32\wscntfy.exe 2480 alg.exe 2924 C:\Program Files\Toshiba\E-KEY\CeEKey.exe 2956 C:\Program Files\Norton Ghost\Agent\VProTray.exe 3016 C:\Program Files\Tall Emu\Online Armor\oaui.exe 3292 C:\Program Files\QuickTime\QTTask.exe 3420 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe 3592 C:\Program Files\Common Files\Java\Java Update\jusched.exe 3684 C:\Program Files\Tall Emu\Online Armor\oahlp.exe 3716 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe 3820 C:\WINDOWS\system32\ctfmon.exe 2020 C:\WINDOWS\system32\RAMASST.exe 2288 C:\Program Files\Secunia\PSI\psi.exe 3452 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe 376 C:\Documents and Settings\Yosemitest\Desktop\MBRCheck.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS) \\.\E: --> \\.\PhysicalDrive4 at offset 0x00000000`00007e00 (NTFS) PhysicalDrive0 Model Number: IC25N060ATMR04-0, Rev: MO3OAD4A PhysicalDrive4 Model Number: WD3200BMV External, Rev: 1.75 Size Device Name MBR Status -------------------------------------------- 55 GB \\.\PhysicalDrive0 Windows XP MBR code detected SHA1: 31D100779DE502702C374F7C15687B56FCFD5528 298 GB \\.\PhysicalDrive4 RE: Windows XP MBR code detected SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A Done! RSIT.exe works and here's it's last log: Logfile of random's system information tool 1.08 (written by random/random) Run by Yosemitest at 2010-11-07 04:17:44 Microsoft Windows XP Home Edition Service Pack 3 System drive C: has 35 GB (61%) free of 57 GB Total RAM: 1407 MB (51% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 4:18:19 AM, on 11/7/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\ACS.exe C:\Program Files\Tall Emu\Online Armor\OAcat.exe C:\Program Files\Tall Emu\Online Armor\oasrv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Tall Emu\Online Armor\a2\AVGate.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\System32\DVDRAMSV.exe C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Motive\McciCMService.exe C:\Program Files\Norton Ghost\Agent\VProSvc.exe c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe C:\Program Files\Norton Ghost\Agent\VProTray.exe C:\Program Files\Tall Emu\Online Armor\oaui.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Tall Emu\Online Armor\OAhlp.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\RAMASST.exe C:\Program Files\Secunia\PSI\psi.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Documents and Settings\Yosemitest\Desktop\RSIT.exe C:\Program Files\trend micro\Yosemitest.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/?_bc=1 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\PROGRA~1\ATTTOO~1\ATTTOO~1.DLL O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\PROGRA~1\ATTTOO~1\ATTTOO~1.DLL O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe O4 - HKLM\..\Run: [Norton Ghost 12.0] "C:\Program Files\Norton Ghost\Agent\VProTray.exe" O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe O4 - Startup: Secunia PSI.lnk.disabled O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813 O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} (Microsoft Genuine Advantage Self Support Tool) - http://go.microsoft.com/fwlink/?LinkId=82580 O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/...can8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1263753328312 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1268878578687 O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\ACS.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe O23 - Service: Online Armor Helper Service (OAcat) - Unknown owner - C:\Program Files\Tall Emu\Online Armor\OAcat.exe O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: Online Armor (SvcOnlineArmor) - Unknown owner - C:\Program Files\Tall Emu\Online Armor\oasrv.exe O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe -- End of file - 10456 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\User_Feed_Synchronization-{12D078C1-5059-4DE5-AB10-55AE476487A1}.job C:\WINDOWS\tasks\User_Feed_Synchronization-{D7C358D2-1DB2-4DF6-8C83-B029751EFA5B}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29}] AT&&T Toolbar - C:\PROGRA~1\ATTTOO~1\ATTTOO~1.DLL [2008-05-23 1865544] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C920E44A-7F78-4E64-BDD7-A57026E7FEB7}] WOT Helper - C:\Program Files\WOT\WOT.dll [2010-03-03 1677472] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-11-06 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-11-06 79648] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2003-04-28 360448] {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - AT&&T Toolbar - C:\PROGRA~1\ATTTOO~1\ATTTOO~1.DLL [2008-05-23 1865544] {71576546-354D-41c9-AAE8-31F2EC22BF0D} - WOT - C:\Program Files\WOT\WOT.dll [2010-03-03 1677472] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "CeEKEY"=C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe [2004-05-06 638976] "Norton Ghost 12.0"=C:\Program Files\Norton Ghost\Agent\VProTray.exe [2007-03-28 2037352] "@OnlineArmor GUI"=C:\Program Files\Tall Emu\Online Armor\oaui.exe [2010-11-05 2345000] "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-09-08 421888] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760] "Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288] "SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-09-11 218032] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-04-21 335872] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc] C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe [2006-11-15 1121016] C:\Documents and Settings\All Users\Start Menu\Programs\Startup RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe C:\Documents and Settings\Yosemitest\Start Menu\Programs\Startup Secunia PSI.lnk - C:\Program Files\Secunia\PSI\psi.exe Secunia PSI.lnk.disabled - C:\Program Files\Secunia\PSI\psi.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2009-09-03 548352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{4F07DA45-8170-4859-9B5F-037EF2970034}"=C:\PROGRA~1\TALLEM~1\ONLINE~1\oaevent.dll [2010-11-05 353992] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\BITS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MSIServer] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rootrepeal.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WUAUSERV] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoResolveSearch"=1 "HonorAutoRunSetting"=1 "NoDriveAutoRun"=67108863 "NoDriveTypeAutoRun"=323 "NoDrives"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\WINDOWS\Network Diagnostic\xpnetdiag.exe"="C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" ======List of files/folders created in the last 1 months====== 2010-11-07 04:17:44 ----D---- C:\rsit 2010-11-07 03:09:07 ----RD---- C:\32788R22FWJFW 2010-11-07 03:07:37 ----A---- C:\ComboFix.exe 2010-11-07 02:48:31 ----ASH---- C:\hiberfil.sys 2010-11-06 06:02:11 ----D---- C:\Program Files\Common Files\Java 2010-11-06 06:01:14 ----A---- C:\WINDOWS\system32\javaws.exe 2010-11-06 06:01:14 ----A---- C:\WINDOWS\system32\javaw.exe 2010-11-06 06:01:14 ----A---- C:\WINDOWS\system32\java.exe 2010-11-06 05:21:22 ----HDC---- C:\WINDOWS\$NtUninstallKB2360937$ 2010-11-06 05:21:11 ----HDC---- C:\WINDOWS\$NtUninstallKB2279986$ 2010-11-06 05:20:57 ----HDC---- C:\WINDOWS\$NtUninstallKB981957$ 2010-11-06 05:20:42 ----HDC---- C:\WINDOWS\$NtUninstallKB982132$ 2010-11-06 05:16:29 ----HDC---- C:\WINDOWS\$NtUninstallKB2387149$ 2010-11-06 05:16:15 ----HDC---- C:\WINDOWS\$NtUninstallKB2378111_WM9$ 2010-11-06 05:15:26 ----HDC---- C:\WINDOWS\$NtUninstallKB2345886$ 2010-11-06 05:15:16 ----HDC---- C:\WINDOWS\$NtUninstallKB2296011$ 2010-11-06 05:14:59 ----HDC---- C:\WINDOWS\$NtUninstallKB979687$ 2010-11-06 04:34:10 ----D---- C:\Program Files\Secunia ======List of files/folders modified in the last 1 months====== 2010-11-07 04:18:19 ----D---- C:\Program Files\Trend Micro 2010-11-07 04:15:53 ----D---- C:\WINDOWS\system32\CatRoot2 2010-11-07 04:13:14 ----A---- C:\WINDOWS\ModemLog_TOSHIBA Software Modem.txt 2010-11-07 03:37:36 ----D---- C:\WINDOWS\Prefetch 2010-11-07 03:26:04 ----D---- C:\WINDOWS\temp 2010-11-07 03:13:34 ----D---- C:\WINDOWS 2010-11-07 02:52:41 ----D---- C:\WINDOWS\system32 2010-11-07 02:52:41 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2010-11-07 02:30:01 ----N---- C:\WINDOWS\SchedLgU.Txt 2010-11-06 08:41:43 ----D---- C:\WINDOWS\Microsoft.NET 2010-11-06 08:41:42 ----RSD---- C:\WINDOWS\assembly 2010-11-06 06:58:18 ----D---- C:\WINDOWS\system32\GroupPolicy 2010-11-06 06:17:41 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2010-11-06 06:17:39 ----D---- C:\WINDOWS\Debug 2010-11-06 06:02:11 ----SHD---- C:\WINDOWS\Installer 2010-11-06 06:02:11 ----D---- C:\Program Files\Common Files 2010-11-06 06:00:40 ----A---- C:\WINDOWS\system32\deployJava1.dll 2010-11-06 05:39:30 ----D---- C:\Program Files\Internet Explorer 2010-11-06 05:33:53 ----A---- C:\WINDOWS\system32\MRT.exe 2010-11-06 05:30:06 ----D---- C:\WINDOWS\WinSxS 2010-11-06 05:21:31 ----HD---- C:\WINDOWS\inf 2010-11-06 05:21:27 ----RSHDC---- C:\WINDOWS\system32\dllcache 2010-11-06 05:21:21 ----HD---- C:\WINDOWS\$hf_mig$ 2010-11-06 05:20:01 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help 2010-11-06 05:15:29 ----D---- C:\WINDOWS\system32\drivers 2010-11-06 04:59:33 ----D---- C:\Program Files\Common Files\Adobe 2010-11-06 04:59:33 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe 2010-11-06 04:51:54 ----D---- C:\Program Files\Common Files\Adobe AIR 2010-11-06 04:34:10 ----RD---- C:\Program Files 2010-11-06 01:24:14 ----SHD---- C:\System Volume Information 2010-11-06 01:24:14 ----D---- C:\WINDOWS\system32\Restore 2010-11-06 00:36:59 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP 2010-11-06 00:36:56 ----D---- C:\Program Files\SpywareBlaster 2010-11-06 00:35:17 ----D---- C:\WINDOWS\system32\drivers\etc 2010-11-05 23:15:28 ----D---- C:\Program Files\My Opera Web Browser 2010-11-05 17:02:45 ----RA---- C:\Boot.ini ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 caboagp;ATI Cabo AGP Filter; C:\WINDOWS\System32\DRIVERS\atisgkaf.sys [2003-04-23 13174] R0 drvmcdb;drvmcdb; C:\WINDOWS\System32\Drivers\DRVMCDB.SYS [2006-10-25 99816] R0 ohci1394;Texas Instruments OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\System32\DRIVERS\ohci1394.sys [2008-04-13 61696] R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2006-08-09 36560] R0 symsnap;Symantec Volume Snap Shot Driver; C:\WINDOWS\system32\DRIVERS\symsnap.sys [2007-03-28 131944] R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2006-09-15 12920] R1 DLARTL_M;DLARTL_M; C:\WINDOWS\System32\Drivers\DLARTL_M.SYS [2006-09-15 28184] R1 ECioctl;ECioctl; C:\WINDOWS\System32\Drivers\ECioctl.sys [2004-05-06 4816] R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352] R1 meiudf;meiudf; C:\WINDOWS\System32\Drivers\meiudf.sys [2003-10-24 90416] R1 OADevice;OADriver; \??\C:\WINDOWS\system32\drivers\OADriver.sys [] R1 oahlpXX;Online Armor helper driver; \??\C:\WINDOWS\system32\drivers\oahlp32.sys [] R1 OAmon;OAmon; \??\C:\WINDOWS\system32\drivers\OAmon.sys [] R1 OAnet;OAnet; \??\C:\WINDOWS\system32\drivers\OAnet.sys [] R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [] R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [] R1 SrvcEKIOMngr;SrvcEKIOMngr; C:\WINDOWS\System32\Drivers\EKIoMngr.sys [2004-05-05 6272] R1 SrvcEPIOMngr;SrvcEPIOMngr; C:\WINDOWS\System32\Drivers\EPIoMngr.sys [2004-05-05 6272] R1 SrvcSSIOMngr;SrvcSSIOMngr; C:\WINDOWS\System32\Drivers\SSIoMngr.sys [2004-05-05 6272] R1 SrvcTPIOMngr;SrvcTPIOMngr; C:\WINDOWS\System32\Drivers\TPIoMngr.sys [2004-05-05 6272] R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2003-12-02 8552] R2 DLABMFSM;DLABMFSM; C:\WINDOWS\System32\DLA\DLABMFSM.SYS [2006-11-01 35064] R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2006-11-01 32472] R2 DLADResM;DLADResM; C:\WINDOWS\System32\DLA\DLADResM.SYS [2006-11-01 9400] R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2006-11-01 104760] R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2006-11-01 26744] R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2006-11-01 14520] R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2006-11-01 98104] R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2006-11-01 94648] R2 drvnddm;drvnddm; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2006-09-15 51768] R2 irda;IrDA Protocol; C:\WINDOWS\System32\DRIVERS\irda.sys [2008-04-13 88192] R2 MDC8021X;AEGIS Protocol (IEEE 802.1x) v2.3.1.9; C:\WINDOWS\System32\DRIVERS\mdc8021x.sys [2003-12-02 15781] R2 Netdevio;TOSHIBA Network Device Usermode I/O Protocol; C:\WINDOWS\System32\DRIVERS\netdevio.sys [2003-01-29 12032] R2 TBiosDrv;TBiosDrv; \??\C:\WINDOWS\System32\drivers\TBiosDrv.sys [] R2 v2imount;Symantec V2i Mount Driver; C:\WINDOWS\system32\DRIVERS\v2imount.sys [2007-03-28 37864] R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\WINDOWS\System32\DRIVERS\AGRSM.sys [2004-02-20 1265388] R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2008-09-24 4122368] R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\System32\DRIVERS\Apfiltr.sys [2004-05-08 101833] R3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\System32\DRIVERS\ar5211.sys [2004-04-18 380160] R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800] R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2004-04-22 729088] R3 DKbFltr;Dritek HotKey Keyboard Filter Driver; C:\WINDOWS\System32\Drivers\DKbFltr.sys [2004-01-12 17497] R3 EMSCR;EMSCR; C:\WINDOWS\System32\DRIVERS\EMS7SK.sys [2004-05-18 57216] R3 EPOWER;Compal E-POWER Driver; C:\WINDOWS\System32\Drivers\hkdrv.sys [2004-05-20 4224] R3 ESDCR;ESDCR; C:\WINDOWS\System32\DRIVERS\ESD7SK.sys [2004-05-18 36224] R3 ESMCR;ESMCR; C:\WINDOWS\System32\DRIVERS\ESM7SK.sys [2004-05-11 330496] R3 GEARAspiWDM;GearAspiWDM; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2007-03-28 15664] R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824] R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2002-10-01 9856] R3 PSI;PSI; C:\WINDOWS\system32\DRIVERS\psi_mf.sys [2010-07-07 14904] R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584] R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2009-03-25 130432] R3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\System32\DRIVERS\smcirda.sys [2002-11-05 39424] R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2006-07-24 2432] S1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2006-07-24 2560] S3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2003-12-11 391424] S3 catchme;catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys [] S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [] S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [] S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [] S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [] S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [] S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [] S3 RTL8023;Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver; C:\WINDOWS\System32\DRIVERS\Rtlnic51.sys [2003-08-13 65280] S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-04 20992] S3 SABProcEnum;SABProcEnum; \??\C:\Program Files\Internet Explorer\SABProcEnum.sys [] S3 VProEventMonitor;Symantec Event Monitor Driver; C:\WINDOWS\system32\DRIVERS\vproeventmonitor.sys [2007-03-28 14072] S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\System32\DRIVERS\wanatw4.sys [] S3 WimFltr;WimFltr; C:\WINDOWS\system32\DRIVERS\wimfltr.sys [2007-03-28 128104] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 RxFilter;RxFilter; C:\WINDOWS\system32\DRIVERS\RxFilter.sys [2006-12-02 50688] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 ACS;Atheros Configuration Service; C:\WINDOWS\System32\ACS.exe [2004-04-09 20480] R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [2004-04-22 397312] R2 CeEPwrSvc;CeEPwrSvc; C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe [2004-01-08 36973] R2 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2004-03-04 28672] R2 DVD-RAM_Service;DVD-RAM_Service; C:\WINDOWS\System32\DVDRAMSV.exe [2003-05-23 106496] R2 IntuitUpdateService;Intuit Update Service; C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [2009-09-29 13088] R2 Irmon;Infrared Monitor; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-11-06 153376] R2 McciCMService;McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [2010-07-27 319488] R2 Norton Ghost;Norton Ghost; C:\Program Files\Norton Ghost\Agent\VProSvc.exe [2007-03-28 3290728] R2 OAcat;Online Armor Helper Service; C:\Program Files\Tall Emu\Online Armor\OAcat.exe [2010-11-05 380784] R2 SvcOnlineArmor;Online Armor; C:\Program Files\Tall Emu\Online Armor\oasrv.exe [2010-11-05 3653208] R2 Swupdtmr;Swupdtmr; c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe [2004-05-13 53248] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 267776] S2 Roxio Upnp Server 9;Roxio Upnp Server 9; C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe [2006-12-13 294912] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 getPlusHelper;getPlus® Helper; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 Roxio UPnP Renderer 9;Roxio UPnP Renderer 9; C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe [2006-12-13 57344] S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2007-01-16 880640] S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2007-01-15 73728] S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [] S4 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240] -----------------EOF----------------- I don't know what else to do. Sincerely, Yosemitest.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.