Jump to content

MBRCheck.exe Reports 2 MBR Code Detected, How Do I Get Rid Of This?


Recommended Posts

I've been fighting this problem for as long time.

MBRCheck.exe from http://ad13.geekstogo.com/MBRCheck.exe reported this:

MBRCheck, version 1.2.3

© 2010, AD

Command-line

Windows Version: Windows XP Home Edition

Windows Information: Service Pack 3 (build 2600)

Logical Drives Mask: 0x000001fc

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000'00007e00 (NTFS)

\\.\E: --> \\.\PhysicalDrive4 at offset 0x00000000'00007e00 (NTFS)

Size Device Name MBR Status

---------------------------------------------------------------------

55 GB \\.\PhysicalDrive0 Windows XP MBR code detected

SHA1: 31D100779DE502702C374F7C15687B56FCFD5528

208 GB \\.\PhysicalDrive4 RE: Windows XP MBR code detected

SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

Done!

Press ENTER to exit...

And here is the MBRCheck Dump Log:

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows XP Home Edition

Windows Information: Service Pack 3 (build 2600)

Logical Drives Mask: 0x000001fc

Kernel Drivers (total 159):

0x804D7000 \WINDOWS\system32\ntoskrnl.exe

0x806FF000 \WINDOWS\system32\hal.dll

0xF7987000 \WINDOWS\system32\KDCOM.DLL

0xF7897000 \WINDOWS\system32\BOOTVID.dll

0xF75A8000 ACPI.sys

0xF7989000 \WINDOWS\System32\DRIVERS\WMILIB.SYS

0xF7597000 pci.sys

0xF75F7000 isapnp.sys

0xF7607000 ohci1394.sys

0xF7617000 \WINDOWS\System32\DRIVERS\1394BUS.SYS

0xF789B000 compbatt.sys

0xF789F000 \WINDOWS\System32\DRIVERS\BATTC.SYS

0xF7A4F000 pciide.sys

0xF7707000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS

0xF74D9000 pcmcia.sys

0xF7627000 MountMgr.sys

0xF74BA000 ftdisk.sys

0xF78A3000 ACPIEC.sys

0xF7A50000 \WINDOWS\System32\DRIVERS\OPRGHDLR.SYS

0xF770F000 PartMgr.sys

0xF7637000 VolSnap.sys

0xF74A2000 atapi.sys

0xF7647000 disk.sys

0xF7657000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS

0xF7482000 fltmgr.sys

0xF746B000 DRVMCDB.SYS

0xF7667000 PxHelp20.sys

0xF7868000 symsnap.sys

0xF7851000 KSecDD.sys

0xF7B52000 Ntfs.sys

0xF795A000 NDIS.sys

0xF7837000 Mup.sys

0xF78A7000 atisgkaf.sys

0xB9FDF000 \SystemRoot\System32\DRIVERS\intelppm.sys

0xF79AB000 \SystemRoot\System32\Drivers\hkdrv.sys

0xB988F000 \SystemRoot\System32\DRIVERS\ati2mtag.sys

0xB987B000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS

0xF77DF000 \SystemRoot\System32\DRIVERS\usbohci.sys

0xB9857000 \SystemRoot\System32\DRIVERS\USBPORT.SYS

0xF77E7000 \SystemRoot\System32\DRIVERS\usbehci.sys

0xB9FCF000 \SystemRoot\System32\DRIVERS\imapi.sys

0xBA7D8000 \SystemRoot\system32\drivers\pfc.sys

0xF79AD000 \SystemRoot\System32\Drivers\DLACDBHM.SYS

0xF7697000 \SystemRoot\System32\DRIVERS\cdrom.sys

0xF76A7000 \SystemRoot\System32\DRIVERS\redbook.sys

0xB9834000 \SystemRoot\System32\DRIVERS\ks.sys

0xF77EF000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

0xF76B7000 \SystemRoot\System32\DRIVERS\i8042prt.sys

0xBA7D0000 \SystemRoot\System32\Drivers\DKbFltr.sys

0xF77F7000 \SystemRoot\System32\DRIVERS\kbdclass.sys

0xB981B000 \SystemRoot\System32\DRIVERS\Apfiltr.sys

0xF77FF000 \SystemRoot\System32\DRIVERS\mouclass.sys

0xF76C7000 \SystemRoot\System32\DRIVERS\smcirda.sys

0xBA7C8000 \SystemRoot\System32\DRIVERS\irenum.sys

0xB9807000 \SystemRoot\System32\DRIVERS\parport.sys

0xBA7C0000 \SystemRoot\System32\DRIVERS\CmBatt.sys

0xF76D7000 \SystemRoot\System32\DRIVERS\nic1394.sys

0xB97AA000 \SystemRoot\System32\DRIVERS\ar5211.sys

0xB978A000 \SystemRoot\system32\DRIVERS\Rtnicxp.sys

0xF76E7000 \SystemRoot\System32\DRIVERS\EMS7SK.sys

0xF76F7000 \SystemRoot\System32\DRIVERS\ESD7SK.sys

0xB9739000 \SystemRoot\System32\DRIVERS\ESM7SK.sys

0xB934A000 \SystemRoot\system32\drivers\ALCXWDM.SYS

0xB9326000 \SystemRoot\system32\drivers\portcls.sys

0xF7587000 \SystemRoot\system32\drivers\drmk.sys

0xB91F1000 \SystemRoot\System32\DRIVERS\AGRSM.sys

0xF780F000 \SystemRoot\System32\Drivers\Modem.SYS

0xF7A72000 \SystemRoot\System32\DRIVERS\audstub.sys

0xF7817000 \SystemRoot\System32\DRIVERS\rasirda.sys

0xF781F000 \SystemRoot\System32\DRIVERS\TDI.SYS

0xF7577000 \SystemRoot\System32\DRIVERS\rasl2tp.sys

0xBA7B0000 \SystemRoot\System32\DRIVERS\ndistapi.sys

0xB91B2000 \SystemRoot\System32\DRIVERS\ndiswan.sys

0xF7567000 \SystemRoot\System32\DRIVERS\raspppoe.sys

0xF7557000 \SystemRoot\System32\DRIVERS\raspptp.sys

0xF773F000 \SystemRoot\System32\DRIVERS\ptilink.sys

0xF7747000 \SystemRoot\System32\DRIVERS\raspti.sys

0xF7547000 \SystemRoot\System32\DRIVERS\termdd.sys

0xF79AF000 \SystemRoot\System32\DRIVERS\swenum.sys

0xB9104000 \SystemRoot\System32\DRIVERS\update.sys

0xBA78D000 \SystemRoot\System32\DRIVERS\mssmbios.sys

0xF7527000 \SystemRoot\System32\Drivers\NDProxy.SYS

0xF745B000 \SystemRoot\System32\DRIVERS\usbhub.sys

0xF79B3000 \SystemRoot\System32\DRIVERS\USBD.SYS

0xF7767000 \SystemRoot\system32\DRIVERS\usbccgp.sys

0xF79B7000 \SystemRoot\System32\Drivers\Fs_Rec.SYS

0xF7A87000 \SystemRoot\System32\Drivers\Null.SYS

0xF79B9000 \SystemRoot\System32\Drivers\Beep.SYS

0xF776F000 \SystemRoot\System32\Drivers\DLARTL_M.SYS

0xF7777000 \SystemRoot\System32\drivers\vga.sys

0xF79BB000 \SystemRoot\System32\Drivers\mnmdd.SYS

0xF79BD000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0xAE46E000 \SystemRoot\System32\Drivers\meiudf.sys

0xAE45D000 \SystemRoot\System32\Drivers\Udfs.SYS

0xF777F000 \SystemRoot\System32\Drivers\Msfs.SYS

0xF7787000 \SystemRoot\System32\Drivers\Npfs.SYS

0xF7937000 \SystemRoot\System32\DRIVERS\rasacd.sys

0xF778F000 \??\C:\WINDOWS\system32\drivers\OAnet.sys

0xAE44A000 \SystemRoot\System32\DRIVERS\ipsec.sys

0xF742B000 \SystemRoot\System32\DRIVERS\msgpc.sys

0xAE3F1000 \SystemRoot\System32\DRIVERS\tcpip.sys

0xF741B000 \??\C:\WINDOWS\system32\drivers\OAmon.sys

0xAE3CB000 \SystemRoot\System32\DRIVERS\ipnat.sys

0xAE3A3000 \SystemRoot\System32\DRIVERS\netbt.sys

0xF740B000 \SystemRoot\System32\DRIVERS\wanarp.sys

0xAE381000 \SystemRoot\System32\drivers\afd.sys

0xF7887000 \SystemRoot\System32\DRIVERS\netbios.sys

0xF79BF000 \SystemRoot\System32\Drivers\TPIoMngr.sys

0xF79C1000 \SystemRoot\System32\Drivers\SSIoMngr.sys

0xF79C3000 \SystemRoot\System32\Drivers\EPIoMngr.sys

0xF79C5000 \SystemRoot\System32\Drivers\EKIoMngr.sys

0xAE2BF000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

0xF7797000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

0xAE294000 \SystemRoot\System32\DRIVERS\rdbss.sys

0xF779F000 \??\C:\WINDOWS\system32\drivers\oahlp32.sys

0xAE23C000 \??\C:\WINDOWS\system32\drivers\OADriver.sys

0xAE1CC000 \SystemRoot\System32\DRIVERS\mrxsmb.sys

0xBA05F000 \SystemRoot\System32\Drivers\Fips.SYS

0xBA04F000 \SystemRoot\System32\DRIVERS\arp1394.sys

0xF79C7000 \SystemRoot\System32\Drivers\ECioctl.sys

0xF77A7000 \SystemRoot\System32\DRIVERS\USBSTOR.SYS

0xF77AF000 \SystemRoot\system32\DRIVERS\usbprint.sys

0xBA7EC000 \SystemRoot\system32\DRIVERS\hidusb.sys

0xBA02F000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

0xF77B7000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

0xBF800000 \SystemRoot\System32\win32k.sys

0xB91E9000 \SystemRoot\System32\drivers\Dxapi.sys

0xF77BF000 \SystemRoot\System32\watchdog.sys

0xBF000000 \SystemRoot\System32\drivers\dxg.sys

0xF7A85000 \SystemRoot\System32\drivers\dxgthk.sys

0xBF012000 \SystemRoot\System32\ati2dvag.dll

0xBF049000 \SystemRoot\System32\ati2cqag.dll

0xBF083000 \SystemRoot\System32\ati3d2ag.dll

0xBFFA0000 \SystemRoot\System32\ATMFD.DLL

0xAE361000 \SystemRoot\System32\Drivers\DRVNDDM.SYS

0xBA79C000 \SystemRoot\System32\DLA\DLADResM.SYS

0xAE010000 \SystemRoot\System32\DLA\DLAIFS_M.SYS

0xF77CF000 \SystemRoot\System32\DLA\DLAOPIOM.SYS

0xF79D5000 \SystemRoot\System32\DLA\DLAPoolM.SYS

0xF79D7000 \??\C:\WINDOWS\System32\drivers\TBiosDrv.sys

0xF77D7000 \SystemRoot\System32\DLA\DLABMFSM.SYS

0xF7807000 \SystemRoot\System32\DLA\DLABOIOM.SYS

0xADFD2000 \SystemRoot\System32\DLA\DLAUDFAM.SYS

0xADFBB000 \SystemRoot\System32\DLA\DLAUDF_M.SYS

0xADEB5000 \SystemRoot\System32\DRIVERS\irda.sys

0xAE038000 \SystemRoot\System32\DRIVERS\mdc8021x.sys

0xAE030000 \SystemRoot\System32\DRIVERS\ndisuio.sys

0xAE028000 \SystemRoot\System32\DRIVERS\netdevio.sys

0xADD51000 \SystemRoot\System32\Drivers\Fastfat.SYS

0xADDE5000 \SystemRoot\System32\Drivers\Cdfs.SYS

0xAE08A000 \SystemRoot\System32\Drivers\ParVdm.SYS

0xAE088000 \SystemRoot\System32\Drivers\ASCTRM.SYS

0xADAA1000 \SystemRoot\System32\DRIVERS\srv.sys

0xADA8C000 \SystemRoot\system32\drivers\wdmaud.sys

0xADD09000 \SystemRoot\system32\drivers\sysaudio.sys

0xAE1C4000 \SystemRoot\system32\DRIVERS\v2imount.sys

0xAD3E3000 \SystemRoot\System32\Drivers\HTTP.sys

0xACEA4000 \SystemRoot\system32\drivers\kmixer.sys

0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 42):

0 System Idle Process

4 System

424 C:\WINDOWS\system32\smss.exe

476 csrss.exe

500 C:\WINDOWS\system32\winlogon.exe

544 C:\WINDOWS\system32\services.exe

556 C:\WINDOWS\system32\lsass.exe

792 C:\WINDOWS\system32\svchost.exe

844 svchost.exe

884 C:\WINDOWS\system32\svchost.exe

936 C:\WINDOWS\system32\acs.exe

1004 svchost.exe

1028 svchost.exe

1140 C:\Program Files\Tall Emu\Online Armor\oacat.exe

1240 C:\Program Files\Tall Emu\Online Armor\oasrv.exe

1444 C:\WINDOWS\explorer.exe

1508 C:\Program Files\Tall Emu\Online Armor\a2\avgate.exe

1612 C:\WINDOWS\system32\spoolsv.exe

1672 C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe

1684 C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe

1732 C:\WINDOWS\system32\DVDRAMSV.exe

1764 C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

1792 C:\Program Files\Java\jre6\bin\jqs.exe

1816 C:\Program Files\Common Files\Motive\McciCMService.exe

1872 C:\Program Files\Norton Ghost\Agent\VProSvc.exe

1984 C:\WINDOWS\system32\svchost.exe

2040 C:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe

1152 C:\WINDOWS\system32\wscntfy.exe

2136 alg.exe

3924 C:\Program Files\Toshiba\E-KEY\CeEKey.exe

4088 C:\Program Files\Norton Ghost\Agent\VProTray.exe

1916 C:\Program Files\Tall Emu\Online Armor\oaui.exe

1180 C:\Program Files\Common Files\Java\Java Update\jusched.exe

2592 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

2644 C:\WINDOWS\system32\ctfmon.exe

2924 C:\WINDOWS\system32\RAMASST.exe

3152 C:\Program Files\Tall Emu\Online Armor\oahlp.exe

3252 C:\Program Files\Secunia\PSI\psi.exe

3508 C:\Program Files\Internet Explorer\iexplore.exe

932 C:\Program Files\Internet Explorer\iexplore.exe

2920 C:\Documents and Settings\Yosemitest\Desktop\MBRCheck.exe

956 <unknown>

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

\\.\E: --> \\.\PhysicalDrive4 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: IC25N060ATMR04-0, Rev: MO3OAD4A

PhysicalDrive4 Model Number: WD3200BMV External, Rev: 1.75

Size Device Name MBR Status

--------------------------------------------

55 GB \\.\PhysicalDrive0 Windows XP MBR code detected

SHA1: 31D100779DE502702C374F7C15687B56FCFD5528

298 GB \\.\PhysicalDrive4 RE: Windows XP MBR code detected

SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

Done!

After reporting this to ""E" Drive Isn't Accessable, Help Please" at post #29, AdvancedSetup at post#30 told me to post a new topic here.

So I went to I'm infected - What do I do now? and followed the instructions as best as I could. Here is my "Malwarebytes'" most recent updated scan:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 5010

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

11/1/2010 12:29:45 AM

mbam-log-2010-11-01 (00-29-45).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)

Objects scanned: 412868

Time elapsed: 1 hour(s), 29 minute(s), 9 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Here is my most recent "Online Armor++" Full Scan:

Online Armor++ Scan Oct 31 2010 430pm.

C:\Program Files\AT&T\Internet Security Wizard\ISW.exe:?SummaryInformation Suspicious (alternate data stream)

C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe:?SummaryInformation Suspicious (alternate data stream)

C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe:?SummaryInformation Suspicious (alternate data stream)

C:\WINDOWS\$NtServicePackUninstall$\hotplug.dll:?SummaryInformation Suspicious (alternate data stream)

C:\WINDOWS\$NtServicePackUninstall$\lsass.exe:?SummaryInformation Suspicious (alternate data stream)

C:\WINDOWS\$NtServicePackUninstall$\wscript.exe:?SummaryInformation Suspicious (alternate data stream)

Here is the "Defogger-Disable" Log:

defogger_disable by jpshortstuff (23.02.10.1)

Log created at 00:40 on 01/11/2010 (Yosemitest)

Checking for autostart values...

HKCU\~\Run values retrieved.

HKLM\~\Run values retrieved.

Checking for services/drivers...

-=E.O.F=-

I turned off all firewalls and antivirus, and tried to run DDS.scr, but it wouldn't finish even after 1 hour.

It locked up with 51 ":" across the "cmd" screen.

I tried to run GMER, but after about two hours, I got a blue screen with the following message:

A problem has been detected and windows has been shut down to prevent damage to your computer.

The problem seems to be caused by the following file: ugtiyfob.sys

PAGE_FAULT_IN_NONPAGED_AREA

If this is the first time you've seen this stop error screen, restart your computer.

If this screen appears again, follow these steps:

Check to make sure any new hardware or software is properly installed.

If this is a new installation, ask your hardware or softwsare manufacturer for any windows update you might need.

If problems continue, disable or remove any newly installed hardware or software.

Disable BIOS memory options such as cashing or shadowing.

If you need to use Safe Mode to remove or disable components, restart your computer, press F8 to select Advanced Startup options, and then select Safe Mode.

Technical information:

***STOP: 0x00000050 (0xAD1A9B30, 0x00000001, 0xACFEA389, 0x00000000)

*** ugtiyfob.sys - address ACFEA389 base at ACFDE000, Datestamp 4cbd99f2

That was the first time I've seen that blue screen message.

I really don't like turning OFF my firewall to run the DDS.scr and the GMER program.

Did I do it wrong?

What do I do to get rid of this problem?

Sincerely, Yosemitest.

Link to post
Share on other sites

To screen317,

I've tried to run DDS three different ways, your suggestion first. After hours, it still locks up on the 51st colon.

The only way to cut the computer off is to hold down the power button until the light goes off.

Do you want me to uninstall the firewall?

I don't know what else to do.

Sincerely, Yosemitest

Link to post
Share on other sites

  • Staff

Skip it for now. See if this runs:

Download RSIT by random/random and save it to your Desktop.

  • Double click RSIT.exe to start the tool and click Continue at the disclaimer.
  • When the scan completes it will open a log named log.txt maximized, and a log named info.txt minimized.
  • Please post the contents of both logs here in your next reply.

Link to post
Share on other sites

To screen317,

I tried it and set "Online Armor++" to "Allow", "Trust", and "Install" for the RSIT.exe program. It worked.

Here's the log:

Logfile of random's system information tool 1.08 (written by random/random)

Run by Yosemitest at 2010-11-03 02:30:07

Microsoft Windows XP Home Edition Service Pack 3

System drive C: has 35 GB (60%) free of 57 GB

Total RAM: 1407 MB (64% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 2:31:31 AM, on 11/3/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\ACS.exe

C:\Program Files\Tall Emu\Online Armor\OAcat.exe

C:\Program Files\Tall Emu\Online Armor\oasrv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Tall Emu\Online Armor\a2\AVGate.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\WINDOWS\System32\DVDRAMSV.exe

C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\Program Files\Norton Ghost\Agent\VProSvc.exe

C:\WINDOWS\System32\svchost.exe

c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe

C:\Program Files\Norton Ghost\Agent\VProTray.exe

C:\Program Files\Tall Emu\Online Armor\oaui.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\RAMASST.exe

C:\Program Files\Secunia\PSI\psi.exe

C:\Program Files\Tall Emu\Online Armor\OAhlp.exe

C:\Program Files\Tall Emu\Online Armor\OAscan.exe

C:\Documents and Settings\Yosemitest\Desktop\RSIT.exe

C:\Program Files\trend micro\Yosemitest.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/?_bc=1

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\PROGRA~1\ATTTOO~1\ATTTOO~1.DLL

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\PROGRA~1\ATTTOO~1\ATTTOO~1.DLL

O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll

O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe

O4 - HKLM\..\Run: [Norton Ghost 12.0] "C:\Program Files\Norton Ghost\Agent\VProTray.exe"

O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKCU\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')

O4 - Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe

O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com

O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} (Microsoft Genuine Advantage Self Support Tool) - http://go.microsoft.com/fwlink/?LinkId=82580

O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/...can8/oscan8.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1263753328312

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1268878578687

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\ACS.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe

O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe

O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe

O23 - Service: Online Armor Helper Service (OAcat) - Unknown owner - C:\Program Files\Tall Emu\Online Armor\OAcat.exe

O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe

O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: Online Armor (SvcOnlineArmor) - Unknown owner - C:\Program Files\Tall Emu\Online Armor\oasrv.exe

O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe

--

End of file - 9978 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

C:\WINDOWS\tasks\User_Feed_Synchronization-{12D078C1-5059-4DE5-AB10-55AE476487A1}.job

C:\WINDOWS\tasks\User_Feed_Synchronization-{D7C358D2-1DB2-4DF6-8C83-B029751EFA5B}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29}]

AT&&T Toolbar - C:\PROGRA~1\ATTTOO~1\ATTTOO~1.DLL [2008-05-23 1865544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C920E44A-7F78-4E64-BDD7-A57026E7FEB7}]

WOT Helper - C:\Program Files\WOT\WOT.dll [2010-03-03 1677472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-10-29 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2003-04-28 360448]

{4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - AT&&T Toolbar - C:\PROGRA~1\ATTTOO~1\ATTTOO~1.DLL [2008-05-23 1865544]

{71576546-354D-41c9-AAE8-31F2EC22BF0D} - WOT - C:\Program Files\WOT\WOT.dll [2010-03-03 1677472]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"CeEKEY"=C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe [2004-05-06 638976]

"Norton Ghost 12.0"=C:\Program Files\Norton Ghost\Agent\VProTray.exe [2007-03-28 2037352]

"@OnlineArmor GUI"=C:\Program Files\Tall Emu\Online Armor\oaui.exe [2010-10-30 2345000]

"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-09-08 421888]

"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]

"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]

"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-09-11 218032]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-04-22 335872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]

C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe [2006-11-15 1121016]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup

RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe

C:\Documents and Settings\Yosemitest\Start Menu\Programs\Startup

Secunia PSI.lnk - C:\Program Files\Secunia\PSI\psi.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]

C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2009-09-03 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{4F07DA45-8170-4859-9B5F-037EF2970034}"=C:\PROGRA~1\TALLEM~1\ONLINE~1\oaevent.dll [2010-10-30 353992]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\BITS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MSIServer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rootrepeal.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WUAUSERV]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=323

"NoDriveAutoRun"=67108863

"RestrictRun"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoResolveSearch"=1

"HonorAutoRunSetting"=1

"NoDriveAutoRun"=67108863

"NoDriveTypeAutoRun"=323

"NoDrives"=0

"RestrictRun"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\WINDOWS\Network Diagnostic\xpnetdiag.exe"="C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000"

"C:\Program Files\My Opera Web Browser\opera.exe"="C:\Program Files\My Opera Web Browser\opera.exe:*:Enabled:Opera Internet Browser"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-11-03 02:30:07 ----D---- C:\rsit

2010-10-30 00:50:57 ----ASH---- C:\hiberfil.sys

2010-10-29 12:37:07 ----A---- C:\WINDOWS\system32\javaws.exe

2010-10-29 12:37:07 ----A---- C:\WINDOWS\system32\javaw.exe

2010-10-29 12:37:07 ----A---- C:\WINDOWS\system32\java.exe

2010-10-29 11:57:15 ----HDC---- C:\WINDOWS\$NtUninstallKB2360937$

2010-10-29 11:57:01 ----HDC---- C:\WINDOWS\$NtUninstallKB2279986$

2010-10-29 11:56:48 ----HDC---- C:\WINDOWS\$NtUninstallKB981957$

2010-10-29 11:56:36 ----HDC---- C:\WINDOWS\$NtUninstallKB982132$

2010-10-29 11:52:54 ----HDC---- C:\WINDOWS\$NtUninstallKB2387149$

2010-10-29 11:52:30 ----HDC---- C:\WINDOWS\$NtUninstallKB2378111_WM9$

2010-10-29 11:51:34 ----HDC---- C:\WINDOWS\$NtUninstallKB2345886$

2010-10-29 11:51:21 ----HDC---- C:\WINDOWS\$NtUninstallKB2296011$

2010-10-29 11:51:06 ----HDC---- C:\WINDOWS\$NtUninstallKB979687$

2010-10-29 11:30:43 ----D---- C:\Documents and Settings\Yosemitest\Application Data\Leadertech

2010-10-29 11:30:35 ----D---- C:\EPSONREG

2010-10-29 11:27:44 ----RA---- C:\WINDOWS\StiRegstEng.dll

2010-10-29 11:27:44 ----A---- C:\WINDOWS\system32\Vbar332.dll

2010-10-29 11:27:44 ----A---- C:\WINDOWS\system32\Vb5db.dll

2010-10-29 11:27:43 ----A---- C:\WINDOWS\system32\rapi.dll

2010-10-29 11:27:43 ----A---- C:\WINDOWS\system32\Msxbse35.dll

2010-10-29 11:27:43 ----A---- C:\WINDOWS\system32\Mstext35.dll

2010-10-29 11:27:43 ----A---- C:\WINDOWS\system32\Msrepl35.dll

2010-10-29 11:27:43 ----A---- C:\WINDOWS\system32\Msrd2x35.dll

2010-10-29 11:27:43 ----A---- C:\WINDOWS\system32\mspdox35.dll

2010-10-29 11:27:43 ----A---- C:\WINDOWS\system32\msltus35.dll

2010-10-29 11:27:43 ----A---- C:\WINDOWS\system32\msjter35.dll

2010-10-29 11:27:43 ----A---- C:\WINDOWS\system32\msjint35.dll

2010-10-29 11:27:43 ----A---- C:\WINDOWS\system32\Msjet35.dll

2010-10-29 11:27:43 ----A---- C:\WINDOWS\system32\Msexcl35.dll

2010-10-29 11:27:42 ----A---- C:\WINDOWS\system32\ceutil.dll

2010-10-29 11:27:26 ----D---- C:\Program Files\NewSoft

2010-10-29 11:25:27 ----D---- C:\Program Files\ABBYY FineReader 5.0 Sprint

2010-10-29 11:24:58 ----A---- C:\WINDOWS\system32\PyWinTypes21.dll

2010-10-29 11:24:58 ----A---- C:\WINDOWS\system32\pythoncom21.dll

2010-10-29 11:24:58 ----A---- C:\WINDOWS\system32\python21.dll

2010-10-29 11:24:54 ----D---- C:\Program Files\Common Files\Python

2010-10-29 11:20:52 ----N---- C:\WINDOWS\system32\epDPE.ini

2010-10-29 11:20:52 ----A---- C:\WINDOWS\SlantAdj.dll

2010-10-29 11:20:52 ----A---- C:\WINDOWS\ADE.DLL

2010-10-29 11:19:35 ----A---- C:\WINDOWS\system32\drivers\usbscan.sys

2010-10-29 11:19:27 ----D---- C:\Program Files\Smart Panel

2010-10-29 11:18:27 ----A---- C:\WINDOWS\system32\ESWIA30.dll

2010-10-29 11:18:27 ----A---- C:\WINDOWS\system32\esint30.dll

2010-10-29 11:18:26 ----A---- C:\WINDOWS\system32\ESDTR.dll

2010-10-29 11:18:23 ----D---- C:\Program Files\EPSON

2010-10-29 11:17:32 ----A---- C:\WINDOWS\EPSON Perfection 1670.ini

======List of files/folders modified in the last 1 months======

2010-11-03 02:31:31 ----D---- C:\Program Files\Trend Micro

2010-11-03 02:30:00 ----A---- C:\WINDOWS\SchedLgU.Txt

2010-11-03 02:19:30 ----D---- C:\WINDOWS\temp

2010-11-02 19:44:01 ----D---- C:\WINDOWS\Prefetch

2010-11-02 11:10:01 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2010-11-02 11:10:00 ----D---- C:\WINDOWS

2010-11-02 11:09:51 ----D---- C:\WINDOWS\system32\CatRoot2

2010-11-02 03:09:01 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP

2010-11-02 03:08:57 ----D---- C:\Program Files\SpywareBlaster

2010-11-02 03:05:26 ----A---- C:\WINDOWS\ModemLog_TOSHIBA Software Modem.txt

2010-10-31 18:32:19 ----D---- C:\WINDOWS\system32

2010-10-31 05:10:34 ----A---- C:\WINDOWS\info.txt

2010-10-30 23:02:18 ----D---- C:\WINDOWS\system32\drivers

2010-10-30 21:38:22 ----SHD---- C:\WINDOWS\Installer

2010-10-30 21:38:16 ----D---- C:\Program Files\My Opera Web Browser

2010-10-30 00:14:47 ----HD---- C:\WINDOWS\inf

2010-10-29 13:52:34 ----RA---- C:\Boot.ini

2010-10-29 13:33:18 ----RSD---- C:\WINDOWS\assembly

2010-10-29 13:33:18 ----D---- C:\WINDOWS\Microsoft.NET

2010-10-29 13:08:27 ----D---- C:\WINDOWS\Debug

2010-10-29 12:57:25 ----D---- C:\Program Files\CCleaner

2010-10-29 12:45:55 ----D---- C:\Program Files\Common Files\Adobe

2010-10-29 12:45:54 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe

2010-10-29 12:39:36 ----D---- C:\Program Files\Common Files\Adobe AIR

2010-10-29 12:36:34 ----A---- C:\WINDOWS\system32\deployJava1.dll

2010-10-29 12:19:39 ----D---- C:\Program Files\Internet Explorer

2010-10-29 12:12:27 ----A---- C:\WINDOWS\system32\MRT.exe

2010-10-29 12:06:51 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2010-10-29 12:06:15 ----D---- C:\WINDOWS\WinSxS

2010-10-29 11:57:19 ----RSHDC---- C:\WINDOWS\system32\dllcache

2010-10-29 11:57:14 ----HD---- C:\WINDOWS\$hf_mig$

2010-10-29 11:56:18 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help

2010-10-29 11:28:58 ----D---- C:\Program Files\ArcSoft

2010-10-29 11:28:54 ----HD---- C:\Program Files\InstallShield Installation Information

2010-10-29 11:27:26 ----RD---- C:\Program Files

2010-10-29 11:24:54 ----D---- C:\Program Files\Common Files

2010-10-29 11:21:08 ----D---- C:\WINDOWS\Logs

2010-10-29 11:18:23 ----D---- C:\WINDOWS\twain_32

2010-10-29 11:15:01 ----D---- C:\WINDOWS\system32\drivers\etc

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 caboagp;ATI Cabo AGP Filter; C:\WINDOWS\System32\DRIVERS\atisgkaf.sys [2003-04-23 13174]

R0 drvmcdb;drvmcdb; C:\WINDOWS\System32\Drivers\DRVMCDB.SYS [2006-10-25 99816]

R0 ohci1394;Texas Instruments OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\System32\DRIVERS\ohci1394.sys [2008-04-14 61696]

R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2006-08-09 36560]

R0 symsnap;Symantec Volume Snap Shot Driver; C:\WINDOWS\system32\DRIVERS\symsnap.sys [2007-03-28 131944]

R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2006-09-15 12920]

R1 DLARTL_M;DLARTL_M; C:\WINDOWS\System32\Drivers\DLARTL_M.SYS [2006-09-15 28184]

R1 ECioctl;ECioctl; C:\WINDOWS\System32\Drivers\ECioctl.sys [2004-05-06 4816]

R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 36352]

R1 meiudf;meiudf; C:\WINDOWS\System32\Drivers\meiudf.sys [2003-10-24 90416]

R1 OADevice;OADriver; \??\C:\WINDOWS\system32\drivers\OADriver.sys []

R1 oahlpXX;Online Armor helper driver; \??\C:\WINDOWS\system32\drivers\oahlp32.sys []

R1 OAmon;OAmon; \??\C:\WINDOWS\system32\drivers\OAmon.sys []

R1 OAnet;OAnet; \??\C:\WINDOWS\system32\drivers\OAnet.sys []

R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []

R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS []

R1 SrvcEKIOMngr;SrvcEKIOMngr; C:\WINDOWS\System32\Drivers\EKIoMngr.sys [2004-05-05 6272]

R1 SrvcEPIOMngr;SrvcEPIOMngr; C:\WINDOWS\System32\Drivers\EPIoMngr.sys [2004-05-05 6272]

R1 SrvcSSIOMngr;SrvcSSIOMngr; C:\WINDOWS\System32\Drivers\SSIoMngr.sys [2004-05-05 6272]

R1 SrvcTPIOMngr;SrvcTPIOMngr; C:\WINDOWS\System32\Drivers\TPIoMngr.sys [2004-05-05 6272]

R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2003-12-02 8552]

R2 DLABMFSM;DLABMFSM; C:\WINDOWS\System32\DLA\DLABMFSM.SYS [2006-11-01 35064]

R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2006-11-01 32472]

R2 DLADResM;DLADResM; C:\WINDOWS\System32\DLA\DLADResM.SYS [2006-11-01 9400]

R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2006-11-01 104760]

R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2006-11-01 26744]

R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2006-11-01 14520]

R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2006-11-01 98104]

R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2006-11-01 94648]

R2 drvnddm;drvnddm; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2006-09-15 51768]

R2 irda;IrDA Protocol; C:\WINDOWS\System32\DRIVERS\irda.sys [2008-04-14 88192]

R2 MDC8021X;AEGIS Protocol (IEEE 802.1x) v2.3.1.9; C:\WINDOWS\System32\DRIVERS\mdc8021x.sys [2003-12-02 15781]

R2 Netdevio;TOSHIBA Network Device Usermode I/O Protocol; C:\WINDOWS\System32\DRIVERS\netdevio.sys [2003-01-29 12032]

R2 TBiosDrv;TBiosDrv; \??\C:\WINDOWS\System32\drivers\TBiosDrv.sys []

R2 v2imount;Symantec V2i Mount Driver; C:\WINDOWS\system32\DRIVERS\v2imount.sys [2007-03-28 37864]

R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\WINDOWS\System32\DRIVERS\AGRSM.sys [2004-02-20 1265388]

R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2008-09-24 4122368]

R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\System32\DRIVERS\Apfiltr.sys [2004-05-08 101833]

R3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\System32\DRIVERS\ar5211.sys [2004-04-18 380160]

R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-14 60800]

R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2004-04-22 729088]

R3 DKbFltr;Dritek HotKey Keyboard Filter Driver; C:\WINDOWS\System32\Drivers\DKbFltr.sys [2004-01-12 17497]

R3 EMSCR;EMSCR; C:\WINDOWS\System32\DRIVERS\EMS7SK.sys [2004-05-18 57216]

R3 EPOWER;Compal E-POWER Driver; C:\WINDOWS\System32\Drivers\hkdrv.sys [2004-05-20 4224]

R3 ESDCR;ESDCR; C:\WINDOWS\System32\DRIVERS\ESD7SK.sys [2004-05-18 36224]

R3 ESMCR;ESMCR; C:\WINDOWS\System32\DRIVERS\ESM7SK.sys [2004-05-11 330496]

R3 GEARAspiWDM;GearAspiWDM; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2007-03-28 15664]

R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]

R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-14 61824]

R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2002-10-01 9856]

R3 PSI;PSI; C:\WINDOWS\system32\DRIVERS\psi_mf.sys [2010-07-07 14904]

R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]

R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2009-03-25 130432]

R3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\System32\DRIVERS\smcirda.sys [2002-11-05 39424]

R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]

R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]

R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]

S1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2006-07-24 2432]

S1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2006-07-24 2560]

S3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2003-12-11 391424]

S3 catchme;catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys []

S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS []

S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []

S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []

S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []

S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS []

S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []

S3 RTL8023;Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver; C:\WINDOWS\System32\DRIVERS\Rtlnic51.sys [2003-08-13 65280]

S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-04 20992]

S3 SABProcEnum;SABProcEnum; \??\C:\Program Files\Internet Explorer\SABProcEnum.sys []

S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]

S3 VProEventMonitor;Symantec Event Monitor Driver; C:\WINDOWS\system32\DRIVERS\vproeventmonitor.sys [2007-03-28 14072]

S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\System32\DRIVERS\wanatw4.sys []

S3 WimFltr;WimFltr; C:\WINDOWS\system32\DRIVERS\wimfltr.sys [2007-03-28 128104]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

S4 RxFilter;RxFilter; C:\WINDOWS\system32\DRIVERS\RxFilter.sys [2006-12-02 50688]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACS;Atheros Configuration Service; C:\WINDOWS\System32\ACS.exe [2004-04-09 20480]

R2 CeEPwrSvc;CeEPwrSvc; C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe [2004-01-08 36973]

R2 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2004-03-04 28672]

R2 DVD-RAM_Service;DVD-RAM_Service; C:\WINDOWS\System32\DVDRAMSV.exe [2003-05-23 106496]

R2 IntuitUpdateService;Intuit Update Service; C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [2009-09-29 13088]

R2 Irmon;Infrared Monitor; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]

R2 McciCMService;McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [2010-07-27 319488]

R2 Norton Ghost;Norton Ghost; C:\Program Files\Norton Ghost\Agent\VProSvc.exe [2007-03-28 3290728]

R2 OAcat;Online Armor Helper Service; C:\Program Files\Tall Emu\Online Armor\OAcat.exe [2010-10-30 380784]

R2 SvcOnlineArmor;Online Armor; C:\Program Files\Tall Emu\Online Armor\oasrv.exe [2010-10-30 3653208]

R2 Swupdtmr;Swupdtmr; c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe [2004-05-13 53248]

S2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [2004-04-22 397312]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 267776]

S2 Roxio Upnp Server 9;Roxio Upnp Server 9; C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe [2006-12-13 294912]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]

S3 getPlusHelper;getPlus® Helper; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]

S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]

S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 Roxio UPnP Renderer 9;Roxio UPnP Renderer 9; C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe [2006-12-13 57344]

S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2007-01-16 880640]

S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2007-01-15 73728]

S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe []

S4 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE []

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

I edited out my name from the "Computer Name" and replaced it with "(my name)". I hope you don't mind that.

Here's the info log:

info.txt logfile of random's system information tool 1.08 2010-11-03 02:31:44

======Uninstall list======

-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\NewSoft\BizCard 4.1 Eng\Uninst.isu" -c"C:\WINDOWS\StiRegstEng.dll"

-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu

-->MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}

-->MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}

-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}

-->MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}

-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}

-->MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}

-->MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11E83B33-972B-4512-A447-FF0FD0246EE9}\setup.exe" -l0x9

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{21B6F79B-2286-4BB0-B1E3-BA6B9498D110}\setup.exe" -l0x9

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23EFDB58-0874-4883-9810-EDA510B19FAE}\setup.exe" -l0x9

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2BB79C8D-9DCC-4861-8A23-AE1B0B45E2B6}\setup.exe" -l0x9

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2BFBC62A-3353-443D-93BE-7AC641D9F342}\setup.exe" -l0x9

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5D1A81AA-ED90-11D6-86D3-00055DF3561E}\setup.exe" -l0x9

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B100B05B-E290-41EF-9366-8BC4C76D7769}\setup.exe" -l0x9

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B14F9B26-D695-4C4A-8B11-0FE6CDCC797B}\setup.exe" -l0x9

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D3568156-59C3-42DF-A520-2C25B6706C91}\setup.exe" -l0x9

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E213C271-AEFA-481D-A9B4-914D88925B8D}\setup.exe" -l0x9

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FAD9402A-1A9B-4ABE-A410-393A3622FA5A}\setup.exe" -l0x9

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

ABBYY FineReader 5.0 Sprint-->MsiExec.exe /X{D1696920-9794-4BBC-8A30-7A88763DE5A2}

Acrobat.com-->msiexec /qb /x {6421F085-1FAA-DE13-D02A-CFB412C522A4}

Acrobat.com-->MsiExec.exe /I{6421F085-1FAA-DE13-D02A-CFB412C522A4}

Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall

Adobe AIR-->MsiExec.exe /I{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}

Adobe Download Manager-->"C:\WINDOWS\system32\rundll32.exe" "C:\Program Files\NOS\bin\getPlus_Helper.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1

Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe -maintain activex

Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10k_Plugin.exe -maintain plugin

Adobe Reader 9.4.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A94000000001}

ALPS Touch Pad Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}\setup.exe" UNINSTALL

AnswerWorks 4.0 Runtime - English-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}\setup.exe" -l0x9 -removeonly

AnswerWorks 5.0 English Runtime-->MsiExec.exe /I{9E5A03E3-6246-4920-9630-0527D5DA9B07}

Apple Application Support-->MsiExec.exe /I{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}

Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}

ArcSoft PhotoImpression-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6C5D7191-140A-11D6-B5A0-0050DA208A93}\SETUP.EXE" -l0x9 -uninst

ArcSoft Software Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BA561482-C49D-4687-A61C-96236C1688F0}\Setup.exe" -l0x9

AT&T Connection Services Manager-->C:\WINDOWS\WNBackup\WnClient62\unwise32.exe /Z /U C:\WINDOWS\WNBackup\WnClient62\install.log "AT&T Connection Services Manager"

AT&T Self Support Tool-->C:\Program Files\ATT-SST\Uninstall.exe

AT&T Toolbar-->C:\Program Files\ATTToolbar\uninstall.exe

Atheros Client Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{71D658CF-4E0D-4DA8-AA67-8C0B6F1C01FE}\Setup.exe" -l0x9

Atheros Wireless LAN MiniPCI card Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{05832D65-6EDB-4D32-BA78-BCD0E2B91C02}\Setup.exe" -l0x9

ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe

ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"

ATI Display Driver-->rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean

att.net Internet Mail-->C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\Ymmapi.dll

ATT-PRT22-->C:\PROGRA~1\ATT-PR~2\UNWISE.EXE C:\PROGRA~1\ATT-PR~2\INSTALL.LOG

Canon Camera Window for ZoomBrowser EX-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{A29EA741-24F7-4C07-9B2C-06CB6491BE4A}

Canon i80-->C:\WINDOWS\system32\CNMCP5u.exe "-PRINTERNAMECanon i80" "-HELPERDLLC:\BJPrinter\CNMWINDOWS\Canon i80 Installer\Inst2\cnmis.dll" "-RCDLLC:\BJPrinter\CNMWINDOWS\Canon i80 Installer\Inst2\cnmi0409.dll"

Canon PhotoRecord-->MsiExec.exe /X{BEF56F2D-56ED-4176-BF72-7B68D4A3B98D}

Canon RAW Image Task for ZoomBrowser EX-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{FAF0DAD8-1EA7-4FEF-80E5-8D8D6EBD5A23}

Canon RemoteCapture Task for ZoomBrowser EX-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{2236B741-6631-49AE-B76E-3E14CA01CC87}

Canon Utilities Easy-PhotoPrint Plus-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Canon\Easy-PhotoPrint Plus\Uninst.isu" -c"C:\Program Files\Canon\Easy-PhotoPrint Plus\EZUNINST.DLL"

Canon Utilities Easy-PhotoPrint-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Canon\Easy-PhotoPrint\Uninst.isu" -c"C:\Program Files\Canon\Easy-PhotoPrint\EZUNINST.DLL"

Canon Utilities PhotoStitch 3.1-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{03CDDD00-BD57-4326-9480-4C74449AF597}

Canon Utilities ZoomBrowser EX-->MsiExec.exe /X{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}

CCleaner-->"C:\Program Files\CCleaner\uninst.exe"

CD/DVD Drive Acoustic Silencer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}\Setup.exe" -l0x9

DVD-RAM Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}\Setup.exe" DVD-RAM Driver

Easy Button-->C:\WINDOWS\UnInst32.exe EzButton.UNI

Easy-WebPrint-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu"

EPSON Copy Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B69CC1A5-0404-11D6-ABCB-005004C21D30}\setup.exe" -l0x9 ADDREMOVEDLG

EPSON PERF 1670 Guide-->C:\Program Files\epson\guide\perf1670_e\uninstall.exe

EPSON Photo Print-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F9F3775-7E5B-4028-B5E5-DA1C042517A8}\setup.exe" -l0x9 MyUninstall

EPSON Scan-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0E0131B2-CF18-40D9-A331-60A3746C1204}\SETUP.EXE" -l0x9 UNINSTALL

EPSON Smart Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6C11D561-620B-47DA-A693-4C597F3CDF40}\SETUP.EXE" -l0x9 Uninstall

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""

Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"

Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB2158563)-->"C:\WINDOWS\$NtUninstallKB2158563$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB981793)-->"C:\WINDOWS\$NtUninstallKB981793$\spuninst\spuninst.exe"

Hoyle Board Games 2005-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB1CCBED-FA66-4D30-BFD7-EF20AD0A81FE}\setup.exe" -l0x9

Hoyle Puzzle Games 2005-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A3EAB67E-9B37-4B74-AFE6-D418D5F6F3D4}\setup.exe" -l0x9

i80 Setup Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CFA679D8-5216-4E10-B7D3-BA4033A6991E}\setup.exe" /SUUninstall

InterVideo WinDVD for Toshiba-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL

Java 6 Update 22-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216022FF}

Learn2 Player (Uninstall Only)-->C:\Program Files\Learn2.com\StRunner\stuninst.exe

Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

Microsoft .NET Framework 1.1 Security Update (KB2416447)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M2416447\M2416447Uninstall.msp"

Microsoft .NET Framework 1.1 Security Update (KB979906)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M979906\M979906Uninstall.msp"

Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}

Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}

Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe

Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}

Microsoft .NET Framework 4 Client Profile-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client

Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}

Microsoft .NET Framework 4 Extended-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\Setup.exe /repair /x86 /parameterfolder Extended

Microsoft .NET Framework 4 Extended-->MsiExec.exe /X{0A0CADCF-78DA-33C4-A350-CD51849B9702}

Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}

Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}

Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}

Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}

Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}

Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}

Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}

Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}

Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}

Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}

Microsoft Office Standard 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall STANDARDR /dll OSETUP.DLL

Microsoft Office Standard 2007-->MsiExec.exe /X{91120000-0012-0000-0000-0000000FF1CE}

Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}

Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}

MSXML 6 Service Pack 2 (KB973686)-->MsiExec.exe /I{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA}

Norton Ghost-->MsiExec.exe /I{B0255743-165B-4BD5-8DA8-37DFB9930012}

Notebook Maximizer-->C:\WINDOWS\iun506.exe C:\Program Files\Notebook Maximizer\irunin.ini

Online Armor 4.0-->"C:\Program Files\Tall Emu\Online Armor\unins000.exe"

Opera 10.63-->MsiExec.exe /X{2E190C8E-682A-409D-9329-539E24C9D1C1}

Presto! BizCard 4.0 Component for Windows CE-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{41B20968-B2E1-49C0-9508-CC1544D568F5}\setup.exe" -l0x9

Presto! BizCard 4.1 Eng-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\NewSoft\BizCard 4.1 Eng\Uninst.isu"

QuickTime-->MsiExec.exe /I{E7004147-2CCA-431C-AA05-2AB166B9785D}

RealPlayer Basic-->C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0

Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly

Realtek Fast Ethernet Adapter Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{97AA0C55-AFAD-4126-B21C-F1318FB6DADA}\Setup.exe" -l0x9 REMOVE

Roxio Burn Engine-->MsiExec.exe /X{9860A9CF-7E71-43AC-888F-0B4D3EA212D1}

Roxio Drag-to-Disc-->MsiExec.exe /I{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}

Roxio Easy CD and DVD Burning-->MsiExec.exe /I{6599091B-D42D-4765-ABC3-8B25E844C746}

ScanToWeb-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}\setup.exe" ADDREMOVEDLG

Secunia PSI-->"C:\Program Files\Secunia\PSI\uninstall.exe"

Security Update for 2007 Microsoft Office System (KB2288621)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {5C497F0B-2061-4CC9-A61C-6B45B867354D}

Security Update for 2007 Microsoft Office System (KB2344875)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {6FC5C4C1-D7AE-44C3-94B7-6424FC3E752F}

Security Update for 2007 Microsoft Office System (KB2345043)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {536FB502-775F-4494-BACE-C02CC90B7A5B}

Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}

Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}

Security Update for 2007 Microsoft Office System (KB982312)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {B0EC5722-241F-4CDA-83B4-AA5846B6F9F4}

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A8894F19-59C8-38D2-8A75-36C0CCE56A5B} /qb+ REBOOTPROMPT=""

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {7A2C18A1-D2A2-3177-82F1-5FE9CC08ECB0} /parameterfolder Extended

Security Update for Microsoft Office Excel 2007 (KB2345035)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {B23002DD-34EC-4988-B810-A5E2A0BF04F1}

Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}

Security Update for Microsoft Office Outlook 2007 (KB2288953)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {8B772E1C-7C05-42D2-839D-3EC2D39EFF22}

Security Update for Microsoft Office PowerPoint 2007 (KB982158)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {F5B70033-E79C-4569-90BF-BC9B4E4F3F46}

Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}

Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}

Security Update for Microsoft Office Word 2007 (KB2344993)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {7A5B74FA-7A92-4FC9-821A-2DD5D4E73E48}

Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 8 (KB2183461)-->"C:\WINDOWS\ie8updates\KB2183461-IE8\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 8 (KB2360131)-->"C:\WINDOWS\ie8updates\KB2360131-IE8\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 8 (KB978207)-->"C:\WINDOWS\ie8updates\KB978207-IE8\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 8 (KB981332)-->"C:\WINDOWS\ie8updates\KB981332-IE8\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 8 (KB982381)-->"C:\WINDOWS\ie8updates\KB982381-IE8\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB2378111)-->"C:\WINDOWS\$NtUninstallKB2378111_WM9$\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB975558)-->"C:\WINDOWS\$NtUninstallKB975558_WM8$\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB978695)-->"C:\WINDOWS\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe"

Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2079403)-->"C:\WINDOWS\$NtUninstallKB2079403$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2115168)-->"C:\WINDOWS\$NtUninstallKB2115168$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2121546)-->"C:\WINDOWS\$NtUninstallKB2121546$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2160329)-->"C:\WINDOWS\$NtUninstallKB2160329$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2229593)-->"C:\WINDOWS\$NtUninstallKB2229593$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2259922)-->"C:\WINDOWS\$NtUninstallKB2259922$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2279986)-->"C:\WINDOWS\$NtUninstallKB2279986$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2286198)-->"C:\WINDOWS\$NtUninstallKB2286198$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2296011)-->"C:\WINDOWS\$NtUninstallKB2296011$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2347290)-->"C:\WINDOWS\$NtUninstallKB2347290$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2360937)-->"C:\WINDOWS\$NtUninstallKB2360937$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2387149)-->"C:\WINDOWS\$NtUninstallKB2387149$\spuninst\spuninst.exe"

Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"

Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf

Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"

Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"

Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"

Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"

Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"

Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"

Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"

Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"

Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"

Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"

Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"

Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"

Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"

Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"

Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"

Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"

Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"

Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"

Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"

Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"

Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"

Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"

Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"

Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"

Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"

Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"

Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"

Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"

Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"

Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"

Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"

Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"

Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"

Security Update for Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"

Security Update for Windows XP (KB975562)-->"C:\WINDOWS\$NtUninstallKB975562$\spuninst\spuninst.exe"

Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"

Security Update for Windows XP (KB977165-v2)-->"C:\WINDOWS\$NtUninstallKB977165-v2$\spuninst\spuninst.exe"

Security Update for Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"

Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"

Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"

Security Update for Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"

Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"

Security Update for Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"

Security Update for Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe"

Security Update for Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"

Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"

Security Update for Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"

Security Update for Windows XP (KB979482)-->"C:\WINDOWS\$NtUninstallKB979482$\spuninst\spuninst.exe"

Security Update for Windows XP (KB979559)-->"C:\WINDOWS\$NtUninstallKB979559$\spuninst\spuninst.exe"

Security Update for Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"

Security Update for Windows XP (KB979687)-->"C:\WINDOWS\$NtUninstallKB979687$\spuninst\spuninst.exe"

Security Update for Windows XP (KB980195)-->"C:\WINDOWS\$NtUninstallKB980195$\spuninst\spuninst.exe"

Security Update for Windows XP (KB980218)-->"C:\WINDOWS\$NtUninstallKB980218$\spuninst\spuninst.exe"

Security Update for Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"

Security Update for Windows XP (KB980436)-->"C:\WINDOWS\$NtUninstallKB980436$\spuninst\spuninst.exe"

Security Update for Windows XP (KB981322)-->"C:\WINDOWS\$NtUninstallKB981322$\spuninst\spuninst.exe"

Security Update for Windows XP (KB981852)-->"C:\WINDOWS\$NtUninstallKB981852$\spuninst\spuninst.exe"

Security Update for Windows XP (KB981957)-->"C:\WINDOWS\$NtUninstallKB981957$\spuninst\spuninst.exe"

Security Update for Windows XP (KB981997)-->"C:\WINDOWS\$NtUninstallKB981997$\spuninst\spuninst.exe"

Security Update for Windows XP (KB982132)-->"C:\WINDOWS\$NtUninstallKB982132$\spuninst\spuninst.exe"

Security Update for Windows XP (KB982214)-->"C:\WINDOWS\$NtUninstallKB982214$\spuninst\spuninst.exe"

Security Update for Windows XP (KB982665)-->"C:\WINDOWS\$NtUninstallKB982665$\spuninst\spuninst.exe"

Security Update for Windows XP (KB982802)-->"C:\WINDOWS\$NtUninstallKB982802$\spuninst\spuninst.exe"

SMSC IrCC V5.1.3600.3 SP1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F1B8DB67-D30E-4FF9-A85F-3CEE51825AA2}\setup.exe" -l0x9 UNINSTALL

Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004}

Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"

SpywareBlaster 4.4-->"C:\Program Files\SpywareBlaster\unins000.exe"

SRS WOW XT Plug-In for Windows Media Player for Toshiba version 1.0.1-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{68D368EE-F5AC-4402-BD45-B454B5453FE1} /l1033

SUPERAntiSpyware-->"C:\Program Files\SUPERAntiSpyware\Uninstall.exe"

TOSHIBA Access-->C:\WINDOWS\TOSHIB~2\UNWISE.EXE C:\WINDOWS\TOSHIB~2\INSTALL.LOG

TOSHIBA ConfigFree-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}\setup.exe" -l0x9 UNINSTALL

TOSHIBA Console-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3CF0858D-1AC5-4308-9DE7-AD15288A8BDC}\Setup.exe" -l0x9

TOSHIBA Fax Extension-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9AC200C3-A4C8-401C-A5A8-202BE888B165}\setup.exe"

TOSHIBA Hotkey Utility-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{F821C9EC-BC2E-4FC4-993D-88B8B30C3AD6} /l1033

TOSHIBA PC Diagnostic Tool-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\TOSHIBA\PCDiag\Uninst.isu"

TOSHIBA Power Management Utility-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{6F6FF691-A9FA-46D3-B1B0-3F971E1B65DD} /l1033

Toshiba Registration-->MsiExec.exe /X{F6C405D2-C50D-4D10-B89E-73A233A14D74}

TOSHIBA Software Modem-->Tosmreg -U

TOSHIBA Software Upgrades-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F69B66A8-61C9-424C-AFA1-7EC6093AC5AD}\setup.exe"

TOSHIBA Speech System Applications-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}\Setup.exe" -l0x9

TOSHIBA Speech System SR Engine(U.S.) Version1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{008D69EB-70FF-46AB-9C75-924620DF191A}\Setup.exe" -l0x9 UNINSTALL

TOSHIBA Speech System TTS Engine(U.S.) Version1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}\Setup.exe" -l0x9

Toshiba Tbiosdrv Driver-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Toshiba\Toshiba Tbiosdrv Driver\Tbiosdrv.isu"

Touch and Launch-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5D96E2B1-D9AC-46E0-9073-425C5F63E338}\Setup.exe"

TouchPad On/Off Utility-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{F48D45F4-8728-41D5-8F60-C22B48009736} /l1033

TurboTax 2008 WinPerFedFormset-->MsiExec.exe /I{7570F1CA-016D-46AC-B586-CD74645EFB52}

TurboTax 2008 WinPerProgramHelp-->MsiExec.exe /I{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}

TurboTax 2008 WinPerReleaseEngine-->MsiExec.exe /I{88214092-836F-4E22-A5AC-569AC9EE6A0F}

TurboTax 2008 WinPerTaxSupport-->MsiExec.exe /I{B23726CF-68BF-41A6-A4EB-72F12F87FE05}

TurboTax 2008 WinPerUserEducation-->MsiExec.exe /I{29521505-F489-4822-ADFA-32C6DEE4F114}

TurboTax 2008 wmsiper-->MsiExec.exe /I{44A7867C-E3F4-4F96-8948-FDE62D23AD29}

TurboTax 2008 wrapper-->MsiExec.exe /I{B1DB1AD8-C07E-4052-81A1-D2930232BA70}

TurboTax 2008-->C:\Program Files\TurboTax\Home & Business 2008\Installer\TurboTax 2008 Installer.exe /u /t /a

TurboTax 2009 WinPerFedFormset-->MsiExec.exe /I{3881DB80-EAA2-012B-ADAE-000000000000}

TurboTax 2009 WinPerReleaseEngine-->MsiExec.exe /I{38975F50-EAA2-012B-ADB4-000000000000}

TurboTax 2009 WinPerTaxSupport-->MsiExec.exe /I{38A34630-EAA2-012B-ADB6-000000000000}

TurboTax 2009 wmsiper-->MsiExec.exe /I{3A59F6E0-EAA2-012B-AE20-000000000000}

TurboTax 2009 wrapper-->MsiExec.exe /I{3C5A81D0-EAA2-012B-AE9F-000000000000}

TurboTax 2009-->C:\Program Files\TurboTax\Home & Business 2009\Installer\TurboTax 2009 Installer.exe /u /t /a

TurboTax Home & Business 2007-->C:\Program Files\TurboTax\Home & Business 2007\TaxUnst.EXE "C:\Program Files\TurboTax\Home & Business 2007\Uninstall.log" -NoGui

TurboTax ItsDeductible 2006-->MsiExec.exe /X{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}

TurboTax Premier Investments 2006-->C:\Program Files\TurboTax\Premier 2006\TaxUnst.EXE "C:\Program Files\TurboTax\Premier 2006\Uninstall.log" -NoGui

Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""

Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}

Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}

Update for Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {0451F231-E3E3-4943-AB9F-58EB96171784}

Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}

Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}

Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}

Update for Microsoft Windows (KB971513)-->"C:\WINDOWS\$NtUninstallKB971513$\spuninst\spuninst.exe"

Update for Outlook 2007 Junk Email Filter (kb2410711)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {BB5A2EB0-4515-4C6B-A618-A6F6B0AB7BAA}

Update for Windows Internet Explorer 8 (KB2362765)-->"C:\WINDOWS\ie8updates\KB2362765-IE8\spuninst\spuninst.exe"

Update for Windows Internet Explorer 8 (KB976662)-->"C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe"

Update for Windows Internet Explorer 8 (KB980182)-->"C:\WINDOWS\ie8updates\KB980182-IE8\spuninst\spuninst.exe"

Update for Windows Internet Explorer 8 (KB980302)-->"C:\WINDOWS\ie8updates\KB980302-IE8\spuninst\spuninst.exe"

Update for Windows Internet Explorer 8 (KB982632)-->"C:\WINDOWS\ie8updates\KB982632-IE8\spuninst\spuninst.exe"

Update for Windows Internet Explorer 8 (KB982664)-->"C:\WINDOWS\ie8updates\KB982664-IE8\spuninst\spuninst.exe"

Update for Windows XP (KB2141007)-->"C:\WINDOWS\$NtUninstallKB2141007$\spuninst\spuninst.exe"

Update for Windows XP (KB2345886)-->"C:\WINDOWS\$NtUninstallKB2345886$\spuninst\spuninst.exe"

Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"

Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"

Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"

Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"

Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"

Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"

Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"

Update for Windows XP (KB978207)-->"C:\WINDOWS\$NtUninstallKB978207$\spuninst\spuninst.exe"

WexTech AnswerWorks-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}\SETUP.EXE" -l0x9 -eliminate

Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"

Windows Management Framework Core-->"C:\WINDOWS\$968930Uinstall_KB968930$\spuninst\spuninst.exe"

Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll

Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"

Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall

Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"

Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

WOT for Internet Explorer-->MsiExec.exe /X{DB0BB9FA-1B60-4036-8E29-3D56D8085256}

======Hosts File======

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

======Security center information======

AV: Online Armor ++

FW: Online Armor Firewall

======System event log======

Computer Name: (my name)

Event Code: 7026

Message: The following boot-start or system-start driver(s) failed to load:

Cdr4_xp

Record Number: 14211

Source Name: Service Control Manager

Time Written: 20101030212225.000000-300

Event Type: error

User:

Computer Name: (my name)

Event Code: 1007

Message: Your computer has automatically configured the IP address for the Network

Card with network address 00023FDCC27D. The IP address being used is 169.254.32.12.

Record Number: 14209

Source Name: Dhcp

Time Written: 20101030212124.000000-300

Event Type: warning

User:

Computer Name: (my name)

Event Code: 1003

Message: Your computer was not able to renew its address from the network (from the

DHCP Server) for the Network Card with network address 00023FDCC27D. The following

error occurred:

The semaphore timeout period has expired.

.

Your computer will continue to try and obtain an address on its own from

the network address (DHCP) server.

Record Number: 14208

Source Name: Dhcp

Time Written: 20101030212115.000000-300

Event Type: warning

User:

Computer Name: (my name)

Event Code: 10000

Message: Unable to start a DCOM Server: {FFF2D28F-E4EE-44D9-8104-8E71556757F6}.

The error:

"%5"

Happened while starting this command:

"C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe" -Embedding

Record Number: 14205

Source Name: DCOM

Time Written: 20101030211633.000000-300

Event Type: error

User: (my name)\Yosemitest

Computer Name: (my name)

Event Code: 10000

Message: Unable to start a DCOM Server: {FFF2D28F-E4EE-44D9-8104-8E71556757F6}.

The error:

"%5"

Happened while starting this command:

"C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe" -Embedding

Record Number: 14204

Source Name: DCOM

Time Written: 20101030210623.000000-300

Event Type: error

User: (my name)\Yosemitest

=====Application event log=====

Computer Name: (my name)

Event Code: 4356

Message: The COM+ Event System failed to create an instance of the subscriber partition:{41E90F3E-56C1-4633-81C3-6E8BAC8BDD70}!new:{58FC39EB-9DBD-4EA7-B7B4-9404CC6ACFAB}. CoGetObject returned HRESULT 8000401A.

Record Number: 929

Source Name: EventSystem

Time Written: 20100419150351.000000-300

Event Type: warning

User:

Computer Name: (my name)

Event Code: 5000

Message:

Record Number: 922

Source Name: MPSampleSubmission

Time Written: 20100419140335.000000-300

Event Type: error

User:

Computer Name: (my name)

Event Code: 4356

Message: The COM+ Event System failed to create an instance of the subscriber partition:{41E90F3E-56C1-4633-81C3-6E8BAC8BDD70}!new:{58FC39EB-9DBD-4EA7-B7B4-9404CC6ACFAB}. CoGetObject returned HRESULT 8000401A.

Record Number: 921

Source Name: EventSystem

Time Written: 20100419120106.000000-300

Event Type: warning

User:

Computer Name: (my name)

Event Code: 1517

Message: Windows saved user (my name)\Yosemitest registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.

This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 899

Source Name: Userenv

Time Written: 20100418173750.000000-300

Event Type: warning

User: NT AUTHORITY\SYSTEM

Computer Name: (my name)

Event Code: 1517

Message: Windows saved user (my name)\Yosemitest registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.

This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 893

Source Name: Userenv

Time Written: 20100418172355.000000-300

Event Type: warning

User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared;C:\Program Files\QuickTime\QTSystem;C:\WINDOWS\system32\WindowsPowerShell\v1.0

"windir"=%SystemRoot%

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=15

"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 3 Stepping 4, GenuineIntel

"PROCESSOR_REVISION"=0304

"NUMBER_OF_PROCESSORS"=2

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.PSC1

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"FP_NO_HOST_CHECK"=NO

"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\

"PSModulePath"=C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\

"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip

"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

Link to post
Share on other sites

Hi screen317,

I've tried to load "ComboFix.exe" and run it 3 times.

When I turn my firewall off, and click on Combofix, it freezes up, and I have to cut my computer off by holding down the power button.

I've had to reload my computer back to a ghost image over a month old twice today.

When the computer is turned back on after I kill the power, something has my "Online Armor++" to where it runs terribly slow when I try to do a scan.

So I went back to an earlier version of my "C" Drive in the ghost image.

Every time I turn my firewall off, I get into trouble.

Every time I restart my computer, something reloads two files and many Alternaste Data Streams.

The files are:

C:\Documents and Settings\All Users\Application Data\Symantec\hpc\:3898751835 Suspicious (alternate data stream)

C:\Documents and Settings\All Users\Application Data\TEMP\:5C321E34 Suspicious (alternate data stream)

I have deleted these files several times, but every time I turn the computer off and back on, they come back.

I am currently trying to get my computer updated from the last reload of the ghost image, and probably won't get caught up until tomorrow.

After that, I'll try to run ComboFix again.

Sincerely, Yosemitest

Link to post
Share on other sites

Chris Fistonich,

I've done everything I know to do, to try and make ComboFix.exe work, and it doesn't work. I moved it to "C:\Combofix.exe" and it still freezes up.

The only thing left to do is to un-install my "Online Armor++", Malwarebytes', Superantispyware Pro Lifetime, Spybot - Search and Destry, and SjpywareBlaster. And maybe un-install my "Java".

What I've noticed is ... when trying to complete a full scan with "Online Armor++" and the computer locks up, before it locks up, and about 30 minutes into the scan, Online Armor++ history shows me the last action is

"C:\WINDOWS\system32\winlogon.exe - > C:\WINDOWS\system32\logon.scr"

and "Taskmanager" show me that "lsass.exe" is active.

I'm not a computer expert, so I don't know what this means, but I thinks someone is trying to log into my computer through the internet.

I've got "logon.scr" blocked.

Now ComboFix.exe locks up my computer, also.

DDS.Scr locks up my computer after the 51st colon across the "cmd screen".

Malwarebytes' works and here's the las log.

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 5059

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

11/6/2010 8:32:21 AM

mbam-log-2010-11-06 (08-32-21).txt

Scan type: Quick scan

Objects scanned: 162292

Time elapsed: 12 minute(s), 13 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 1

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel\Homepage (Hijack.Homepage) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

MBRCheck.exe works and here's it's last log:

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows XP Home Edition

Windows Information: Service Pack 3 (build 2600)

Logical Drives Mask: 0x000001fc

Kernel Drivers (total 160):

0x804D7000 \WINDOWS\system32\ntoskrnl.exe

0x806FF000 \WINDOWS\system32\hal.dll

0xF7987000 \WINDOWS\system32\KDCOM.DLL

0xF7897000 \WINDOWS\system32\BOOTVID.dll

0xF75A8000 ACPI.sys

0xF7989000 \WINDOWS\System32\DRIVERS\WMILIB.SYS

0xF7597000 pci.sys

0xF75F7000 isapnp.sys

0xF7607000 ohci1394.sys

0xF7617000 \WINDOWS\System32\DRIVERS\1394BUS.SYS

0xF789B000 compbatt.sys

0xF789F000 \WINDOWS\System32\DRIVERS\BATTC.SYS

0xF7A4F000 pciide.sys

0xF7707000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS

0xF74D9000 pcmcia.sys

0xF7627000 MountMgr.sys

0xF74BA000 ftdisk.sys

0xF78A3000 ACPIEC.sys

0xF7A50000 \WINDOWS\System32\DRIVERS\OPRGHDLR.SYS

0xF770F000 PartMgr.sys

0xF7637000 VolSnap.sys

0xF74A2000 atapi.sys

0xF7647000 disk.sys

0xF7657000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS

0xF7482000 fltmgr.sys

0xF746B000 DRVMCDB.SYS

0xF7667000 PxHelp20.sys

0xF7868000 symsnap.sys

0xF7851000 KSecDD.sys

0xF7B52000 Ntfs.sys

0xF795A000 NDIS.sys

0xF7837000 Mup.sys

0xF78A7000 atisgkaf.sys

0xF7687000 \SystemRoot\System32\DRIVERS\nic1394.sys

0xBA2E1000 \SystemRoot\System32\DRIVERS\intelppm.sys

0xF79B7000 \SystemRoot\System32\Drivers\hkdrv.sys

0xB9CF8000 \SystemRoot\System32\DRIVERS\ati2mtag.sys

0xB9CE4000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS

0xF77F7000 \SystemRoot\System32\DRIVERS\usbohci.sys

0xB9CC0000 \SystemRoot\System32\DRIVERS\USBPORT.SYS

0xF77FF000 \SystemRoot\System32\DRIVERS\usbehci.sys

0xBA2D1000 \SystemRoot\System32\DRIVERS\imapi.sys

0xBA7D4000 \SystemRoot\system32\drivers\pfc.sys

0xF79B9000 \SystemRoot\System32\Drivers\DLACDBHM.SYS

0xBA2C1000 \SystemRoot\System32\DRIVERS\cdrom.sys

0xF7697000 \SystemRoot\System32\DRIVERS\redbook.sys

0xB9C9D000 \SystemRoot\System32\DRIVERS\ks.sys

0xF7807000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

0xF76A7000 \SystemRoot\System32\DRIVERS\i8042prt.sys

0xBA7CC000 \SystemRoot\System32\Drivers\DKbFltr.sys

0xF780F000 \SystemRoot\System32\DRIVERS\kbdclass.sys

0xB9C84000 \SystemRoot\System32\DRIVERS\Apfiltr.sys

0xF7817000 \SystemRoot\System32\DRIVERS\mouclass.sys

0xF76B7000 \SystemRoot\System32\DRIVERS\smcirda.sys

0xBA7C4000 \SystemRoot\System32\DRIVERS\irenum.sys

0xB9C70000 \SystemRoot\System32\DRIVERS\parport.sys

0xBA7BC000 \SystemRoot\System32\DRIVERS\CmBatt.sys

0xB9C13000 \SystemRoot\System32\DRIVERS\ar5211.sys

0xB9BF3000 \SystemRoot\system32\DRIVERS\Rtnicxp.sys

0xF76C7000 \SystemRoot\System32\DRIVERS\EMS7SK.sys

0xF76D7000 \SystemRoot\System32\DRIVERS\ESD7SK.sys

0xB9BA2000 \SystemRoot\System32\DRIVERS\ESM7SK.sys

0xB97B3000 \SystemRoot\system32\drivers\ALCXWDM.SYS

0xB978F000 \SystemRoot\system32\drivers\portcls.sys

0xF76E7000 \SystemRoot\system32\drivers\drmk.sys

0xB965A000 \SystemRoot\System32\DRIVERS\AGRSM.sys

0xF781F000 \SystemRoot\System32\Drivers\Modem.SYS

0xB9DCE000 \SystemRoot\System32\DRIVERS\audstub.sys

0xF773F000 \SystemRoot\System32\DRIVERS\rasirda.sys

0xF7747000 \SystemRoot\System32\DRIVERS\TDI.SYS

0xF76F7000 \SystemRoot\System32\DRIVERS\rasl2tp.sys

0xBA791000 \SystemRoot\System32\DRIVERS\ndistapi.sys

0xB961B000 \SystemRoot\System32\DRIVERS\ndiswan.sys

0xF7587000 \SystemRoot\System32\DRIVERS\raspppoe.sys

0xF7577000 \SystemRoot\System32\DRIVERS\raspptp.sys

0xF774F000 \SystemRoot\System32\DRIVERS\ptilink.sys

0xF7757000 \SystemRoot\System32\DRIVERS\raspti.sys

0xF7567000 \SystemRoot\System32\DRIVERS\termdd.sys

0xF79BB000 \SystemRoot\System32\DRIVERS\swenum.sys

0xB956D000 \SystemRoot\System32\DRIVERS\update.sys

0xBA789000 \SystemRoot\System32\DRIVERS\mssmbios.sys

0xF7547000 \SystemRoot\System32\Drivers\NDProxy.SYS

0xF7507000 \SystemRoot\System32\DRIVERS\usbhub.sys

0xF79BF000 \SystemRoot\System32\DRIVERS\USBD.SYS

0xF7777000 \SystemRoot\system32\DRIVERS\usbprint.sys

0xF777F000 \SystemRoot\system32\DRIVERS\usbccgp.sys

0xF79C3000 \SystemRoot\System32\Drivers\Fs_Rec.SYS

0xF7A7E000 \SystemRoot\System32\Drivers\Null.SYS

0xF79C5000 \SystemRoot\System32\Drivers\Beep.SYS

0xF7787000 \SystemRoot\System32\Drivers\DLARTL_M.SYS

0xF778F000 \SystemRoot\System32\drivers\vga.sys

0xF79C7000 \SystemRoot\System32\Drivers\mnmdd.SYS

0xF79C9000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0xAF415000 \SystemRoot\System32\Drivers\meiudf.sys

0xAF404000 \SystemRoot\System32\Drivers\Udfs.SYS

0xF7797000 \SystemRoot\System32\Drivers\Msfs.SYS

0xF779F000 \SystemRoot\System32\Drivers\Npfs.SYS

0xF793B000 \SystemRoot\System32\DRIVERS\rasacd.sys

0xF77A7000 \??\C:\WINDOWS\system32\drivers\OAnet.sys

0xAF3F1000 \SystemRoot\System32\DRIVERS\ipsec.sys

0xF744B000 \SystemRoot\System32\DRIVERS\msgpc.sys

0xAF398000 \SystemRoot\System32\DRIVERS\tcpip.sys

0xAF372000 \SystemRoot\System32\DRIVERS\ipnat.sys

0xF743B000 \??\C:\WINDOWS\system32\drivers\OAmon.sys

0xF742B000 \SystemRoot\System32\DRIVERS\wanarp.sys

0xAF34A000 \SystemRoot\System32\DRIVERS\netbt.sys

0xAF300000 \SystemRoot\System32\drivers\afd.sys

0xF741B000 \SystemRoot\System32\DRIVERS\netbios.sys

0xF7887000 \SystemRoot\System32\DRIVERS\arp1394.sys

0xF79CB000 \SystemRoot\System32\Drivers\TPIoMngr.sys

0xF79CD000 \SystemRoot\System32\Drivers\SSIoMngr.sys

0xF79CF000 \SystemRoot\System32\Drivers\EPIoMngr.sys

0xF79D1000 \SystemRoot\System32\Drivers\EKIoMngr.sys

0xAF23E000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

0xF77AF000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

0xAF213000 \SystemRoot\System32\DRIVERS\rdbss.sys

0xF77B7000 \??\C:\WINDOWS\system32\drivers\oahlp32.sys

0xAF1E3000 \??\C:\WINDOWS\system32\drivers\OADriver.sys

0xAF173000 \SystemRoot\System32\DRIVERS\mrxsmb.sys

0xBA351000 \SystemRoot\System32\Drivers\Fips.SYS

0xF79D3000 \SystemRoot\System32\Drivers\ECioctl.sys

0xF77BF000 \SystemRoot\System32\DRIVERS\USBSTOR.SYS

0xBA7D8000 \SystemRoot\system32\DRIVERS\hidusb.sys

0xBA331000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

0xF77C7000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

0xBF800000 \SystemRoot\System32\win32k.sys

0xB9652000 \SystemRoot\System32\drivers\Dxapi.sys

0xF77CF000 \SystemRoot\System32\watchdog.sys

0xBF000000 \SystemRoot\System32\drivers\dxg.sys

0xBA093000 \SystemRoot\System32\drivers\dxgthk.sys

0xBF012000 \SystemRoot\System32\ati2dvag.dll

0xBF049000 \SystemRoot\System32\ati2cqag.dll

0xBF083000 \SystemRoot\System32\ati3d2ag.dll

0xBFFA0000 \SystemRoot\System32\ATMFD.DLL

0xAF2E0000 \SystemRoot\System32\Drivers\DRVNDDM.SYS

0xF7AA3000 \SystemRoot\System32\DLA\DLADResM.SYS

0xAEFB7000 \SystemRoot\System32\DLA\DLAIFS_M.SYS

0xF77DF000 \SystemRoot\System32\DLA\DLAOPIOM.SYS

0xF79E3000 \SystemRoot\System32\DLA\DLAPoolM.SYS

0xF79E5000 \??\C:\WINDOWS\System32\drivers\TBiosDrv.sys

0xF77E7000 \SystemRoot\System32\DLA\DLABMFSM.SYS

0xF77EF000 \SystemRoot\System32\DLA\DLABOIOM.SYS

0xAEF79000 \SystemRoot\System32\DLA\DLAUDFAM.SYS

0xAEF62000 \SystemRoot\System32\DLA\DLAUDF_M.SYS

0xAEE5C000 \SystemRoot\System32\DRIVERS\irda.sys

0xAEFDF000 \SystemRoot\System32\DRIVERS\mdc8021x.sys

0xAEFD7000 \SystemRoot\System32\DRIVERS\ndisuio.sys

0xAEFCF000 \SystemRoot\System32\DRIVERS\netdevio.sys

0xAECD0000 \SystemRoot\System32\Drivers\Fastfat.SYS

0xAEEAA000 \SystemRoot\System32\Drivers\Cdfs.SYS

0xAEAB3000 \SystemRoot\system32\drivers\wdmaud.sys

0xAED5C000 \SystemRoot\system32\drivers\sysaudio.sys

0xF7991000 \SystemRoot\System32\Drivers\ParVdm.SYS

0xF7993000 \SystemRoot\System32\Drivers\ASCTRM.SYS

0xAE7D9000 \SystemRoot\System32\DRIVERS\srv.sys

0xF7767000 \SystemRoot\system32\DRIVERS\v2imount.sys

0xAE400000 \SystemRoot\System32\Drivers\HTTP.sys

0xF79EB000 \SystemRoot\system32\DRIVERS\psi_mf.sys

0xAE040000 \SystemRoot\system32\drivers\kmixer.sys

0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 43):

0 System Idle Process

4 System

416 C:\WINDOWS\system32\smss.exe

468 csrss.exe

492 C:\WINDOWS\system32\winlogon.exe

536 C:\WINDOWS\system32\services.exe

548 C:\WINDOWS\system32\lsass.exe

772 C:\WINDOWS\system32\ati2evxx.exe

788 C:\WINDOWS\system32\svchost.exe

840 svchost.exe

932 C:\WINDOWS\system32\svchost.exe

980 C:\WINDOWS\system32\acs.exe

1036 svchost.exe

1104 svchost.exe

1240 C:\Program Files\Tall Emu\Online Armor\oacat.exe

1356 C:\Program Files\Tall Emu\Online Armor\oasrv.exe

1576 C:\WINDOWS\explorer.exe

1636 C:\Program Files\Tall Emu\Online Armor\a2\avgate.exe

1772 C:\WINDOWS\system32\spoolsv.exe

1452 C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe

1288 C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe

1536 C:\WINDOWS\system32\DVDRAMSV.exe

1616 C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

1920 C:\Program Files\Java\jre6\bin\jqs.exe

1940 C:\Program Files\Common Files\Motive\McciCMService.exe

384 C:\Program Files\Norton Ghost\Agent\VProSvc.exe

800 C:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe

1424 C:\WINDOWS\system32\wuauclt.exe

2120 C:\WINDOWS\system32\wscntfy.exe

2480 alg.exe

2924 C:\Program Files\Toshiba\E-KEY\CeEKey.exe

2956 C:\Program Files\Norton Ghost\Agent\VProTray.exe

3016 C:\Program Files\Tall Emu\Online Armor\oaui.exe

3292 C:\Program Files\QuickTime\QTTask.exe

3420 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe

3592 C:\Program Files\Common Files\Java\Java Update\jusched.exe

3684 C:\Program Files\Tall Emu\Online Armor\oahlp.exe

3716 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

3820 C:\WINDOWS\system32\ctfmon.exe

2020 C:\WINDOWS\system32\RAMASST.exe

2288 C:\Program Files\Secunia\PSI\psi.exe

3452 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

376 C:\Documents and Settings\Yosemitest\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

\\.\E: --> \\.\PhysicalDrive4 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: IC25N060ATMR04-0, Rev: MO3OAD4A

PhysicalDrive4 Model Number: WD3200BMV External, Rev: 1.75

Size Device Name MBR Status

--------------------------------------------

55 GB \\.\PhysicalDrive0 Windows XP MBR code detected

SHA1: 31D100779DE502702C374F7C15687B56FCFD5528

298 GB \\.\PhysicalDrive4 RE: Windows XP MBR code detected

SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

Done!

RSIT.exe works and here's it's last log:

Logfile of random's system information tool 1.08 (written by random/random)

Run by Yosemitest at 2010-11-07 04:17:44

Microsoft Windows XP Home Edition Service Pack 3

System drive C: has 35 GB (61%) free of 57 GB

Total RAM: 1407 MB (51% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 4:18:19 AM, on 11/7/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\ACS.exe

C:\Program Files\Tall Emu\Online Armor\OAcat.exe

C:\Program Files\Tall Emu\Online Armor\oasrv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Tall Emu\Online Armor\a2\AVGate.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\WINDOWS\System32\DVDRAMSV.exe

C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\Program Files\Norton Ghost\Agent\VProSvc.exe

c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe

C:\Program Files\Norton Ghost\Agent\VProTray.exe

C:\Program Files\Tall Emu\Online Armor\oaui.exe

C:\Program Files\QuickTime\QTTask.exe

C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Tall Emu\Online Armor\OAhlp.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\RAMASST.exe

C:\Program Files\Secunia\PSI\psi.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Documents and Settings\Yosemitest\Desktop\RSIT.exe

C:\Program Files\trend micro\Yosemitest.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/?_bc=1

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\PROGRA~1\ATTTOO~1\ATTTOO~1.DLL

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\PROGRA~1\ATTTOO~1\ATTTOO~1.DLL

O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll

O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe

O4 - HKLM\..\Run: [Norton Ghost 12.0] "C:\Program Files\Norton Ghost\Agent\VProTray.exe"

O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')

O4 - Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe

O4 - Startup: Secunia PSI.lnk.disabled

O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com

O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} (Microsoft Genuine Advantage Self Support Tool) - http://go.microsoft.com/fwlink/?LinkId=82580

O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/...can8/oscan8.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1263753328312

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1268878578687

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\ACS.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe

O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe

O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe

O23 - Service: Online Armor Helper Service (OAcat) - Unknown owner - C:\Program Files\Tall Emu\Online Armor\OAcat.exe

O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe

O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: Online Armor (SvcOnlineArmor) - Unknown owner - C:\Program Files\Tall Emu\Online Armor\oasrv.exe

O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe

--

End of file - 10456 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

C:\WINDOWS\tasks\User_Feed_Synchronization-{12D078C1-5059-4DE5-AB10-55AE476487A1}.job

C:\WINDOWS\tasks\User_Feed_Synchronization-{D7C358D2-1DB2-4DF6-8C83-B029751EFA5B}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29}]

AT&&T Toolbar - C:\PROGRA~1\ATTTOO~1\ATTTOO~1.DLL [2008-05-23 1865544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C920E44A-7F78-4E64-BDD7-A57026E7FEB7}]

WOT Helper - C:\Program Files\WOT\WOT.dll [2010-03-03 1677472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-11-06 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-11-06 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2003-04-28 360448]

{4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - AT&&T Toolbar - C:\PROGRA~1\ATTTOO~1\ATTTOO~1.DLL [2008-05-23 1865544]

{71576546-354D-41c9-AAE8-31F2EC22BF0D} - WOT - C:\Program Files\WOT\WOT.dll [2010-03-03 1677472]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"CeEKEY"=C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe [2004-05-06 638976]

"Norton Ghost 12.0"=C:\Program Files\Norton Ghost\Agent\VProTray.exe [2007-03-28 2037352]

"@OnlineArmor GUI"=C:\Program Files\Tall Emu\Online Armor\oaui.exe [2010-11-05 2345000]

"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-09-08 421888]

"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]

"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]

"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-09-11 218032]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-04-21 335872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]

C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe [2006-11-15 1121016]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup

RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe

C:\Documents and Settings\Yosemitest\Start Menu\Programs\Startup

Secunia PSI.lnk - C:\Program Files\Secunia\PSI\psi.exe

Secunia PSI.lnk.disabled - C:\Program Files\Secunia\PSI\psi.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]

C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2009-09-03 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{4F07DA45-8170-4859-9B5F-037EF2970034}"=C:\PROGRA~1\TALLEM~1\ONLINE~1\oaevent.dll [2010-11-05 353992]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\BITS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MSIServer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rootrepeal.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WUAUSERV]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=323

"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoResolveSearch"=1

"HonorAutoRunSetting"=1

"NoDriveAutoRun"=67108863

"NoDriveTypeAutoRun"=323

"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\WINDOWS\Network Diagnostic\xpnetdiag.exe"="C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-11-07 04:17:44 ----D---- C:\rsit

2010-11-07 03:09:07 ----RD---- C:\32788R22FWJFW

2010-11-07 03:07:37 ----A---- C:\ComboFix.exe

2010-11-07 02:48:31 ----ASH---- C:\hiberfil.sys

2010-11-06 06:02:11 ----D---- C:\Program Files\Common Files\Java

2010-11-06 06:01:14 ----A---- C:\WINDOWS\system32\javaws.exe

2010-11-06 06:01:14 ----A---- C:\WINDOWS\system32\javaw.exe

2010-11-06 06:01:14 ----A---- C:\WINDOWS\system32\java.exe

2010-11-06 05:21:22 ----HDC---- C:\WINDOWS\$NtUninstallKB2360937$

2010-11-06 05:21:11 ----HDC---- C:\WINDOWS\$NtUninstallKB2279986$

2010-11-06 05:20:57 ----HDC---- C:\WINDOWS\$NtUninstallKB981957$

2010-11-06 05:20:42 ----HDC---- C:\WINDOWS\$NtUninstallKB982132$

2010-11-06 05:16:29 ----HDC---- C:\WINDOWS\$NtUninstallKB2387149$

2010-11-06 05:16:15 ----HDC---- C:\WINDOWS\$NtUninstallKB2378111_WM9$

2010-11-06 05:15:26 ----HDC---- C:\WINDOWS\$NtUninstallKB2345886$

2010-11-06 05:15:16 ----HDC---- C:\WINDOWS\$NtUninstallKB2296011$

2010-11-06 05:14:59 ----HDC---- C:\WINDOWS\$NtUninstallKB979687$

2010-11-06 04:34:10 ----D---- C:\Program Files\Secunia

======List of files/folders modified in the last 1 months======

2010-11-07 04:18:19 ----D---- C:\Program Files\Trend Micro

2010-11-07 04:15:53 ----D---- C:\WINDOWS\system32\CatRoot2

2010-11-07 04:13:14 ----A---- C:\WINDOWS\ModemLog_TOSHIBA Software Modem.txt

2010-11-07 03:37:36 ----D---- C:\WINDOWS\Prefetch

2010-11-07 03:26:04 ----D---- C:\WINDOWS\temp

2010-11-07 03:13:34 ----D---- C:\WINDOWS

2010-11-07 02:52:41 ----D---- C:\WINDOWS\system32

2010-11-07 02:52:41 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2010-11-07 02:30:01 ----N---- C:\WINDOWS\SchedLgU.Txt

2010-11-06 08:41:43 ----D---- C:\WINDOWS\Microsoft.NET

2010-11-06 08:41:42 ----RSD---- C:\WINDOWS\assembly

2010-11-06 06:58:18 ----D---- C:\WINDOWS\system32\GroupPolicy

2010-11-06 06:17:41 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2010-11-06 06:17:39 ----D---- C:\WINDOWS\Debug

2010-11-06 06:02:11 ----SHD---- C:\WINDOWS\Installer

2010-11-06 06:02:11 ----D---- C:\Program Files\Common Files

2010-11-06 06:00:40 ----A---- C:\WINDOWS\system32\deployJava1.dll

2010-11-06 05:39:30 ----D---- C:\Program Files\Internet Explorer

2010-11-06 05:33:53 ----A---- C:\WINDOWS\system32\MRT.exe

2010-11-06 05:30:06 ----D---- C:\WINDOWS\WinSxS

2010-11-06 05:21:31 ----HD---- C:\WINDOWS\inf

2010-11-06 05:21:27 ----RSHDC---- C:\WINDOWS\system32\dllcache

2010-11-06 05:21:21 ----HD---- C:\WINDOWS\$hf_mig$

2010-11-06 05:20:01 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help

2010-11-06 05:15:29 ----D---- C:\WINDOWS\system32\drivers

2010-11-06 04:59:33 ----D---- C:\Program Files\Common Files\Adobe

2010-11-06 04:59:33 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe

2010-11-06 04:51:54 ----D---- C:\Program Files\Common Files\Adobe AIR

2010-11-06 04:34:10 ----RD---- C:\Program Files

2010-11-06 01:24:14 ----SHD---- C:\System Volume Information

2010-11-06 01:24:14 ----D---- C:\WINDOWS\system32\Restore

2010-11-06 00:36:59 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP

2010-11-06 00:36:56 ----D---- C:\Program Files\SpywareBlaster

2010-11-06 00:35:17 ----D---- C:\WINDOWS\system32\drivers\etc

2010-11-05 23:15:28 ----D---- C:\Program Files\My Opera Web Browser

2010-11-05 17:02:45 ----RA---- C:\Boot.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 caboagp;ATI Cabo AGP Filter; C:\WINDOWS\System32\DRIVERS\atisgkaf.sys [2003-04-23 13174]

R0 drvmcdb;drvmcdb; C:\WINDOWS\System32\Drivers\DRVMCDB.SYS [2006-10-25 99816]

R0 ohci1394;Texas Instruments OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\System32\DRIVERS\ohci1394.sys [2008-04-13 61696]

R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2006-08-09 36560]

R0 symsnap;Symantec Volume Snap Shot Driver; C:\WINDOWS\system32\DRIVERS\symsnap.sys [2007-03-28 131944]

R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2006-09-15 12920]

R1 DLARTL_M;DLARTL_M; C:\WINDOWS\System32\Drivers\DLARTL_M.SYS [2006-09-15 28184]

R1 ECioctl;ECioctl; C:\WINDOWS\System32\Drivers\ECioctl.sys [2004-05-06 4816]

R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]

R1 meiudf;meiudf; C:\WINDOWS\System32\Drivers\meiudf.sys [2003-10-24 90416]

R1 OADevice;OADriver; \??\C:\WINDOWS\system32\drivers\OADriver.sys []

R1 oahlpXX;Online Armor helper driver; \??\C:\WINDOWS\system32\drivers\oahlp32.sys []

R1 OAmon;OAmon; \??\C:\WINDOWS\system32\drivers\OAmon.sys []

R1 OAnet;OAnet; \??\C:\WINDOWS\system32\drivers\OAnet.sys []

R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []

R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS []

R1 SrvcEKIOMngr;SrvcEKIOMngr; C:\WINDOWS\System32\Drivers\EKIoMngr.sys [2004-05-05 6272]

R1 SrvcEPIOMngr;SrvcEPIOMngr; C:\WINDOWS\System32\Drivers\EPIoMngr.sys [2004-05-05 6272]

R1 SrvcSSIOMngr;SrvcSSIOMngr; C:\WINDOWS\System32\Drivers\SSIoMngr.sys [2004-05-05 6272]

R1 SrvcTPIOMngr;SrvcTPIOMngr; C:\WINDOWS\System32\Drivers\TPIoMngr.sys [2004-05-05 6272]

R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2003-12-02 8552]

R2 DLABMFSM;DLABMFSM; C:\WINDOWS\System32\DLA\DLABMFSM.SYS [2006-11-01 35064]

R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2006-11-01 32472]

R2 DLADResM;DLADResM; C:\WINDOWS\System32\DLA\DLADResM.SYS [2006-11-01 9400]

R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2006-11-01 104760]

R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2006-11-01 26744]

R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2006-11-01 14520]

R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2006-11-01 98104]

R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2006-11-01 94648]

R2 drvnddm;drvnddm; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2006-09-15 51768]

R2 irda;IrDA Protocol; C:\WINDOWS\System32\DRIVERS\irda.sys [2008-04-13 88192]

R2 MDC8021X;AEGIS Protocol (IEEE 802.1x) v2.3.1.9; C:\WINDOWS\System32\DRIVERS\mdc8021x.sys [2003-12-02 15781]

R2 Netdevio;TOSHIBA Network Device Usermode I/O Protocol; C:\WINDOWS\System32\DRIVERS\netdevio.sys [2003-01-29 12032]

R2 TBiosDrv;TBiosDrv; \??\C:\WINDOWS\System32\drivers\TBiosDrv.sys []

R2 v2imount;Symantec V2i Mount Driver; C:\WINDOWS\system32\DRIVERS\v2imount.sys [2007-03-28 37864]

R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\WINDOWS\System32\DRIVERS\AGRSM.sys [2004-02-20 1265388]

R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2008-09-24 4122368]

R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\System32\DRIVERS\Apfiltr.sys [2004-05-08 101833]

R3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\System32\DRIVERS\ar5211.sys [2004-04-18 380160]

R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]

R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2004-04-22 729088]

R3 DKbFltr;Dritek HotKey Keyboard Filter Driver; C:\WINDOWS\System32\Drivers\DKbFltr.sys [2004-01-12 17497]

R3 EMSCR;EMSCR; C:\WINDOWS\System32\DRIVERS\EMS7SK.sys [2004-05-18 57216]

R3 EPOWER;Compal E-POWER Driver; C:\WINDOWS\System32\Drivers\hkdrv.sys [2004-05-20 4224]

R3 ESDCR;ESDCR; C:\WINDOWS\System32\DRIVERS\ESD7SK.sys [2004-05-18 36224]

R3 ESMCR;ESMCR; C:\WINDOWS\System32\DRIVERS\ESM7SK.sys [2004-05-11 330496]

R3 GEARAspiWDM;GearAspiWDM; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2007-03-28 15664]

R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]

R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]

R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2002-10-01 9856]

R3 PSI;PSI; C:\WINDOWS\system32\DRIVERS\psi_mf.sys [2010-07-07 14904]

R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]

R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2009-03-25 130432]

R3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\System32\DRIVERS\smcirda.sys [2002-11-05 39424]

R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]

R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]

R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

S1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2006-07-24 2432]

S1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2006-07-24 2560]

S3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2003-12-11 391424]

S3 catchme;catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys []

S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS []

S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []

S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []

S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []

S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS []

S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []

S3 RTL8023;Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver; C:\WINDOWS\System32\DRIVERS\Rtlnic51.sys [2003-08-13 65280]

S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-04 20992]

S3 SABProcEnum;SABProcEnum; \??\C:\Program Files\Internet Explorer\SABProcEnum.sys []

S3 VProEventMonitor;Symantec Event Monitor Driver; C:\WINDOWS\system32\DRIVERS\vproeventmonitor.sys [2007-03-28 14072]

S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\System32\DRIVERS\wanatw4.sys []

S3 WimFltr;WimFltr; C:\WINDOWS\system32\DRIVERS\wimfltr.sys [2007-03-28 128104]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

S4 RxFilter;RxFilter; C:\WINDOWS\system32\DRIVERS\RxFilter.sys [2006-12-02 50688]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACS;Atheros Configuration Service; C:\WINDOWS\System32\ACS.exe [2004-04-09 20480]

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [2004-04-22 397312]

R2 CeEPwrSvc;CeEPwrSvc; C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe [2004-01-08 36973]

R2 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2004-03-04 28672]

R2 DVD-RAM_Service;DVD-RAM_Service; C:\WINDOWS\System32\DVDRAMSV.exe [2003-05-23 106496]

R2 IntuitUpdateService;Intuit Update Service; C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [2009-09-29 13088]

R2 Irmon;Infrared Monitor; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-11-06 153376]

R2 McciCMService;McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [2010-07-27 319488]

R2 Norton Ghost;Norton Ghost; C:\Program Files\Norton Ghost\Agent\VProSvc.exe [2007-03-28 3290728]

R2 OAcat;Online Armor Helper Service; C:\Program Files\Tall Emu\Online Armor\OAcat.exe [2010-11-05 380784]

R2 SvcOnlineArmor;Online Armor; C:\Program Files\Tall Emu\Online Armor\oasrv.exe [2010-11-05 3653208]

R2 Swupdtmr;Swupdtmr; c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe [2004-05-13 53248]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 267776]

S2 Roxio Upnp Server 9;Roxio Upnp Server 9; C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe [2006-12-13 294912]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]

S3 getPlusHelper;getPlus® Helper; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]

S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]

S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 Roxio UPnP Renderer 9;Roxio UPnP Renderer 9; C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe [2006-12-13 57344]

S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2007-01-16 880640]

S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2007-01-15 73728]

S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe []

S4 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE []

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

I don't know what else to do.

Sincerely, Yosemitest.

Link to post
Share on other sites

Hello screen 317,

Here's the analysis for C:\WINDOWS\system32\logon.scr:

0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.

File name:

logon.scr

Submission date:

2010-11-08 20:12:33 (UTC)

Current status:

finished

Result:

0/ 43 (0.0%) VT Community

not reviewed

Safety score: -

Compact

Print results Antivirus Version Last Update Result

AhnLab-V3 2010.11.09.00 2010.11.08 -

AntiVir 7.10.13.172 2010.11.08 -

Antiy-AVL 2.0.3.7 2010.11.08 -

Authentium 5.2.0.5 2010.11.08 -

Avast 4.8.1351.0 2010.11.08 -

Avast5 5.0.594.0 2010.11.08 -

AVG 9.0.0.851 2010.11.08 -

BitDefender 7.2 2010.11.08 -

CAT-QuickHeal 11.00 2010.11.04 -

ClamAV 0.96.4.0-git 2010.11.08 -

Comodo 6654 2010.11.08 -

DrWeb 5.0.2.03300 2010.11.08 -

Emsisoft 5.0.0.50 2010.11.08 -

eSafe 7.0.17.0 2010.11.08 -

eTrust-Vet 36.1.7961 2010.11.08 -

F-Prot 4.6.2.117 2010.11.08 -

F-Secure 9.0.16160.0 2010.11.08 -

Fortinet 4.2.249.0 2010.11.08 -

GData 21 2010.11.08 -

Ikarus T3.1.1.90.0 2010.11.08 -

Jiangmin 13.0.900 2010.11.08 -

K7AntiVirus 9.67.2929 2010.11.08 -

Kaspersky 7.0.0.125 2010.11.08 -

McAfee 5.400.0.1158 2010.11.08 -

McAfee-GW-Edition 2010.1C 2010.11.08 -

Microsoft 1.6301 2010.11.08 -

NOD32 5602 2010.11.08 -

Norman 6.06.10 2010.11.08 -

nProtect 2010-11-08.02 2010.11.08 -

Panda 10.0.2.7 2010.11.08 -

PCTools 7.0.3.5 2010.11.08 -

Prevx 3.0 2010.11.08 -

Rising 22.72.06.04 2010.11.08 -

Sophos 4.59.0 2010.11.08 -

Sunbelt 7254 2010.11.08 -

SUPERAntiSpyware 4.40.0.1006 2010.11.08 -

Symantec 20101.2.0.161 2010.11.08 -

TheHacker 6.7.0.1.080 2010.11.08 -

TrendMicro 9.120.0.1004 2010.11.08 -

TrendMicro-HouseCall 9.120.0.1004 2010.11.08 -

VBA32 3.12.14.1 2010.11.08 -

ViRobot 2010.10.4.4074 2010.11.08 -

VirusBuster 12.72.3.0 2010.11.08 -

Additional information

Show all

MD5 : 9fad7dff67555ff1e06bc4a3893024a7

SHA1 : 0012fc30946cb2cd56bdb140ace7504065add85b

SHA256: 029896c1949c60fbb58e21194b3b141dac5117d641bc59671c1b623d8041401c

ssdeep: 3072:sD/XpaIC/jdelKE90KmIJQ3FKrKOYHhph3Z0ojWPTKGloGjHlJ7gB968Z7/CZTHP:sD/Xp

q8z4K14huX

File size : 220672 bytes

First seen: 2008-04-23 19:04:02

Last seen : 2010-11-08 20:12:33

TrID:

Win64 Executable Generic (63.0%)

Win32 Executable MS Visual C++ (generic) (27.7%)

Win32 Executable Generic (6.2%)

Generic Win/DOS Executable (1.4%)

DOS Executable Generic (1.4%)

sigcheck:

publisher....: Microsoft Corporation

copyright....: © Microsoft Corporation. All rights reserved.

product......: Microsoft_ Windows_ Operating System

description..: Logon Screen Saver

original name: logon

internal name: logon

file version.: 5.1.2600.5512 (xpsp.080413-2105)

comments.....: n/a

signers......: -

signing date.: -

verified.....: Unsigned

PEInfo: PE structure information

[[ basic data ]]

entrypointaddress: 0x282E

timedatestamp....: 0x480252AB (Sun Apr 13 18:36:27 2008)

machinetype......: 0x14c (I386)

[[ 3 section(s) ]]

name, viradd, virsiz, rawdsiz, ntropy, md5

.text, 0x1000, 0x22EA, 0x2400, 6.18, 72eb87e8d5f42be2e84b835a081fd5d2

.data, 0x4000, 0x164, 0x200, 1.71, 6b8b14a8c940e6a15f82334e3d4cb1de

.rsrc, 0x5000, 0x332A8, 0x33400, 3.89, 6c30ed79464c4ffacecd3b90e961fb45

[[ 7 import(s) ]]

USER32.dll: PeekMessageW, SendMessageW, DialogBoxParamW, GetParent, IsWindow, SetCursor, GetForegroundWindow, TranslateMessage, GetMessageW, SetForegroundWindow, FindWindowW, GetClientRect, CharNextW, ReleaseDC, DispatchMessageW, LoadStringW, MessageBoxW, EndDialog, DefWindowProcW, ShowWindow, SetRect, FillRect, DrawIcon, LoadImageW, RegisterClassW, CreateWindowExW, SetTimer, PostMessageW, GetSystemMetrics, LoadIconW, InvalidateRect, SetWindowPos, BeginPaint, EndPaint, GetDC, RegisterWindowMessageW, SystemParametersInfoW, GetCursorPos, PostQuitMessage

GDI32.dll: GetStockObject, SelectPalette, RealizePalette, BitBlt, GetObjectW, CreateCompatibleDC, SelectObject, GetDIBColorTable, CreatePalette, DeleteObject, GetClipBox

SHLWAPI.dll: -

msvcrt.dll: _controlfp, __set_app_type, __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _initterm, __getmainargs, __initenv, exit, _cexit, _XcptFilter, _exit, _c_exit, _except_handler3

ADVAPI32.dll: RegQueryValueExW, RegOpenKeyW, RegCloseKey

KERNEL32.dll: QueryPerformanceCounter, LoadLibraryExW, FreeLibrary, ExitProcess, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, Sleep, GetProcAddress, GetModuleHandleW, LoadLibraryW, GlobalAlloc, GlobalLock, GetSystemPowerStatus, GetVersionExW, GlobalUnlock, GlobalFree, GetStartupInfoW, GetCommandLineW, GetModuleHandleA, GetTickCount

COMCTL32.dll: InitCommonControlsEx

VT Community

This file has never been reviewed by any VT Community member. Be the first one to comment on it!C:\WINDOWS\system32\logon.scr

Is there anything there?

Sincerely, Yosemitest

Link to post
Share on other sites

Okay screen317,

About half the time, when I turn on my computer, I'll lose the Realtek AC97 driver. If I kill the power, and restart the computer, on the restart, usually the Realtek sound system will come back. But, if I click start and turn the computer off, or choose to restart the computer, it won't return, and I'll have to reload from a ghost image. The Realtek sound system is hardwired into my motherboard on my Toshiba A75 S226 laptop.

Second, my "Online Armor++" will not finish a full scan now. About thirty minutes into the scan, I get the notice from "Online Armor++" that

"logon.scr" is blocked. So I go to view the history log in my "Online Armor++" and see

"C:\WINDOWS\system32\winlogon.exe - > C:\WINDOWS\system32\logon.scr"

Before I chose to block "logon.scr" this item was logged into my history file, I was getting entries almost every second.

Below is a copy of the history file.

That didn't work, so I'll attach the history log.

I don't know all of what this means, but the kernel events, I did NOT choose.

Is there a way to look at what my computer loads BEFORE it loads Windows XP SP3?

Sincerely, Yosemitest

Online_Armor_History.txt

Link to post
Share on other sites

  • Staff

Hi,

Okay screen317,

About half the time, when I turn on my computer, I'll lose the Realtek AC97 driver. If I kill the power, and restart the computer, on the restart, usually the Realtek sound system will come back. But, if I click start and turn the computer off, or choose to restart the computer, it won't return, and I'll have to reload from a ghost image. The Realtek sound system is hardwired into my motherboard on my Toshiba A75 S226 laptop.

Try a fresh download and install of your Realtek drivers.
Second, my "Online Armor++" will not finish a full scan now. About thirty minutes into the scan, I get the notice from "Online Armor++" that

"logon.scr" is blocked. So I go to view the history log in my "Online Armor++" and see

"C:\WINDOWS\system32\winlogon.exe - > C:\WINDOWS\system32\logon.scr"

Before I chose to block "logon.scr" this item was logged into my history file, I was getting entries almost every second.

Below is a copy of the history file.

That didn't work, so I'll attach the history log.

Why did you choose to block it???
I don't know all of what this means, but the kernel events, I did NOT choose.
Do you honestly know what any of those actually mean?
Is there a way to look at what my computer loads BEFORE it loads Windows XP SP3?
We already did. Your MBR looks clean.

I would be more concerned about this from the OA log:

Keylogger detected: ati2evxx.exe 11/10/2010 0:09 Blocked C:\WINDOWS\system32\ati2evxx.exe

Either that is a really bad false positive or I'm afraid I have bad news.

Your log reveals an information stealing trojan.

I would counsel you to disconnect this PC from the Internet immediately, and only reconnect to download any tools that are required. If you do any banking or other financial transactions on the PC or it if it contains any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

You will need to change your passwords, and all other sensitive information, but only once your system is deemed clean.

-screen317

Link to post
Share on other sites

Hi screen317,

That's alot to respond to.

Yes, I DO have financial info.

Before I answer your questions, let me add that when I log onto the computer, my Online Armor++ Firewall Status Log show some red code info coming into my computer, but no name or address that it's coming from. Here's that log, and I think it's trouble, but I don't know.

12/11/10 02:32:15 UDP <- 169.254.238.22:68, 192.168.1.254:67

Rule not found. Packet dropped.

12/11/10 02:32:15 UDP <- 169.254.238.22:68, 192.168.1.254:67

Rule not found. Packet dropped.

12/11/10 02:32:15 UDP <- 169.254.238.22:68, 192.168.1.254:67

Rule not found. Packet dropped.

12/11/10 02:32:15 UDP <- 169.254.238.22:68, 192.168.1.254:67

Rule not found. Packet dropped.

12/11/10 02:32:15 UDP <- 169.254.238.22:68, 192.168.1.254:67

Rule not found. Packet dropped.

12/11/10 02:32:15 UDP <- 169.254.238.22:68, 192.168.1.254:67

Rule not found. Packet dropped.

12/11/10 02:32:15 UDP <- 169.254.238.22:68, 192.168.1.254:67

Rule not found. Packet dropped.

How do I stop this?

I still think that I have an MBR Rootkit Malware that's loaded on both my backup drive ("E" drive) and also on my main drive ("C" Drive).

"logon.scr" Why did you choose to block it???

I didn't trust it, and thought if I blocked it, that it would stop all those "kernel events", and it did cut them down to a fewer number.

And NO, I don't know what those "kernel events" are.

When I researched "Keylogger detected: ati2evxx.exe 11/10/2010 0:09 Blocked C:\WINDOWS\system32\ati2evxx.exe" http://www.what-is-exe.com/filenames/ati2evxx-exe.html says it was probably installed with my ATI video driver.

BUT, BECAUSE it has a threat potential, I blocked it, and as long as my firewall is on, it stays blocked.

I'm afraid that if I remove it, I'll lose my computer screen function. But I don't know. My computer is 1999 to 2000 technology.

You know, I don't mean to whine, but I really am tight on money. I want to buy an Apple Laptop, but I keep putting it off.

I'm so sick of Windows, but I spend all this time fighting problems with Windows.

I've got over 30 years of air traffic controller experience, and I've be around Windows and other operating systems as a "User" for may years.

But I've never used an Apple Computer, and after all I've read and heard, I can't help but think that I'd have less trouble with an Apple.

What do you think?

Should I go ahead and make the payments on a new laptop from Apple?

Sincerely, Yosemitest.

Link to post
Share on other sites

  • Staff

I'm going to be honest here: It seems that all of the "issues" here stem from paranoid firewall rules that have been set.

You do not have an MBR Rootkit. You do not seem to have any other sort of infection. I'm willing to bet that if you uninstalled Comodo (to troubleshoot), you wouldn't see anymore issues.

"logon.scr" Why did you choose to block it???

I didn't trust it, and thought if I blocked it, that it would stop all those "kernel events", and it did cut them down to a fewer number.

And NO, I don't know what those "kernel events" are.

That is the problem with blocking things you don't know about. They cause system issues because the things you blocked were related to a legitimate process and not malware.

Link to post
Share on other sites

Hello screen317,

It seems that all of the "issues" here stem from paranoid firewall rules that have been set.

You may be right, but how do I change them, and what do I change?

I don't have Comodo to uninstall. I have Online Armor++.

So I should allow "logon.scr"?

And these "Packet dropped", what do I do about them? Are they on my computer? How do I find them if they are?

Or are they already "Deleted"?

Sincerely, Yosemitest

Link to post
Share on other sites

  • Staff

Hi,

Typo on my part; I meant Online Armor.

Try uninstalling it (if only temporarily). After that, restart your computer and see if any issues actually remain.

So I should allow "logon.scr"?
Of course you should; it's a legitimate file. You can see for yourself:

http://www.google.com/search?q=logon.scr&a...lient=firefox-a

It appears you are not running any sort of antivirus software. It is really dangerous to go online without an antivirus. Without one, you are extremely likely to get infected and the consequences could be even worse next time. All of the following are excellent free antiviruses. Be sure to only install one. Don't change any of their default settings, or you will wind up in a situation like you are currently in.....

Microsoft Security Essentials

avast!.

Let me know how it goes.

-screen317

Link to post
Share on other sites

Screen317,

My "Online Armor++" has "Antivirus" in it. I also have "SUPER Anti-Spyware Pro Lifetime" and I intent on buying the pay version of Malwarebytes, but for now I'm running the free version. I use SpywareBlaster and Spybot - Search and Destroy as well.

Do you still think I need more "Antivirus"?

I've used "Microsoft Security Essentials" before and didn't like it. It uses too much processor percentage, and slows my computer down.

And if I uninstall "Online Armor++" or turn it's firewall off then I get into trouble.

Every time I restart my computer, something reloads two files and many Alternate Data Streams.

The files are:

C:\Documents and Settings\All Users\Application Data\Symantec\hpc\:3898751835 Suspicious (alternate data stream)

C:\Documents and Settings\All Users\Application Data\TEMP\:5C321E34 Suspicious (alternate data stream)

I have used "RootRepeal.exe" to "Wipe" and "Force Delete" these two files many times, but they keep coming back. The problem I have, I believe, is directly related to these two files reappearing, even after I delete them. That is why I believe I have an MBR Rootkit, loading them every time I restart my computer.

Sincerely, Yosemitest.

Link to post
Share on other sites

It's been a long day, screen317,

I tried ComboFix in Safe Mode and it locked up. I turned it on at 12:30pm andwatched it for about 30 minutes. I went to town and came back at 8:45pm.

The computer clock showed 1:27pm, so that's when the computer locked up.

I believe I need to know more about how to use more features of my "Online Armor++" Firewall.

Under "Firewall" "Program Access" there's a column for "RAW" and a column for "ICMP" for each entry or program. Some of the choices in these columns are "? n/a ", "allow", and "block".

I believe I have accidentally allowed this malware into my computer and it has a "pinger" to show when I'm on the internet to whoever is runing the malware, and they are sending packages into my computer in "RAW or ICMP" form.

I don't know for sure, and I'm guessing.

I just don't know what to do, and I'm getting very tired of fighting this problem.

Is an Apple computer any safer?

Sincerely, Yosemitest

Link to post
Share on other sites

  • Staff

Yeah you'll probably be better off with an Apple, but the problem is that Online Armor is preventing ComboFix from running.

You'll need to at least temporarily uninstall it for ComboFix to proceed, then after the infection is gone, we can reinstall Online Armor and make sure it's configured properly.

How does that sound?

Link to post
Share on other sites

Screen317,

Uninstalling "Online Armor++" sounds very scary, but I'm backed up.

But before I do should I uninstall any of the following:

Secunia PSI Updater

Spybot - Search and Destroy

SpywareBlaster

SUPER Anti-Spyware Pro Lifetime

Malwarebytes' Anti-Malware

CCleaner

RootRepeal.exe

S@E.exe

Maybe it would be easier if I give you control of my computer.

Sincerely, Yosemitest

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.