Fails to install or run anti-virus or firewall

**jjedjo** · 2008-01-20, 02:28

My laptop fails to install Zone Alarm and fails to install/run various anti-virus software.

What should I do?

Here is a hijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:22:51, on 20/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\TOSHIBA\TOSHIBA RAID\Service\kraidsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\WINDOWS\system32\ThpSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA RAID\Service\krdevctl.exe
C:\WINDOWS\System32\tabbtnu.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\WINDOWS\system32\00THotkey.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\TOSHIBA\TOSHIBA RAID\Console\Kraidman.exe
C:\WINDOWS\system32\TFNF5.exe
C:\WINDOWS\system32\TPSODDCtl.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
C:\Program Files\TOSHIBA\Acceleration Utilities\TAcelMgr\TAcelMgr.exe
C:\Program Files\TOSHIBA\Acceleration Utilities\Shaker\TSkrMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\thpsrv.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe
C:\Program Files\Microsoft Student\Microsoft Student DVD 2006\EDICT.EXE
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Downloads\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Encarta Web Companion Helper Object - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O2 - BHO: IE DOM Explorer - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O3 - Toolbar: Developer Toolbar - {CC962137-2E78-4f94-975E-FC0C07DBD78F} - C:\Program Files\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [TabletTip] "C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [Kraidman] C:\Program Files\TOSHIBA\TOSHIBA RAID\Console\Kraidman.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TPSODDCtl] TPSODDCtl.exe
O4 - HKLM\..\Run: [TAcelMgr] C:\Program Files\TOSHIBA\Acceleration Utilities\TAcelMgr\TAcelMgr.exe
O4 - HKLM\..\Run: [TSkrMain] C:\Program Files\TOSHIBA\Acceleration Utilities\Shaker\TSkrMain.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [Snippet] "C:\Program Files\Microsoft Experience Pack\Snipping Tool\SnippingTool.exe" /i
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ThpSrv] c:\WINDOWS\system32\thpsrv /logon
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CTCheck] C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
O4 - HKCU\..\Run: [L06ZXLRD_391206125] "C:\Program Files\Microsoft Student\Microsoft Student DVD 2006\EDICT.EXE" -m
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKUS\S-1-5-19\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'Default user')
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1163716052576
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} (YYGInstantPlay Control) - http://www.yoyogames.com/downloads/activex/YoYo.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O20 - Winlogon Notify: TosBtNP - C:\WINDOWS\SYSTEM32\TosBtNP.dll
O20 - Winlogon Notify: TSigNP - C:\WINDOWS\SYSTEM32\TSigNP.dll
O20 - Winlogon Notify: winccf32 - winccf32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe (file missing)
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TOSHIBA RAID Service (kraidsvc) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA RAID\Service\kraidsvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exe
O23 - Service: Tmesrv3 (Tmesrv) - TOSHIBA - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
O24 - Desktop Component 0: Ink Desktop - {80E95280-2D38-3CB8-A215-FB5F14C4343E}

--
End of file - 15160 bytes

**jjedjo** · 2008-01-20, 02:42

Installing AVG brings up the error:

Local machine: installation failed
Installation:
Error: Action failed for file avgamsvr.exe: creating file....
No such file or directory

And installing ZoneAlarm brings up the error:

The File:
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
could not be opened

Trying to open Norton Internet Security which was previously installed brings up the windows missing file box for NMAIN.exe

**Rorschach112** · 2008-01-20, 12:00

Hello

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

Close all other windows before proceeding.
Double-click on dss.exe and follow the prompts.
If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

Please download and unzip Icesword to its own folder on your desktop

If you get a lot of "red entries" in an IceSword log, don't panic.

Step 1 : Close all windows and run IceSword. Click the Processes tab and watch for processes displayed in red color. A red colored process in this list indicates that it's hidden. Write down the PathName of any processes in red color. Then click on LOG at the top left. It will prompt you to save the log, call this Processes and save it to your desktop.

Step 2 : Click the Win32 Services tab and look out for red colored entries in the services list. Write down the Module name of any services in red color, you will need to expand out the Module tab to see the full name. Then click on LOG. It will prompt you to save the log, call this Services and save it to your desktop.

Step 3 : Click the Startup tab and look out for red colored entries in the startup list. Write down the Path of any startup entries in red color. Then click on LOG. It will prompt you to save the log, call this Startup and save it to your desktop.

Step 4 : Now, click the SSDT tab and check for red colored entries. If there are any, write down the KModule name.

Now post all of the data collected under the headings for :

Processes
Win32 Services
SSDT
Startup

**jjedjo** · 2008-01-20, 18:03

Main.txt part one:

Deckard's System Scanner v20071014.68
Run by James on 2008-01-20 15:19:15
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.

-- Last 1 Restore Point(s) --
1: 2008-01-20 15:19:17 UTC - RP302 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

System Drive C: has 4.09 GiB (less than 15%) free.

-- HijackThis (run as James.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:22:13, on 20/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\TOSHIBA\TOSHIBA RAID\Service\kraidsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\WINDOWS\System32\tabbtnu.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\WINDOWS\system32\00THotkey.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\Program Files\TOSHIBA\TOSHIBA RAID\Console\Kraidman.exe
C:\WINDOWS\system32\TFNF5.exe
C:\WINDOWS\system32\TPSODDCtl.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
C:\Program Files\TOSHIBA\Acceleration Utilities\Shaker\TSkrMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\thpsrv.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Winamp\winamp.exe
C:\Documents and Settings\James\Desktop\dss.exe
C:\WINDOWS\system32\taskmgr.exe
C:\DOWNLO~1\James.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Encarta Web Companion Helper Object - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O2 - BHO: IE DOM Explorer - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O3 - Toolbar: Developer Toolbar - {CC962137-2E78-4f94-975E-FC0C07DBD78F} - C:\Program Files\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [TabletTip] "C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [Kraidman] C:\Program Files\TOSHIBA\TOSHIBA RAID\Console\Kraidman.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TPSODDCtl] TPSODDCtl.exe
O4 - HKLM\..\Run: [TAcelMgr] C:\Program Files\TOSHIBA\Acceleration Utilities\TAcelMgr\TAcelMgr.exe
O4 - HKLM\..\Run: [TSkrMain] C:\Program Files\TOSHIBA\Acceleration Utilities\Shaker\TSkrMain.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [Snippet] "C:\Program Files\Microsoft Experience Pack\Snipping Tool\SnippingTool.exe" /i
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ThpSrv] c:\WINDOWS\system32\thpsrv /logon
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CTCheck] C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
O4 - HKCU\..\Run: [L06ZXLRD_391206125] "C:\Program Files\Microsoft Student\Microsoft Student DVD 2006\EDICT.EXE" -m
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKUS\S-1-5-19\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'Default user')
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1163716052576
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} (YYGInstantPlay Control) - http://www.yoyogames.com/downloads/activex/YoYo.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O20 - Winlogon Notify: TosBtNP - C:\WINDOWS\SYSTEM32\TosBtNP.dll
O20 - Winlogon Notify: TSigNP - C:\WINDOWS\SYSTEM32\TSigNP.dll
O20 - Winlogon Notify: winccf32 - winccf32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe (file missing)
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TOSHIBA RAID Service (kraidsvc) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA RAID\Service\kraidsvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exe
O23 - Service: Tmesrv3 (Tmesrv) - TOSHIBA - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
O24 - Desktop Component 0: Ink Desktop - {80E95280-2D38-3CB8-A215-FB5F14C4343E}

--
End of file - 14402 bytes

-- HijackThis Fixed Entries (C:\DOWNLO~1\backups\) -----------------------------

backup-20071112-010813-187 O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
backup-20071112-010813-408 O4 - HKLM\..\Run: [PCLEPCI] C:\PROGRA~1\Pinnacle\PPE\PPE.EXE
backup-20071112-010813-583 O23 - Service: DM1Service - OLYMPUS Corporation - C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
backup-20071112-010813-957 O4 - HKLM\..\Run: [RealTray] C:\Program Files\K-Lite Codec Pack\Real\mpclauncher.exe SYSTEMBOOTHIDEPLAYER
backup-20071112-010814-288 O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
backup-20071112-010814-466 O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
backup-20071112-010814-555 O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
backup-20071112-010814-754 O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
backup-20071210-164703-391 O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
backup-20071210-164703-442 O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
backup-20071210-164703-600 O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
backup-20071210-164703-611 O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
backup-20071210-164703-786 O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide

-- File Associations -----------------------------------------------------------

.js - jsfile - DefaultIcon - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe",7
.js - jsfile - shell\open\command - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"

**jjedjo** · 2008-01-20, 18:05

main.txt part 2:

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 Thpdrv (TOSHIBA HDD Protection Driver) - c:\windows\system32\drivers\thpdrv.sys <Not Verified; TOSHIBA Corporation; TOSHIBA HDD Protection>
R0 TVALZ (TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver) - c:\windows\system32\drivers\tvalz.sys <Not Verified; TOSHIBA Corporation; TOSHIBA Common Modules>
R1 DVDVRRdr_xp - c:\windows\system32\drivers\dvdvrrdr_xp.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R1 PCLEPCI - c:\windows\system32\drivers\pclepci.sys <Not Verified; Pinnacle Systems GmbH; PCLEPCI>
R1 srosa (Megadrv3) - c:\windows\system32\drivers\srosa.sys
R1 StyleXPHelper - c:\program files\tgtsoft\stylexp\stylexphelper.exe <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R1 TMEI3E - c:\windows\system32\drivers\tmei3e.sys <Not Verified; Toshiba Corporation; Toshiba Mobile Extension>
R1 Tosrfcom (Bluetooth RFCOMM from TOSHIBA) - c:\windows\system32\drivers\tosrfcom.sys <Not Verified; TOSHIBA Corporation; Bluetooth RFCOMM Driver>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.9.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.4.9.0>
R2 FdRedir - c:\program files\common files\protector suite ql\drivers\fdredir.sys <Not Verified; UPEK Inc.; Protector Suite QL>
R2 FileDisk2 (FileDisk Protector Kernel Driver) - c:\program files\common files\protector suite ql\drivers\filedisk.sys <Not Verified; UPEK Inc.; Protector Suite QL>
R2 Netdevio (TOSHIBA Network Device Usermode I/O Protocol) - c:\windows\system32\drivers\netdevio.sys <Not Verified; TOSHIBA Corporation.; TOSHIBA Network Device Usermode I/O protocol>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R2 smihlp (SMI helper driver) - c:\program files\protector suite ql\smihlp.sys <Not Verified; UPEK Inc.; Protector Suite QL>
R3 Iviaspi (IVI ASPI Shell) - c:\windows\system32\drivers\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell>
R3 Pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>
R3 TEchoCan (Toshiba Audio Effect) - c:\windows\system32\drivers\techocan.sys <Not Verified; TOSHIBA Corporation; TOSHIBA Mic Effect>
R3 tosporte (Bluetooth Port Driver from Toshiba) - c:\windows\system32\drivers\tosporte.sys <Not Verified; TOSHIBA Corporation; TOSHIBA Bluetooth Port Emulation Driver>
R3 tosrfec (Bluetooth ACPI from TOSHIBA) - c:\windows\system32\drivers\tosrfec.sys <Not Verified; TOSHIBA Corporation; TOSHIBA Bluetooth EC Driver>

S3 toshidpt (TOSHIBA Bluetooth HID port driver) - c:\windows\system32\drivers\toshidpt.sys <Not Verified; TOSHIBA Corporation.; TOSHIBA Bluetooth HID Mini Port Driver>
S3 Tosrfbd (Bluetooth RFBUS from TOSHIBA) - c:\windows\system32\drivers\tosrfbd.sys <Not Verified; TOSHIBA CORPORATION; Bluetooth BUS Driver(WindowsXP,Windows2000)>
S3 Tosrfbnp (Bluetooth RFBNEP from TOSHIBA) - c:\windows\system32\drivers\tosrfbnp.sys <Not Verified; TOSHIBA Corporation; Bluetooth RFBNEP Driver from TOSHIBA>
S3 Tosrfhid (Bluetooth RFHID from TOSHIBA) - c:\windows\system32\drivers\tosrfhid.sys <Not Verified; TOSHIBA Corporation.; Bluetooth HID Driver from TOSHIBA>
S3 tosrfnds (Bluetooth Personal Area Network from TOSHIBA) - c:\windows\system32\drivers\tosrfnds.sys <Not Verified; TOSHIBA Corporation.; Bluetooth BNEP Driver from TOSHIBA>
S3 TosRfSnd (Bluetooth Audio Device (WDM) from TOSHIBA) - c:\windows\system32\drivers\tosrfsnd.sys <Not Verified; TOSHIBA Corporation; Bluetooth Audio Driver>
S3 Tosrfusb (Bluetooth USB Controller) - c:\windows\system32\drivers\tosrfusb.sys <Not Verified; TOSHIBA CORPORATION; Microsoft(R) Windows NT(R) Operating System>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 CFSvcs (ConfigFree Service) - c:\program files\toshiba\configfree\cfsvcs.exe <Not Verified; TOSHIBA CORPORATION; ConfigFree(TM)>
R2 kraidsvc (TOSHIBA RAID Service) - "c:\program files\toshiba\toshiba raid\service\kraidsvc.exe" <Not Verified; TOSHIBA Corporation; TOSHIBA RAID Service>

S2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
S2 Autodesk Licensing Service - "c:\program files\common files\autodesk shared\service\adskscsrv.exe" <Not Verified; Autodesk; Autodesk Licensing Service>
S2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
S2 ccProxy (Symantec Network Proxy) - "c:\program files\common files\symantec shared\ccproxy.exe" (file missing)
S2 mi-raysat_3dsmax9_32 (mental ray 3.5 Satellite (32-bit)) - "c:\program files\autodesk\3ds max 9\mentalray\satellite\raysat_3dsmax9_32server.exe"
S2 RegSrvc (Intel(R) PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel(R) PROSet/Wireless Registry Service>
S2 Thpsrv (TOSHIBA HDD Protection) - c:\windows\system32\thpsrv.exe <Not Verified; TOSHIBA Corporation; TOSHIBA HDD Protection>
S2 Tmesrv (Tmesrv3) - "c:\program files\toshiba\tme3\tmesrv31.exe" /service <Not Verified; TOSHIBA; TOSHIBA MobileExtension Service>
S3 StyleXPService - "c:\program files\tgtsoft\stylexp\stylexpservice.exe" <Not Verified; ; StyleXPService Module>
S4 ccEvtMgr (Symantec Event Manager) - "c:\program files\common files\symantec shared\ccevtmgr.exe" (file missing)
S4 ccSetMgr (Symantec Settings Manager) - "c:\program files\common files\symantec shared\ccsetmgr.exe" (file missing)
S4 DM1Service - c:\program files\olympus\devicedetector\dm1service.exe <Not Verified; OLYMPUS Corporation; DM1Service Module>
S4 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S4 Naipe_sb -
S4 navapsvc (Norton AntiVirus Auto-Protect Service) - c:\program files\norton internet security\norton antivirus\navapsvc.exe (file missing)
S4 SAVScan (Symantec AVScan) - "c:\program files\norton internet security\norton antivirus\savscan.exe" (file missing)
S4 SNDSrvc (Symantec Network Drivers Service) - "c:\program files\common files\symantec shared\sndsrvc.exe" (file missing)
S4 SPBBCSvc (Symantec SPBBCSvc) - "c:\program files\common files\symantec shared\spbbc\spbbcsvc.exe" (file missing)
S4 Symantec Core LC - "c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe" (file missing)

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Scheduled Tasks -------------------------------------------------------------

2008-01-20 13:40:19 422 --ah----- C:\WINDOWS\Tasks\User_Feed_Synchronization-{91FB7A08-386A-4DCA-91A7-D7949CBE9569}.job

-- Files created between 2007-12-20 and 2008-01-20 -----------------------------

2008-01-20 11:06:37 0 d-------- C:\Documents and Settings\James\Music
2008-01-20 11:05:39 0 d-------- C:\Documents and Settings\James\.emusicj
2008-01-20 11:05:36 0 d-------- C:\Program Files\eMusicJ
2008-01-20 00:06:24 0 d-------- C:\WINDOWS\system32\ZoneLabs
2008-01-20 00:01:10 0 d-------- C:\WINDOWS\Internet Logs
2008-01-19 23:24:06 0 d-------- C:\Program Files\eMusic Download Manager
2008-01-19 23:24:01 0 d-------- C:\Documents and Settings\James\Application Data\InstallShield
2008-01-19 19:53:26 0 d-------- C:\WINDOWS\LastGood
2008-01-02 21:28:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-01-02 21:28:52 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-12-27 12:52:56 25088 -----n--- C:\WINDOWS\system32\CTSVCCTL.EXE <Not Verified; Creative Technology Ltd; Creative Service Control>
2007-12-27 12:52:55 44032 -----n--- C:\WINDOWS\system32\CTSVCCDA.EXE <Not Verified; Creative Technology Ltd; Creative Service for CDROM Access>
2007-12-26 02:33:00 53248 -----n--- C:\WINDOWS\Ctregrun.exe <Not Verified; Creative Technology Ltd; Creative Product Registration>
2007-12-26 02:31:45 0 d-------- C:\Program Files\Audible
2007-12-26 02:26:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Creative
2007-12-26 02:20:48 0 d-------- C:\Program Files\Common Files\Creative
2007-12-26 02:20:47 0 d--h----- C:\Program Files\Creative Installation Information
2007-12-26 02:20:45 0 d-------- C:\Program Files\Creative

-- Find3M Report ---------------------------------------------------------------

2008-01-20 12:02:06 0 d-------- C:\Program Files\Last.fm
2008-01-20 01:41:16 0 d-------- C:\Program Files\Abacast
2008-01-20 01:40:30 0 d-------- C:\Program Files\DIFX
2008-01-20 01:40:18 0 d-------- C:\Program Files\SystemRequirementsLab
2008-01-20 01:36:04 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-01-19 23:24:06 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-01-19 19:38:42 0 d-------- C:\Documents and Settings\James\Application Data\Adobe
2008-01-15 09:55:28 0 d-------- C:\Documents and Settings\James\Application Data\U3
2007-12-26 02:20:48 0 d-------- C:\Program Files\Common Files
2007-10-27 20:50:24 4262912 --a------ C:\WINDOWS\system32\logonuiX.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-26 10:25:53 36868 --a------ C:\Program Files\uninst-3DStroke.exe
2007-10-20 17:57:56 664 --a------ C:\WINDOWS\system32\d3d9caps.dat

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TabletTip"="C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" [25/04/2005 21:10]
"00THotkey"="C:\WINDOWS\system32\00THotkey.exe" [18/01/2006 08:45]
"TouchED"="C:\Program Files\TOSHIBA\TouchED\TouchED.Exe" [31/08/2005 08:46]
"Kraidman"="C:\Program Files\TOSHIBA\TOSHIBA RAID\Console\Kraidman.exe" [14/12/2005 02:31]
"TFNF5"="TFNF5.exe" [10/11/2005 11:47 C:\WINDOWS\system32\TFNF5.exe]
"TPSMain"="TPSMain.exe" [18/01/2006 04:46 C:\WINDOWS\system32\TPSMain.exe]
"TPSODDCtl"="TPSODDCtl.exe" [18/01/2006 04:46 C:\WINDOWS\system32\TPSODDCtl.exe]
"TAcelMgr"="C:\Program Files\TOSHIBA\Acceleration Utilities\TAcelMgr\TAcelMgr.exe" [04/04/2005 10:18]
"TSkrMain"="C:\Program Files\TOSHIBA\Acceleration Utilities\Shaker\TSkrMain.exe" [04/04/2005 10:18]
"TFncKy"="TFncKy.exe" []
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [05/10/2005 23:20]
"PSQLLauncher"="C:\Program Files\Protector Suite QL\launcher.exe" [21/12/2005 14:29]
"Snippet"="C:\Program Files\Microsoft Experience Pack\Snipping Tool\SnippingTool.exe" [25/02/2005 06:20]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" []
"ThpSrv"="c:\WINDOWS\system32\thpsrv /logon" []
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [05/12/2005 12:37]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [28/11/2005 11:41]
"CFSServ.exe"="CFSServ.exe" []
"Adobe_ID0EYTHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [20/03/2007 15:40]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [28/11/2005 13:55]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [28/11/2005 13:52]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [28/11/2005 13:55]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [14/03/2007 02:43]
"LogonStudio"="C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" [03/09/2002 18:38]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [29/06/2007 05:24]
"CTCheck"="C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe" [06/11/2007 11:08]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"L06ZXLRD_391206125"="C:\Program Files\Microsoft Student\Microsoft Student DVD 2006\EDICT.exe" [04/06/2005 16:04]
"STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [24/05/2006 18:31]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [18/09/2007 14:16]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 07:00]
"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [17/07/2007 11:03]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"TabletWizard"=%windir%\help\wizard.hta

C:\Documents and Settings\James\SendTo\Start Menu\Programs\Startup\
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [22/09/2007 23:54:58]
Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [17/03/2005 13:06:14]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe [22/09/2007 14:20:06]
Adobe Acrobat Synchronizer.lnk - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [22/10/2006 23:01:50]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [23/10/2006 00:48:20]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [22/10/2006 23:01:50]
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [07/12/2005 07:01:32]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [13/02/2001 01:01:04]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\loginkey]
C:\Program Files\Common Files\Microsoft Shared\Ink\loginkey.dll 04/08/2004 07:00 47104 C:\Program Files\Common Files\Microsoft Shared\Ink\LoginKey.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
psqlpwd.dll 21/12/2005 14:42 40448 C:\WINDOWS\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TabBtnWL]
TabBtnWL.dll 28/08/2002 21:41 11776 C:\WINDOWS\system32\tabbtnwl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TosBtNP]
TosBtNP.dll 28/01/2006 04:49 61440 C:\WINDOWS\system32\TosBtNP.dll

**jjedjo** · 2008-01-20, 18:07

main.txt part 3:

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpgwlnotify]
tpgwlnot.dll 04/08/2004 07:00 30208 C:\WINDOWS\system32\tpgwlnot.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TSigNP]
TSigNP.dll 11/01/2006 08:25 53248 C:\WINDOWS\system32\TSigNP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winccf32]
winccf32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\ddaby.dll
"Notification Packages"= scecli psqlpwd

SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Device Detector 3.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Device Detector 3.lnk
backup=C:\WINDOWS\pss\Device Detector 3.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GetRight - Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GetRight - Tray Icon.lnk
backup=C:\WINDOWS\pss\GetRight - Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Last.fm Helper.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Last.fm Helper.lnk
backup=C:\WINDOWS\pss\Last.fm Helper.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Timex Data Link USB Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Timex Data Link USB Launcher.lnk
backup=C:\WINDOWS\pss\Timex Data Link USB Launcher.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^James^SendTo^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\James\SendTo\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\000StTHK]
000StTHK.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ALUAlert]
C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
C:\Program Files\Apoint2K\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avp]
C:\WINDOWS\avp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CFSServ.exe]
CFSServ.exe -NoClient

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CrossMenu]
C:\Program Files\Toshiba\CrossMenu\CrossMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDrive]
rundll32.exe C:\WINDOWS\system32\drvgoh.dll,startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo R300 Series]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L06ZXLRD_122201625]
"C:\Program Files\Microsoft Student\Microsoft Student DVD 2006\EDICT.EXE" -m

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogonStudio]
"C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NDSTray.exe]
NDSTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OrderReminder]
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
"C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TabletWizard]
C:\WINDOWS\help\SplshWrp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TAudEffect]
C:\Program Files\TOSHIBA\TAudEffect\TAudEff.exe /run

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TMERzCtl.EXE]
C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TMESRV.EXE]
C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD]
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TosHKCW.exe]
"C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TRot.exe]
C:\Program Files\TOSHIBA\TOSHIBA Rotation Utility\TRot.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1e833349-a3fc-11db-9440-0018de7e16f5}]
AutoRun\command- E:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1f9e7698-28a3-11dc-9478-dcd3c5d9307f}]
AutoRun\command- RavMon.exe
explore\Command- RavMon.exe -e
open\Command- RavMon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{33fcb1e7-983b-11dc-94ac-0018de7e16f5}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
Open(&0)\command- I:\Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9738678f-2bb3-11dc-9479-0018de7e16f5}]
AutoRun\command- F:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b7920750-6b3d-11dc-9488-0018de7e16f5}]
AutoRun\command- G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b7920755-6b3d-11dc-9488-0018de7e16f5}]
AutoRun\command- G:\USBNB.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cfa548da-08b3-11dc-9468-0018de7e16f5}]
AutoRun\command- H:\LaunchU3.exe -a

*Newly Created Service* - COMHOST
*Newly Created Service* - VSDATANT

-- End of Deckard's System Scanner: finished at 2008-01-20 15:22:40 ------------

extra.txt part 1:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Core(TM)2 CPU T5500 @ 1.66GHz
CPU 1: Intel(R) Core(TM)2 CPU T5500 @ 1.66GHz
Percentage of Memory in Use: 52%
Physical Memory (total/avail): 1014.98 MiB / 482.09 MiB
Pagefile Memory (total/avail): 1677.65 MiB / 1284.16 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1923.89 MiB

C: is Fixed (NTFS) - 55.88 GiB total, 4.09 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - TOSHIBA RAID LD0 SCSI Disk Device - 55.88 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 55.88 GiB - C:

-- Security Center -------------------------------------------------------------

AUOptions is set to notify before install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

FW: Norton Internet Worm Protection v2006 (Symantec) Disabled
FW: Norton Internet Security 2006 v2006 (Symantec Corporation)
AV: Norton Internet Security 2006 v2006 (Symantec Corporation) Outdated

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Toshiba\\ConfigFree\\CFXFER.exe"="C:\\Program Files\\Toshiba\\ConfigFree\\CFXFER.exe:*:Enabled:ConfigFree SUMMIT Engine"
"C:\\Program Files\\Xfire\\xfire.exe"="C:\\Program Files\\Xfire\\xfire.exe:*:Enabled:Xfire"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\SEGA\\Medieval II Total War\\medieval2.exe"="C:\\Program Files\\SEGA\\Medieval II Total War\\medieval2.exe:*:Enabled:Medieval 2: Total War"
"C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"="C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\WINDOWS\\explorer.exe"="C:\\WINDOWS\\explorer.exe:*:Enabled:Windows Explorer"
"C:\\Program Files\\GetRight\\getright.exe"="C:\\Program Files\\GetRight\\getright.exe:*:Enabled:GetRight® Download Manager. www.GetRight.com"
"C:\\Downloads\\X2ool_1.0.4[1]\\X2ool.exe"="C:\\Downloads\\X2ool_1.0.4[1]\\X2ool.exe:*:Enabled:X2ool Application"
"C:\\Documents and Settings\\James\\Desktop\\EvoxSkin.exe"="C:\\Documents and Settings\\James\\Desktop\\EvoxSkin.exe:*:Enabled:EvoxSkin"
"C:\\3dsmax6\\3dsmax.exe"="C:\\3dsmax6\\3dsmax.exe:*:Enabled:3ds max application"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"="C:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe:*:Enabled:Dreamweaver 8"
"C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"="C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server"
"C:\\WINDOWS\\system32\\dxdiag.exe"="C:\\WINDOWS\\system32\\dxdiag.exe:*:Enabled:Microsoft DirectX Diagnostic Tool"
"C:\\WINDOWS\\system32\\dpnsvr.exe"="C:\\WINDOWS\\system32\\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"="C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe:*:Enabled:SmartFTP Client 2.0"
"C:\\Program Files\\Abacast\\Abaclient.exe"="C:\\Program Files\\Abacast\\Abaclient.exe:*:Enabled:Abaclient"
"C:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"="C:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe:*:Enabled:Adobe Dreamweaver CS3"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"="C:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe:*:Enabled:Autodesk 3ds Max 9 32-bit"
"C:\\Program Files\\Autodesk\\Backburner\\monitor.exe"="C:\\Program Files\\Autodesk\\Backburner\\monitor.exe:*:Enabled:backburner 2.3 monitor"
"C:\\Program Files\\Autodesk\\Backburner\\manager.exe"="C:\\Program Files\\Autodesk\\Backburner\\manager.exe:*:Enabled:backburner 2.3 manager"
"C:\\Program Files\\Autodesk\\Backburner\\server.exe"="C:\\Program Files\\Autodesk\\Backburner\\server.exe:*:Enabled:backburner 2.3 server"

**jjedjo** · 2008-01-20, 18:09

extra.txt part 2

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\James\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_04\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=PORTAX400
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\James
LOGONSERVER=\\PORTAX400
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\Common Files\Autodesk Shared\;C:\Program Files\backburner 2\;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\Autodesk\Backburner\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f06
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_04\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\James\LOCALS~1\Temp
TMP=C:\DOCUME~1\James\LOCALS~1\Temp
USERDOMAIN=PORTAX400
USERNAME=James
USERPROFILE=C:\Documents and Settings\James
windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

James (admin)
Family (admin)
Administrator (admin)

-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Creative Installation Information\CD_RIPPER_UNICODE_2\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\CREATIVE_SYNC_MANAGER_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\CREATIVE_VIDEO_CONVERTER\Setup.exe" /remove /l0x0009
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> MsiExec.exe /I{0F122737-72B2-4095-8B3E-7AAE753DFD3D}
--> MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
@icon sushi 1.21 --> "C:\Program Files\aicon\unins000.exe"
3DEM --> C:\Program Files\Visualization\3dem\Uninst.exe /pid:{635C3D63-D901-4119-9AD2-852D10DCB937} /asd
3dsmax ancillary install --> MsiExec.exe /I{7C8B5E63-821A-4DFB-BDFA-19854D88EC5C}
Abacast Client --> C:\PROGRA~1\Abacast\UNWISE.EXE C:\PROGRA~1\Abacast\client.LOG
Add or Remove Adobe Creative Suite 3 Web Premium --> C:\Program Files\Common Files\Adobe\Installers\247961ef275e20c5cb073c36394ac32\Setup.exe
Adobe After Effects CS3 --> C:\Program Files\Common Files\Adobe\Installers\b7dd24a87e82dcf8af8876fd727b7cf\Setup.exe
Adobe After Effects CS3 --> MsiExec.exe /I{8AF3FB06-BDA3-42A3-995C-308812D2F094}
Adobe After Effects CS3 Presets --> MsiExec.exe /I{4B215C29-1A3E-4736-92AA-10C83FA56EB9}
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe BridgeTalk Plugin CS3 --> MsiExec.exe /I{B7F560B3-6EFF-4026-A982-843895A41149}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Recommended Settings --> MsiExec.exe /I{73B5D990-04EA-4751-B10F-5534770B91F2}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Extra Settings --> MsiExec.exe /I{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Contribute CS3 --> MsiExec.exe /I{FC9E08AA-CD59-4C59-BEF9-87E05B9E37D7}
Adobe Creative Suite 3 Web Premium --> MsiExec.exe /I{C347D234-93D8-4595-BDAA-C04638B23B48}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Dreamweaver CS3 --> MsiExec.exe /I{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}
Adobe Encore CS3 --> C:\Program Files\Common Files\Adobe\Installers\85df662426fa6bb25f7d596f4d1b2a2\Setup.exe
Adobe Encore CS3 --> MsiExec.exe /I{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Extension Manager CS3 --> MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}
Adobe Fireworks CS3 --> MsiExec.exe /I{7DFC1012-D346-46CE-B03E-FF79125AE029}
Adobe Flash CS3 --> MsiExec.exe /I{6B52140A-F189-4945-BFFC-DB3F00B8C589}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Video Encoder --> MsiExec.exe /I{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Illustrator CS3 --> MsiExec.exe /I{F08E8D2E-F132-4742-9C87-D5FF223A016A}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe MotionPicture Color Files --> MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Photoshop CS3 --> MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Premiere Pro CS3 Functional Content --> MsiExec.exe /I{68BD8C67-447D-44FC-8DA9-68D40D002E46}
Adobe Premiere Pro CS3 Preview --> C:\Program Files\Common Files\Adobe\Installers\5fc5c4705cf4304a3307aa35297d204\Setup.exe
Adobe Premiere Pro CS3 Preview --> MsiExec.exe /I{BEDCD94D-EB03-4587-9FFB-6AFB669445DF}
Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A80000000002}
Adobe Setup --> MsiExec.exe /I{2C294A0B-DF22-4023-B168-8C7645B10019}
Adobe Setup --> MsiExec.exe /I{6A5D1A94-624A-4D20-B178-3A283B500370}
Adobe Setup --> MsiExec.exe /I{7066F2DB-5032-4B6F-A8E7-A6F946043438}
Adobe Setup --> MsiExec.exe /I{F770C5F1-812A-4147-AB8C-700113387F1F}
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe Version Cue CS3 Server --> MsiExec.exe /I{1D58229F-C505-45CA-8223-F35F3A34B963}
Adobe Video Profiles --> MsiExec.exe /I{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}
Adobe WAS CS3 --> MsiExec.exe /I{C5BD220A-EFE8-48A5-B70E-9503D535FACE}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP DVA Panels CS3 --> MsiExec.exe /I{0224CACC-994D-45F8-B973-D65056EA9C2F}
Adobe XMP Panels CS3 --> MsiExec.exe /I{D5A31AB1-345D-47C7-A87B-036A669F6DF1}
Agilix GoBinder Lite --> MsiExec.exe /I{5E71102C-2CEB-4C8B-99D3-D33B9741EEDA}
AHV content for Acrobat and Flash --> MsiExec.exe /I{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}
ALPS Touch Pad Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}\setup.exe" UNINSTALL
Apple Mobile Device Support --> MsiExec.exe /I{3EBD3749-304E-4A4C-9575-C00E5F015217}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
AudibleManager --> C:\Program Files\Audible\Bin\Upgrade.exe /Uninstall
Autodesk 3ds Max 9 32-bit --> MsiExec.exe /I{E96D4088-AAC5-437F-9E39-EC0E387897B4}
Autodesk DWF Viewer 7 --> MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057}
Autograph 3 --> MsiExec.exe /I{30343ECC-A872-4300-ACC7-D9A048D41607}
Backburner --> MsiExec.exe /I{3D347E6D-5A03-4342-B5BA-6A771885F379}
Battle Master 3 GE --> "C:\Program Files\Battle Master 3\unins000.exe"
BitTorrent 5.0.5 --> "C:\Program Files\BitTorrent\uninstall.exe"
Blender (remove only) --> "C:\Program Files\Blender Foundation\Blender\uninstall.exe"
Bluetooth Stack for Windows by Toshiba --> MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
Call of Duty(R) 2 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D0A05794-48C2-4424-A15A-9F20FCFDD374}
CC_ccProxyExt --> MsiExec.exe /I{2EBF25F1-F8A2-40EA-92BE-931C142A44E2}
ccCommon --> MsiExec.exe /I{1248C09A-BD6B-47F5-BF3F-CD2B700D9FCB}
ccPxyCore --> MsiExec.exe /I{30738666-9805-4926-A78F-91DA33B6C437}
CD/DVD Drive Acoustic Silencer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}\Setup.exe" -l0x9
Creative System Information --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
Creative ZEN --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1B2DBF55-05D4-4072-87D8-689141E262BD}\SETUP.EXE" -l0x9 /remove
CycoreFX HD 1.5 for After Effects --> C:\WINDOWS\unvise32.exe C:\WINDOWS\CycoreFX HD-1.5-for-After Effects-Uninstall.log
eMusic Download Manager --> C:\Program Files\InstallShield Installation Information\{48FEB597-0410-4A17-B134-0DEF3083B944}\setup.exe -runfromtemp -l0x0009 -uninst -removeonly
eMusic/J --> "C:\Program Files\eMusicJ\uninstall.exe"
EPSON CardMonitor --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{109D28C7-FB38-483A-9C91-001CB59E2699}\SETUP.EXE" -l0x9 uninst
EPSON PhotoQuicker3.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{65F5B7AF-3363-11D7-BB6B-00018021113F}\SETUP.EXE" -l0x9 uninst
EPSON PhotoStarter3.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C48817E7-AA05-4151-A99D-1E1E550CE801}\SETUP.EXE" -l0x9 uninst
EPSON Print CD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}\SETUP.EXE" -l0x9 -SYSTEM
EPSON PRINT Image Framer Tool2.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23B59ED4-C360-11D7-875B-0090CC005647}\SETUP.EXE" -l0x9 anything
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /r
ESPR300 Reference Guide --> C:\Program Files\EPSON\ESPR300\REF_G\DOCUNINS.EXE
ESPR300 Software Guide --> C:\Program Files\EPSON\ESPR300\PQU_G\DOCUNINS.EXE
ESPR300 Standalone Guide --> C:\Program Files\EPSON\ESPR300\STA_G\DOCUNINS.EXE
EvoX Skin Creator --> MsiExec.exe /I{D6C8DE6B-F688-4ECF-8902-C9013A7130B0}
FBX Plugin 2006.08 for Max 9.0 --> C:\Program Files\Autodesk\FBX\FbxPlugins\2006.08\Max90\Uninstall.exe
Folder Size Shell Extension v3.2 --> rundll32.exe syssetup.dll,SetupInfObjectInstallAction DefaultUninstall 4 C:\WINDOWS\system32\Shellext\dfolder.inf
GetRight --> C:\Program Files\GetRight\GETRIGHT.EXE /UNINSTALL
GSpot Codec Information Appliance --> C:\Program Files\GSpot\Uninstall.exe
Gugila GroundWiz 1.280 --> C:\Program Files\Autodesk\3ds Max 9\Plugins\GroundWiz\uninst.exe
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2 --> "C:\Downloads\HijackThis.exe" /uninstall
Ink Art --> MsiExec.exe /I{1FBEE61B-F90E-4EE3-AE94-FCB8BD6EC443}
Intel(R) Graphics Media Accelerator Driver --> C:\WINDOWS\system32\igxpun.exe -uninstall
Intel(R) PRO Network Connections Drivers --> Prounstl.exe
Intel(R) PROSet/Wireless Software --> C:\WINDOWS\Installer\iProInst.exe
Internet Explorer Developer Toolbar --> MsiExec.exe /I{15C9AAEF-20D4-4416-A1BE-7D75FB5F2FE9}
InterVideo WinDVD Creator 2 --> "C:\Program Files\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\setup.exe" REMOVEALL
InterVideo WinDVD for TOSHIBA --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iTunes --> MsiExec.exe /I{7FF9CD9C-6E0C-4462-9670-F424DCB32DAF}
J2SE Runtime Environment 5.0 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
Jasc Paint Shop Photo Album 5 --> MsiExec.exe /I{24960CD0-661D-4957-9D5F-D2905A30EDB1}
Jasc Paint Shop Pro 8 --> MsiExec.exe /I{81A34902-9D0B-4920-A25C-4CDC5D14B328}
Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
K-Lite Mega Codec Pack 1.64 --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
L&H TTS3000 British English --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\LHTTSENG.inf, Uninstall
LaserJet 1020 series --> C:\Program Files\Zenographics\{E065D837-F4B3-4E4B-81E3-289AB59283E7}\setup.exe -u "HPLJInstaller.dll=Hplj1020.inf"
Last.fm 1.4.2.58376 --> "C:\Program Files\Last.fm\unins000.exe"
Learning Essentials for Microsoft Office --> MsiExec.exe /X{B348E585-E872-41DF-8234-E2D49917CFBB}
LiveUpdate 3.0 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Logon Loader 3.0 --> C:\Program Files\Logon Loader\uninst.exe
LogonStudio --> C:\PROGRA~1\WINCUS~1\LOGONS~1\UNWISE.EXE C:\PROGRA~1\WINCUS~1\LOGONS~1\INSTALL.LOG
Macromedia Dreamweaver 8 --> MsiExec.exe /I{0837A661-FEC3-48B3-876C-91E7D32048A9}
Macromedia Extension Manager --> MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Macromedia Fireworks 8 --> MsiExec.exe /I{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}
Macromedia Flash 8 --> MsiExec.exe /I{2BD5C305-1B27-4D41-B690-7A61172D2FEB}
Macromedia Flash 8 Video Encoder --> MsiExec.exe /X{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}
Macromedia Flash Player --> MsiExec.exe /X{0456ebd7-5f67-4ab6-852e-63781e3f389c}
Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
mCore --> MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDrWiFi --> MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
mHelp --> MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68}
Microsoft Dots! PowerToy --> MsiExec.exe /I{59DE9949-A312-42BB-AE92-E24057B73D31}
Microsoft Education Pack for Windows XP Tablet PC Edition --> MsiExec.exe /I{40FFC202-F842-44C7-ACBE-8B0EA690B1A3}
Microsoft Energy Blue Theme Pack --> MsiExec.exe /I{FA7314E7-9428-4866-80A8-762A538444DB}
Microsoft Experience Pack for Tablet PC --> MsiExec.exe /I{C12EB29D-9D64-4ACA-84C2-33D8729AABD3}
Microsoft Ink Crossword --> MsiExec.exe /I{1759CACC-6CF9-4C3C-92C5-39668679AB17}
Microsoft Ink Desktop --> MsiExec.exe /I{0759CACC-6CF9-4C3C-92C5-39668679AB16}
Microsoft Maths --> MsiExec.exe /I{07683840-959A-4B0D-8825-2C533F0DDB19}
Microsoft Media Transfer --> MsiExec.exe /X{F6C2D09F-6C82-48BB-A9D5-6A0478F52BD6}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office OneNote 2003 --> MsiExec.exe /I{91A10409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}

**jjedjo** · 2008-01-20, 18:10

extra.txt part 3

Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Standard 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall STANDARDR /dll OSETUP.DLL
Microsoft Office Standard 2007 --> MsiExec.exe /X{91120000-0012-0000-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Snipping Tool 2.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8853C080-7F5C-4020-B663-C57FE29BB858}\setup.exe" -l0x9 -removeonly
Microsoft Student 2006 DVD --> MsiExec.exe /I{06681881-3E21-46D6-9A91-D927BA08F41D}
Microsoft Student Graphical Calculator --> MsiExec.exe /I{06683840-7A70-4AC6-9340-2EB7E1486914}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052B-02A4-4627-81F2-1818DA5D550D}
MilkShape 3D 1.8.1b --> "C:\Program Files\MilkShape 3D 1.8.1b\uninstall.exe"
mIWA --> MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mLogView --> MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Mozilla Firefox (2.0.0.8) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz --> MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSRedist --> MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69}
MSXML 6.0 Parser (KB927977) --> MsiExec.exe /I{5A710547-B58E-488B-828D-CA9A25A0533C}
mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML --> MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
mZConfig --> MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
Norton AntiSpam --> MsiExec.exe /I{3B29A786-5803-4E9E-9B58-3014A5B4E519}
Norton AntiSpam --> MsiExec.exe /I{5677563D-0CB1-485F-9E18-C5025306BB3F}
Norton AntiVirus 2006 --> MsiExec.exe /X{C6F5B6CF-609C-428E-876F-CA83176C021B}
Norton Internet Security --> MsiExec.exe /I{12E2B9E9-05B1-407d-B0FD-B5F350535125}
Norton Internet Security --> MsiExec.exe /I{449F3A9E-9903-4a0d-A209-08030D45A935}
Norton Internet Security --> MsiExec.exe /I{48185814-A224-447a-81DA-71BD20580E1B}
Norton Internet Security --> MsiExec.exe /I{A93C9E60-29B6-49da-BA21-F70AC6AADE20}
Norton Internet Security --> MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton Internet Security --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton Internet Security --> MsiExec.exe /I{FFB4DD53-28B7-4981-BFF0-9BD801F61095}
Norton Internet Security 2006 (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{A93C9E60-29B6-49da-BA21-F70AC6AADE20}.exe" /X
Norton Protection Center --> MsiExec.exe /I{82A5BF38-8461-4A5C-B2C9-24F5256D92A6}
Norton WMI Update --> MsiExec.exe /X{E85FA9A1-C241-4698-893B-DD99509B8DB0}
Norton WMI Update --> MsiExec.exe /X{F64306A5-4C32-41bb-B153-53986527FAB4}
Oldblivion --> "C:\Program Files\Oldblivion\uninstall.exe"
Olympus DSS Player --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{76E6BBAA-25E6-4BFC-9613-75A5CACE2940}\Setup.exe" -l0x9 UNINSTALL
Opera 9.23 --> MsiExec.exe /X{E9EEE4CB-CB2B-4273-9AF5-7E12022B444B}
OrderReminder HP LaserJet 1020 --> "C:\Program Files\Hewlett-Packard\OrderReminder\uninstall\hpuninstaller.exe" hp_LaserJet_1020
Outerinfo --> "C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe"
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PhotoELF --> C:\PROGRA~1\PhotoELF\UNWISE.EXE C:\PROGRA~1\PhotoELF\INSTALL.LOG
PHOTORECOVERY® for Digital Media 2.02 --> C:\WINDOWS\iun507.exe C:\Program Files\PHOTORECOVERY\irunin.ini
PIF DESIGNER2.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23B59B9F-C360-11D7-875B-0090CC005647}\SETUP.EXE" -l0x9 anything
Pinnacle PCI Performance Enhancer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3E5A81BA-4702-490A-B729-0BFF6E7CBF96}\setup.exe" -l0x9
Pinnacle USB device drivers --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C0ADF96-20E7-4671-88D2-39B5A307E2A2}\setup.exe" -l0x9
Puzzle Game --> MsiExec.exe /X{9C3A9F95-E165-4D86-8DBF-9D786BBE46D7}
Qimage --> C:\PROGRA~1\Qimage\UNWISE.EXE C:\PROGRA~1\Qimage\INSTALL.LOG
Quick View Folder Size 3.0 --> "C:\Program Files\Quick View Folder Size\unins000.exe"
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
RealPlayer Basic --> C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Roxio Easy Media Creator 7 Basic VCD Edition --> MsiExec.exe /I{36EF4012-D58B-436A-9C73-BAD48A5174F5}
Safari --> MsiExec.exe /X{3E719879-9914-4C56-843E-96D0C3FCC3FB}
ScanToWeb --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}\SETUP.EXE" ADDREMOVEDLG
SD Secure Module --> MsiExec.exe /X{C45F4811-31D5-4786-801D-F79CD06EDD85}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Excel 2007 (KB934670) --> msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {CD098537-8857-4065-B4B6-AC023CB2C48E}
Security Update for Office 2007 (KB934062) --> msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Sibelius 5 --> MsiExec.exe /I{C23B8C30-E05E-4CB5-8188-F27CC3B2DD3E}
SigmaTel Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
SmartFTP Client --> MsiExec.exe /I{C169D3BB-9A27-43F5-9979-09A0D65FE95C}
SmartFTP Client 2.0 Setup Files (remove only) --> "C:\Program Files\SmartFTP Client 2.0 Setup Files\uninst-sftp.exe"
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sony USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe" UNINSTALL
Sothink SWF Decompiler --> "C:\Program Files\SourceTec\Sothink SWF Decompiler\unins000.exe"
Sound Effect Maker version 1.2 --> "C:\Program Files\SoundEffectMaker\unins000.exe"
SPBBC --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
StyleBuilder (remove only) --> "C:\Program Files\TGTSoft\StyleBuilder\StyleBuilder-uninstall.exe"
StyleXP (remove only) --> "C:\Program Files\TGTSoft\StyleXP\StyleXP-uninstall.exe"
SUPER © Version 2007.bld.21 (Jan 4, 2007) --> C:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0
System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe
Tablet PC Tutorials for Microsoft Windows XP SP2 --> MsiExec.exe /X{0CAD092C-5D1E-48AD-A845-E1EBA9AF1AF8}
Texas Instruments PCIxx21/x515 drivers. --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{E18E644D-4FC1-4E7F-87B7-A0288A14A322} /l1033
Tic-Tac-Toe --> MsiExec.exe /X{C477AD8D-6695-47F5-AC6A-9C11045C97B5}
Timex Data Link USB --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8FF6231F-D670-4AFD-9512-957515E2E1DF}\Setup.exe" -l0x9 UNINSTALL
TOSHIBA Accelerometer Utilities --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\TOSHIBA\Acceleration Utilities\Uninst.isu" -c"C:\Program Files\TOSHIBA\Acceleration Utilities\SETUPSUB.dll"
TOSHIBA Assist --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{12B3A009-A080-4619-9A2A-C6DB151D8D67}\Setup.exe" -l0x9
TOSHIBA ConfigFree --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}\setup.exe" -l0x9 UNINSTALL
TOSHIBA Controls --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}\Setup.exe" -l0x9 UNINSTALL
TOSHIBA Display Devices Change Utility --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\TDspBtn.inf,DefaultUninstall,5
TOSHIBA HDD Protection --> MsiExec.exe /X{94A90C69-71C1-470A-88F5-AA47ECC96B40}
TOSHIBA Hotkey Utility for Display Devices --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\TFNF5Wxp.inf,DefaultUninstall,5
TOSHIBA Manuals --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3EB6332B-AF02-457C-A31C-835458C5B48B}\setup.exe" -l0x9 -removeonly
TOSHIBA Mic Effect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0577A2AA-DEA0-4D40-8372-4211102D43E4}\Setup.exe" -l0x9
TOSHIBA Mobile Extension3 for Windows XP V3.78.00.XP --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\TOSHIBA\TME3\Uninst.isu" -c"C:\Program Files\TOSHIBA\TME3\uninstx.dll"
TOSHIBA Password Utility --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{C0FC3B56-E345-40CD-A5CB-7EB791CE3E74}
TOSHIBA PC Diagnostic Tool --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\TOSHIBA\PCDiag\Uninst.isu"
TOSHIBA Power Saver --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\TOSHIBA\Power Saver\Uninst.isu" -c"C:\WINDOWS\system32\TPSDel.dll"
TOSHIBA RAID Utility --> MsiExec.exe /X{3E6FA9D9-D4CA-492B-AE98-83A2D853A355}
TOSHIBA Rotation Utility --> MsiExec.exe /X{B7F4B477-8EA3-4028-B458-2AE5E4A9D853}
TOSHIBA SD Memory Boot Utility --> MsiExec.exe /X{BBF5493A-05FB-4449-90DE-84A61EB78154}
TOSHIBA SD Memory Card Format --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}\Setup.exe" -l0x9
TOSHIBA Security Assist --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1E63ACB5-D45E-4856-8FC9-78F4B0D7BB80}\setup.exe" -l0x9 -removeonly
TOSHIBA Software Modem --> Tosmreg -U
TOSHIBA Tablet Access Code Logon Utility V1.14.00 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\TOSHIBA\TSigReco\Uninst.isu" -c"C:\Program Files\TOSHIBA\TSigReco\TSigInst.dll"
TOSHIBA TouchPad On/Off Utility V2.05.01 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{24300A63-DD78-4AA5-A914-4D582C41D33A}\Setup.exe" -l0x9 -uninst
TOSHIBA Utilities --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{56190F69-01D3-46CA-9861-43377C5E9B87}
TOSHIBA Wireless Key Logon --> MsiExec.exe /X{FC4C645F-8EBC-4F1E-A517-D1505B43A374}
TOSHIBA Zooming Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{64212898-097F-4F3F-AECA-6D34A7EF82DF}\setup.exe"
Trapcode Shine --> C:\WINDOWS\unvise32.exe C:\Program Files\Adobe\Adobe After Effects CS3\Support Files\Plug-ins\trapcodeShine.log
Ulead VideoStudio 7 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{757AD3D4-036B-42FA-B0A4-96BD6F4605A0}\setup.exe" -l0x9
Update for Office 2007 (KB932080) --> msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7}
Update for Office 2007 (KB933688) --> msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {F6E692F1-63C2-4760-94C6-C689DCD053F1}
Update for Office 2007 (KB934391) --> msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {B3091818-7C56-4C45-BE7D-CA23027A5EA5}
Update for Office 2007 (KB934393) --> msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {92FBAD46-E7F6-49FA-89B5-C39FC5BFAD15}
Update for Outlook 2007 (KB933493) --> msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {23F2FF76-ABCD-421D-9860-0D0B2999D028}
Update for Outlook 2007 Junk Email Filter (KB934655) --> msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {F7185592-E40D-476E-9BC4-38DF96EE176B}
Update for Word 2007 (KB934173) --> msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {C6A89125-5473-45E3-B413-ED8186437475}
VideoLAN VLC media player 0.8.6a --> C:\Program Files\VideoLAN\VLC\uninstall.exe
WildPackets OmniPeek Personal 4.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{92BBD5BF-2AE3-42F6-8440-4B2FAC4C7F05}\setup.exe" -l0x9 -removeonly
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Driver Package - Intel (NETw3x32) net (10/17/2006 10.5.1.72) --> C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\DPInst.EXE /u C:\WINDOWS\system32\DRVSTORE\netw39x5_D93CD57BF1C8C59E1A3E549CC6DC1A563B570068\netw39x5.inf
Windows Driver Package - Intel (w29n51) net (10/25/2006 9.0.4.26) --> C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\DPInst.EXE /u C:\WINDOWS\system32\DRVSTORE\w29n51_E862FFE51EED5079C7206FF2C0F133293646B1AB\w29n51.inf
Windows Driver Package - Intel (w39n51) net (12/04/2005 10.1.0.13) --> C:\PROGRA~1\DIFX\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\w39n51_115847E8514BF1F186C73A2A2833B7551132A07A\w39n51.inf
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Encoder 9 Series --> msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series --> MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format 9 Series SDK --> MsiExec.exe /X{EEE0F0A7-6B7D-4D1E-9498-43D9D012DDF7}
Windows Vista Upgrade Advisor --> MsiExec.exe /I{F80BA35D-D1CD-4B8B-8129-9FC918F9D42D}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Wireless Hotkey --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7862BAD8-A379-4128-8AA1-EFD5A9603C53}\setup.exe" -l0x9
Xfire (remove only) --> "C:\Program Files\Xfire\uninst.exe"
ZEN Media Explorer --> "C:\Program Files\Creative Installation Information\ZEN_MTP_MEDIA_EXPLORER\Setup.exe" /remove /l0x0009
ZENcast Organizer --> "C:\Program Files\Creative Installation Information\ZENCAST_ORGANIZER\Setup.exe" /remove /l0x0009

-- Application Event Log -------------------------------------------------------

Event Record #/Type20221 / Error
Event Submitted/Written: 01/20/2008 09:58:31 AM
Event ID/Source: 101 / Automatic LiveUpdate Scheduler
Event Description:
Information Level: error

Failed launching Automatic LiveUpdate: err:0x2; The system cannot find the file specified.

Event Record #/Type20219 / Error
Event Submitted/Written: 01/20/2008 09:53:31 AM
Event ID/Source: 101 / Automatic LiveUpdate Scheduler
Event Description:
Information Level: error

Failed launching Automatic LiveUpdate: err:0x2; The system cannot find the file specified.

Event Record #/Type20217 / Error
Event Submitted/Written: 01/20/2008 09:48:31 AM
Event ID/Source: 101 / Automatic LiveUpdate Scheduler
Event Description:
Information Level: error

Failed launching Automatic LiveUpdate: err:0x2; The system cannot find the file specified.

Event Record #/Type20215 / Error
Event Submitted/Written: 01/20/2008 09:43:31 AM
Event ID/Source: 101 / Automatic LiveUpdate Scheduler
Event Description:
Information Level: error

Failed launching Automatic LiveUpdate: err:0x2; The system cannot find the file specified.

Event Record #/Type20213 / Error
Event Submitted/Written: 01/20/2008 09:38:30 AM
Event ID/Source: 101 / Automatic LiveUpdate Scheduler
Event Description:
Information Level: error

Failed launching Automatic LiveUpdate: err:0x2; The system cannot find the file specified.

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type18121 / Error
Event Submitted/Written: 01/20/2008 02:05:37 PM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The Apple Mobile Device service terminated unexpectedly. It has done this 3 time(s).

Event Record #/Type18116 / Error
Event Submitted/Written: 01/20/2008 00:04:40 PM
Event ID/Source: 7031 / Service Control Manager
Event Description:
The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 2700000 milliseconds: Restart the service.

Event Record #/Type18114 / Error
Event Submitted/Written: 01/20/2008 10:00:26 AM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The Intel(R) PROSet/Wireless Registry Service service terminated unexpectedly. It has done this 1 time(s).

Event Record #/Type18113 / Error
Event Submitted/Written: 01/20/2008 10:00:23 AM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The Messenger Sharing Folders USN Journal Reader service service terminated unexpectedly. It has done this 1 time(s).

Event Record #/Type18112 / Error
Event Submitted/Written: 01/20/2008 10:00:21 AM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The TOSHIBA HDD Protection service terminated unexpectedly. It has done this 1 time(s).

-- End of Deckard's System Scanner: finished at 2008-01-20 15:22:40 ------------

**jjedjo** · 2008-01-20, 18:36

SSDT red items:
"\??\C:\WINDOWS\system32\vsdatant.sys"
(11 times)
(including "Nt"+Replace/Rename/Restore/Load/Create/Delete/DeleteValue/SetValue+"Key" and "Nt"+Create/Delete/Open+"File")

"Unknown"
For "NtConnectPort"

"\\??\C:\WINDOWS\system32\drivers\srosa.sys"
(5 times)

"spdt.sys"
(2 times)("NtQueryValueKey" and "NtOpenKey")

**jjedjo** · 2008-01-20, 18:38

Win32 Processes:

Started Service:

Service Name:AudioSrv Display Name:Windows Audio
Service Name:BITS Display Name:Background Intelligent Transfer Service
Service Name:CFSvcs Display Name:ConfigFree Service
Service Name:CryptSvc Display Name:Cryptographic Services
Service Name:DcomLaunch Display Name:DCOM Server Process Launcher
Service Name:Dhcp Display Name:DHCP Client
Service Name:dmserver Display Name:Logical Disk Manager
Service Name:Dnscache Display Name:DNS Client
Service Name:ERSvc Display Name:Error Reporting Service
Service Name:Eventlog Display Name:Event Log
Service Name:EventSystem Display Name:COM+ Event System
Service Name:EvtEng Display Name:Intel(R) PROSet/Wireless Event Log
Service Name:FastUserSwitchingCompatibility Display Name:Fast User Switching Compatibility
Service Name:helpsvc Display Name:Help and Support
Service Name:HidServ Display Name:HID Input Service
Service Name:HTTPFilter Display Name:HTTP SSL
Service Name:kraidsvc Display Name:TOSHIBA RAID Service
Service Name:lanmanserver Display Name:Server
Service Name:lanmanworkstation Display Name:Workstation
Service Name:LmHosts Display Name:TCP/IP NetBIOS Helper
Service Name:MDM Display Name:Machine Debug Manager
Service Name:Netman Display Name:Network Connections
Service Name:Nla Display Name:Network Location Awareness (NLA)
Service Name:PlugPlay Display Name:Plug and Play
Service Name:PolicyAgent Display Name:IPSEC Services
Service Name:ProtectedStorage Display Name:Protected Storage
Service Name:RasMan Display Name:Remote Access Connection Manager
Service Name:RemoteRegistry Display Name:Remote Registry
Service Name:RpcSs Display Name:Remote Procedure Call (RPC)
Service Name:S24EventMonitor Display Name:Intel(R) PROSet/Wireless Service
Service Name:SamSs Display Name:Security Accounts Manager
Service Name:Schedule Display Name:Task Scheduler
Service Name:seclogon Display Name:Secondary Logon
Service Name:SENS Display Name:System Event Notification
Service Name:ShellHWDetection Display Name:Shell Hardware Detection
Service Name:Spooler Display Name:Print Spooler
Service Name:srservice Display Name:System Restore Service
Service Name:SSDPSRV Display Name:SSDP Discovery Service
Service Name:TapiSrv Display Name:Telephony
Service Name:TermService Display Name:Terminal Services
Service Name:Themes Display Name:Themes
Service Name:TrkWks Display Name:Distributed Link Tracking Client
Service Name:W32Time Display Name:Windows Time
Service Name:WebClient Display Name:WebClient
Service Name:winmgmt Display Name:Windows Management Instrumentation

Thread: Fails to install or run anti-virus or firewall

Thread Tools

Display

Fails to install or run anti-virus or firewall

Deckard's System Scanner (DSS)

Ssdt

Win32 Processes

Posting Permissions