I first detected the Trojan.Vundo virus when my symantec auto protect came up. Also Spybot teatimer was constantly popping up with various registry keys wanting to be changed. (denied them all). Next I attempted to use Vundofix to no avail. Following I used Virtumondo be gone. This hasnt worked either. At current moment my Auto protect is filled with Lowzones, Metajuan and Vundo.
Then I discovered these forums and followed you Malware removal guide.
VBG - Log below
[06/10/2008, 13:00:17] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\owen\Desktop\VirtumundoBeGone.exe" )
[06/10/2008, 13:00:23] - Detected System Information:
[06/10/2008, 13:00:23] - Windows Version: 5.0.2195, Service Pack 4
[06/10/2008, 13:00:23] - Current Username: owen (Admin)
[06/10/2008, 13:00:23] - Windows is in SAFE mode.
[06/10/2008, 13:00:23] - Searching for Browser Helper Objects:
[06/10/2008, 13:00:23] - BHO 1: {02478D38-C3F9-4efb-9B51-7695ECA05670} (&Yahoo! Toolbar Helper)
[06/10/2008, 13:00:23] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[06/10/2008, 13:00:23] - BHO 3: {21C63899-6532-40D7-8379-7ED788B98D28} ()
[06/10/2008, 13:00:23] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/10/2008, 13:00:23] - Checking for HKLM\...\Winlogon\Notify\efcYOfCv
[06/10/2008, 13:00:23] - Found: HKLM\...\Winlogon\Notify\efcYOfCv - This is probably Virtumundo.
[06/10/2008, 13:00:23] - Assigning {21C63899-6532-40D7-8379-7ED788B98D28} MSEvents Object
[06/10/2008, 13:00:23] - BHO list has been changed! Starting over...
[06/10/2008, 13:00:23] - BHO 1: {02478D38-C3F9-4efb-9B51-7695ECA05670} (&Yahoo! Toolbar Helper)
[06/10/2008, 13:00:23] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[06/10/2008, 13:00:23] - BHO 3: {21C63899-6532-40D7-8379-7ED788B98D28} (MSEvents Object)
[06/10/2008, 13:00:23] - ALERT: Found MSEvents Object!
[06/10/2008, 13:00:23] - BHO 4: {21c7c7ae-4908-4de8-aec2-9451e93c8c93} ()
[06/10/2008, 13:00:23] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/10/2008, 13:00:23] - Checking for HKLM\...\Winlogon\Notify\hcwukfdw
[06/10/2008, 13:00:23] - Key not found: HKLM\...\Winlogon\Notify\hcwukfdw, continuing.
[06/10/2008, 13:00:23] - BHO 5: {23465A85-14BF-4765-A127-4C3FBC0776B0} ()
[06/10/2008, 13:00:23] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/10/2008, 13:00:23] - Checking for HKLM\...\Winlogon\Notify\qoMcawtt
[06/10/2008, 13:00:23] - Key not found: HKLM\...\Winlogon\Notify\qoMcawtt, continuing.
[06/10/2008, 13:00:23] - BHO 6: {514A5C49-0C7D-42c3-A71B-38864A269B7A} ()
[06/10/2008, 13:00:23] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/10/2008, 13:00:23] - Checking for HKLM\...\Winlogon\Notify\qalckcux
[06/10/2008, 13:00:23] - Key not found: HKLM\...\Winlogon\Notify\qalckcux, continuing.
[06/10/2008, 13:00:23] - BHO 7: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[06/10/2008, 13:00:23] - BHO 8: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[06/10/2008, 13:00:23] - BHO 9: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[06/10/2008, 13:00:23] - BHO 10: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[06/10/2008, 13:00:23] - BHO 11: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class)
[06/10/2008, 13:00:23] - Finished Searching Browser Helper Objects
[06/10/2008, 13:00:23] - *** Detected MSEvents Object
[06/10/2008, 13:00:23] - Trying to remove MSEvents Object...
[06/10/2008, 13:00:24] - Terminating Process: IEXPLORE.EXE
[06/10/2008, 13:00:24] - Terminating Process: RUNDLL32.EXE
[06/10/2008, 13:00:24] - Disabling Automatic Shell Restart
[06/10/2008, 13:00:24] - Terminating Process: EXPLORER.EXE
[06/10/2008, 13:00:25] - Suspending the NT Session Manager System Service
[06/10/2008, 13:00:25] - Terminating Windows NT Logon/Logoff Manager
[06/10/2008, 13:00:25] - Re-enabling Automatic Shell Restart
[06/10/2008, 13:00:25] - File to disable: C:\WINNT\system32\efcYOfCv.dll
[06/10/2008, 13:00:25] - Renaming C:\WINNT\system32\efcYOfCv.dll -> C:\WINNT\system32\efcYOfCv.dll.vir
[06/10/2008, 13:00:25] - File successfully renamed!
[06/10/2008, 13:00:25] - Removing HKLM\...\Browser Helper Objects\{21C63899-6532-40D7-8379-7ED788B98D28}
[06/10/2008, 13:00:25] - Removing HKCR\CLSID\{21C63899-6532-40D7-8379-7ED788B98D28}
[06/10/2008, 13:00:25] - Adding Kill Bit for ActiveX for GUID: {21C63899-6532-40D7-8379-7ED788B98D28}
[06/10/2008, 13:00:25] - Deleting ATLEvents/MSEvents Registry entries
[06/10/2008, 13:00:25] - Removing HKLM\...\Winlogon\Notify\efcYOfCv
[06/10/2008, 13:00:25] - Searching for Browser Helper Objects:
[06/10/2008, 13:00:25] - BHO 1: {02478D38-C3F9-4efb-9B51-7695ECA05670} (&Yahoo! Toolbar Helper)
[06/10/2008, 13:00:25] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[06/10/2008, 13:00:25] - BHO 3: {21c7c7ae-4908-4de8-aec2-9451e93c8c93} ()
[06/10/2008, 13:00:25] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/10/2008, 13:00:25] - Checking for HKLM\...\Winlogon\Notify\hcwukfdw
[06/10/2008, 13:00:25] - Key not found: HKLM\...\Winlogon\Notify\hcwukfdw, continuing.
[06/10/2008, 13:00:25] - BHO 4: {23465A85-14BF-4765-A127-4C3FBC0776B0} ()
[06/10/2008, 13:00:25] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/10/2008, 13:00:25] - Checking for HKLM\...\Winlogon\Notify\qoMcawtt
[06/10/2008, 13:00:25] - Key not found: HKLM\...\Winlogon\Notify\qoMcawtt, continuing.
[06/10/2008, 13:00:25] - BHO 5: {514A5C49-0C7D-42c3-A71B-38864A269B7A} ()
[06/10/2008, 13:00:25] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/10/2008, 13:00:25] - Checking for HKLM\...\Winlogon\Notify\qalckcux
[06/10/2008, 13:00:25] - Key not found: HKLM\...\Winlogon\Notify\qalckcux, continuing.
[06/10/2008, 13:00:25] - BHO 6: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[06/10/2008, 13:00:25] - BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[06/10/2008, 13:00:25] - BHO 8: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[06/10/2008, 13:00:25] - BHO 9: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[06/10/2008, 13:00:25] - BHO 10: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class)
[06/10/2008, 13:00:25] - Finished Searching Browser Helper Objects
[06/10/2008, 13:00:25] - Finishing up...
[06/10/2008, 13:00:25] - A restart is needed.
[06/10/2008, 13:00:40] - Attempting to Restart via STOP error (Blue Screen!)
[06/10/2008, 13:06:26] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\owen\Desktop\VirtumundoBeGone.exe" )
[06/10/2008, 13:06:28] - Detected System Information:
[06/10/2008, 13:06:28] - Windows Version: 5.0.2195, Service Pack 4
[06/10/2008, 13:06:28] - Current Username: owen (Admin)
[06/10/2008, 13:06:28] - Windows is in SAFE mode.
[06/10/2008, 13:06:28] - Searching for Browser Helper Objects:
[06/10/2008, 13:06:28] - BHO 1: {0194174F-9183-43C6-8101-2EB80D1CB60B} ()
[06/10/2008, 13:06:28] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/10/2008, 13:06:28] - Checking for HKLM\...\Winlogon\Notify\qoMcawtt
[06/10/2008, 13:06:28] - Key not found: HKLM\...\Winlogon\Notify\qoMcawtt, continuing.
[06/10/2008, 13:06:28] - BHO 2: {02478D38-C3F9-4efb-9B51-7695ECA05670} (&Yahoo! Toolbar Helper)
[06/10/2008, 13:06:28] - BHO 3: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[06/10/2008, 13:06:28] - BHO 4: {514A5C49-0C7D-42c3-A71B-38864A269B7A} ()
[06/10/2008, 13:06:28] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/10/2008, 13:06:28] - Checking for HKLM\...\Winlogon\Notify\qalckcux
[06/10/2008, 13:06:28] - Key not found: HKLM\...\Winlogon\Notify\qalckcux, continuing.
[06/10/2008, 13:06:28] - BHO 5: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[06/10/2008, 13:06:28] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[06/10/2008, 13:06:28] - BHO 7: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[06/10/2008, 13:06:28] - BHO 8: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[06/10/2008, 13:06:28] - BHO 9: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class)
[06/10/2008, 13:06:28] - BHO 10: {fc8011a2-cf0e-4533-9924-08a2a7544ccc} ()
[06/10/2008, 13:06:28] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/10/2008, 13:06:28] - Checking for HKLM\...\Winlogon\Notify\dybfljrn
[06/10/2008, 13:06:28] - Key not found: HKLM\...\Winlogon\Notify\dybfljrn, continuing.
[06/10/2008, 13:06:28] - Finished Searching Browser Helper Objects
[06/10/2008, 13:06:28] - Finishing up...
[06/10/2008, 13:06:28] - Nothing found! Exiting...
[06/10/2008, 13:06:56] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\owen\Desktop\VirtumundoBeGone.exe" )
[06/10/2008, 13:06:57] - Detected System Information:
[06/10/2008, 13:06:57] - Windows Version: 5.0.2195, Service Pack 4
[06/10/2008, 13:06:57] - Current Username: owen (Admin)
[06/10/2008, 13:06:57] - Windows is in SAFE mode.
[06/10/2008, 13:06:57] - Searching for Browser Helper Objects:
[06/10/2008, 13:06:57] - BHO 1: {0194174F-9183-43C6-8101-2EB80D1CB60B} ()
[06/10/2008, 13:06:57] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/10/2008, 13:06:57] - Checking for HKLM\...\Winlogon\Notify\qoMcawtt
[06/10/2008, 13:06:57] - Key not found: HKLM\...\Winlogon\Notify\qoMcawtt, continuing.
[06/10/2008, 13:06:57] - BHO 2: {02478D38-C3F9-4efb-9B51-7695ECA05670} (&Yahoo! Toolbar Helper)
[06/10/2008, 13:06:57] - BHO 3: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[06/10/2008, 13:06:57] - BHO 4: {514A5C49-0C7D-42c3-A71B-38864A269B7A} ()
[06/10/2008, 13:06:57] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/10/2008, 13:06:57] - Checking for HKLM\...\Winlogon\Notify\qalckcux
[06/10/2008, 13:06:57] - Key not found: HKLM\...\Winlogon\Notify\qalckcux, continuing.
[06/10/2008, 13:06:57] - BHO 5: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[06/10/2008, 13:06:57] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[06/10/2008, 13:06:57] - BHO 7: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[06/10/2008, 13:06:57] - BHO 8: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[06/10/2008, 13:06:57] - BHO 9: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class)
[06/10/2008, 13:06:57] - BHO 10: {fc8011a2-cf0e-4533-9924-08a2a7544ccc} ()
[06/10/2008, 13:06:57] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/10/2008, 13:06:57] - Checking for HKLM\...\Winlogon\Notify\dybfljrn
[06/10/2008, 13:06:57] - Key not found: HKLM\...\Winlogon\Notify\dybfljrn, continuing.
[06/10/2008, 13:06:57] - Finished Searching Browser Helper Objects
[06/10/2008, 13:06:57] - Finishing up...
[06/10/2008, 13:06:57] - Nothing found! Exiting...
ATF - Done
Malware Bytes - Done - Log below
Malwarebytes' Anti-Malware 1.16
Database version: 845
14:00:47 10/06/2008
mbam-log-6-10-2008 (14-00-47).txt
Scan type: Quick Scan
Objects scanned: 41362
Time elapsed: 6 minute(s), 35 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINNT\system32\qoMcawtt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINNT\system32\ttwacMoq.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
Superantispyware - Done - Log below
SUPERAntiSpyware Scan Log
Generated 06/10/2008 at 03:08 PM
Application Version : 3.6.1000
Core Rules Database Version : 3478
Trace Rules Database Version: 1469
Scan type : Complete Scan
Total Scan Time : 01:04:34
Memory items scanned : 455
Memory threats detected : 0
Registry items scanned : 6061
Registry threats detected : 0
File items scanned : 41972
File threats detected : 4
Adware.AdRotator/AdsSite
C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS\NSBROWSEROPT.DLL
C:\WINNT\SYSTEM32\ADSSITE-REMOVE.EXE
Adware.Vundo Variant
C:\WINNT\SYSTEM32\JKBNHUFN.DLL
Adware.AdRotator/SuperiorAds
C:\WINNT\SYSTEM32\SUPERIORADS-UNINST.EXE
Panda activescan didn't really work for me. It found lots but for free would only delete one thing. And I couldnt find a link the the log. Sorry.
Finally my hijack this Log and Uninstall list.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:34:55, on 11/06/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\system32\Tablet.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINNT\system32\VNICMon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\system32\internat.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINNT\system32\WTablet\TabUserW.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Firefox\FirefoxPreloader\FirefoxPreloader.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Documents and Settings\owen\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll (file missing)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: {ccc4457a-2a80-4299-3354-e0fc2a1108cf} - {fc8011a2-cf0e-4533-9924-08a2a7544ccc} - C:\WINNT\system32\dybfljrn.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [NIC Monitor] VNICMon.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Firefox Preloader.lnk = C:\Program Files\Firefox\FirefoxPreloader\FirefoxPreloader.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Save Flash - res://C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload....Plugin11USA.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1179862530895
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload....GPlugin9USA.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINNT\system32\Tablet.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\WINNT\SYSTEM32\VundoFixSVC.exe
--
End of file - 10245 bytes
Uninstall list
Adobe Acrobat 5.0
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Photoshop 7.0
Adobe Reader 6.0.1
Adobe Shockwave Player 11
Apple Software Update
ArchAngel
ASIO4ALL
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
Audacity 1.2.4
AVIedit 3.38
AviTricks Classic version 1.65
Battlefield 2
Broadband Help
BroadJump Client Foundation
Browser Optimizer Dcads
Browser Optimizer Superiorads
Bulent's Screen Recorder
Command & Conquer Generals
Command and ConquerTM Generals Zero Hour
Dcads Games Collection
Digimax Master
Disc2Phone
Disney Pirates of the Caribbean Online
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
D-Link VGA Webcam
Drift City
EPSON Attach To Email
EPSON Copy Utility 3
EPSON Easy Photo Print
EPSON File Manager
EPSON Printer Software
EPSON Scan
EPSON Scan Assistant
EPSON Web-To-Page
ESDX4000_4050_CX3900
Far Cry
Firefox Preloader
FL Studio 7
Flash Saving Plugin
Free Audio Dub version 1.3
Free iPod Video Converter 1.34
Free Video to iPod Converter version 2.5
Free YouTube Download 2.1
Free YouTube to iPod Converter version 2.8
Free YouTube to Mp3 Converter version 2.5
FreeStyle Street Basketball
Game Cam v1.4
Google Earth
Google Earth
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Grand Prix Championship 2
Grand Theft Auto
Half-Life® 2
Halo Server
HammerHead Rhythm Station
Handbrake 2.4.1
HijackThis 2.0.2
Hotfix for MDAC 2.53 (KB927779)
ijji - Gunz
ijji Auto Installer
IL Download Manager
Internet Explorer Q903235
IrfanView (remove only)
iTunes
Jahshaka
Java 6 Update 2
Java 6 Update 3
Java 6 Update 5
Java SE Runtime Environment 6 Update 1
Kate's Video Cutter 2.8.4
KB Piano v.2.2.4
KhalSetup
KRISTAL Audio Engine
LEGO Digital Designer
LimeWire 4.14.10
LiveUpdate 3.0 (Symantec Corporation)
Logitech SetPoint
Macromedia Flash MX 2004
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Halo
Microsoft Halo Custom Edition
Microsoft Internet Explorer 6 SP1
Microsoft Office Converter Pack
Microsoft Office XP Professional with FrontPage
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Journal Viewer
MidiMeow 1.03 v2
MIKSOFT Mobile 3GP converter
mIRC
MixVibes STANDARD 6 uninstall
Mozilla Firefox (2.0.0.14)
Mozilla Thunderbird (2.0.0.12)
MS Access 97 SP2
MSN Messenger 7.0
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 Parser and SDK
msxml4
MTV's Virtual Worlds (remove only)
MUSIC PLAYER
Nero Suite
Notation Musician 2.4.2 (Trial Version)
OpenLibraries
OpenMG Limited Patch 3.3-03-09-03-01
OpenMG Secure Module 3.3.01
Opera 9.21
Opera 9.22
Opera 9.23
Ots CD Scratch 1200 1.00.044
Panda ActiveScan 2.0
Pcsx2 0.9.2 Watermoose
Photo Gadget Viewer
PIF DESIGNER
Pivot Stickfigure Animator
QuickTime
Ralink Wireless LAN Card
RealPlayer
RGSS-RTP Standard
Rightonadz Browser Optimizer
RPGXP
S500/S600 USB Driver
SCAR Divi CDE 3.12c
Security Update for DirectX 9 (KB941568)
Security Update for Windows 2000 (KB904706)
Security Update for Windows 2000 (KB923689)
Security Update for Windows 2000 (KB941569)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Shockwave
SimCity 3000 UK Edition
SolveigMM AVI Trimmer
Sony ACID XPress 5.0a
Sony Ericsson PC Suite
Spybot - Search & Destroy
Star Wars JK II Jedi Outcast
Steam
Stop Motion Animator 1.1.XP
SUPERAntiSpyware Free Edition
Symantec Client Security
t@b ZS4 Video Editor v0.958-686
Tablet
TeamSpeak 2 RC2
Transport Tycoon Deluxe
Trillian
UniDream PowerBatch
Uninstall 1.0.0.0
Update Rollup 1 for Windows 2000 SP4
VIA Audio Driver Setup Program
VIA NIC ControlSet
VIA Rhine-Family Fast Ethernet Adapter
Virtual DJ - Atomix Productions
Windows 2000 Hotfix - KB842773
Windows 2000 Hotfix - KB890046
Windows 2000 Hotfix - KB893756
Windows 2000 Hotfix - KB896358
Windows 2000 Hotfix - KB896422
Windows 2000 Hotfix - KB896423
Windows 2000 Hotfix - KB899587
Windows 2000 Hotfix - KB899589
Windows 2000 Hotfix - KB900725
Windows 2000 Hotfix - KB901017
Windows 2000 Hotfix - KB901214
Windows 2000 Hotfix - KB905414
Windows 2000 Hotfix - KB905495
Windows 2000 Hotfix - KB905749
Windows 2000 Hotfix - KB908519
Windows 2000 Hotfix - KB908531
Windows 2000 Hotfix - KB911280
Windows 2000 Hotfix - KB913580
Windows 2000 Hotfix - KB914388
Windows 2000 Hotfix - KB914389
Windows 2000 Hotfix - KB917008
Windows 2000 Hotfix - KB917422
Windows 2000 Hotfix - KB917736
Windows 2000 Hotfix - KB917953
Windows 2000 Hotfix - KB918118
Windows 2000 Hotfix - KB920213
Windows 2000 Hotfix - KB920670
Windows 2000 Hotfix - KB920683
Windows 2000 Hotfix - KB920685
Windows 2000 Hotfix - KB921398
Windows 2000 Hotfix - KB921503
Windows 2000 Hotfix - KB922582
Windows 2000 Hotfix - KB923191
Windows 2000 Hotfix - KB923414
Windows 2000 Hotfix - KB923694
Windows 2000 Hotfix - KB923810
Windows 2000 Hotfix - KB923980
Windows 2000 Hotfix - KB924191
Windows 2000 Hotfix - KB924270
Windows 2000 Hotfix - KB924667
Windows 2000 Hotfix - KB925902
Windows 2000 Hotfix - KB926122
Windows 2000 Hotfix - KB926436
Windows 2000 Hotfix - KB927891
Windows 2000 Hotfix - KB928843
Windows 2000 Hotfix - KB930178
Windows 2000 Hotfix - KB931784
Windows 2000 Hotfix - KB932168
Windows 2000 Hotfix - KB933729
Windows 2000 Hotfix - KB935839
Windows 2000 Hotfix - KB935840
Windows 2000 Hotfix - KB936021
Windows 2000 Hotfix - KB937143
Windows 2000 Hotfix - KB937894
Windows 2000 Hotfix - KB938127
Windows 2000 Hotfix - KB938827
Windows 2000 Hotfix - KB938829
Windows 2000 Hotfix - KB939653
Windows 2000 Hotfix - KB941202
Windows 2000 Hotfix - KB941644
Windows 2000 Hotfix - KB941693
Windows 2000 Hotfix - KB942615
Windows 2000 Hotfix - KB943055
Windows 2000 Hotfix - KB943485
Windows 2000 Hotfix - KB944338
Windows 2000 Hotfix - KB944533
Windows 2000 Hotfix - KB945553
Windows 2000 Hotfix - KB947864
Windows 2000 Hotfix - KB948590
Windows 2000 Hotfix - KB948881
Windows Installer 3.1 (KB893803)
Windows Media Player Hotfix [See Q828026 for more information]
Windows Media Player system update (9 Series)
WinRAR archiver
Xfire (remove only)
Yahoo! Messenger
Yahoo! Toolbar
ZoneAlarm
Ok. This computer is used by the whole family. Two sons let fairly loose. Any advice or help would be greatly appreciated. Thankyou in advance.
Owen