Jump to content


Photo
- - - - -

MBRCheck.exe Reports 2 MBR Code Detected, How Do I Get Rid Of This?


  • This topic is locked This topic is locked
40 replies to this topic

#1 yosemitest

yosemitest

    New Member

  • Members
  • Pip
  • 43 posts
  • Gender:Male
  • Location:Mississippi, USA

Posted 01 November 2010 - 05:36 AM

I've been fighting this problem for as long time.
MBRCheck.exe from http://ad13.geekstogo.com/MBRCheck.exe reported this:

MBRCheck, version 1.2.3
© 2010, AD

Command-line
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x000001fc

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000'00007e00 (NTFS)
\\.\E: --> \\.\PhysicalDrive4 at offset 0x00000000'00007e00 (NTFS)

Size Device Name MBR Status
---------------------------------------------------------------------

55 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: 31D100779DE502702C374F7C15687B56FCFD5528
208 GB \\.\PhysicalDrive4 RE: Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

Done!
Press ENTER to exit...

And here is the MBRCheck Dump Log:

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x000001fc

Kernel Drivers (total 159):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806FF000 \WINDOWS\system32\hal.dll
0xF7987000 \WINDOWS\system32\KDCOM.DLL
0xF7897000 \WINDOWS\system32\BOOTVID.dll
0xF75A8000 ACPI.sys
0xF7989000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
0xF7597000 pci.sys
0xF75F7000 isapnp.sys
0xF7607000 ohci1394.sys
0xF7617000 \WINDOWS\System32\DRIVERS\1394BUS.SYS
0xF789B000 compbatt.sys
0xF789F000 \WINDOWS\System32\DRIVERS\BATTC.SYS
0xF7A4F000 pciide.sys
0xF7707000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xF74D9000 pcmcia.sys
0xF7627000 MountMgr.sys
0xF74BA000 ftdisk.sys
0xF78A3000 ACPIEC.sys
0xF7A50000 \WINDOWS\System32\DRIVERS\OPRGHDLR.SYS
0xF770F000 PartMgr.sys
0xF7637000 VolSnap.sys
0xF74A2000 atapi.sys
0xF7647000 disk.sys
0xF7657000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xF7482000 fltmgr.sys
0xF746B000 DRVMCDB.SYS
0xF7667000 PxHelp20.sys
0xF7868000 symsnap.sys
0xF7851000 KSecDD.sys
0xF7B52000 Ntfs.sys
0xF795A000 NDIS.sys
0xF7837000 Mup.sys
0xF78A7000 atisgkaf.sys
0xB9FDF000 \SystemRoot\System32\DRIVERS\intelppm.sys
0xF79AB000 \SystemRoot\System32\Drivers\hkdrv.sys
0xB988F000 \SystemRoot\System32\DRIVERS\ati2mtag.sys
0xB987B000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
0xF77DF000 \SystemRoot\System32\DRIVERS\usbohci.sys
0xB9857000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xF77E7000 \SystemRoot\System32\DRIVERS\usbehci.sys
0xB9FCF000 \SystemRoot\System32\DRIVERS\imapi.sys
0xBA7D8000 \SystemRoot\system32\drivers\pfc.sys
0xF79AD000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
0xF7697000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xF76A7000 \SystemRoot\System32\DRIVERS\redbook.sys
0xB9834000 \SystemRoot\System32\DRIVERS\ks.sys
0xF77EF000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xF76B7000 \SystemRoot\System32\DRIVERS\i8042prt.sys
0xBA7D0000 \SystemRoot\System32\Drivers\DKbFltr.sys
0xF77F7000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xB981B000 \SystemRoot\System32\DRIVERS\Apfiltr.sys
0xF77FF000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xF76C7000 \SystemRoot\System32\DRIVERS\smcirda.sys
0xBA7C8000 \SystemRoot\System32\DRIVERS\irenum.sys
0xB9807000 \SystemRoot\System32\DRIVERS\parport.sys
0xBA7C0000 \SystemRoot\System32\DRIVERS\CmBatt.sys
0xF76D7000 \SystemRoot\System32\DRIVERS\nic1394.sys
0xB97AA000 \SystemRoot\System32\DRIVERS\ar5211.sys
0xB978A000 \SystemRoot\system32\DRIVERS\Rtnicxp.sys
0xF76E7000 \SystemRoot\System32\DRIVERS\EMS7SK.sys
0xF76F7000 \SystemRoot\System32\DRIVERS\ESD7SK.sys
0xB9739000 \SystemRoot\System32\DRIVERS\ESM7SK.sys
0xB934A000 \SystemRoot\system32\drivers\ALCXWDM.SYS
0xB9326000 \SystemRoot\system32\drivers\portcls.sys
0xF7587000 \SystemRoot\system32\drivers\drmk.sys
0xB91F1000 \SystemRoot\System32\DRIVERS\AGRSM.sys
0xF780F000 \SystemRoot\System32\Drivers\Modem.SYS
0xF7A72000 \SystemRoot\System32\DRIVERS\audstub.sys
0xF7817000 \SystemRoot\System32\DRIVERS\rasirda.sys
0xF781F000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xF7577000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xBA7B0000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xB91B2000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xF7567000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xF7557000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xF773F000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xF7747000 \SystemRoot\System32\DRIVERS\raspti.sys
0xF7547000 \SystemRoot\System32\DRIVERS\termdd.sys
0xF79AF000 \SystemRoot\System32\DRIVERS\swenum.sys
0xB9104000 \SystemRoot\System32\DRIVERS\update.sys
0xBA78D000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xF7527000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF745B000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xF79B3000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xF7767000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xF79B7000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7A87000 \SystemRoot\System32\Drivers\Null.SYS
0xF79B9000 \SystemRoot\System32\Drivers\Beep.SYS
0xF776F000 \SystemRoot\System32\Drivers\DLARTL_M.SYS
0xF7777000 \SystemRoot\System32\drivers\vga.sys
0xF79BB000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF79BD000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xAE46E000 \SystemRoot\System32\Drivers\meiudf.sys
0xAE45D000 \SystemRoot\System32\Drivers\Udfs.SYS
0xF777F000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7787000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7937000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xF778F000 \??\C:\WINDOWS\system32\drivers\OAnet.sys
0xAE44A000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xF742B000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xAE3F1000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xF741B000 \??\C:\WINDOWS\system32\drivers\OAmon.sys
0xAE3CB000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xAE3A3000 \SystemRoot\System32\DRIVERS\netbt.sys
0xF740B000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xAE381000 \SystemRoot\System32\drivers\afd.sys
0xF7887000 \SystemRoot\System32\DRIVERS\netbios.sys
0xF79BF000 \SystemRoot\System32\Drivers\TPIoMngr.sys
0xF79C1000 \SystemRoot\System32\Drivers\SSIoMngr.sys
0xF79C3000 \SystemRoot\System32\Drivers\EPIoMngr.sys
0xF79C5000 \SystemRoot\System32\Drivers\EKIoMngr.sys
0xAE2BF000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0xF7797000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xAE294000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xF779F000 \??\C:\WINDOWS\system32\drivers\oahlp32.sys
0xAE23C000 \??\C:\WINDOWS\system32\drivers\OADriver.sys
0xAE1CC000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xBA05F000 \SystemRoot\System32\Drivers\Fips.SYS
0xBA04F000 \SystemRoot\System32\DRIVERS\arp1394.sys
0xF79C7000 \SystemRoot\System32\Drivers\ECioctl.sys
0xF77A7000 \SystemRoot\System32\DRIVERS\USBSTOR.SYS
0xF77AF000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xBA7EC000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xBA02F000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF77B7000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB91E9000 \SystemRoot\System32\drivers\Dxapi.sys
0xF77BF000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7A85000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF049000 \SystemRoot\System32\ati2cqag.dll
0xBF083000 \SystemRoot\System32\ati3d2ag.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xAE361000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
0xBA79C000 \SystemRoot\System32\DLA\DLADResM.SYS
0xAE010000 \SystemRoot\System32\DLA\DLAIFS_M.SYS
0xF77CF000 \SystemRoot\System32\DLA\DLAOPIOM.SYS
0xF79D5000 \SystemRoot\System32\DLA\DLAPoolM.SYS
0xF79D7000 \??\C:\WINDOWS\System32\drivers\TBiosDrv.sys
0xF77D7000 \SystemRoot\System32\DLA\DLABMFSM.SYS
0xF7807000 \SystemRoot\System32\DLA\DLABOIOM.SYS
0xADFD2000 \SystemRoot\System32\DLA\DLAUDFAM.SYS
0xADFBB000 \SystemRoot\System32\DLA\DLAUDF_M.SYS
0xADEB5000 \SystemRoot\System32\DRIVERS\irda.sys
0xAE038000 \SystemRoot\System32\DRIVERS\mdc8021x.sys
0xAE030000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xAE028000 \SystemRoot\System32\DRIVERS\netdevio.sys
0xADD51000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xADDE5000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xAE08A000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xAE088000 \SystemRoot\System32\Drivers\ASCTRM.SYS
0xADAA1000 \SystemRoot\System32\DRIVERS\srv.sys
0xADA8C000 \SystemRoot\system32\drivers\wdmaud.sys
0xADD09000 \SystemRoot\system32\drivers\sysaudio.sys
0xAE1C4000 \SystemRoot\system32\DRIVERS\v2imount.sys
0xAD3E3000 \SystemRoot\System32\Drivers\HTTP.sys
0xACEA4000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 42):
0 System Idle Process
4 System
424 C:\WINDOWS\system32\smss.exe
476 csrss.exe
500 C:\WINDOWS\system32\winlogon.exe
544 C:\WINDOWS\system32\services.exe
556 C:\WINDOWS\system32\lsass.exe
792 C:\WINDOWS\system32\svchost.exe
844 svchost.exe
884 C:\WINDOWS\system32\svchost.exe
936 C:\WINDOWS\system32\acs.exe
1004 svchost.exe
1028 svchost.exe
1140 C:\Program Files\Tall Emu\Online Armor\oacat.exe
1240 C:\Program Files\Tall Emu\Online Armor\oasrv.exe
1444 C:\WINDOWS\explorer.exe
1508 C:\Program Files\Tall Emu\Online Armor\a2\avgate.exe
1612 C:\WINDOWS\system32\spoolsv.exe
1672 C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
1684 C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
1732 C:\WINDOWS\system32\DVDRAMSV.exe
1764 C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
1792 C:\Program Files\Java\jre6\bin\jqs.exe
1816 C:\Program Files\Common Files\Motive\McciCMService.exe
1872 C:\Program Files\Norton Ghost\Agent\VProSvc.exe
1984 C:\WINDOWS\system32\svchost.exe
2040 C:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
1152 C:\WINDOWS\system32\wscntfy.exe
2136 alg.exe
3924 C:\Program Files\Toshiba\E-KEY\CeEKey.exe
4088 C:\Program Files\Norton Ghost\Agent\VProTray.exe
1916 C:\Program Files\Tall Emu\Online Armor\oaui.exe
1180 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2592 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
2644 C:\WINDOWS\system32\ctfmon.exe
2924 C:\WINDOWS\system32\RAMASST.exe
3152 C:\Program Files\Tall Emu\Online Armor\oahlp.exe
3252 C:\Program Files\Secunia\PSI\psi.exe
3508 C:\Program Files\Internet Explorer\iexplore.exe
932 C:\Program Files\Internet Explorer\iexplore.exe
2920 C:\Documents and Settings\Yosemitest\Desktop\MBRCheck.exe
956 <unknown>

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\E: --> \\.\PhysicalDrive4 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: IC25N060ATMR04-0, Rev: MO3OAD4A
PhysicalDrive4 Model Number: WD3200BMV External, Rev: 1.75

Size Device Name MBR Status
--------------------------------------------
55 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: 31D100779DE502702C374F7C15687B56FCFD5528

298 GB \\.\PhysicalDrive4 RE: Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A



Done!

After reporting this to ""E" Drive Isn't Accessable, Help Please" at post #29, AdvancedSetup at post#30 told me to post a new topic here.

So I went to I'm infected - What do I do now? and followed the instructions as best as I could. Here is my "Malwarebytes'" most recent updated scan:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5010

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/1/2010 12:29:45 AM
mbam-log-2010-11-01 (00-29-45).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Objects scanned: 412868
Time elapsed: 1 hour(s), 29 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Here is my most recent "Online Armor++" Full Scan:

Online Armor++ Scan Oct 31 2010 430pm.


C:\Program Files\AT&T\Internet Security Wizard\ISW.exe:?SummaryInformation Suspicious (alternate data stream)
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe:?SummaryInformation Suspicious (alternate data stream)
C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe:?SummaryInformation Suspicious (alternate data stream)
C:\WINDOWS\$NtServicePackUninstall$\hotplug.dll:?SummaryInformation Suspicious (alternate data stream)
C:\WINDOWS\$NtServicePackUninstall$\lsass.exe:?SummaryInformation Suspicious (alternate data stream)
C:\WINDOWS\$NtServicePackUninstall$\wscript.exe:?SummaryInformation Suspicious (alternate data stream)

Here is the "Defogger-Disable" Log:

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 00:40 on 01/11/2010 (Yosemitest)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

I turned off all firewalls and antivirus, and tried to run DDS.scr, but it wouldn't finish even after 1 hour.
It locked up with 51 ":" across the "cmd" screen.

I tried to run GMER, but after about two hours, I got a blue screen with the following message:

A problem has been detected and windows has been shut down to prevent damage to your computer.
The problem seems to be caused by the following file: ugtiyfob.sys

PAGE_FAULT_IN_NONPAGED_AREA

If this is the first time you've seen this stop error screen, restart your computer.
If this screen appears again, follow these steps:

Check to make sure any new hardware or software is properly installed.
If this is a new installation, ask your hardware or softwsare manufacturer for any windows update you might need.
If problems continue, disable or remove any newly installed hardware or software.
Disable BIOS memory options such as cashing or shadowing.
If you need to use Safe Mode to remove or disable components, restart your computer, press F8 to select Advanced Startup options, and then select Safe Mode.

Technical information:
***STOP: 0x00000050 (0xAD1A9B30, 0x00000001, 0xACFEA389, 0x00000000)

*** ugtiyfob.sys - address ACFEA389 base at ACFDE000, Datestamp 4cbd99f2


That was the first time I've seen that blue screen message.

I really don't like turning OFF my firewall to run the DDS.scr and the GMER program.
Did I do it wrong?
What do I do to get rid of this problem?
Sincerely, Yosemitest.

#2 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 01 November 2010 - 02:41 PM

Hi,

Your MBR is not infected; you just have two hard drives.......


Disconnect from the Internet, then disable your security programs and try running DDS again.
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook

#3 yosemitest

yosemitest

    New Member

  • Members
  • Pip
  • 43 posts
  • Gender:Male
  • Location:Mississippi, USA

Posted 02 November 2010 - 02:18 AM

To screen317,

I've tried to run DDS three different ways, your suggestion first. After hours, it still locks up on the 51st colon.
The only way to cut the computer off is to hold down the power button until the light goes off.
Do you want me to uninstall the firewall?
I don't know what else to do.

Sincerely, Yosemitest

#4 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 03 November 2010 - 02:11 AM

Skip it for now. See if this runs:

Download RSIT by random/random and save it to your Desktop.
  • Double click RSIT.exe to start the tool and click Continue at the disclaimer.
  • When the scan completes it will open a log named log.txt maximized, and a log named info.txt minimized.
  • Please post the contents of both logs here in your next reply.

Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook

#5 yosemitest

yosemitest

    New Member

  • Members
  • Pip
  • 43 posts
  • Gender:Male
  • Location:Mississippi, USA

Posted 03 November 2010 - 02:23 AM

To screen317,

Forgive me. I'm on meds for a bad cold.
Do you want me to to off all antivirus and firewall to run this and do I disconnect from the internet to run it?

Sincerely, Yosemitest

#6 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 03 November 2010 - 02:31 AM

Yes and yes..
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook

#7 yosemitest

yosemitest

    New Member

  • Members
  • Pip
  • 43 posts
  • Gender:Male
  • Location:Mississippi, USA

Posted 03 November 2010 - 02:47 AM

To screen317,

I tried it and set "Online Armor++" to "Allow", "Trust", and "Install" for the RSIT.exe program. It worked.
Here's the log:

Logfile of random's system information tool 1.08 (written by random/random)
Run by Yosemitest at 2010-11-03 02:30:07
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 35 GB (60%) free of 57 GB
Total RAM: 1407 MB (64% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:31:31 AM, on 11/3/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ACS.exe
C:\Program Files\Tall Emu\Online Armor\OAcat.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Tall Emu\Online Armor\a2\AVGate.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\System32\svchost.exe
c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\Norton Ghost\Agent\VProTray.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Secunia\PSI\psi.exe
C:\Program Files\Tall Emu\Online Armor\OAhlp.exe
C:\Program Files\Tall Emu\Online Armor\OAscan.exe
C:\Documents and Settings\Yosemitest\Desktop\RSIT.exe
C:\Program Files\trend micro\Yosemitest.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/?_bc=1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\PROGRA~1\ATTTOO~1\ATTTOO~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\PROGRA~1\ATTTOO~1\ATTTOO~1.DLL
O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [Norton Ghost 12.0] "C:\Program Files\Norton Ghost\Agent\VProTray.exe"
O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} (Microsoft Genuine Advantage Self Support Tool) - http://go.microsoft....k/?LinkId=82580
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.s...abs/tgctlsr.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1263753328312
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1268878578687
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset...lineScanner.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadbl...ivex/sabspx.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.ad...Plus/1.6/gp.cab
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\ACS.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: Online Armor Helper Service (OAcat) - Unknown owner - C:\Program Files\Tall Emu\Online Armor\OAcat.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Unknown owner - C:\Program Files\Tall Emu\Online Armor\oasrv.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe

--
End of file - 9978 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{12D078C1-5059-4DE5-AB10-55AE476487A1}.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{D7C358D2-1DB2-4DF6-8C83-B029751EFA5B}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29}]
AT&&T Toolbar - C:\PROGRA~1\ATTTOO~1\ATTTOO~1.DLL [2008-05-23 1865544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C920E44A-7F78-4E64-BDD7-A57026E7FEB7}]
WOT Helper - C:\Program Files\WOT\WOT.dll [2010-03-03 1677472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-10-29 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2003-04-28 360448]
{4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - AT&&T Toolbar - C:\PROGRA~1\ATTTOO~1\ATTTOO~1.DLL [2008-05-23 1865544]
{71576546-354D-41c9-AAE8-31F2EC22BF0D} - WOT - C:\Program Files\WOT\WOT.dll [2010-03-03 1677472]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"CeEKEY"=C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe [2004-05-06 638976]
"Norton Ghost 12.0"=C:\Program Files\Norton Ghost\Agent\VProTray.exe [2007-03-28 2037352]
"@OnlineArmor GUI"=C:\Program Files\Tall Emu\Online Armor\oaui.exe [2010-10-30 2345000]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-09-08 421888]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-09-11 218032]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-04-22 335872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe [2006-11-15 1121016]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe

C:\Documents and Settings\Yosemitest\Start Menu\Programs\Startup
Secunia PSI.lnk - C:\Program Files\Secunia\PSI\psi.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2009-09-03 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"=C:\PROGRA~1\TALLEM~1\ONLINE~1\oaevent.dll [2010-10-30 353992]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\BITS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MSIServer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rootrepeal.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WUAUSERV]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"RestrictRun"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveSearch"=1
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"RestrictRun"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\Network Diagnostic\xpnetdiag.exe"="C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000"
"C:\Program Files\My Opera Web Browser\opera.exe"="C:\Program Files\My Opera Web Browser\opera.exe:*:Enabled:Opera Internet Browser"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-11-03 02:30:07 ----D---- C:\rsit
2010-10-30 00:50:57 ----ASH---- C:\hiberfil.sys
2010-10-29 12:37:07 ----A---- C:\WINDOWS\system32\javaws.exe
2010-10-29 12:37:07 ----A---- C:\WINDOWS\system32\javaw.exe
2010-10-29 12:37:07 ----A---- C:\WINDOWS\system32\java.exe
2010-10-29 11:57:15 ----HDC---- C:\WINDOWS\$NtUninstallKB2360937$
2010-10-29 11:57:01 ----HDC---- C:\WINDOWS\$NtUninstallKB2279986$
2010-10-29 11:56:48 ----HDC---- C:\WINDOWS\$NtUninstallKB981957$
2010-10-29 11:56:36 ----HDC---- C:\WINDOWS\$NtUninstallKB982132$
2010-10-29 11:52:54 ----HDC---- C:\WINDOWS\$NtUninstallKB2387149$
2010-10-29 11:52:30 ----HDC---- C:\WINDOWS\$NtUninstallKB2378111_WM9$
2010-10-29 11:51:34 ----HDC---- C:\WINDOWS\$NtUninstallKB2345886$
2010-10-29 11:51:21 ----HDC---- C:\WINDOWS\$NtUninstallKB2296011$
2010-10-29 11:51:06 ----HDC---- C:\WINDOWS\$NtUninstallKB979687$
2010-10-29 11:30:43 ----D---- C:\Documents and Settings\Yosemitest\Application Data\Leadertech
2010-10-29 11:30:35 ----D---- C:\EPSONREG
2010-10-29 11:27:44 ----RA---- C:\WINDOWS\StiRegstEng.dll
2010-10-29 11:27:44 ----A---- C:\WINDOWS\system32\Vbar332.dll
2010-10-29 11:27:44 ----A---- C:\WINDOWS\system32\Vb5db.dll
2010-10-29 11:27:43 ----A---- C:\WINDOWS\system32\rapi.dll
2010-10-29 11:27:43 ----A---- C:\WINDOWS\system32\Msxbse35.dll
2010-10-29 11:27:43 ----A---- C:\WINDOWS\system32\Mstext35.dll
2010-10-29 11:27:43 ----A---- C:\WINDOWS\system32\Msrepl35.dll
2010-10-29 11:27:43 ----A---- C:\WINDOWS\system32\Msrd2x35.dll
2010-10-29 11:27:43 ----A---- C:\WINDOWS\system32\mspdox35.dll
2010-10-29 11:27:43 ----A---- C:\WINDOWS\system32\msltus35.dll
2010-10-29 11:27:43 ----A---- C:\WINDOWS\system32\msjter35.dll
2010-10-29 11:27:43 ----A---- C:\WINDOWS\system32\msjint35.dll
2010-10-29 11:27:43 ----A---- C:\WINDOWS\system32\Msjet35.dll
2010-10-29 11:27:43 ----A---- C:\WINDOWS\system32\Msexcl35.dll
2010-10-29 11:27:42 ----A---- C:\WINDOWS\system32\ceutil.dll
2010-10-29 11:27:26 ----D---- C:\Program Files\NewSoft
2010-10-29 11:25:27 ----D---- C:\Program Files\ABBYY FineReader 5.0 Sprint
2010-10-29 11:24:58 ----A---- C:\WINDOWS\system32\PyWinTypes21.dll
2010-10-29 11:24:58 ----A---- C:\WINDOWS\system32\pythoncom21.dll
2010-10-29 11:24:58 ----A---- C:\WINDOWS\system32\python21.dll
2010-10-29 11:24:54 ----D---- C:\Program Files\Common Files\Python
2010-10-29 11:20:52 ----N---- C:\WINDOWS\system32\epDPE.ini
2010-10-29 11:20:52 ----A---- C:\WINDOWS\SlantAdj.dll
2010-10-29 11:20:52 ----A---- C:\WINDOWS\ADE.DLL
2010-10-29 11:19:35 ----A---- C:\WINDOWS\system32\drivers\usbscan.sys
2010-10-29 11:19:27 ----D---- C:\Program Files\Smart Panel
2010-10-29 11:18:27 ----A---- C:\WINDOWS\system32\ESWIA30.dll
2010-10-29 11:18:27 ----A---- C:\WINDOWS\system32\esint30.dll
2010-10-29 11:18:26 ----A---- C:\WINDOWS\system32\ESDTR.dll
2010-10-29 11:18:23 ----D---- C:\Program Files\EPSON
2010-10-29 11:17:32 ----A---- C:\WINDOWS\EPSON Perfection 1670.ini

======List of files/folders modified in the last 1 months======

2010-11-03 02:31:31 ----D---- C:\Program Files\Trend Micro
2010-11-03 02:30:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-11-03 02:19:30 ----D---- C:\WINDOWS\temp
2010-11-02 19:44:01 ----D---- C:\WINDOWS\Prefetch
2010-11-02 11:10:01 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2010-11-02 11:10:00 ----D---- C:\WINDOWS
2010-11-02 11:09:51 ----D---- C:\WINDOWS\system32\CatRoot2
2010-11-02 03:09:01 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2010-11-02 03:08:57 ----D---- C:\Program Files\SpywareBlaster
2010-11-02 03:05:26 ----A---- C:\WINDOWS\ModemLog_TOSHIBA Software Modem.txt
2010-10-31 18:32:19 ----D---- C:\WINDOWS\system32
2010-10-31 05:10:34 ----A---- C:\WINDOWS\info.txt
2010-10-30 23:02:18 ----D---- C:\WINDOWS\system32\drivers
2010-10-30 21:38:22 ----SHD---- C:\WINDOWS\Installer
2010-10-30 21:38:16 ----D---- C:\Program Files\My Opera Web Browser
2010-10-30 00:14:47 ----HD---- C:\WINDOWS\inf
2010-10-29 13:52:34 ----RA---- C:\Boot.ini
2010-10-29 13:33:18 ----RSD---- C:\WINDOWS\assembly
2010-10-29 13:33:18 ----D---- C:\WINDOWS\Microsoft.NET
2010-10-29 13:08:27 ----D---- C:\WINDOWS\Debug
2010-10-29 12:57:25 ----D---- C:\Program Files\CCleaner
2010-10-29 12:45:55 ----D---- C:\Program Files\Common Files\Adobe
2010-10-29 12:45:54 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2010-10-29 12:39:36 ----D---- C:\Program Files\Common Files\Adobe AIR
2010-10-29 12:36:34 ----A---- C:\WINDOWS\system32\deployJava1.dll
2010-10-29 12:19:39 ----D---- C:\Program Files\Internet Explorer
2010-10-29 12:12:27 ----A---- C:\WINDOWS\system32\MRT.exe
2010-10-29 12:06:51 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-10-29 12:06:15 ----D---- C:\WINDOWS\WinSxS
2010-10-29 11:57:19 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-10-29 11:57:14 ----HD---- C:\WINDOWS\$hf_mig$
2010-10-29 11:56:18 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2010-10-29 11:28:58 ----D---- C:\Program Files\ArcSoft
2010-10-29 11:28:54 ----HD---- C:\Program Files\InstallShield Installation Information
2010-10-29 11:27:26 ----RD---- C:\Program Files
2010-10-29 11:24:54 ----D---- C:\Program Files\Common Files
2010-10-29 11:21:08 ----D---- C:\WINDOWS\Logs
2010-10-29 11:18:23 ----D---- C:\WINDOWS\twain_32
2010-10-29 11:15:01 ----D---- C:\WINDOWS\system32\drivers\etc

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 caboagp;ATI Cabo AGP Filter; C:\WINDOWS\System32\DRIVERS\atisgkaf.sys [2003-04-23 13174]
R0 drvmcdb;drvmcdb; C:\WINDOWS\System32\Drivers\DRVMCDB.SYS [2006-10-25 99816]
R0 ohci1394;Texas Instruments OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\System32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2006-08-09 36560]
R0 symsnap;Symantec Volume Snap Shot Driver; C:\WINDOWS\system32\DRIVERS\symsnap.sys [2007-03-28 131944]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2006-09-15 12920]
R1 DLARTL_M;DLARTL_M; C:\WINDOWS\System32\Drivers\DLARTL_M.SYS [2006-09-15 28184]
R1 ECioctl;ECioctl; C:\WINDOWS\System32\Drivers\ECioctl.sys [2004-05-06 4816]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 meiudf;meiudf; C:\WINDOWS\System32\Drivers\meiudf.sys [2003-10-24 90416]
R1 OADevice;OADriver; \??\C:\WINDOWS\system32\drivers\OADriver.sys []
R1 oahlpXX;Online Armor helper driver; \??\C:\WINDOWS\system32\drivers\oahlp32.sys []
R1 OAmon;OAmon; \??\C:\WINDOWS\system32\drivers\OAmon.sys []
R1 OAnet;OAnet; \??\C:\WINDOWS\system32\drivers\OAnet.sys []
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS []
R1 SrvcEKIOMngr;SrvcEKIOMngr; C:\WINDOWS\System32\Drivers\EKIoMngr.sys [2004-05-05 6272]
R1 SrvcEPIOMngr;SrvcEPIOMngr; C:\WINDOWS\System32\Drivers\EPIoMngr.sys [2004-05-05 6272]
R1 SrvcSSIOMngr;SrvcSSIOMngr; C:\WINDOWS\System32\Drivers\SSIoMngr.sys [2004-05-05 6272]
R1 SrvcTPIOMngr;SrvcTPIOMngr; C:\WINDOWS\System32\Drivers\TPIoMngr.sys [2004-05-05 6272]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2003-12-02 8552]
R2 DLABMFSM;DLABMFSM; C:\WINDOWS\System32\DLA\DLABMFSM.SYS [2006-11-01 35064]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2006-11-01 32472]
R2 DLADResM;DLADResM; C:\WINDOWS\System32\DLA\DLADResM.SYS [2006-11-01 9400]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2006-11-01 104760]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2006-11-01 26744]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2006-11-01 14520]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2006-11-01 98104]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2006-11-01 94648]
R2 drvnddm;drvnddm; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2006-09-15 51768]
R2 irda;IrDA Protocol; C:\WINDOWS\System32\DRIVERS\irda.sys [2008-04-14 88192]
R2 MDC8021X;AEGIS Protocol (IEEE 802.1x) v2.3.1.9; C:\WINDOWS\System32\DRIVERS\mdc8021x.sys [2003-12-02 15781]
R2 Netdevio;TOSHIBA Network Device Usermode I/O Protocol; C:\WINDOWS\System32\DRIVERS\netdevio.sys [2003-01-29 12032]
R2 TBiosDrv;TBiosDrv; \??\C:\WINDOWS\System32\drivers\TBiosDrv.sys []
R2 v2imount;Symantec V2i Mount Driver; C:\WINDOWS\system32\DRIVERS\v2imount.sys [2007-03-28 37864]
R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\WINDOWS\System32\DRIVERS\AGRSM.sys [2004-02-20 1265388]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2008-09-24 4122368]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\System32\DRIVERS\Apfiltr.sys [2004-05-08 101833]
R3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\System32\DRIVERS\ar5211.sys [2004-04-18 380160]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2004-04-22 729088]
R3 DKbFltr;Dritek HotKey Keyboard Filter Driver; C:\WINDOWS\System32\Drivers\DKbFltr.sys [2004-01-12 17497]
R3 EMSCR;EMSCR; C:\WINDOWS\System32\DRIVERS\EMS7SK.sys [2004-05-18 57216]
R3 EPOWER;Compal E-POWER Driver; C:\WINDOWS\System32\Drivers\hkdrv.sys [2004-05-20 4224]
R3 ESDCR;ESDCR; C:\WINDOWS\System32\DRIVERS\ESD7SK.sys [2004-05-18 36224]
R3 ESMCR;ESMCR; C:\WINDOWS\System32\DRIVERS\ESM7SK.sys [2004-05-11 330496]
R3 GEARAspiWDM;GearAspiWDM; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2007-03-28 15664]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2002-10-01 9856]
R3 PSI;PSI; C:\WINDOWS\system32\DRIVERS\psi_mf.sys [2010-07-07 14904]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2009-03-25 130432]
R3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\System32\DRIVERS\smcirda.sys [2002-11-05 39424]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2006-07-24 2432]
S1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2006-07-24 2560]
S3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2003-12-11 391424]
S3 catchme;catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys []
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS []
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS []
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 RTL8023;Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver; C:\WINDOWS\System32\DRIVERS\Rtlnic51.sys [2003-08-13 65280]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 SABProcEnum;SABProcEnum; \??\C:\Program Files\Internet Explorer\SABProcEnum.sys []
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 VProEventMonitor;Symantec Event Monitor Driver; C:\WINDOWS\system32\DRIVERS\vproeventmonitor.sys [2007-03-28 14072]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\System32\DRIVERS\wanatw4.sys []
S3 WimFltr;WimFltr; C:\WINDOWS\system32\DRIVERS\wimfltr.sys [2007-03-28 128104]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 RxFilter;RxFilter; C:\WINDOWS\system32\DRIVERS\RxFilter.sys [2006-12-02 50688]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACS;Atheros Configuration Service; C:\WINDOWS\System32\ACS.exe [2004-04-09 20480]
R2 CeEPwrSvc;CeEPwrSvc; C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe [2004-01-08 36973]
R2 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2004-03-04 28672]
R2 DVD-RAM_Service;DVD-RAM_Service; C:\WINDOWS\System32\DVDRAMSV.exe [2003-05-23 106496]
R2 IntuitUpdateService;Intuit Update Service; C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [2009-09-29 13088]
R2 Irmon;Infrared Monitor; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 McciCMService;McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [2010-07-27 319488]
R2 Norton Ghost;Norton Ghost; C:\Program Files\Norton Ghost\Agent\VProSvc.exe [2007-03-28 3290728]
R2 OAcat;Online Armor Helper Service; C:\Program Files\Tall Emu\Online Armor\OAcat.exe [2010-10-30 380784]
R2 SvcOnlineArmor;Online Armor; C:\Program Files\Tall Emu\Online Armor\oasrv.exe [2010-10-30 3653208]
R2 Swupdtmr;Swupdtmr; c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe [2004-05-13 53248]
S2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [2004-04-22 397312]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 267776]
S2 Roxio Upnp Server 9;Roxio Upnp Server 9; C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe [2006-12-13 294912]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 getPlusHelper;getPlus® Helper; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Roxio UPnP Renderer 9;Roxio UPnP Renderer 9; C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe [2006-12-13 57344]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2007-01-16 880640]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2007-01-15 73728]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe []
S4 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE []
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------


I edited out my name from the "Computer Name" and replaced it with "(my name)". I hope you don't mind that.
Here's the info log:

info.txt logfile of random's system information tool 1.08 2010-11-03 02:31:44

======Uninstall list======

-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\NewSoft\BizCard 4.1 Eng\Uninst.isu" -c"C:\WINDOWS\StiRegstEng.dll"
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
-->MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
-->MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
-->MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
-->MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11E83B33-972B-4512-A447-FF0FD0246EE9}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{21B6F79B-2286-4BB0-B1E3-BA6B9498D110}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23EFDB58-0874-4883-9810-EDA510B19FAE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2BB79C8D-9DCC-4861-8A23-AE1B0B45E2B6}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2BFBC62A-3353-443D-93BE-7AC641D9F342}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5D1A81AA-ED90-11D6-86D3-00055DF3561E}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B100B05B-E290-41EF-9366-8BC4C76D7769}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B14F9B26-D695-4C4A-8B11-0FE6CDCC797B}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D3568156-59C3-42DF-A520-2C25B6706C91}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E213C271-AEFA-481D-A9B4-914D88925B8D}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FAD9402A-1A9B-4ABE-A410-393A3622FA5A}\setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 5.0 Sprint-->MsiExec.exe /X{D1696920-9794-4BBC-8A30-7A88763DE5A2}
Acrobat.com-->msiexec /qb /x {6421F085-1FAA-DE13-D02A-CFB412C522A4}
Acrobat.com-->MsiExec.exe /I{6421F085-1FAA-DE13-D02A-CFB412C522A4}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}
Adobe Download Manager-->"C:\WINDOWS\system32\rundll32.exe" "C:\Program Files\NOS\bin\getPlus_Helper.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe -maintain activex
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10k_Plugin.exe -maintain plugin
Adobe Reader 9.4.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A94000000001}
ALPS Touch Pad Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}\setup.exe" UNINSTALL
AnswerWorks 4.0 Runtime - English-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}\setup.exe" -l0x9 -removeonly
AnswerWorks 5.0 English Runtime-->MsiExec.exe /I{9E5A03E3-6246-4920-9630-0527D5DA9B07}
Apple Application Support-->MsiExec.exe /I{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArcSoft PhotoImpression-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6C5D7191-140A-11D6-B5A0-0050DA208A93}\SETUP.EXE" -l0x9 -uninst
ArcSoft Software Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BA561482-C49D-4687-A61C-96236C1688F0}\Setup.exe" -l0x9
AT&T Connection Services Manager-->C:\WINDOWS\WNBackup\WnClient62\unwise32.exe /Z /U C:\WINDOWS\WNBackup\WnClient62\install.log "AT&T Connection Services Manager"
AT&T Self Support Tool-->C:\Program Files\ATT-SST\Uninstall.exe
AT&T Toolbar-->C:\Program Files\ATTToolbar\uninstall.exe
Atheros Client Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{71D658CF-4E0D-4DA8-AA67-8C0B6F1C01FE}\Setup.exe" -l0x9
Atheros Wireless LAN MiniPCI card Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{05832D65-6EDB-4D32-BA78-BCD0E2B91C02}\Setup.exe" -l0x9
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
att.net Internet Mail-->C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\Ymmapi.dll
ATT-PRT22-->C:\PROGRA~1\ATT-PR~2\UNWISE.EXE C:\PROGRA~1\ATT-PR~2\INSTALL.LOG
Canon Camera Window for ZoomBrowser EX-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{A29EA741-24F7-4C07-9B2C-06CB6491BE4A}
Canon i80-->C:\WINDOWS\system32\CNMCP5u.exe "-PRINTERNAMECanon i80" "-HELPERDLLC:\BJPrinter\CNMWINDOWS\Canon i80 Installer\Inst2\cnmis.dll" "-RCDLLC:\BJPrinter\CNMWINDOWS\Canon i80 Installer\Inst2\cnmi0409.dll"
Canon PhotoRecord-->MsiExec.exe /X{BEF56F2D-56ED-4176-BF72-7B68D4A3B98D}
Canon RAW Image Task for ZoomBrowser EX-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{FAF0DAD8-1EA7-4FEF-80E5-8D8D6EBD5A23}
Canon RemoteCapture Task for ZoomBrowser EX-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{2236B741-6631-49AE-B76E-3E14CA01CC87}
Canon Utilities Easy-PhotoPrint Plus-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Canon\Easy-PhotoPrint Plus\Uninst.isu" -c"C:\Program Files\Canon\Easy-PhotoPrint Plus\EZUNINST.DLL"
Canon Utilities Easy-PhotoPrint-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Canon\Easy-PhotoPrint\Uninst.isu" -c"C:\Program Files\Canon\Easy-PhotoPrint\EZUNINST.DLL"
Canon Utilities PhotoStitch 3.1-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{03CDDD00-BD57-4326-9480-4C74449AF597}
Canon Utilities ZoomBrowser EX-->MsiExec.exe /X{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
CD/DVD Drive Acoustic Silencer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}\Setup.exe" -l0x9
DVD-RAM Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}\Setup.exe" DVD-RAM Driver
Easy Button-->C:\WINDOWS\UnInst32.exe EzButton.UNI
Easy-WebPrint-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu"
EPSON Copy Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B69CC1A5-0404-11D6-ABCB-005004C21D30}\setup.exe" -l0x9 ADDREMOVEDLG
EPSON PERF 1670 Guide-->C:\Program Files\epson\guide\perf1670_e\uninstall.exe
EPSON Photo Print-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F9F3775-7E5B-4028-B5E5-DA1C042517A8}\setup.exe" -l0x9 MyUninstall
EPSON Scan-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0E0131B2-CF18-40D9-A331-60A3746C1204}\SETUP.EXE" -l0x9 UNINSTALL
EPSON Smart Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6C11D561-620B-47DA-A693-4C597F3CDF40}\SETUP.EXE" -l0x9 Uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB2158563)-->"C:\WINDOWS\$NtUninstallKB2158563$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB981793)-->"C:\WINDOWS\$NtUninstallKB981793$\spuninst\spuninst.exe"
Hoyle Board Games 2005-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB1CCBED-FA66-4D30-BFD7-EF20AD0A81FE}\setup.exe" -l0x9
Hoyle Puzzle Games 2005-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A3EAB67E-9B37-4B74-AFE6-D418D5F6F3D4}\setup.exe" -l0x9
i80 Setup Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CFA679D8-5216-4E10-B7D3-BA4033A6991E}\setup.exe" /SUUninstall
InterVideo WinDVD for Toshiba-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
Java™ 6 Update 22-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216022FF}
Learn2 Player (Uninstall Only)-->C:\Program Files\Learn2.com\StRunner\stuninst.exe
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Security Update (KB2416447)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M2416447\M2416447Uninstall.msp"
Microsoft .NET Framework 1.1 Security Update (KB979906)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M979906\M979906Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft .NET Framework 4 Client Profile-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft .NET Framework 4 Extended-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\Setup.exe /repair /x86 /parameterfolder Extended
Microsoft .NET Framework 4 Extended-->MsiExec.exe /X{0A0CADCF-78DA-33C4-A350-CD51849B9702}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Standard 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall STANDARDR /dll OSETUP.DLL
Microsoft Office Standard 2007-->MsiExec.exe /X{91120000-0012-0000-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 6 Service Pack 2 (KB973686)-->MsiExec.exe /I{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA}
Norton Ghost-->MsiExec.exe /I{B0255743-165B-4BD5-8DA8-37DFB9930012}
Notebook Maximizer-->C:\WINDOWS\iun506.exe C:\Program Files\Notebook Maximizer\irunin.ini
Online Armor 4.0-->"C:\Program Files\Tall Emu\Online Armor\unins000.exe"
Opera 10.63-->MsiExec.exe /X{2E190C8E-682A-409D-9329-539E24C9D1C1}
Presto! BizCard 4.0 Component for Windows CE-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{41B20968-B2E1-49C0-9508-CC1544D568F5}\setup.exe" -l0x9
Presto! BizCard 4.1 Eng-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\NewSoft\BizCard 4.1 Eng\Uninst.isu"
QuickTime-->MsiExec.exe /I{E7004147-2CCA-431C-AA05-2AB166B9785D}
RealPlayer Basic-->C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly
Realtek Fast Ethernet Adapter Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{97AA0C55-AFAD-4126-B21C-F1318FB6DADA}\Setup.exe" -l0x9 REMOVE
Roxio Burn Engine-->MsiExec.exe /X{9860A9CF-7E71-43AC-888F-0B4D3EA212D1}
Roxio Drag-to-Disc-->MsiExec.exe /I{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}
Roxio Easy CD and DVD Burning-->MsiExec.exe /I{6599091B-D42D-4765-ABC3-8B25E844C746}
ScanToWeb-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}\setup.exe" ADDREMOVEDLG
Secunia PSI-->"C:\Program Files\Secunia\PSI\uninstall.exe"
Security Update for 2007 Microsoft Office System (KB2288621)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {5C497F0B-2061-4CC9-A61C-6B45B867354D}
Security Update for 2007 Microsoft Office System (KB2344875)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {6FC5C4C1-D7AE-44C3-94B7-6424FC3E752F}
Security Update for 2007 Microsoft Office System (KB2345043)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {536FB502-775F-4494-BACE-C02CC90B7A5B}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}
Security Update for 2007 Microsoft Office System (KB982312)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {B0EC5722-241F-4CDA-83B4-AA5846B6F9F4}
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A8894F19-59C8-38D2-8A75-36C0CCE56A5B} /qb+ REBOOTPROMPT=""
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {7A2C18A1-D2A2-3177-82F1-5FE9CC08ECB0} /parameterfolder Extended
Security Update for Microsoft Office Excel 2007 (KB2345035)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {B23002DD-34EC-4988-B810-A5E2A0BF04F1}
Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}
Security Update for Microsoft Office Outlook 2007 (KB2288953)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {8B772E1C-7C05-42D2-839D-3EC2D39EFF22}
Security Update for Microsoft Office PowerPoint 2007 (KB982158)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {F5B70033-E79C-4569-90BF-BC9B4E4F3F46}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Word 2007 (KB2344993)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {7A5B74FA-7A92-4FC9-821A-2DD5D4E73E48}
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2183461)-->"C:\WINDOWS\ie8updates\KB2183461-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2360131)-->"C:\WINDOWS\ie8updates\KB2360131-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB978207)-->"C:\WINDOWS\ie8updates\KB978207-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB981332)-->"C:\WINDOWS\ie8updates\KB981332-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB982381)-->"C:\WINDOWS\ie8updates\KB982381-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB2378111)-->"C:\WINDOWS\$NtUninstallKB2378111_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB975558)-->"C:\WINDOWS\$NtUninstallKB975558_WM8$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB978695)-->"C:\WINDOWS\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2079403)-->"C:\WINDOWS\$NtUninstallKB2079403$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2115168)-->"C:\WINDOWS\$NtUninstallKB2115168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2121546)-->"C:\WINDOWS\$NtUninstallKB2121546$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2160329)-->"C:\WINDOWS\$NtUninstallKB2160329$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2229593)-->"C:\WINDOWS\$NtUninstallKB2229593$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2259922)-->"C:\WINDOWS\$NtUninstallKB2259922$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2279986)-->"C:\WINDOWS\$NtUninstallKB2279986$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2286198)-->"C:\WINDOWS\$NtUninstallKB2286198$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2296011)-->"C:\WINDOWS\$NtUninstallKB2296011$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2347290)-->"C:\WINDOWS\$NtUninstallKB2347290$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2360937)-->"C:\WINDOWS\$NtUninstallKB2360937$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2387149)-->"C:\WINDOWS\$NtUninstallKB2387149$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975562)-->"C:\WINDOWS\$NtUninstallKB975562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977165-v2)-->"C:\WINDOWS\$NtUninstallKB977165-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979482)-->"C:\WINDOWS\$NtUninstallKB979482$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979559)-->"C:\WINDOWS\$NtUninstallKB979559$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979687)-->"C:\WINDOWS\$NtUninstallKB979687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980195)-->"C:\WINDOWS\$NtUninstallKB980195$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980218)-->"C:\WINDOWS\$NtUninstallKB980218$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980436)-->"C:\WINDOWS\$NtUninstallKB980436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981322)-->"C:\WINDOWS\$NtUninstallKB981322$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981852)-->"C:\WINDOWS\$NtUninstallKB981852$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981957)-->"C:\WINDOWS\$NtUninstallKB981957$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981997)-->"C:\WINDOWS\$NtUninstallKB981997$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982132)-->"C:\WINDOWS\$NtUninstallKB982132$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982214)-->"C:\WINDOWS\$NtUninstallKB982214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982665)-->"C:\WINDOWS\$NtUninstallKB982665$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982802)-->"C:\WINDOWS\$NtUninstallKB982802$\spuninst\spuninst.exe"
SMSC IrCC V5.1.3600.3 SP1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F1B8DB67-D30E-4FF9-A85F-3CEE51825AA2}\setup.exe" -l0x9 UNINSTALL
Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster 4.4-->"C:\Program Files\SpywareBlaster\unins000.exe"
SRS WOW XT Plug-In for Windows Media Player for Toshiba version 1.0.1-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{68D368EE-F5AC-4402-BD45-B454B5453FE1} /l1033
SUPERAntiSpyware-->"C:\Program Files\SUPERAntiSpyware\Uninstall.exe"
TOSHIBA Access-->C:\WINDOWS\TOSHIB~2\UNWISE.EXE C:\WINDOWS\TOSHIB~2\INSTALL.LOG
TOSHIBA ConfigFree-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}\setup.exe" -l0x9 UNINSTALL
TOSHIBA Console-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3CF0858D-1AC5-4308-9DE7-AD15288A8BDC}\Setup.exe" -l0x9
TOSHIBA Fax Extension-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9AC200C3-A4C8-401C-A5A8-202BE888B165}\setup.exe"
TOSHIBA Hotkey Utility-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{F821C9EC-BC2E-4FC4-993D-88B8B30C3AD6} /l1033
TOSHIBA PC Diagnostic Tool-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\TOSHIBA\PCDiag\Uninst.isu"
TOSHIBA Power Management Utility-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{6F6FF691-A9FA-46D3-B1B0-3F971E1B65DD} /l1033
Toshiba Registration-->MsiExec.exe /X{F6C405D2-C50D-4D10-B89E-73A233A14D74}
TOSHIBA Software Modem-->Tosmreg -U
TOSHIBA Software Upgrades-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F69B66A8-61C9-424C-AFA1-7EC6093AC5AD}\setup.exe"
TOSHIBA Speech System Applications-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}\Setup.exe" -l0x9
TOSHIBA Speech System SR Engine(U.S.) Version1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{008D69EB-70FF-46AB-9C75-924620DF191A}\Setup.exe" -l0x9 UNINSTALL
TOSHIBA Speech System TTS Engine(U.S.) Version1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}\Setup.exe" -l0x9
Toshiba Tbiosdrv Driver-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Toshiba\Toshiba Tbiosdrv Driver\Tbiosdrv.isu"
Touch and Launch-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5D96E2B1-D9AC-46E0-9073-425C5F63E338}\Setup.exe"
TouchPad On/Off Utility-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{F48D45F4-8728-41D5-8F60-C22B48009736} /l1033
TurboTax 2008 WinPerFedFormset-->MsiExec.exe /I{7570F1CA-016D-46AC-B586-CD74645EFB52}
TurboTax 2008 WinPerProgramHelp-->MsiExec.exe /I{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}
TurboTax 2008 WinPerReleaseEngine-->MsiExec.exe /I{88214092-836F-4E22-A5AC-569AC9EE6A0F}
TurboTax 2008 WinPerTaxSupport-->MsiExec.exe /I{B23726CF-68BF-41A6-A4EB-72F12F87FE05}
TurboTax 2008 WinPerUserEducation-->MsiExec.exe /I{29521505-F489-4822-ADFA-32C6DEE4F114}
TurboTax 2008 wmsiper-->MsiExec.exe /I{44A7867C-E3F4-4F96-8948-FDE62D23AD29}
TurboTax 2008 wrapper-->MsiExec.exe /I{B1DB1AD8-C07E-4052-81A1-D2930232BA70}
TurboTax 2008-->C:\Program Files\TurboTax\Home & Business 2008\Installer\TurboTax 2008 Installer.exe /u /t /a
TurboTax 2009 WinPerFedFormset-->MsiExec.exe /I{3881DB80-EAA2-012B-ADAE-000000000000}
TurboTax 2009 WinPerReleaseEngine-->MsiExec.exe /I{38975F50-EAA2-012B-ADB4-000000000000}
TurboTax 2009 WinPerTaxSupport-->MsiExec.exe /I{38A34630-EAA2-012B-ADB6-000000000000}
TurboTax 2009 wmsiper-->MsiExec.exe /I{3A59F6E0-EAA2-012B-AE20-000000000000}
TurboTax 2009 wrapper-->MsiExec.exe /I{3C5A81D0-EAA2-012B-AE9F-000000000000}
TurboTax 2009-->C:\Program Files\TurboTax\Home & Business 2009\Installer\TurboTax 2009 Installer.exe /u /t /a
TurboTax Home & Business 2007-->C:\Program Files\TurboTax\Home & Business 2007\TaxUnst.EXE "C:\Program Files\TurboTax\Home & Business 2007\Uninstall.log" -NoGui
TurboTax ItsDeductible 2006-->MsiExec.exe /X{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}
TurboTax Premier Investments 2006-->C:\Program Files\TurboTax\Premier 2006\TaxUnst.EXE "C:\Program Files\TurboTax\Premier 2006\Uninstall.log" -NoGui
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}
Update for Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {0451F231-E3E3-4943-AB9F-58EB96171784}
Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}
Update for Microsoft Windows (KB971513)-->"C:\WINDOWS\$NtUninstallKB971513$\spuninst\spuninst.exe"
Update for Outlook 2007 Junk Email Filter (kb2410711)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {BB5A2EB0-4515-4C6B-A618-A6F6B0AB7BAA}
Update for Windows Internet Explorer 8 (KB2362765)-->"C:\WINDOWS\ie8updates\KB2362765-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB976662)-->"C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB980182)-->"C:\WINDOWS\ie8updates\KB980182-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB980302)-->"C:\WINDOWS\ie8updates\KB980302-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB982632)-->"C:\WINDOWS\ie8updates\KB982632-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB982664)-->"C:\WINDOWS\ie8updates\KB982664-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB2141007)-->"C:\WINDOWS\$NtUninstallKB2141007$\spuninst\spuninst.exe"
Update for Windows XP (KB2345886)-->"C:\WINDOWS\$NtUninstallKB2345886$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Update for Windows XP (KB978207)-->"C:\WINDOWS\$NtUninstallKB978207$\spuninst\spuninst.exe"
WexTech AnswerWorks-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}\SETUP.EXE" -l0x9 -eliminate
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Management Framework Core-->"C:\WINDOWS\$968930Uinstall_KB968930$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WOT for Internet Explorer-->MsiExec.exe /X{DB0BB9FA-1B60-4036-8E29-3D56D8085256}

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: Online Armor ++
FW: Online Armor Firewall

======System event log======

Computer Name: (my name)
Event Code: 7026
Message: The following boot-start or system-start driver(s) failed to load:
Cdr4_xp

Record Number: 14211
Source Name: Service Control Manager
Time Written: 20101030212225.000000-300
Event Type: error
User:

Computer Name: (my name)
Event Code: 1007
Message: Your computer has automatically configured the IP address for the Network
Card with network address 00023FDCC27D. The IP address being used is 169.254.32.12.

Record Number: 14209
Source Name: Dhcp
Time Written: 20101030212124.000000-300
Event Type: warning
User:

Computer Name: (my name)
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 00023FDCC27D. The following
error occurred:
The semaphore timeout period has expired.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 14208
Source Name: Dhcp
Time Written: 20101030212115.000000-300
Event Type: warning
User:

Computer Name: (my name)
Event Code: 10000
Message: Unable to start a DCOM Server: {FFF2D28F-E4EE-44D9-8104-8E71556757F6}.
The error:
"%5"
Happened while starting this command:
"C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe" -Embedding

Record Number: 14205
Source Name: DCOM
Time Written: 20101030211633.000000-300
Event Type: error
User: (my name)\Yosemitest

Computer Name: (my name)
Event Code: 10000
Message: Unable to start a DCOM Server: {FFF2D28F-E4EE-44D9-8104-8E71556757F6}.
The error:
"%5"
Happened while starting this command:
"C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe" -Embedding

Record Number: 14204
Source Name: DCOM
Time Written: 20101030210623.000000-300
Event Type: error
User: (my name)\Yosemitest

=====Application event log=====

Computer Name: (my name)
Event Code: 4356
Message: The COM+ Event System failed to create an instance of the subscriber partition:{41E90F3E-56C1-4633-81C3-6E8BAC8BDD70}!new:{58FC39EB-9DBD-4EA7-B7B4-9404CC6ACFAB}. CoGetObject returned HRESULT 8000401A.
Record Number: 929
Source Name: EventSystem
Time Written: 20100419150351.000000-300
Event Type: warning
User:

Computer Name: (my name)
Event Code: 5000
Message:
Record Number: 922
Source Name: MPSampleSubmission
Time Written: 20100419140335.000000-300
Event Type: error
User:

Computer Name: (my name)
Event Code: 4356
Message: The COM+ Event System failed to create an instance of the subscriber partition:{41E90F3E-56C1-4633-81C3-6E8BAC8BDD70}!new:{58FC39EB-9DBD-4EA7-B7B4-9404CC6ACFAB}. CoGetObject returned HRESULT 8000401A.
Record Number: 921
Source Name: EventSystem
Time Written: 20100419120106.000000-300
Event Type: warning
User:

Computer Name: (my name)
Event Code: 1517
Message: Windows saved user (my name)\Yosemitest registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 899
Source Name: Userenv
Time Written: 20100418173750.000000-300
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: (my name)
Event Code: 1517
Message: Windows saved user (my name)\Yosemitest registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 893
Source Name: Userenv
Time Written: 20100418172355.000000-300
Event Type: warning
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared;C:\Program Files\QuickTime\QTSystem;C:\WINDOWS\system32\WindowsPowerShell\v1.0
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 3 Stepping 4, GenuineIntel
"PROCESSOR_REVISION"=0304
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.PSC1
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
"PSModulePath"=C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

#8 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 04 November 2010 - 08:40 PM

Hi,

Please visit this webpage for instructions for running ComboFix:
http://www.bleepingc...to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.


-screen317
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook

#9 yosemitest

yosemitest

    New Member

  • Members
  • Pip
  • 43 posts
  • Gender:Male
  • Location:Mississippi, USA

Posted 06 November 2010 - 12:02 AM

Hi screen317,

I've tried to load "ComboFix.exe" and run it 3 times.
When I turn my firewall off, and click on Combofix, it freezes up, and I have to cut my computer off by holding down the power button.
I've had to reload my computer back to a ghost image over a month old twice today.
When the computer is turned back on after I kill the power, something has my "Online Armor++" to where it runs terribly slow when I try to do a scan.
So I went back to an earlier version of my "C" Drive in the ghost image.

Every time I turn my firewall off, I get into trouble.
Every time I restart my computer, something reloads two files and many Alternaste Data Streams.
The files are:
C:\Documents and Settings\All Users\Application Data\Symantec\hpc\:3898751835 Suspicious (alternate data stream)
C:\Documents and Settings\All Users\Application Data\TEMP\:5C321E34 Suspicious (alternate data stream)


I have deleted these files several times, but every time I turn the computer off and back on, they come back.

I am currently trying to get my computer updated from the last reload of the ghost image, and probably won't get caught up until tomorrow.
After that, I'll try to run ComboFix again.

Sincerely, Yosemitest

#10 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 06 November 2010 - 10:19 PM

Hi,

After that, I'll try to run ComboFix again.



When you do, put ComboFix at the root of your drive (C:\ComboFix.exe) and try it from there. Ensure that you've grabbed a fresh copy before you do.
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook

#11 yosemitest

yosemitest

    New Member

  • Members
  • Pip
  • 43 posts
  • Gender:Male
  • Location:Mississippi, USA

Posted 07 November 2010 - 05:38 AM

Chris Fistonich,

I've done everything I know to do, to try and make ComboFix.exe work, and it doesn't work. I moved it to "C:\Combofix.exe" and it still freezes up.

The only thing left to do is to un-install my "Online Armor++", Malwarebytes', Superantispyware Pro Lifetime, Spybot - Search and Destry, and SjpywareBlaster. And maybe un-install my "Java".

What I've noticed is ... when trying to complete a full scan with "Online Armor++" and the computer locks up, before it locks up, and about 30 minutes into the scan, Online Armor++ history shows me the last action is
"C:\WINDOWS\system32\winlogon.exe - > C:\WINDOWS\system32\logon.scr"

and "Taskmanager" show me that "lsass.exe" is active.

I'm not a computer expert, so I don't know what this means, but I thinks someone is trying to log into my computer through the internet.
I've got "logon.scr" blocked.

Now ComboFix.exe locks up my computer, also.
DDS.Scr locks up my computer after the 51st colon across the "cmd screen".

Malwarebytes' works and here's the las log.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5059

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/6/2010 8:32:21 AM
mbam-log-2010-11-06 (08-32-21).txt

Scan type: Quick scan
Objects scanned: 162292
Time elapsed: 12 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel\Homepage (Hijack.Homepage) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


MBRCheck.exe works and here's it's last log:

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x000001fc

Kernel Drivers (total 160):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806FF000 \WINDOWS\system32\hal.dll
0xF7987000 \WINDOWS\system32\KDCOM.DLL
0xF7897000 \WINDOWS\system32\BOOTVID.dll
0xF75A8000 ACPI.sys
0xF7989000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
0xF7597000 pci.sys
0xF75F7000 isapnp.sys
0xF7607000 ohci1394.sys
0xF7617000 \WINDOWS\System32\DRIVERS\1394BUS.SYS
0xF789B000 compbatt.sys
0xF789F000 \WINDOWS\System32\DRIVERS\BATTC.SYS
0xF7A4F000 pciide.sys
0xF7707000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xF74D9000 pcmcia.sys
0xF7627000 MountMgr.sys
0xF74BA000 ftdisk.sys
0xF78A3000 ACPIEC.sys
0xF7A50000 \WINDOWS\System32\DRIVERS\OPRGHDLR.SYS
0xF770F000 PartMgr.sys
0xF7637000 VolSnap.sys
0xF74A2000 atapi.sys
0xF7647000 disk.sys
0xF7657000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xF7482000 fltmgr.sys
0xF746B000 DRVMCDB.SYS
0xF7667000 PxHelp20.sys
0xF7868000 symsnap.sys
0xF7851000 KSecDD.sys
0xF7B52000 Ntfs.sys
0xF795A000 NDIS.sys
0xF7837000 Mup.sys
0xF78A7000 atisgkaf.sys
0xF7687000 \SystemRoot\System32\DRIVERS\nic1394.sys
0xBA2E1000 \SystemRoot\System32\DRIVERS\intelppm.sys
0xF79B7000 \SystemRoot\System32\Drivers\hkdrv.sys
0xB9CF8000 \SystemRoot\System32\DRIVERS\ati2mtag.sys
0xB9CE4000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
0xF77F7000 \SystemRoot\System32\DRIVERS\usbohci.sys
0xB9CC0000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xF77FF000 \SystemRoot\System32\DRIVERS\usbehci.sys
0xBA2D1000 \SystemRoot\System32\DRIVERS\imapi.sys
0xBA7D4000 \SystemRoot\system32\drivers\pfc.sys
0xF79B9000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
0xBA2C1000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xF7697000 \SystemRoot\System32\DRIVERS\redbook.sys
0xB9C9D000 \SystemRoot\System32\DRIVERS\ks.sys
0xF7807000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xF76A7000 \SystemRoot\System32\DRIVERS\i8042prt.sys
0xBA7CC000 \SystemRoot\System32\Drivers\DKbFltr.sys
0xF780F000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xB9C84000 \SystemRoot\System32\DRIVERS\Apfiltr.sys
0xF7817000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xF76B7000 \SystemRoot\System32\DRIVERS\smcirda.sys
0xBA7C4000 \SystemRoot\System32\DRIVERS\irenum.sys
0xB9C70000 \SystemRoot\System32\DRIVERS\parport.sys
0xBA7BC000 \SystemRoot\System32\DRIVERS\CmBatt.sys
0xB9C13000 \SystemRoot\System32\DRIVERS\ar5211.sys
0xB9BF3000 \SystemRoot\system32\DRIVERS\Rtnicxp.sys
0xF76C7000 \SystemRoot\System32\DRIVERS\EMS7SK.sys
0xF76D7000 \SystemRoot\System32\DRIVERS\ESD7SK.sys
0xB9BA2000 \SystemRoot\System32\DRIVERS\ESM7SK.sys
0xB97B3000 \SystemRoot\system32\drivers\ALCXWDM.SYS
0xB978F000 \SystemRoot\system32\drivers\portcls.sys
0xF76E7000 \SystemRoot\system32\drivers\drmk.sys
0xB965A000 \SystemRoot\System32\DRIVERS\AGRSM.sys
0xF781F000 \SystemRoot\System32\Drivers\Modem.SYS
0xB9DCE000 \SystemRoot\System32\DRIVERS\audstub.sys
0xF773F000 \SystemRoot\System32\DRIVERS\rasirda.sys
0xF7747000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xF76F7000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xBA791000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xB961B000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xF7587000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xF7577000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xF774F000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xF7757000 \SystemRoot\System32\DRIVERS\raspti.sys
0xF7567000 \SystemRoot\System32\DRIVERS\termdd.sys
0xF79BB000 \SystemRoot\System32\DRIVERS\swenum.sys
0xB956D000 \SystemRoot\System32\DRIVERS\update.sys
0xBA789000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xF7547000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF7507000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xF79BF000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xF7777000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xF777F000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xF79C3000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7A7E000 \SystemRoot\System32\Drivers\Null.SYS
0xF79C5000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7787000 \SystemRoot\System32\Drivers\DLARTL_M.SYS
0xF778F000 \SystemRoot\System32\drivers\vga.sys
0xF79C7000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF79C9000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xAF415000 \SystemRoot\System32\Drivers\meiudf.sys
0xAF404000 \SystemRoot\System32\Drivers\Udfs.SYS
0xF7797000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF779F000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF793B000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xF77A7000 \??\C:\WINDOWS\system32\drivers\OAnet.sys
0xAF3F1000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xF744B000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xAF398000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xAF372000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xF743B000 \??\C:\WINDOWS\system32\drivers\OAmon.sys
0xF742B000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xAF34A000 \SystemRoot\System32\DRIVERS\netbt.sys
0xAF300000 \SystemRoot\System32\drivers\afd.sys
0xF741B000 \SystemRoot\System32\DRIVERS\netbios.sys
0xF7887000 \SystemRoot\System32\DRIVERS\arp1394.sys
0xF79CB000 \SystemRoot\System32\Drivers\TPIoMngr.sys
0xF79CD000 \SystemRoot\System32\Drivers\SSIoMngr.sys
0xF79CF000 \SystemRoot\System32\Drivers\EPIoMngr.sys
0xF79D1000 \SystemRoot\System32\Drivers\EKIoMngr.sys
0xAF23E000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0xF77AF000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xAF213000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xF77B7000 \??\C:\WINDOWS\system32\drivers\oahlp32.sys
0xAF1E3000 \??\C:\WINDOWS\system32\drivers\OADriver.sys
0xAF173000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xBA351000 \SystemRoot\System32\Drivers\Fips.SYS
0xF79D3000 \SystemRoot\System32\Drivers\ECioctl.sys
0xF77BF000 \SystemRoot\System32\DRIVERS\USBSTOR.SYS
0xBA7D8000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xBA331000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF77C7000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB9652000 \SystemRoot\System32\drivers\Dxapi.sys
0xF77CF000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA093000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF049000 \SystemRoot\System32\ati2cqag.dll
0xBF083000 \SystemRoot\System32\ati3d2ag.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xAF2E0000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
0xF7AA3000 \SystemRoot\System32\DLA\DLADResM.SYS
0xAEFB7000 \SystemRoot\System32\DLA\DLAIFS_M.SYS
0xF77DF000 \SystemRoot\System32\DLA\DLAOPIOM.SYS
0xF79E3000 \SystemRoot\System32\DLA\DLAPoolM.SYS
0xF79E5000 \??\C:\WINDOWS\System32\drivers\TBiosDrv.sys
0xF77E7000 \SystemRoot\System32\DLA\DLABMFSM.SYS
0xF77EF000 \SystemRoot\System32\DLA\DLABOIOM.SYS
0xAEF79000 \SystemRoot\System32\DLA\DLAUDFAM.SYS
0xAEF62000 \SystemRoot\System32\DLA\DLAUDF_M.SYS
0xAEE5C000 \SystemRoot\System32\DRIVERS\irda.sys
0xAEFDF000 \SystemRoot\System32\DRIVERS\mdc8021x.sys
0xAEFD7000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xAEFCF000 \SystemRoot\System32\DRIVERS\netdevio.sys
0xAECD0000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xAEEAA000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xAEAB3000 \SystemRoot\system32\drivers\wdmaud.sys
0xAED5C000 \SystemRoot\system32\drivers\sysaudio.sys
0xF7991000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xF7993000 \SystemRoot\System32\Drivers\ASCTRM.SYS
0xAE7D9000 \SystemRoot\System32\DRIVERS\srv.sys
0xF7767000 \SystemRoot\system32\DRIVERS\v2imount.sys
0xAE400000 \SystemRoot\System32\Drivers\HTTP.sys
0xF79EB000 \SystemRoot\system32\DRIVERS\psi_mf.sys
0xAE040000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 43):
0 System Idle Process
4 System
416 C:\WINDOWS\system32\smss.exe
468 csrss.exe
492 C:\WINDOWS\system32\winlogon.exe
536 C:\WINDOWS\system32\services.exe
548 C:\WINDOWS\system32\lsass.exe
772 C:\WINDOWS\system32\ati2evxx.exe
788 C:\WINDOWS\system32\svchost.exe
840 svchost.exe
932 C:\WINDOWS\system32\svchost.exe
980 C:\WINDOWS\system32\acs.exe
1036 svchost.exe
1104 svchost.exe
1240 C:\Program Files\Tall Emu\Online Armor\oacat.exe
1356 C:\Program Files\Tall Emu\Online Armor\oasrv.exe
1576 C:\WINDOWS\explorer.exe
1636 C:\Program Files\Tall Emu\Online Armor\a2\avgate.exe
1772 C:\WINDOWS\system32\spoolsv.exe
1452 C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
1288 C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
1536 C:\WINDOWS\system32\DVDRAMSV.exe
1616 C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
1920 C:\Program Files\Java\jre6\bin\jqs.exe
1940 C:\Program Files\Common Files\Motive\McciCMService.exe
384 C:\Program Files\Norton Ghost\Agent\VProSvc.exe
800 C:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
1424 C:\WINDOWS\system32\wuauclt.exe
2120 C:\WINDOWS\system32\wscntfy.exe
2480 alg.exe
2924 C:\Program Files\Toshiba\E-KEY\CeEKey.exe
2956 C:\Program Files\Norton Ghost\Agent\VProTray.exe
3016 C:\Program Files\Tall Emu\Online Armor\oaui.exe
3292 C:\Program Files\QuickTime\QTTask.exe
3420 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
3592 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3684 C:\Program Files\Tall Emu\Online Armor\oahlp.exe
3716 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
3820 C:\WINDOWS\system32\ctfmon.exe
2020 C:\WINDOWS\system32\RAMASST.exe
2288 C:\Program Files\Secunia\PSI\psi.exe
3452 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
376 C:\Documents and Settings\Yosemitest\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\E: --> \\.\PhysicalDrive4 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: IC25N060ATMR04-0, Rev: MO3OAD4A
PhysicalDrive4 Model Number: WD3200BMV External, Rev: 1.75

Size Device Name MBR Status
--------------------------------------------
55 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: 31D100779DE502702C374F7C15687B56FCFD5528
298 GB \\.\PhysicalDrive4 RE: Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!


RSIT.exe works and here's it's last log:

Logfile of random's system information tool 1.08 (written by random/random)
Run by Yosemitest at 2010-11-07 04:17:44
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 35 GB (61%) free of 57 GB
Total RAM: 1407 MB (51% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:18:19 AM, on 11/7/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ACS.exe
C:\Program Files\Tall Emu\Online Armor\OAcat.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Tall Emu\Online Armor\a2\AVGate.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\Norton Ghost\Agent\VProTray.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Tall Emu\Online Armor\OAhlp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Secunia\PSI\psi.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Documents and Settings\Yosemitest\Desktop\RSIT.exe
C:\Program Files\trend micro\Yosemitest.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/?_bc=1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\PROGRA~1\ATTTOO~1\ATTTOO~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\PROGRA~1\ATTTOO~1\ATTTOO~1.DLL
O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [Norton Ghost 12.0] "C:\Program Files\Norton Ghost\Agent\VProTray.exe"
O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe
O4 - Startup: Secunia PSI.lnk.disabled
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} (Microsoft Genuine Advantage Self Support Tool) - http://go.microsoft....k/?LinkId=82580
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.s...abs/tgctlsr.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1263753328312
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1268878578687
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset...lineScanner.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadbl...ivex/sabspx.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.ad...Plus/1.6/gp.cab
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\ACS.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: Online Armor Helper Service (OAcat) - Unknown owner - C:\Program Files\Tall Emu\Online Armor\OAcat.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Unknown owner - C:\Program Files\Tall Emu\Online Armor\oasrv.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe

--
End of file - 10456 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{12D078C1-5059-4DE5-AB10-55AE476487A1}.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{D7C358D2-1DB2-4DF6-8C83-B029751EFA5B}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29}]
AT&&T Toolbar - C:\PROGRA~1\ATTTOO~1\ATTTOO~1.DLL [2008-05-23 1865544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C920E44A-7F78-4E64-BDD7-A57026E7FEB7}]
WOT Helper - C:\Program Files\WOT\WOT.dll [2010-03-03 1677472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-11-06 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-11-06 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2003-04-28 360448]
{4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - AT&&T Toolbar - C:\PROGRA~1\ATTTOO~1\ATTTOO~1.DLL [2008-05-23 1865544]
{71576546-354D-41c9-AAE8-31F2EC22BF0D} - WOT - C:\Program Files\WOT\WOT.dll [2010-03-03 1677472]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"CeEKEY"=C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe [2004-05-06 638976]
"Norton Ghost 12.0"=C:\Program Files\Norton Ghost\Agent\VProTray.exe [2007-03-28 2037352]
"@OnlineArmor GUI"=C:\Program Files\Tall Emu\Online Armor\oaui.exe [2010-11-05 2345000]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-09-08 421888]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-09-11 218032]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-04-21 335872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe [2006-11-15 1121016]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe

C:\Documents and Settings\Yosemitest\Start Menu\Programs\Startup
Secunia PSI.lnk - C:\Program Files\Secunia\PSI\psi.exe
Secunia PSI.lnk.disabled - C:\Program Files\Secunia\PSI\psi.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2009-09-03 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"=C:\PROGRA~1\TALLEM~1\ONLINE~1\oaevent.dll [2010-11-05 353992]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\BITS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MSIServer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rootrepeal.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WUAUSERV]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveSearch"=1
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\Network Diagnostic\xpnetdiag.exe"="C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-11-07 04:17:44 ----D---- C:\rsit
2010-11-07 03:09:07 ----RD---- C:\32788R22FWJFW
2010-11-07 03:07:37 ----A---- C:\ComboFix.exe
2010-11-07 02:48:31 ----ASH---- C:\hiberfil.sys
2010-11-06 06:02:11 ----D---- C:\Program Files\Common Files\Java
2010-11-06 06:01:14 ----A---- C:\WINDOWS\system32\javaws.exe
2010-11-06 06:01:14 ----A---- C:\WINDOWS\system32\javaw.exe
2010-11-06 06:01:14 ----A---- C:\WINDOWS\system32\java.exe
2010-11-06 05:21:22 ----HDC---- C:\WINDOWS\$NtUninstallKB2360937$
2010-11-06 05:21:11 ----HDC---- C:\WINDOWS\$NtUninstallKB2279986$
2010-11-06 05:20:57 ----HDC---- C:\WINDOWS\$NtUninstallKB981957$
2010-11-06 05:20:42 ----HDC---- C:\WINDOWS\$NtUninstallKB982132$
2010-11-06 05:16:29 ----HDC---- C:\WINDOWS\$NtUninstallKB2387149$
2010-11-06 05:16:15 ----HDC---- C:\WINDOWS\$NtUninstallKB2378111_WM9$
2010-11-06 05:15:26 ----HDC---- C:\WINDOWS\$NtUninstallKB2345886$
2010-11-06 05:15:16 ----HDC---- C:\WINDOWS\$NtUninstallKB2296011$
2010-11-06 05:14:59 ----HDC---- C:\WINDOWS\$NtUninstallKB979687$
2010-11-06 04:34:10 ----D---- C:\Program Files\Secunia

======List of files/folders modified in the last 1 months======

2010-11-07 04:18:19 ----D---- C:\Program Files\Trend Micro
2010-11-07 04:15:53 ----D---- C:\WINDOWS\system32\CatRoot2
2010-11-07 04:13:14 ----A---- C:\WINDOWS\ModemLog_TOSHIBA Software Modem.txt
2010-11-07 03:37:36 ----D---- C:\WINDOWS\Prefetch
2010-11-07 03:26:04 ----D---- C:\WINDOWS\temp
2010-11-07 03:13:34 ----D---- C:\WINDOWS
2010-11-07 02:52:41 ----D---- C:\WINDOWS\system32
2010-11-07 02:52:41 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-11-07 02:30:01 ----N---- C:\WINDOWS\SchedLgU.Txt
2010-11-06 08:41:43 ----D---- C:\WINDOWS\Microsoft.NET
2010-11-06 08:41:42 ----RSD---- C:\WINDOWS\assembly
2010-11-06 06:58:18 ----D---- C:\WINDOWS\system32\GroupPolicy
2010-11-06 06:17:41 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2010-11-06 06:17:39 ----D---- C:\WINDOWS\Debug
2010-11-06 06:02:11 ----SHD---- C:\WINDOWS\Installer
2010-11-06 06:02:11 ----D---- C:\Program Files\Common Files
2010-11-06 06:00:40 ----A---- C:\WINDOWS\system32\deployJava1.dll
2010-11-06 05:39:30 ----D---- C:\Program Files\Internet Explorer
2010-11-06 05:33:53 ----A---- C:\WINDOWS\system32\MRT.exe
2010-11-06 05:30:06 ----D---- C:\WINDOWS\WinSxS
2010-11-06 05:21:31 ----HD---- C:\WINDOWS\inf
2010-11-06 05:21:27 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-11-06 05:21:21 ----HD---- C:\WINDOWS\$hf_mig$
2010-11-06 05:20:01 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2010-11-06 05:15:29 ----D---- C:\WINDOWS\system32\drivers
2010-11-06 04:59:33 ----D---- C:\Program Files\Common Files\Adobe
2010-11-06 04:59:33 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2010-11-06 04:51:54 ----D---- C:\Program Files\Common Files\Adobe AIR
2010-11-06 04:34:10 ----RD---- C:\Program Files
2010-11-06 01:24:14 ----SHD---- C:\System Volume Information
2010-11-06 01:24:14 ----D---- C:\WINDOWS\system32\Restore
2010-11-06 00:36:59 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2010-11-06 00:36:56 ----D---- C:\Program Files\SpywareBlaster
2010-11-06 00:35:17 ----D---- C:\WINDOWS\system32\drivers\etc
2010-11-05 23:15:28 ----D---- C:\Program Files\My Opera Web Browser
2010-11-05 17:02:45 ----RA---- C:\Boot.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 caboagp;ATI Cabo AGP Filter; C:\WINDOWS\System32\DRIVERS\atisgkaf.sys [2003-04-23 13174]
R0 drvmcdb;drvmcdb; C:\WINDOWS\System32\Drivers\DRVMCDB.SYS [2006-10-25 99816]
R0 ohci1394;Texas Instruments OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\System32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2006-08-09 36560]
R0 symsnap;Symantec Volume Snap Shot Driver; C:\WINDOWS\system32\DRIVERS\symsnap.sys [2007-03-28 131944]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2006-09-15 12920]
R1 DLARTL_M;DLARTL_M; C:\WINDOWS\System32\Drivers\DLARTL_M.SYS [2006-09-15 28184]
R1 ECioctl;ECioctl; C:\WINDOWS\System32\Drivers\ECioctl.sys [2004-05-06 4816]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 meiudf;meiudf; C:\WINDOWS\System32\Drivers\meiudf.sys [2003-10-24 90416]
R1 OADevice;OADriver; \??\C:\WINDOWS\system32\drivers\OADriver.sys []
R1 oahlpXX;Online Armor helper driver; \??\C:\WINDOWS\system32\drivers\oahlp32.sys []
R1 OAmon;OAmon; \??\C:\WINDOWS\system32\drivers\OAmon.sys []
R1 OAnet;OAnet; \??\C:\WINDOWS\system32\drivers\OAnet.sys []
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS []
R1 SrvcEKIOMngr;SrvcEKIOMngr; C:\WINDOWS\System32\Drivers\EKIoMngr.sys [2004-05-05 6272]
R1 SrvcEPIOMngr;SrvcEPIOMngr; C:\WINDOWS\System32\Drivers\EPIoMngr.sys [2004-05-05 6272]
R1 SrvcSSIOMngr;SrvcSSIOMngr; C:\WINDOWS\System32\Drivers\SSIoMngr.sys [2004-05-05 6272]
R1 SrvcTPIOMngr;SrvcTPIOMngr; C:\WINDOWS\System32\Drivers\TPIoMngr.sys [2004-05-05 6272]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2003-12-02 8552]
R2 DLABMFSM;DLABMFSM; C:\WINDOWS\System32\DLA\DLABMFSM.SYS [2006-11-01 35064]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2006-11-01 32472]
R2 DLADResM;DLADResM; C:\WINDOWS\System32\DLA\DLADResM.SYS [2006-11-01 9400]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2006-11-01 104760]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2006-11-01 26744]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2006-11-01 14520]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2006-11-01 98104]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2006-11-01 94648]
R2 drvnddm;drvnddm; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2006-09-15 51768]
R2 irda;IrDA Protocol; C:\WINDOWS\System32\DRIVERS\irda.sys [2008-04-13 88192]
R2 MDC8021X;AEGIS Protocol (IEEE 802.1x) v2.3.1.9; C:\WINDOWS\System32\DRIVERS\mdc8021x.sys [2003-12-02 15781]
R2 Netdevio;TOSHIBA Network Device Usermode I/O Protocol; C:\WINDOWS\System32\DRIVERS\netdevio.sys [2003-01-29 12032]
R2 TBiosDrv;TBiosDrv; \??\C:\WINDOWS\System32\drivers\TBiosDrv.sys []
R2 v2imount;Symantec V2i Mount Driver; C:\WINDOWS\system32\DRIVERS\v2imount.sys [2007-03-28 37864]
R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\WINDOWS\System32\DRIVERS\AGRSM.sys [2004-02-20 1265388]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2008-09-24 4122368]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\System32\DRIVERS\Apfiltr.sys [2004-05-08 101833]
R3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\System32\DRIVERS\ar5211.sys [2004-04-18 380160]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2004-04-22 729088]
R3 DKbFltr;Dritek HotKey Keyboard Filter Driver; C:\WINDOWS\System32\Drivers\DKbFltr.sys [2004-01-12 17497]
R3 EMSCR;EMSCR; C:\WINDOWS\System32\DRIVERS\EMS7SK.sys [2004-05-18 57216]
R3 EPOWER;Compal E-POWER Driver; C:\WINDOWS\System32\Drivers\hkdrv.sys [2004-05-20 4224]
R3 ESDCR;ESDCR; C:\WINDOWS\System32\DRIVERS\ESD7SK.sys [2004-05-18 36224]
R3 ESMCR;ESMCR; C:\WINDOWS\System32\DRIVERS\ESM7SK.sys [2004-05-11 330496]
R3 GEARAspiWDM;GearAspiWDM; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2007-03-28 15664]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2002-10-01 9856]
R3 PSI;PSI; C:\WINDOWS\system32\DRIVERS\psi_mf.sys [2010-07-07 14904]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2009-03-25 130432]
R3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\System32\DRIVERS\smcirda.sys [2002-11-05 39424]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2006-07-24 2432]
S1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2006-07-24 2560]
S3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2003-12-11 391424]
S3 catchme;catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys []
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS []
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS []
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 RTL8023;Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver; C:\WINDOWS\System32\DRIVERS\Rtlnic51.sys [2003-08-13 65280]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 SABProcEnum;SABProcEnum; \??\C:\Program Files\Internet Explorer\SABProcEnum.sys []
S3 VProEventMonitor;Symantec Event Monitor Driver; C:\WINDOWS\system32\DRIVERS\vproeventmonitor.sys [2007-03-28 14072]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\System32\DRIVERS\wanatw4.sys []
S3 WimFltr;WimFltr; C:\WINDOWS\system32\DRIVERS\wimfltr.sys [2007-03-28 128104]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 RxFilter;RxFilter; C:\WINDOWS\system32\DRIVERS\RxFilter.sys [2006-12-02 50688]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACS;Atheros Configuration Service; C:\WINDOWS\System32\ACS.exe [2004-04-09 20480]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [2004-04-22 397312]
R2 CeEPwrSvc;CeEPwrSvc; C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe [2004-01-08 36973]
R2 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2004-03-04 28672]
R2 DVD-RAM_Service;DVD-RAM_Service; C:\WINDOWS\System32\DVDRAMSV.exe [2003-05-23 106496]
R2 IntuitUpdateService;Intuit Update Service; C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [2009-09-29 13088]
R2 Irmon;Infrared Monitor; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-11-06 153376]
R2 McciCMService;McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [2010-07-27 319488]
R2 Norton Ghost;Norton Ghost; C:\Program Files\Norton Ghost\Agent\VProSvc.exe [2007-03-28 3290728]
R2 OAcat;Online Armor Helper Service; C:\Program Files\Tall Emu\Online Armor\OAcat.exe [2010-11-05 380784]
R2 SvcOnlineArmor;Online Armor; C:\Program Files\Tall Emu\Online Armor\oasrv.exe [2010-11-05 3653208]
R2 Swupdtmr;Swupdtmr; c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe [2004-05-13 53248]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 267776]
S2 Roxio Upnp Server 9;Roxio Upnp Server 9; C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe [2006-12-13 294912]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 getPlusHelper;getPlus® Helper; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Roxio UPnP Renderer 9;Roxio UPnP Renderer 9; C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe [2006-12-13 57344]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2007-01-16 880640]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2007-01-15 73728]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe []
S4 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE []
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------


I don't know what else to do.
Sincerely, Yosemitest.

#12 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 07 November 2010 - 04:11 PM

Hi,

Please go to VirusTotal, and upload the following file for analysis:
C:\WINDOWS\system32\logon.scr

Post the results in your reply.
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook

#13 yosemitest

yosemitest

    New Member

  • Members
  • Pip
  • 43 posts
  • Gender:Male
  • Location:Mississippi, USA

Posted 08 November 2010 - 03:21 PM

Hello screen 317,

Here's the analysis for C:\WINDOWS\system32\logon.scr:

0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name:
logon.scr
Submission date:
2010-11-08 20:12:33 (UTC)
Current status:
finished
Result:
0/ 43 (0.0%) VT Community

not reviewed
Safety score: -

Compact
Print results Antivirus Version Last Update Result
AhnLab-V3 2010.11.09.00 2010.11.08 -
AntiVir 7.10.13.172 2010.11.08 -
Antiy-AVL 2.0.3.7 2010.11.08 -
Authentium 5.2.0.5 2010.11.08 -
Avast 4.8.1351.0 2010.11.08 -
Avast5 5.0.594.0 2010.11.08 -
AVG 9.0.0.851 2010.11.08 -
BitDefender 7.2 2010.11.08 -
CAT-QuickHeal 11.00 2010.11.04 -
ClamAV 0.96.4.0-git 2010.11.08 -
Comodo 6654 2010.11.08 -
DrWeb 5.0.2.03300 2010.11.08 -
Emsisoft 5.0.0.50 2010.11.08 -
eSafe 7.0.17.0 2010.11.08 -
eTrust-Vet 36.1.7961 2010.11.08 -
F-Prot 4.6.2.117 2010.11.08 -
F-Secure 9.0.16160.0 2010.11.08 -
Fortinet 4.2.249.0 2010.11.08 -
GData 21 2010.11.08 -
Ikarus T3.1.1.90.0 2010.11.08 -
Jiangmin 13.0.900 2010.11.08 -
K7AntiVirus 9.67.2929 2010.11.08 -
Kaspersky 7.0.0.125 2010.11.08 -
McAfee 5.400.0.1158 2010.11.08 -
McAfee-GW-Edition 2010.1C 2010.11.08 -
Microsoft 1.6301 2010.11.08 -
NOD32 5602 2010.11.08 -
Norman 6.06.10 2010.11.08 -
nProtect 2010-11-08.02 2010.11.08 -
Panda 10.0.2.7 2010.11.08 -
PCTools 7.0.3.5 2010.11.08 -
Prevx 3.0 2010.11.08 -
Rising 22.72.06.04 2010.11.08 -
Sophos 4.59.0 2010.11.08 -
Sunbelt 7254 2010.11.08 -
SUPERAntiSpyware 4.40.0.1006 2010.11.08 -
Symantec 20101.2.0.161 2010.11.08 -
TheHacker 6.7.0.1.080 2010.11.08 -
TrendMicro 9.120.0.1004 2010.11.08 -
TrendMicro-HouseCall 9.120.0.1004 2010.11.08 -
VBA32 3.12.14.1 2010.11.08 -
ViRobot 2010.10.4.4074 2010.11.08 -
VirusBuster 12.72.3.0 2010.11.08 -
Additional information
Show all
MD5 : 9fad7dff67555ff1e06bc4a3893024a7
SHA1 : 0012fc30946cb2cd56bdb140ace7504065add85b
SHA256: 029896c1949c60fbb58e21194b3b141dac5117d641bc59671c1b623d8041401c
ssdeep: 3072:sD/XpaIC/jdelKE90KmIJQ3FKrKOYHhph3Z0ojWPTKGloGjHlJ7gB968Z7/CZTHP:sD/Xp
q8z4K14huX
File size : 220672 bytes
First seen: 2008-04-23 19:04:02
Last seen : 2010-11-08 20:12:33
TrID:
Win64 Executable Generic (63.0%)
Win32 Executable MS Visual C++ (generic) (27.7%)
Win32 Executable Generic (6.2%)
Generic Win/DOS Executable (1.4%)
DOS Executable Generic (1.4%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: © Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: Logon Screen Saver
original name: logon
internal name: logon
file version.: 5.1.2600.5512 (xpsp.080413-2105)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x282E
timedatestamp....: 0x480252AB (Sun Apr 13 18:36:27 2008)
machinetype......: 0x14c (I386)

[[ 3 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x22EA, 0x2400, 6.18, 72eb87e8d5f42be2e84b835a081fd5d2
.data, 0x4000, 0x164, 0x200, 1.71, 6b8b14a8c940e6a15f82334e3d4cb1de
.rsrc, 0x5000, 0x332A8, 0x33400, 3.89, 6c30ed79464c4ffacecd3b90e961fb45

[[ 7 import(s) ]]
USER32.dll: PeekMessageW, SendMessageW, DialogBoxParamW, GetParent, IsWindow, SetCursor, GetForegroundWindow, TranslateMessage, GetMessageW, SetForegroundWindow, FindWindowW, GetClientRect, CharNextW, ReleaseDC, DispatchMessageW, LoadStringW, MessageBoxW, EndDialog, DefWindowProcW, ShowWindow, SetRect, FillRect, DrawIcon, LoadImageW, RegisterClassW, CreateWindowExW, SetTimer, PostMessageW, GetSystemMetrics, LoadIconW, InvalidateRect, SetWindowPos, BeginPaint, EndPaint, GetDC, RegisterWindowMessageW, SystemParametersInfoW, GetCursorPos, PostQuitMessage
GDI32.dll: GetStockObject, SelectPalette, RealizePalette, BitBlt, GetObjectW, CreateCompatibleDC, SelectObject, GetDIBColorTable, CreatePalette, DeleteObject, GetClipBox
SHLWAPI.dll: -
msvcrt.dll: _controlfp, __set_app_type, __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _initterm, __getmainargs, __initenv, exit, _cexit, _XcptFilter, _exit, _c_exit, _except_handler3
ADVAPI32.dll: RegQueryValueExW, RegOpenKeyW, RegCloseKey
KERNEL32.dll: QueryPerformanceCounter, LoadLibraryExW, FreeLibrary, ExitProcess, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, Sleep, GetProcAddress, GetModuleHandleW, LoadLibraryW, GlobalAlloc, GlobalLock, GetSystemPowerStatus, GetVersionExW, GlobalUnlock, GlobalFree, GetStartupInfoW, GetCommandLineW, GetModuleHandleA, GetTickCount
COMCTL32.dll: InitCommonControlsEx


VT Community

This file has never been reviewed by any VT Community member. Be the first one to comment on it!C:\WINDOWS\system32\logon.scr



Is there anything there?
Sincerely, Yosemitest

#14 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 09 November 2010 - 11:12 PM

That's a legitimate file, my mistake.


In detail, describe what issues you are currently experiencing.
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook

#15 yosemitest

yosemitest

    New Member

  • Members
  • Pip
  • 43 posts
  • Gender:Male
  • Location:Mississippi, USA

Posted 10 November 2010 - 01:45 AM

Okay screen317,

About half the time, when I turn on my computer, I'll lose the Realtek AC97 driver. If I kill the power, and restart the computer, on the restart, usually the Realtek sound system will come back. But, if I click start and turn the computer off, or choose to restart the computer, it won't return, and I'll have to reload from a ghost image. The Realtek sound system is hardwired into my motherboard on my Toshiba A75 S226 laptop.

Second, my "Online Armor++" will not finish a full scan now. About thirty minutes into the scan, I get the notice from "Online Armor++" that
"logon.scr" is blocked. So I go to view the history log in my "Online Armor++" and see
"C:\WINDOWS\system32\winlogon.exe - > C:\WINDOWS\system32\logon.scr"

Before I chose to block "logon.scr" this item was logged into my history file, I was getting entries almost every second.
Below is a copy of the history file.
That didn't work, so I'll attach the history log.

I don't know all of what this means, but the kernel events, I did NOT choose.

Is there a way to look at what my computer loads BEFORE it loads Windows XP SP3?

Sincerely, Yosemitest

Attached Files



#16 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 11 November 2010 - 09:26 PM

Hi,



Okay screen317,

About half the time, when I turn on my computer, I'll lose the Realtek AC97 driver. If I kill the power, and restart the computer, on the restart, usually the Realtek sound system will come back. But, if I click start and turn the computer off, or choose to restart the computer, it won't return, and I'll have to reload from a ghost image. The Realtek sound system is hardwired into my motherboard on my Toshiba A75 S226 laptop.

Try a fresh download and install of your Realtek drivers.


Second, my "Online Armor++" will not finish a full scan now. About thirty minutes into the scan, I get the notice from "Online Armor++" that
"logon.scr" is blocked. So I go to view the history log in my "Online Armor++" and see
"C:\WINDOWS\system32\winlogon.exe - > C:\WINDOWS\system32\logon.scr"

Before I chose to block "logon.scr" this item was logged into my history file, I was getting entries almost every second.
Below is a copy of the history file.
That didn't work, so I'll attach the history log.

Why did you choose to block it???

I don't know all of what this means, but the kernel events, I did NOT choose.

Do you honestly know what any of those actually mean?



Is there a way to look at what my computer loads BEFORE it loads Windows XP SP3?

We already did. Your MBR looks clean.


I would be more concerned about this from the OA log:


Keylogger detected: ati2evxx.exe 11/10/2010 0:09 Blocked C:\WINDOWS\system32\ati2evxx.exe


Either that is a really bad false positive or I'm afraid I have bad news.

Your log reveals an information stealing trojan.


I would counsel you to disconnect this PC from the Internet immediately, and only reconnect to download any tools that are required. If you do any banking or other financial transactions on the PC or it if it contains any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.


You will need to change your passwords, and all other sensitive information, but only once your system is deemed clean.


-screen317
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook

#17 yosemitest

yosemitest

    New Member

  • Members
  • Pip
  • 43 posts
  • Gender:Male
  • Location:Mississippi, USA

Posted 12 November 2010 - 04:14 AM

Hi screen317,

That's alot to respond to.

Yes, I DO have financial info.

Before I answer your questions, let me add that when I log onto the computer, my Online Armor++ Firewall Status Log show some red code info coming into my computer, but no name or address that it's coming from. Here's that log, and I think it's trouble, but I don't know.

12/11/10 02:32:15 UDP <- 169.254.238.22:68, 192.168.1.254:67
Rule not found. Packet dropped.
12/11/10 02:32:15 UDP <- 169.254.238.22:68, 192.168.1.254:67
Rule not found. Packet dropped.
12/11/10 02:32:15 UDP <- 169.254.238.22:68, 192.168.1.254:67
Rule not found. Packet dropped.
12/11/10 02:32:15 UDP <- 169.254.238.22:68, 192.168.1.254:67
Rule not found. Packet dropped.
12/11/10 02:32:15 UDP <- 169.254.238.22:68, 192.168.1.254:67
Rule not found. Packet dropped.
12/11/10 02:32:15 UDP <- 169.254.238.22:68, 192.168.1.254:67
Rule not found. Packet dropped.
12/11/10 02:32:15 UDP <- 169.254.238.22:68, 192.168.1.254:67
Rule not found. Packet dropped.


How do I stop this?
I still think that I have an MBR Rootkit Malware that's loaded on both my backup drive ("E" drive) and also on my main drive ("C" Drive).


"logon.scr" Why did you choose to block it???
I didn't trust it, and thought if I blocked it, that it would stop all those "kernel events", and it did cut them down to a fewer number.

And NO, I don't know what those "kernel events" are.

When I researched "Keylogger detected: ati2evxx.exe 11/10/2010 0:09 Blocked C:\WINDOWS\system32\ati2evxx.exe" http://www.what-is-e...i2evxx-exe.html says it was probably installed with my ATI video driver.
BUT, BECAUSE it has a threat potential, I blocked it, and as long as my firewall is on, it stays blocked.
I'm afraid that if I remove it, I'll lose my computer screen function. But I don't know. My computer is 1999 to 2000 technology.

You know, I don't mean to whine, but I really am tight on money. I want to buy an Apple Laptop, but I keep putting it off.
I'm so sick of Windows, but I spend all this time fighting problems with Windows.
I've got over 30 years of air traffic controller experience, and I've be around Windows and other operating systems as a "User" for may years.
But I've never used an Apple Computer, and after all I've read and heard, I can't help but think that I'd have less trouble with an Apple.
What do you think?
Should I go ahead and make the payments on a new laptop from Apple?

Sincerely, Yosemitest.

#18 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 13 November 2010 - 04:32 AM

I'm going to be honest here: It seems that all of the "issues" here stem from paranoid firewall rules that have been set.

You do not have an MBR Rootkit. You do not seem to have any other sort of infection. I'm willing to bet that if you uninstalled Comodo (to troubleshoot), you wouldn't see anymore issues.


"logon.scr" Why did you choose to block it???
I didn't trust it, and thought if I blocked it, that it would stop all those "kernel events", and it did cut them down to a fewer number.

And NO, I don't know what those "kernel events" are.

That is the problem with blocking things you don't know about. They cause system issues because the things you blocked were related to a legitimate process and not malware.
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook

#19 yosemitest

yosemitest

    New Member

  • Members
  • Pip
  • 43 posts
  • Gender:Male
  • Location:Mississippi, USA

Posted 19 November 2010 - 04:02 AM

Hello screen317,

It seems that all of the "issues" here stem from paranoid firewall rules that have been set.
You may be right, but how do I change them, and what do I change?

I don't have Comodo to uninstall. I have Online Armor++.

So I should allow "logon.scr"?

And these "Packet dropped", what do I do about them? Are they on my computer? How do I find them if they are?
Or are they already "Deleted"?

Sincerely, Yosemitest

#20 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 19 November 2010 - 04:16 AM

Hi,

Typo on my part; I meant Online Armor.


Try uninstalling it (if only temporarily). After that, restart your computer and see if any issues actually remain.

So I should allow "logon.scr"?

Of course you should; it's a legitimate file. You can see for yourself:
http://www.google.co...lient=firefox-a



It appears you are not running any sort of antivirus software. It is really dangerous to go online without an antivirus. Without one, you are extremely likely to get infected and the consequences could be even worse next time. All of the following are excellent free antiviruses. Be sure to only install one. Don't change any of their default settings, or you will wind up in a situation like you are currently in.....

Microsoft Security Essentials
avast!.


Let me know how it goes.

-screen317
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users