Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trojan.Vundo.B and svehost.exe - botched DYI job


  • Please log in to reply

#1
Snarffy

Snarffy

    Member

  • Member
  • PipPip
  • 23 posts
:)

I give up!

Found Trojan.Vundo.B on my computer (Symantec Anti-Virus), and in the meantime, also noticed suspicious process svehost.exe running in the Task Manager.

Been trying to get rid of this !@#%R^& since Thursday. I've downloaded and run:
Symantec's FixVundo (which didn't find it)
VirtumundoBeGone (found some stuff in system32)
updated Spybot S&D (found other stuff)
VundoFix (found another vundo thing in PowerIsoShell.dll)
Security Task Manager (used this to delete svehost and some dll's related to vundo)
I have also uninstalled the program I *think* is responsible for this whole mess - a bootleg torrent thing. (I scanned it with SAV before installing, but my bets are on this program anyway.)

Am now running Malwarebyte AM (which has already found 9 items so far) on the suggestion of the "Do this before you post" list of things to do.
Next step: install and run SuperAntiSpyware

I've had System Restore disabled during this whole escapade, and internet disconnected during all except updating Malwarebyte AM.

It seems each program is finding different things but none of them is finding everything. At what point can I feel safe again?

Other misc info:
- Most of my stuff is backed up to an external. 98% sure all documents are backed up. System settings backed up a week or two ago using Memeo AutoBackup - so whatever things that backs up I have. So if it comes down to it...
- Running WinXP
- I don't know what HijackThis is or how to use it.
- Computer is pretty current on windows updates, virus definitions on SAV, etc.
- Usually do my own virus removal using step-by-step instructions on Symantec's website, but this one has me beat.
- Am posting from hubby's computer, sitting right next to mine.

Thanks in advance!!!
~Lori B.
  • 0

Advertisements


#2
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello Snarffy

Welcome to G2Go. :)
=====================
* Click here to download HJTsetup.exe
  • Save HJTsetup.exe to your desktop of the infected computer.
  • Doubleclick on the HJTsetup.exe icon on your desktop.
  • By default it will install to C:\Program Files\Trend Micro\Hijack This.
  • Click on I agree
  • Then Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

  • 0

#3
Snarffy

Snarffy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Can I run the HJT scan while running the Malwarebyte AM scan? 'Cuz that one's still going.
  • 0

#4
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
LEt Malware Bytes finish then remove the items found and post that log and a Hijackthis log.
  • 0

#5
Snarffy

Snarffy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Is it safe for my computer to be online? Would be easier to copy and paste logs from the same computer...
thanks~
  • 0

#6
Snarffy

Snarffy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
VundoBeGone Log:

[05/03/2008, 15:02:38] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Snarffy!\Desktop\VirtumundoBeGone.exe" )[05/03/2008, 15:02:46] - Detected System Information:[05/03/2008, 15:02:46] -  Windows Version: 5.1.2600, Service Pack 2[05/03/2008, 15:02:46] -  Current Username: Snarffy! (Admin)[05/03/2008, 15:02:46] -  Windows is in NORMAL mode.[05/03/2008, 15:02:46] - Searching for Browser Helper Objects:[05/03/2008, 15:02:46] -  BHO 1: {1EBF7716-4858-43E9-B796-BF7921EA1D2B} ()[05/03/2008, 15:02:46] - WARNING: BHO has no default name. Checking for Winlogon reference.[05/03/2008, 15:02:46] -  Checking for HKLM\...\Winlogon\Notify\ssqOHyyy[05/03/2008, 15:02:46] -  Key not found: HKLM\...\Winlogon\Notify\ssqOHyyy, continuing.[05/03/2008, 15:02:46] -  BHO 2: {2f990c3f-c3d0-48a2-a967-a555b968fa63} ()[05/03/2008, 15:02:46] - WARNING: BHO has no default name. Checking for Winlogon reference.[05/03/2008, 15:02:46] -  Checking for HKLM\...\Winlogon\Notify\mytaiaym[05/03/2008, 15:02:46] -  Key not found: HKLM\...\Winlogon\Notify\mytaiaym, continuing.[05/03/2008, 15:02:46] -  BHO 3: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)[05/03/2008, 15:02:46] -  BHO 4: {6A6EAE1B-4AD6-4035-974D-504D6DBAA9C3} ()[05/03/2008, 15:02:46] - WARNING: BHO has no default name. Checking for Winlogon reference.[05/03/2008, 15:02:46] -  Checking for HKLM\...\Winlogon\Notify\nnnkJDvt[05/03/2008, 15:02:46] -  Found: HKLM\...\Winlogon\Notify\nnnkJDvt - This is probably Virtumundo.[05/03/2008, 15:02:46] -  Assigning {6A6EAE1B-4AD6-4035-974D-504D6DBAA9C3} MSEvents Object[05/03/2008, 15:02:46] - BHO list has been changed! Starting over...[05/03/2008, 15:02:46] -  BHO 1: {1EBF7716-4858-43E9-B796-BF7921EA1D2B} ()[05/03/2008, 15:02:46] - WARNING: BHO has no default name. Checking for Winlogon reference.[05/03/2008, 15:02:46] -  Checking for HKLM\...\Winlogon\Notify\ssqOHyyy[05/03/2008, 15:02:46] -  Key not found: HKLM\...\Winlogon\Notify\ssqOHyyy, continuing.[05/03/2008, 15:02:46] -  BHO 2: {2f990c3f-c3d0-48a2-a967-a555b968fa63} ()[05/03/2008, 15:02:46] - WARNING: BHO has no default name. Checking for Winlogon reference.[05/03/2008, 15:02:46] -  Checking for HKLM\...\Winlogon\Notify\mytaiaym[05/03/2008, 15:02:46] -  Key not found: HKLM\...\Winlogon\Notify\mytaiaym, continuing.[05/03/2008, 15:02:46] -  BHO 3: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)[05/03/2008, 15:02:46] -  BHO 4: {6A6EAE1B-4AD6-4035-974D-504D6DBAA9C3} (MSEvents Object)[05/03/2008, 15:02:46] - ALERT: Found MSEvents Object![05/03/2008, 15:02:46] -  BHO 5: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)[05/03/2008, 15:02:46] -  BHO 6: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)[05/03/2008, 15:02:46] -  BHO 7: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class)[05/03/2008, 15:02:46] - Finished Searching Browser Helper Objects[05/03/2008, 15:02:46] - *** Detected MSEvents Object[05/03/2008, 15:02:46] - Trying to remove MSEvents Object...[05/03/2008, 15:02:47] -    Terminating Process: IEXPLORE.EXE[05/03/2008, 15:02:47] -    Terminating Process: RUNDLL32.EXE[05/03/2008, 15:02:47] -    Disabling Automatic Shell Restart[05/03/2008, 15:02:47] -    Terminating Process: EXPLORER.EXE[05/03/2008, 15:02:48] -    Suspending the NT Session Manager System Service[05/03/2008, 15:02:48] -    Terminating Windows NT Logon/Logoff Manager[05/03/2008, 15:08:17] -    Re-enabling Automatic Shell Restart[05/03/2008, 15:08:17] -   File to disable: C:\WINDOWS\system32\nnnkJDvt.dll[05/03/2008, 15:08:17] -  Renaming C:\WINDOWS\system32\nnnkJDvt.dll -> C:\WINDOWS\system32\nnnkJDvt.dll.vir[05/03/2008, 15:08:17] -  File successfully renamed![05/03/2008, 15:08:17] -   Removing HKLM\...\Browser Helper Objects\{6A6EAE1B-4AD6-4035-974D-504D6DBAA9C3}[05/03/2008, 15:08:17] -   Removing HKCR\CLSID\{6A6EAE1B-4AD6-4035-974D-504D6DBAA9C3}[05/03/2008, 15:08:17] -   Adding Kill Bit for ActiveX for GUID: {6A6EAE1B-4AD6-4035-974D-504D6DBAA9C3}[05/03/2008, 15:08:17] -   Deleting ATLEvents/MSEvents Registry entries[05/03/2008, 15:08:17] -   Removing HKLM\...\Winlogon\Notify\nnnkJDvt[05/03/2008, 15:08:17] - Searching for Browser Helper Objects:[05/03/2008, 15:08:17] -  BHO 1: {1EBF7716-4858-43E9-B796-BF7921EA1D2B} ()[05/03/2008, 15:08:17] - WARNING: BHO has no default name. Checking for Winlogon reference.[05/03/2008, 15:08:17] -  Checking for HKLM\...\Winlogon\Notify\ssqOHyyy[05/03/2008, 15:08:17] -  Key not found: HKLM\...\Winlogon\Notify\ssqOHyyy, continuing.[05/03/2008, 15:08:17] -  BHO 2: {2f990c3f-c3d0-48a2-a967-a555b968fa63} ()[05/03/2008, 15:08:17] - WARNING: BHO has no default name. Checking for Winlogon reference.[05/03/2008, 15:08:17] -  Checking for HKLM\...\Winlogon\Notify\mytaiaym[05/03/2008, 15:08:17] -  Key not found: HKLM\...\Winlogon\Notify\mytaiaym, continuing.[05/03/2008, 15:08:17] -  BHO 3: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)[05/03/2008, 15:08:17] -  BHO 4: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)[05/03/2008, 15:08:17] -  BHO 5: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)[05/03/2008, 15:08:17] -  BHO 6: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class)[05/03/2008, 15:08:17] - Finished Searching Browser Helper Objects[05/03/2008, 15:08:17] - Finishing up...[05/03/2008, 15:08:17] - A restart is needed.[05/03/2008, 15:11:54] - Attempting to Restart via STOP error (Blue Screen!)[05/03/2008, 15:19:37] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Snarffy!\Desktop\VirtumundoBeGone.exe" )[05/03/2008, 15:19:44] - Detected System Information:[05/03/2008, 15:19:44] -  Windows Version: 5.1.2600, Service Pack 2[05/03/2008, 15:19:44] -  Current Username: Snarffy! (Admin)[05/03/2008, 15:19:44] -  Windows is in NORMAL mode.[05/03/2008, 15:19:44] - Searching for Browser Helper Objects:[05/03/2008, 15:19:44] -  BHO 1: {1EBF7716-4858-43E9-B796-BF7921EA1D2B} ()[05/03/2008, 15:19:44] - WARNING: BHO has no default name. Checking for Winlogon reference.[05/03/2008, 15:19:44] -  Checking for HKLM\...\Winlogon\Notify\ssqOHyyy[05/03/2008, 15:19:44] -  Key not found: HKLM\...\Winlogon\Notify\ssqOHyyy, continuing.[05/03/2008, 15:19:44] -  BHO 2: {2f990c3f-c3d0-48a2-a967-a555b968fa63} ()[05/03/2008, 15:19:44] - WARNING: BHO has no default name. Checking for Winlogon reference.[05/03/2008, 15:19:44] -  Checking for HKLM\...\Winlogon\Notify\mytaiaym[05/03/2008, 15:19:44] -  Key not found: HKLM\...\Winlogon\Notify\mytaiaym, continuing.[05/03/2008, 15:19:44] -  BHO 3: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)[05/03/2008, 15:19:44] -  BHO 4: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)[05/03/2008, 15:19:44] -  BHO 5: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)[05/03/2008, 15:19:44] -  BHO 6: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class)[05/03/2008, 15:19:44] - Finished Searching Browser Helper Objects[05/03/2008, 15:19:44] - Finishing up...[05/03/2008, 15:19:44] - Nothing found! Exiting...[05/04/2008, 8:47:10] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Snarffy!\Desktop\VirtumundoBeGone.exe" )[05/04/2008, 8:47:15] - Detected System Information:[05/04/2008, 8:47:15] -  Windows Version: 5.1.2600, Service Pack 2[05/04/2008, 8:47:15] -  Current Username: Snarffy! (Admin)[05/04/2008, 8:47:15] -  Windows is in NORMAL mode.[05/04/2008, 8:47:15] - Searching for Browser Helper Objects:[05/04/2008, 8:47:15] -  BHO 1: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)[05/04/2008, 8:47:15] -  BHO 2: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)[05/04/2008, 8:47:15] -  BHO 3: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)[05/04/2008, 8:47:15] -  BHO 4: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class)[05/04/2008, 8:47:15] - Finished Searching Browser Helper Objects[05/04/2008, 8:47:15] - Finishing up...[05/04/2008, 8:47:15] - Nothing found! Exiting...


MBAM Log:

Database version _linenums:715'>Malwarebytes' Anti-Malware 1.11Database version: 715Scan type: Full Scan (C:\|E:\|F:\|)Objects scanned: 417214Time elapsed: 7 hour(s), 41 minute(s), 3 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 15Registry Values Infected: 1Registry Data Items Infected: 0Folders Infected: 0Files Infected: 3Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Typelib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\WUSN.1 (Adware.WhenUSave) -> Quarantined and deleted successfully.Registry Values Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6a6eae1b-4ad6-4035-974d-504d6dbaa9c3} (Trojan.Vundo) -> Quarantined and deleted successfully.Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.C:\Documents and Settings\Snarffy!\Local Settings\Temporary Internet Files\Content.IE5\63WV1IWE\css4[1] (Trojan.Vundo) -> Quarantined and deleted successfully.C:\Documents and Settings\Snarffy!\Local Settings\Temporary Internet Files\Content.IE5\6ERDZ3GZ\idkfa[1] (Trojan.Vundo) -> Quarantined and deleted successfully.


HJT Log:

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 6:17:55 PM, on 5/4/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16640)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\ACS.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exeC:\Program Files\Cisco Systems\VPN Client\cvpnd.exeC:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exeC:\WINDOWS\system32\DVDRAMSV.exeC:\PROGRA~1\NORTON~1\NORTON~1\GHOSTS~2.EXEC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exeC:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXEC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZipm12.exeC:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exeC:\WINDOWS\system32\svchost.exec:\TOSHIBA\IVP\swupdate\swupdtmr.exeC:\Program Files\Canon\CAL\CALMAIN.exeC:\WINDOWS\System32\alg.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\dla\tfswctrl.exeC:\Program Files\Apoint2K\Apoint.exeC:\WINDOWS\AGRSMMSG.exeC:\Program Files\TOSHIBA\E-KEY\CeEKey.exeC:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exeC:\Program Files\Toshiba\Tvs\TvsTray.exeC:\Program Files\TOSHIBA\TouchPad\TPTray.exeC:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exeC:\WINDOWS\system32\TCtrlIOHook.exeC:\WINDOWS\system32\TPSBattM.exeC:\Program Files\Apoint2K\Apntex.exeC:\Program Files\TOSHIBA\Touch and Launch\PadExe.exeC:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exeC:\WINDOWS\system32\igfxtray.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\Quicken\bagent.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\WINDOWS\system32\RAMASST.exeC:\Program Files\Memeo\AutoBackup\MemeoBackup.exeC:\Program Files\Malwarebytes' Anti-Malware\mbam.exeC:\WINDOWS\system32\NOTEPAD.EXEC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url]R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url]R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = webproxy.ucsd.edu:3128R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localO2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dllO2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dllO3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dllO3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dllO3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dllO4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exeO4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exeO4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exeO4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exeO4 - HKLM\..\Run: [TPSMain] TPSMain.exeO4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exeO4 - HKLM\..\Run: [EPSON Stylus CX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE /P26 "EPSON Stylus CX4200 Series" /O6 "USB001" /M "Stylus CX4200"O4 - HKLM\..\Run: [Auto EPSON Stylus CX4200 Series on PC270429458147] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE /P49 "Auto EPSON Stylus CX4200 Series on PC270429458147" /O25 "\\PC270429458147\Printer2" /M "Stylus CX4200"O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostartO4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exeO4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exeO4 - HKLM\..\Run: [TFncKy] C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exeO4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exeO4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTILO4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /runO4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exeO4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUPO4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exeO4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXEO4 - HKLM\..\Run: [QD FastAndSafe] C:\Program Files\Norton SystemWorks\Norton CleanSweep\QDCSFS.exe /schedulerO4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeO4 - HKCU\..\Run: [QuickenScheduledUpdates] C:\Program Files\Quicken\bagent.exeO4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exeO4 - Startup: Memeo AutoBackup Launcher.lnk = ?O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exeO4 - Global Startup: Logo Calibration Loader.lnk = C:\Program Files\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exeO4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exeO8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htmO8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htmO8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htmO8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlO8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlO8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlO8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.htmlO8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.htmlO8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlO8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlO8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dllO9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missingO12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dllO14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstartO15 - Trusted Zone: [url="http://www.imagestation.com"]http://www.imagestation.com[/url]O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - [url="http://www.ipix.com/download/ipixx.cab"]http://www.ipix.com/download/ipixx.cab[/url]O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - [url="http://www.costcophotocenter.com/CostcoActivia.cab"]http://www.costcophotocenter.com/CostcoActivia.cab[/url]O16 - DPF: {427273CC-764E-11D3-823D-006097F90453} (Pixami Image Editor Control) - [url="http://www.imagestation.com/common/classes/BPImageEditor.cab?ver=1,1,0,34"]http://www.imagestation.com/common/classes...ab?ver=1,1,0,34[/url]O16 - DPF: {42C9E5EE-DA49-49B4-8ECC-1CAB1C51A2AB} (HomePrintingCtrl Class) - [url="http://www.kodakgallery.com/downloads/hmpr/HMPR_WIN_IE_1/wiaaut.cab"]http://www.kodakgallery.com/downloads/hmpr...IE_1/wiaaut.cab[/url]O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - [url="http://lads.myspace.com/upload/MySpaceUploader1005.cab"]http://lads.myspace.com/upload/MySpaceUploader1005.cab[/url]O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [url="http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1139715556468"]http://update.microsoft.com/windowsupdate/...b?1139715556468[/url]O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [url="http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1139717829140"]http://update.microsoft.com/microsoftupdat...b?1139717829140[/url]O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - [url="http://upload.smugmug.com/photos/activex/ImageUploader4-082807.cab"]http://upload.smugmug.com/photos/activex/I...der4-082807.cab[/url]O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - [url="http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab"]http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab[/url]O16 - DPF: {DF304508-B304-11D3-B860-00201857EBF5} (Pixami Print Layout Control) - [url="http://www.imagestation.com/common/classes/BPPrintClient.cab?ver=2,0,0,54"]http://www.imagestation.com/common/classes...ab?ver=2,0,0,54[/url]O16 - DPF: {E9A7F56F-C40F-4928-8C6F-7A72F2A25222} (AxRUploadControl Object) - [url="http://www.imagestation.com/common/classes/SonyISUpload.cab?v=1,0,0,37"]http://www.imagestation.com/common/classes....cab?v=1,0,0,37[/url]O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exeO23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exeO23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exeO23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exeO23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exeO23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exeO23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exeO23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\GHOSTS~2.EXEO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exeO23 - Service: Iomega Activity Disk2 - Iomega Corporation - C:\PROGRA~1\Iomega\System32\ActivityDisk.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exeO23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXEO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZipm12.exeO23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exeO23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe--End of file - 14558 bytes

  • 0

#7
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#8
Snarffy

Snarffy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Extra.txt:

Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture _linenums:0'>Deckard's System Scanner v20071014.68Extra logfile - please post this as an attachment with your post.---------------------------------------------------------------------------------- System Information ----------------------------------------------------------Microsoft Windows XP Professional (build 2600) SP 2.0Architecture: X86; Language: EnglishCPU 0: Intel® Pentium® M processor 2.00GHzPercentage of Memory in Use: 56%Physical Memory (total/avail): 1014.42 MiB / 442.93 MiBPagefile Memory (total/avail): 3320.9 MiB / 2843.98 MiBVirtual Memory (total/avail): 2047.88 MiB / 1936.96 MiBC: is Fixed (NTFS) - 74.34 GiB total, 23.63 GiB free. D: is CDROM (No Media)E: is Fixed (NTFS) - 465.76 GiB total, 0 GiB free. F: is Fixed (NTFS) - 465.76 GiB total, 222.34 GiB free. G: is Removable (FAT)\\.\PHYSICALDRIVE0 - HTS541080G9AT00 - 74.34 GiB - 1 partition \PARTITION0 (bootable) - Installable File System - 74.34 GiB - C:\\.\PHYSICALDRIVE3 - USB Flash Memory USB Device - 949.15 MiB - 1 partition \PARTITION0 (bootable) - Win95 w/Extended Int 13 - 955.48 MiB - G:\\.\PHYSICALDRIVE1 - WD 5000AAKB Externa USB Device - 465.76 GiB - 1 partition \PARTITION0 - Installable File System - 465.76 GiB - F:\\.\PHYSICALDRIVE2 - WD 5000AAV External USB Device - 465.76 GiB - 1 partition \PARTITION0 - Installable File System - 465.76 GiB - E:-- Security Center -------------------------------------------------------------AUOptions is set to notify before install.Windows Internal Firewall is enabled.FirstRunDisabled is set.AntiVirusDisableNotify is set.FirewallDisableNotify is set.[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019""%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019""C:\\Program Files\\Trillian\\trillian.exe"="C:\\Program Files\\Trillian\\trillian.exe:*:Enabled:Trillian""C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client""%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000""C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer""C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes""C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour""C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"="C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server""C:\\Program Files\\Google\\Google Talk\\googletalk.exe"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk""C:\\Program Files\\Cisco Systems\\VPN Client\\vpnclient.exe"="C:\\Program Files\\Cisco Systems\\VPN Client\\vpnclient.exe:*:Enabled:vpnclient.exe""C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"-- Environment Variables -------------------------------------------------------ALLUSERSPROFILE=C:\Documents and Settings\All UsersAPPDATA=C:\Documents and Settings\Snarffy!\Application DataCLASSPATH=.;C:\Program Files\Java\jre1.5.0_01\lib\ext\QTJava.zipCommonProgramFiles=C:\Program Files\Common FilesCOMPUTERNAME=SNARFFY2ComSpec=C:\WINDOWS\system32\cmd.exeFP_NO_HOST_CHECK=NOGETMODEL=Satellite M50HOMEDRIVE=C:HOMEPATH=\Documents and Settings\Snarffy!LOGONSERVER=\\SNARFFY2NUMBER_OF_PROCESSORS=1OS=Windows_NTPath=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;"C:\Program Files\Norton SystemWorks\Norton Ghost\";C:\Program Files\QuickTime\QTSystem\PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSHPROCESSOR_ARCHITECTURE=x86PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 8, GenuineIntelPROCESSOR_LEVEL=6PROCESSOR_REVISION=0d08ProgramFiles=C:\Program FilesPROMPT=$P$GQTJAVA=C:\Program Files\Java\jre1.5.0_01\lib\ext\QTJava.zipSESSIONNAME=ConsoleSystemDrive=C:SystemRoot=C:\WINDOWSTEMP=C:\DOCUME~1\Snarffy!\LOCALS~1\TempTMP=C:\DOCUME~1\Snarffy!\LOCALS~1\TempUSERDOMAIN=SNARFFY2USERNAME=Snarffy!USERPROFILE=C:\Documents and Settings\Snarffy!VERNUM=PSM50U-0PV0268windir=C:\WINDOWS-- User Profiles ---------------------------------------------------------------Snarffy! (admin)Administrator (admin)-- Add/Remove Programs --------------------------------------------------------- --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER --> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6} --> C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19} --> MsiExec.exe /I{6975E810-C92F-45F0-0BFD-187B312F10E8} --> MsiExec.exe /I{C8D79874-7F2B-4346-99F1-DAA8AABF9DCA} --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.infAdd or Remove Adobe Creative Suite 3 Master Collection --> C:\Program Files\Common Files\Adobe\Installers\8bb24e071e5922899698c2105557bd2\Setup.exeAdobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"Adobe After Effects CS3 --> MsiExec.exe /I{0A3D355B-4FCC-41AF-8C61-A2BA15D26237}Adobe After Effects CS3 Presets --> MsiExec.exe /I{185D0A67-E066-44AE-926D-F6305813301C}Adobe After Effects CS3 Template Projects & Footage --> MsiExec.exe /I{80C13322-2085-49F5-8B19-2A9FA20F14E9}Adobe After Effects CS3 Third Party Content --> MsiExec.exe /I{60B87ADA-167E-4239-AD64-40992C8D220F}Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}Adobe BridgeTalk Plugin CS3 --> MsiExec.exe /I{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}Adobe Color Common Settings --> C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exeAdobe Color Common Settings --> MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}Adobe Contribute CS3 --> MsiExec.exe /I{FC9E08AA-CD59-4C59-BEF9-87E05B9E37D7}Adobe Creative Suite 3 Master Collection --> MsiExec.exe /I{7162AC2C-733F-4127-ACAD-C5F0F27D123D}Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}Adobe Dreamweaver CS3 --> MsiExec.exe /I{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}Adobe Encore CS3 --> MsiExec.exe /I{5373C190-2C97-4086-B0F6-E7774B2CF25A}Adobe Encore CS3 Library --> MsiExec.exe /I{7D62C409-EA5C-40E3-954E-AD4923250923}Adobe ExtendScript Toolkit 2 --> C:\Program Files\Common Files\Adobe\Installers\5bc0f8414ec36c555a3e7e5ec2e225e\Setup.exeAdobe ExtendScript Toolkit 2 --> MsiExec.exe /I{1BCEA516-B4C5-4B2D-BFA0-AB7910BAD862}Adobe Extension Manager CS3 --> MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}Adobe Fireworks CS3 --> MsiExec.exe /I{7DFC1012-D346-46CE-B03E-FF79125AE029}Adobe Flash CS3 --> MsiExec.exe /I{6B52140A-F189-4945-BFFC-DB3F00B8C589}Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDeleteAdobe Flash Player 9 ActiveX --> MsiExec.exe /X{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exeAdobe Flash Video Encoder --> MsiExec.exe /I{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}Adobe Help Viewer CS3 --> MsiExec.exe /I{7ACFB90E-8FD0-4397-AD3A-5195412623A3}Adobe Illustrator CS3 --> MsiExec.exe /I{F08E8D2E-F132-4742-9C87-D5FF223A016A}Adobe InDesign CS3 --> MsiExec.exe /I{CB3F8375-B600-4B9F-83C9-238ED1E583FD}Adobe InDesign CS3 Icon Handler --> MsiExec.exe /I{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}Adobe MotionPicture Color Files --> MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77}Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}Adobe Photoshop CS --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x9 Adobe Photoshop CS3 --> MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}Adobe Premiere Pro CS3 --> MsiExec.exe /I{A6CDBEB9-2DF5-4455-A647-F3DF0441D5C3}Adobe Premiere Pro CS3 Functional Content --> MsiExec.exe /I{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}Adobe Premiere Pro CS3 Third Party Content --> MsiExec.exe /I{0742B739-DCA3-4A21-AADD-B7CBF49C2058}Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}Adobe Setup --> MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}Adobe Setup --> MsiExec.exe /I{9BA4F9C5-7CB4-492C-9B97-89E36AFA0AB9}Adobe Setup --> MsiExec.exe /I{D504303A-717D-414C-BA9F-FE01093E2EF8}Adobe Shockwave Player --> C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.logAdobe SING CS3 --> MsiExec.exe /I{B671CBFD-4109-4D35-9252-3062D3CCB7B2}Adobe Soundbooth CS3 --> MsiExec.exe /I{64B7E533-21EC-4DB3-95DE-6D2DDE81F855}Adobe Soundbooth CS3 Codecs --> MsiExec.exe /I{99312C08-19A1-4B20-9F1D-3BCEED582278}Adobe Soundbooth CS3 Scores --> MsiExec.exe /I{92A300C0-E97B-48CC-9702-AB1AAED167E1}Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}Adobe Version Cue CS3 Server {ko_KR} --> MsiExec.exe /I{1D58229F-C505-45CA-8223-F35F3A34B963}Adobe Video Profiles --> MsiExec.exe /I{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}Adobe WAS CS3 --> MsiExec.exe /I{C5BD220A-EFE8-48A5-B70E-9503D535FACE}Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}Adobe XMP DVA Panels CS3 --> MsiExec.exe /I{0224CACC-994D-45F8-B973-D65056EA9C2F}Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}Ahead Nero Burning ROM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALLAHV content for Acrobat and Flash --> MsiExec.exe /I{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}ALPS Touch Pad Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}\setup.exe" UNINSTALLAmerica Online (Choose which version to remove) --> C:\Program Files\Common Files\aolshare\Aolunins_us.exeAnswerWorks 5.0 English Runtime --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}\setup.exe" -l0x9 -uninst -removeonlyApple Mobile Device Support --> MsiExec.exe /I{967D588C-9B96-40C9-A222-DCD6922563CA}Apple Software Update --> MsiExec.exe /I{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}ArcSoft PhotoImpression 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D433ABC3-0CD8-4BB0-B6A9-84501B4B47B7}\Setup.exe" -l0x9 Atheros Client Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{71D658CF-4E0D-4DA8-AA67-8C0B6F1C01FE}\Setup.exe" -l0x9 Atheros Wireless LAN MiniPCI card Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{05832D65-6EDB-4D32-BA78-BCD0E2B91C02}\Setup.exe" -l0x9 Audacity 1.2.6 --> "C:\Program Files\Audacity\unins000.exe"BitComet 0.97 --> C:\Program Files\BitComet\uninst.exeBluetooth Stack for Windows by Toshiba --> MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}C-Dilla Licence Management System --> C:\C_DILLA\setup\cdunin16.exeCanon Camera Access Library --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CAL\Uninst.ini"Canon Camera Support Core Library --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CSCLIB\Uninst.ini"Canon Camera Window DC_DV 5 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC\Uninst.ini"Canon Camera Window DC_DV 6 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"Canon Camera Window MC 6 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowMC\Uninst.ini"Canon G.726 WMP-Decoder --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\G726Decoder\G726DecUnInstall.ini"Canon MovieEdit Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\MVWUninst.ini"Canon RAW Image Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini"Canon RemoteCapture Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"Canon Utilities Digital Photo Professional 2.2 --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\Digital Photo Professional\Uninst.ini"Canon Utilities EOS Utility --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\EOS Utility\Uninst.ini"Canon Utilities PhotoStitch --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini"Canon Utilities ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini"CD/DVD Drive Acoustic Silencer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}\Setup.exe" -l0x9 Cisco Systems VPN Client 5.0.01.0600 --> MsiExec.exe /X{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}ConvertXtoDVD 2.1.14.223 --> "C:\Program Files\vso\ConvertXtoDVD\unins000.exe"Dfine 2.0 --> C:\Program Files\Adobe\Adobe Photoshop CS3\Plug-Ins\Nik Software\Dfine 2.0\uninstall.exeDivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODECDivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADERDivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTERDVD-RAM Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}\setup.exe" -l0x9 DVD-RAM DriverEasyCleaner --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F5346614-B7C4-4E94-826A-E2363155233D}\setup.exe" -l0x9 -removeonlyEndNote 8.0.2 --> MsiExec.exe /I{27625A79-D272-41EF-844B-6EAC87D4A51E}EPSON Print CD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}\Setup.exe" -l0x9 -SYSTEMEPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /REPSON Scan --> C:\Program Files\epson\escndv\setup\setup.exe /rEPSON Stylus Photo R260 User's Guide --> C:\Program Files\epson\guide\spr260_e\uninstall.exeEPSON Web-To-Page --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\setup.exe" -l0x9 -anythingExtensis Intellihance Pro 4.0 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Extensis\Intellihance Pro 4.0\Uninst.isu"Eye-One Diagnostics --> "C:\Program Files\GretagMacbeth\i1\Eye-One Diagnostics\unins000.exe"Eye-One Match 3.6.1 --> "C:\Program Files\GretagMacbeth\i1\Eye-One Match 3\unins000.exe"Eye-One Share --> C:\PROGRA~1\GRETAG~1\i1\i1Share\UNWISE.EXE C:\PROGRA~1\GRETAG~1\i1\i1Share\INSTALL.LOGFixerBundle --> MsiExec.exe /I{AB950704-6C64-4213-AB66-94C29E971D15}Fx MPEG Writer --> C:\PROGRA~1\FXMPEG~1\UNWISE.EXE C:\PROGRA~1\FXMPEG~1\INSTALL.LOGGoogle Talk (remove only) --> "C:\Program Files\Google\Google Talk\uninstall.exe"Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstallHotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"i1ColorPoint 1.0 --> C:\PROGRA~1\GRETAG~1\i1\I1COLO~1\UNWISE.EXE C:\PROGRA~1\GRETAG~1\i1\I1COLO~1\INSTALL.LOGImpulse --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{91E14B92-8740-49BD-9880-6028C62F4556} anythingIntel® Graphics Media Accelerator Driver --> C:\WINDOWS\system32\igxpun.exe -uninstallInterActual Player --> C:\Program Files\InterActual\InterActual Player\inuninst.exeInterVideo WinDVD Creator 2 --> "C:\Program Files\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\setup.exe" REMOVEALLInterVideo WinDVD for TOSHIBA --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALLIomega App Services --> C:\WINDOWS\unvise32.exe C:\Program Files\Iomega\System32\uninstal.logIomegaWare --> C:\WINDOWS\unvise32.exe C:\Program Files\Iomega\uninstal.logiPod for Windows 2005-02-22 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{B6ACFF51-248A-4290-B50B-E50C81F25B97} /l1033 iPod for Windows 2006-01-10 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{3D047C15-C859-45F7-81CE-F2681778069B} /l1033 ISI ResearchSoft - Export Helper --> C:\PROGRA~1\COMMON~1\Risxtd\_UNINST.EXEiTunes --> MsiExec.exe /I{E0219810-16E4-437D-9165-93D7B22524F9}J2SE Runtime Environment 5.0 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150010}Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exeLiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVELiveUpdate 1.80 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /UMalwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"Memeo AutoBackup --> C:\Program Files\InstallShield Installation Information\{6BCEB97B-F315-455D-BC2D-565A1A6781E8}\setup.exe -runfromtemp -l0x0409Memorex exPressit Label Design Studio --> C:\WINDOWS\mvuninst\App1\mvuninst.exe "Memorex exPressit Label Design Studio"Microsoft Color Control Panel Applet for Windows XP --> MsiExec.exe /X{CE378F36-E404-4244-A33F-F50A2A6D31BD}Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"Microsoft Office OneNote 2003 --> MsiExec.exe /I{90A10409-6000-11D3-8CFE-0150048383C9}Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exenik Color Efex Pro 2.0 Complete --> C:\WINDOWS\unvise32.exe c:\program files\adobe\adobe photoshop cs3\plug-ins\nik Color Efex Pro 2.0 Complete\uninstal.lognik Sharpener Pro 2.0 Complete --> C:\WINDOWS\unvise32.exe c:\program files\adobe\adobe photoshop cs3\plug-ins\nik Sharpener Pro 2.0 Complete\uninstal.logNorton SystemWorks 2003 --> MsiExec.exe /I{43C3D832-AC96-463A-2003-1B8D1BFA2523}Notebook Maximizer --> C:\WINDOWS\iun6002.exe "C:\Program Files\Notebook Maximizer\irunin.ini"Ofoto [email protected] ActiveX Control --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\Downloaded Program Files\axhomepr.inf, UninstallPC Inspector smart recovery --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C9A87D86-FDFD-418B-BF96-EF09320973B3}\Setup.exe" -l0x9 PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}PowerISO --> "C:\Program Files\PowerISO\uninstall.exe"Pure Networks Port Magic --> C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe -Uninstall -ShowUIQuicken 2008 --> MsiExec.exe /X{3B0F52AC-EF5C-4831-B221-06C782E41280}QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}RealPlayer Basic --> C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVESD Secure Module --> MsiExec.exe /X{C45F4811-31D5-4786-801D-F79CD06EDD85}Security Task Manager 1.7e --> C:\Program Files\Security Task Manager\Uninstal.exe "C:\Documents and Settings\All Users\Start Menu\Programs\Security Task Manager"Software Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{80D95911-28E9-40AC-A6B5-1DA6D9F14B29}\SETUP.EXE" -l0x9 Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}Sonic RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}SPSS 12.0.1 for Windows --> MsiExec.exe /I{2446B8DB-2FFC-4301-8765-88734AF4DC04}Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins001.exe"Spybot - Search & Destroy 1.5.2.20 --> "C:\WINDOWS\unins000.exe"Sticky Central by Perfect Timing, Inc. --> "C:\Program Files\Perfect Timing\Sticky Central\unins000.exe"Symantec AntiVirus Client --> MsiExec.exe /X{0EFC6259-3AD8-4CD2-BC57-D4937AF5CC0E}Texas Instruments PCIxx21/x515 drivers. --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{F47B2DF8-35EC-4B51-B5F2-0E03EF5F51DA} /l1033 TOSHIBA Accessibility --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{3A57482F-BEBC-47E4-ADA1-6302403C7E50} /l1033 TOSHIBA Assist --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{12B3A009-A080-4619-9A2A-C6DB151D8D67}\Setup.exe" -l0x9 TOSHIBA ConfigFree --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}\setup.exe" -l0x9 UNINSTALLTOSHIBA Controls --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{5BCA8D15-BCB6-421E-9654-238B43456A4F} /l1033 TOSHIBA Fn-esse --> C:\WINDOWS\UnInst32.exe Fn-esse.UNITOSHIBA Hardware Setup --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{5279374D-87FE-4879-9385-F17278EBB9D3} /l1033 TOSHIBA Hotkey Utility --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{7900D3A6-A9E8-4954-ACCB-AB15867978BF} /l1033 TOSHIBA PC Diagnostic Tool --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\TOSHIBA\PCDiag\Uninst.isu"TOSHIBA Power Saver --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{A38D57D1-5F29-4691-B3DD-FE4B3A7B3AFE} /l1033 TOSHIBA SD Memory Card Format --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}\Setup.exe" TOSHIBA Software Modem --> Tosmreg -UTOSHIBA Software Upgrades --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{425A2BC2-AA64-4107-9C29-484245BBEA05}\setup.exe" TOSHIBA Speech System Applications --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}\Setup.exe" -l0x9 TOSHIBA Speech System SR Engine(U.S.) Version1.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{008D69EB-70FF-46AB-9C75-924620DF191A}\Setup.exe" -l0x9 UNINSTALLTOSHIBA Speech System TTS Engine(U.S.) Version1.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}\Setup.exe" -l0x9 TOSHIBA Supervisor Password --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE} /l1033 Toshiba Tbiosdrv Driver --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Toshiba\Toshiba Tbiosdrv Driver\Tbiosdrv.isu"TOSHIBA Virtual Sound --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B12BA86-ADAC-4BA6-B441-FFC591087252}\Setup.exe" /uninstallTOSHIBA Zooming Utility --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{02EED746-8C5A-43C8-BB3D-D29C8B363A4D} /l1033 Touch and Launch --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5D96E2B1-D9AC-46E0-9073-425C5F63E338}\Setup.exe" TouchPad On/Off Utility --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{80977342-27E8-4FF7-8B6A-D8D89461DA7F} /l1033 Trillian --> C:\Program Files\Trillian\trillian.exe /uninstallViewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /uViewSonic Windows XP Signed Files --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC47C7A5-BE63-11D5-B7C9-005004566E4D}\Setup.exe" -l0x9 WD Diagnostics --> MsiExec.exe /X{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"WinMX --> C:\Program Files\WinMX\uninstall.exeWinRAR archiver --> C:\Program Files\WinRAR\uninstall.exeXviD 1.1 final uninstall --> "C:\Program Files\XviD\unins000.exe"-- Application Event Log -------------------------------------------------------Event Record #/Type11670 / ErrorEvent Submitted/Written: 05/01/2008 04:49:06 PMEvent ID/Source: 5 / Norton AntiVirusEvent Description:Virus Found!Virus name: Trojan.Vundo.B in File: C:\WINDOWS\system32\nnnkJDvt.dll by: Realtime Protection scan. Action: Clean failed : Quarantine failed : Access deniedEvent Record #/Type11669 / ErrorEvent Submitted/Written: 05/01/2008 04:49:03 PMEvent ID/Source: 5 / Norton AntiVirusEvent Description:Virus Found!Virus name: Trojan.Vundo.B in File: C:\WINDOWS\system32\nnnkJDvt.dll by: Realtime Protection scan. Action: Clean failed : Quarantine failed : Access deniedEvent Record #/Type11668 / ErrorEvent Submitted/Written: 05/01/2008 04:49:00 PMEvent ID/Source: 5 / Norton AntiVirusEvent Description:Virus Found!Virus name: Trojan.Vundo.B in File: C:\WINDOWS\system32\nnnkJDvt.dll by: Realtime Protection scan. Action: Clean failed : Quarantine failed : Access deniedEvent Record #/Type11667 / ErrorEvent Submitted/Written: 05/01/2008 04:48:57 PMEvent ID/Source: 5 / Norton AntiVirusEvent Description:Virus Found!Virus name: Trojan.Vundo.B in File: C:\WINDOWS\system32\nnnkJDvt.dll by: Realtime Protection scan. Action: Clean failed : Quarantine failed : Access deniedEvent Record #/Type11666 / ErrorEvent Submitted/Written: 05/01/2008 04:48:54 PMEvent ID/Source: 5 / Norton AntiVirusEvent Description:Virus Found!Virus name: Trojan.Vundo.B in File: C:\WINDOWS\system32\nnnkJDvt.dll by: Realtime Protection scan. Action: Clean failed : Quarantine failed : Access denied-- Security Event Log ----------------------------------------------------------No Errors/Warnings found.-- System Event Log ------------------------------------------------------------Event Record #/Type30641 / ErrorEvent Submitted/Written: 05/04/2008 07:40:26 PMEvent ID/Source: 1 / srEvent Description:The System Restore filter encountered the unexpected error '0xC000007F' while processing the file 'desktop.ini' on the volume 'HarddiskVolume3'. It has stopped monitoring the volume.Event Record #/Type30634 / WarningEvent Submitted/Written: 05/04/2008 05:02:43 PMEvent ID/Source: 51 / DiskEvent Description:An error was detected on device \Device\Harddisk1\D during a paging operation.Event Record #/Type30633 / WarningEvent Submitted/Written: 05/04/2008 05:02:42 PMEvent ID/Source: 51 / DiskEvent Description:An error was detected on device \Device\Harddisk1\D during a paging operation.Event Record #/Type30632 / WarningEvent Submitted/Written: 05/04/2008 05:02:42 PMEvent ID/Source: 51 / DiskEvent Description:An error was detected on device \Device\Harddisk1\D during a paging operation.Event Record #/Type30631 / WarningEvent Submitted/Written: 05/04/2008 05:02:41 PMEvent ID/Source: 51 / DiskEvent Description:An error was detected on device \Device\Harddisk1\D during a paging operation.-- End of Deckard's System Scanner: finished at 2008-05-04 19:41:17 ------------


Main.txt:
CODE
Deckard's System Scanner v20071014.68
Run by Snarffy! on 2008-05-04 19:36:03
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2008-05-05 02:36:11 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Snarffy!.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:40:40 PM, on 5/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\PROGRA~1\NORTON~1\NORTON~1\GHOSTS~2.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZipm12.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Quicken\bagent.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Memeo\AutoBackup\MemeoBackup.exe
C:\Documents and Settings\Snarffy!\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Snarffy!.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = webproxy.ucsd.edu:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [EPSON Stylus CX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE /P26 "EPSON Stylus CX4200 Series" /O6 "USB001" /M "Stylus CX4200"
O4 - HKLM\..\Run: [Auto EPSON Stylus CX4200 Series on PC270429458147] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE /P49 "Auto EPSON Stylus CX4200 Series on PC270429458147" /O25 "\\PC270429458147\Printer2" /M "Stylus CX4200"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [TFncKy] C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe
O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [QD FastAndSafe] C:\Program Files\Norton SystemWorks\Norton CleanSweep\QDCSFS.exe /scheduler
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [QuickenScheduledUpdates] C:\Program Files\Quicken\bagent.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Memeo AutoBackup Launcher.lnk = ?
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Global Startup: Logo Calibration Loader.lnk = C:\Program Files\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O15 - Trusted Zone: http://www.imagestation.com
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcopho...stcoActivia.cab
O16 - DPF: {427273CC-764E-11D3-823D-006097F90453} (Pixami Image Editor Control) - http://www.imagestat...ab?ver=1,1,0,34
O16 - DPF: {42C9E5EE-DA49-49B4-8ECC-1CAB1C51A2AB} (HomePrintingCtrl Class) - http://www.kodakgall...IE_1/wiaaut.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1005.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1139715556468
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1139717829140
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://upload.smugmu...der4-082807.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn...ro.cab34246.cab
O16 - DPF: {DF304508-B304-11D3-B860-00201857EBF5} (Pixami Print Layout Control) - http://www.imagestat...ab?ver=2,0,0,54
O16 - DPF: {E9A7F56F-C40F-4928-8C6F-7A72F2A25222} (AxRUploadControl Object) - http://www.imagestat....cab?v=1,0,0,37
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\GHOSTS~2.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Iomega Activity Disk2 - Iomega Corporation - C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe

--
End of file - 14478 bytes

-- File Associations -----------------------------------------------------------

.js - jsfile - DefaultIcon - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe",7
.js - jsfile - shell\open\command - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"
.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 iomdisk (Iomega Devices Disk Filter Services) - c:\windows\system32\drivers\iomdisk.sys <Not Verified; Iomega Corporation; Microsoft® Windows NT® Operating System>
R1 GhPciScan (GhostPciScanner) - c:\program files\norton systemworks\norton ghost\ghpciscan.sys <Not Verified; Symantec Corporation; Symantec Ghost PCI Scanner>
R1 meiudf - c:\windows\system32\drivers\meiudf.sys <Not Verified; Matsushita Electric Industrial Co.,Ltd.; >
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R1 SerTVOutCtlr (TOSHIBA Controls Driver -EPIOMngr) - c:\windows\system32\drivers\epiomngr.sys <Not Verified; COMPAL ELECTRONIC INC.; Compal IoManager Application>
R1 SrvcEKIOMngr - c:\windows\system32\drivers\ekiomngr.sys <Not Verified; COMPAL ELECTRONIC INC.; Compal IoManager Application>
R1 SrvcSSIOMngr - c:\windows\system32\drivers\ssiomngr.sys <Not Verified; COMPAL ELECTRONIC INC.; Compal IoManager Application>
R1 Tosrfcom (Bluetooth RFCOMM from TOSHIBA) - c:\windows\system32\drivers\tosrfcom.sys <Not Verified; TOSHIBA Corporation; Bluetooth RFCOMM Driver>
R1 TPwSav (Common Driver) - c:\windows\system32\drivers\tpwsav.sys <Not Verified; TOSHIBA; >
R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R2 MDC8021X (AEGIS Protocol (IEEE 802.1x) v2.3.1.10) - c:\windows\system32\drivers\mdc8021x.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.3.1.10>
R2 Netdevio (TOSHIBA Network Device Usermode I/O Protocol) - c:\windows\system32\drivers\netdevio.sys <Not Verified; TOSHIBA Corporation.; TOSHIBA Network Device Usermode I/O protocol>
R2 PDIHWCTL - c:\windows\system32\drivers\pdihwctl.sys <Not Verified; Portrait Displays, Inc.; PdiHwCtl>
R2 TBiosDrv - c:\windows\system32\drivers\tbiosdrv.sys
R3 Iviaspi (IVI ASPI Shell) - c:\windows\system32\drivers\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell>
R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
R3 Pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
R3 tosporte (Bluetooth Port Driver from Toshiba) - c:\windows\system32\drivers\tosporte.sys <Not Verified; TOSHIBA Corporation; TOSHIBA Bluetooth Port Emulation Driver>
R3 Tvs (Toshiba Virtual Sound with SRS technologies) - c:\windows\system32\drivers\tvs.sys <Not Verified; TOSHIBA Corporation; Audio Filter>

S1 StickyMesger - c:\program files\toshiba\accessibility\stickymesger.sys (file missing)
S3 C-Dilla - c:\windows\system32\drivers\cdant.sys <Not Verified; Macrovision; Licence Management System>
S3 eyeonedp (eye-one display) - c:\windows\system32\drivers\eyeonedp.sys
S3 PCASp50 (PCASp50 NDIS Protocol Driver) - c:&#
  • 0

#9
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please download ATF Cleaner by Atribune.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
============================================================
Please do an online scan with Kaspersky WebScanner
(This scanner is for use with internet explorer only)
Click on "Accept"

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as button:
  • Save the file in txt format to your desktop.
  • Post that information in your next post.

  • 0

#10
Snarffy

Snarffy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Kaspersky log:

[codebox]-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, May 05, 2008 2:17:10 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 5/05/2008
Kaspersky Anti-Virus database records: 741235
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 200136
Number of viruses found: 6
Number of infected objects: 11
Number of suspicious objects: 3
Duration of the scan process: 02:12:18

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Memeo\AutoBackup\logs\MemeoBackup.exe.log-2008-5-5.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\01080000.VBN Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\01080001.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.qfr skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\01080002.VBN Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\01DC0000.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.qfr skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E100000.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.qfr skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Snarffy!\Application Data\Intuit\Quicken\Log\qw.log Object is locked skipped
C:\Documents and Settings\Snarffy!\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Snarffy!\Local Settings\Application Data\Identities\{3A55BFBE-DFE1-4CF6-AC8A-CDD498461EAB}\Microsoft\Outlook Express\Hotmail - Sent Items.dbx/[From "Lori Brueseke" <[email protected]>][Date Tue, 13 Nov 2007 08:56:02 -0800]/UNNAMED/html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Snarffy!\Local Settings\Application Data\Identities\{3A55BFBE-DFE1-4CF6-AC8A-CDD498461EAB}\Microsoft\Outlook Express\Hotmail - Sent Items.dbx/[From "Lori Brueseke" <[email protected]>][Date Tue, 13 Nov 2007 08:56:02 -0800]/UNNAMED Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Snarffy!\Local Settings\Application Data\Identities\{3A55BFBE-DFE1-4CF6-AC8A-CDD498461EAB}\Microsoft\Outlook Express\Hotmail - Sent Items.dbx MailMSOutlook5: suspicious - 2 skipped
C:\Documents and Settings\Snarffy!\Local Settings\Application Data\Identities\{3A55BFBE-DFE1-4CF6-AC8A-CDD498461EAB}\Microsoft\Outlook Express\Sent Items.dbx/[From "Lori Unruh" <[email protected]>][Date Thu, 13 May 2004 23:09:26 -0700]/UNNAMED/Attach.zip/ubahyn.scr Infected: Email-Worm.Win32.Bagle.g skipped
C:\Documents and Settings\Snarffy!\Local Settings\Application Data\Identities\{3A55BFBE-DFE1-4CF6-AC8A-CDD498461EAB}\Microsoft\Outlook Express\Sent Items.dbx/[From "Lori Unruh" <[email protected]>][Date Thu, 13 May 2004 23:09:26 -0700]/UNNAMED/Attach.zip Infected: Email-Worm.Win32.Bagle.g skipped
C:\Documents and Settings\Snarffy!\Local Settings\Application Data\Identities\{3A55BFBE-DFE1-4CF6-AC8A-CDD498461EAB}\Microsoft\Outlook Express\Sent Items.dbx/[From "Lori Unruh" <[email protected]>][Date Thu, 13 May 2004 23:09:26 -0700]/UNNAMED Infected: Email-Worm.Win32.Bagle.g skipped
C:\Documents and Settings\Snarffy!\Local Settings\Application Data\Identities\{3A55BFBE-DFE1-4CF6-AC8A-CDD498461EAB}\Microsoft\Outlook Express\Sent Items.dbx MailMSOutlook5: infected - 3 skipped
C:\Documents and Settings\Snarffy!\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Snarffy!\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Snarffy!\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Snarffy!\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Snarffy!\Local Settings\History\History.IE5\MSHist012008050520080506\index.dat Object is locked skipped
C:\Documents and Settings\Snarffy!\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Snarffy!\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Snarffy!\My Documents\Download files\vundosh*t\Download_mbam-setup.exe Infected: not-a-virus:Downloader.Win32.WinFixer.fs skipped
C:\Documents and Settings\Snarffy!\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Snarffy!\ntuser.dat.LOG Object is locked skipped
C:\Program Files\DAEMON Tools\SetupDTSB.exe Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\RECYCLER\NPROTECT\NPROTECT.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{6B96539B-CC03-4380-BCB2-4E715303BB07}\RP2\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\dtscsi.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd7165.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
[/codebox]

Edited by kahdah, 05 May 2008 - 06:30 PM.

  • 0

#11
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please empty your Norton Quarantine folder.
Then also empty the Sent Items folder for your e-mails.

Then Go to Start >My Computer>C:\Program Files\DAEMON Tools\ and delete this file >SetupDTSB.exe

Also delete this file:
C:\Documents and Settings\Snarffy!\My Documents\Download files\vundosh*t\Download_mbam-setup.exe
====================
After that Please go to Start > Run> then copy\paste this in "%userprofile%\desktop\dss.exe" /daft then hit ok.
Place a check next to everything that is Red and click on Fix.

AFter that then you could delete anything we used and these folders as well:
C:\Deckard
C:\VundoFix Backups
======================
After that your log is clean. :)

The following is a list of tools and utilities that I like to suggest to people.
You do not have to have all or any of them they are only suggestions.
This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

Spybot Search & Destroy-Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.

Ad-Aware-Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.

Spyware Blaster - Great prevention tool to keep nasties from installing on your system.

Spywareguard-Works as a Spyware "Shield" to protect your computer from getting malware in the first place.

IE-SPYAD- puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Tony Klein article To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein.
  • 0

#12
Snarffy

Snarffy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
So that's it? Amazing! Thanks a million. A few questions, if you don't mind my asking:
1) Why was this virus so difficult to get rid of?
2) Why didn't my virus scanner find this virus when I scanned the culprit download's install file? I'm no longer confident in being able to detect viruses from programs I download in the future. How do I avoid this happening again?
3) How are you so amazing?

Thanks~
Lori
  • 0

#13
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts

1) Why was this virus so difficult to get rid of?

Malware is created maliciously and can be difficult to remove.

Why didn't my virus scanner find this virus when I scanned the culprit download's install file?

Thousands of strains of new Malware is released on a daily basis.
Anti virus vendors update regularly to keep up no program that is made could catch everything.
Main thing is to keep an up to date Antivirus\antispyware program and run Full scans either weekly or Bi-weekly to keep a check on things.

3) How are you so amazing?

Amazing? Hardly, but thanks anyway I really didn't do much this time anyway

You are welcome :)

Edited by kahdah, 05 May 2008 - 08:19 PM.
code

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP