[sfried]

Hi. I saw some other peoples post concerning a problem with the WinAntiSpyware popups, but I haven't heard from anyone if it could be connected to a "jumping cursor" problem which seems to have recently developed in my sytem along the same time as the popup problem. Also, I noticed that my system has trouble closing a program called "Sample.exe" which I tried searching myself. I followed some of the proceedures and continued to download HijackThis. Here's my logfile.

Logfile of HijackThis v1.99.1
Scan saved at 4:19:48 PM, on 9/8/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\WINDOWS\System32\tabbtnu.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
c:\Toshiba\IVP\swupdate\swupdtmr.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\Program Files\Toshiba\TapButton\TapButt.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\Acceleration Utilities\TAcelMgr\TAcelMgr.exe
C:\Program Files\TOSHIBA\Acceleration Utilities\Shaker\TSkrMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Rotation Utility\TRot.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\System32\00THotkey.exe
C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\TOSHIBA\TME3\TMETEMNU.EXE
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\system32\wtablet\TabUserW.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: MSEvents Object - {827DC836-DD9F-4A68-A602-5812EB50A834} - C:\WINDOWS\system32\gebxv.dll
O4 - HKLM\..\Run: [TapButt] C:\Program Files\Toshiba\TapButton\TapButt.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [TAcelMgr] C:\Program Files\TOSHIBA\Acceleration Utilities\TAcelMgr\TAcelMgr.exe
O4 - HKLM\..\Run: [TSkrMain] C:\Program Files\TOSHIBA\Acceleration Utilities\Shaker\TSkrMain.exe
O4 - HKLM\..\Run: [TosRotation] "C:\Program Files\TOSHIBA\TOSHIBA Rotation Utility\TRot.exe"
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [TabletTip] "C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon
O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: TabUserW.lnk = C:\WINDOWS\system32\wtablet\TabUserW.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O20 - Winlogon Notify: gebxv - C:\WINDOWS\system32\gebxv.dll
O20 - Winlogon Notify: loginkey - C:\Program Files\Common Files\Microsoft Shared\Ink\loginkey.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: Sebring - c:\WINDOWS\System32\LgNotify.dll
O20 - Winlogon Notify: TabBtnWL - C:\WINDOWS\SYSTEM32\TabBtnWL.dll
O20 - Winlogon Notify: tpgwlnotify - C:\WINDOWS\SYSTEM32\tpgwlnot.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: DigitizerWacom (TabletService) - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: Tmesrv3 (Tmesrv) - Unknown owner - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe" /Service (file missing)

Can anyone help? (Edit: Note I've used all the different methods available at the website to no avail.)

Edited by sfried, 08 September 2005 - 03:58 PM.

[Advertisements]

Hi and welcome sfried

Please print these instructions out for use in Safe Mode.

Please download VundoFix.exe to your desktop.

• Double-click VundoFix.exe to extract the files
• This will create a VundoFix folder on your desktop.
• After the files are extracted, please reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.
• Once in safe mode open the VundoFix folder and doubleclick on KillVundo.bat
• You will first be presented with a warning and a list of forums to seek help at.
  it should look like this
  

  VundoFix V2.1 by Atri
  By pressing enter you agree that you are using this at your own risk
  Please seek assistance at one of the following forums:
  http://www.atribune.org/forums
  http://www.247fixes.com/forums
  http://www.geekstogo.com/forum
  http://forums.net-integration.net
  

• At this point press enter one time.
  
• Next you will see:
  

  Type in the filepath as instructed by the forum staff
  Then Press Enter, Then F6, Then Enter Again to continue with the fix.

• At this point please type the following file path (make sure to enter it exactly as below!):
  • C:\WINDOWS\system32\gebxv.dll
• Press Enter, then press the F6 key, then press Enter one more time to continue with the fix.
  
• Next you will see:
  

  Please type in the second filepath as instructed by the forum staff
  Then Press Enter, Then F6, Then Enter Again to continue with the fix.

• At this point please type the following file path (make sure to enter it exactly as below!):C:\WINDOWS\system32\vxbeg.dll
• Press Enter, then press the F6 key, then press Enter one more time to continue with the fix.
  
• The fix will run then HijackThis will open.
• In HiJackThis, please place a check next to the following items and click FIX CHECKED:O2 - BHO: MSEvents Object - {827DC836-DD9F-4A68-A602-5812EB50A834} - C:\WINDOWS\system32\gebxv.dll
  O20 - Winlogon Notify: gebxv - C:\WINDOWS\system32\gebxv.dll
  
• After you have fixed these items, close Hijackthis and Press any key to Force a reboot of your computer.
• Pressing any key will cause a "Blue Screen of Death" this is normal, do not worry!
• Once your machine reboots please continue with the instructions below.

Download and install CleanUp!

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):

• Empty Recycle Bins
• Delete Cookies
• Delete Prefetch files
• Cleanup! All Users

Click OK
Press the CleanUp! button to start the program.

It may ask you to reboot at the end, click NO.

Then, please run this online virus scan: ActiveScan

Copy the results of the ActiveScan and paste them here along with a new HiJackThis log and the vundofix.txt file from the vundofix folder into this topic.

[don77]

Hi and welcome sfried

Please print these instructions out for use in Safe Mode.

Please download VundoFix.exe to your desktop.

• Double-click VundoFix.exe to extract the files
• This will create a VundoFix folder on your desktop.
• After the files are extracted, please reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.
• Once in safe mode open the VundoFix folder and doubleclick on KillVundo.bat
• You will first be presented with a warning and a list of forums to seek help at.
  it should look like this
  

  VundoFix V2.1 by Atri
  By pressing enter you agree that you are using this at your own risk
  Please seek assistance at one of the following forums:
  http://www.atribune.org/forums
  http://www.247fixes.com/forums
  http://www.geekstogo.com/forum
  http://forums.net-integration.net
  

• At this point press enter one time.
  
• Next you will see:
  

  Type in the filepath as instructed by the forum staff
  Then Press Enter, Then F6, Then Enter Again to continue with the fix.

• At this point please type the following file path (make sure to enter it exactly as below!):
  • C:\WINDOWS\system32\gebxv.dll
• Press Enter, then press the F6 key, then press Enter one more time to continue with the fix.
  
• Next you will see:
  

  Please type in the second filepath as instructed by the forum staff
  Then Press Enter, Then F6, Then Enter Again to continue with the fix.

• At this point please type the following file path (make sure to enter it exactly as below!):C:\WINDOWS\system32\vxbeg.dll
• Press Enter, then press the F6 key, then press Enter one more time to continue with the fix.
  
• The fix will run then HijackThis will open.
• In HiJackThis, please place a check next to the following items and click FIX CHECKED:O2 - BHO: MSEvents Object - {827DC836-DD9F-4A68-A602-5812EB50A834} - C:\WINDOWS\system32\gebxv.dll
  O20 - Winlogon Notify: gebxv - C:\WINDOWS\system32\gebxv.dll
  
• After you have fixed these items, close Hijackthis and Press any key to Force a reboot of your computer.
• Pressing any key will cause a "Blue Screen of Death" this is normal, do not worry!
• Once your machine reboots please continue with the instructions below.

Download and install CleanUp!

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):

• Empty Recycle Bins
• Delete Cookies
• Delete Prefetch files
• Cleanup! All Users

Click OK
Press the CleanUp! button to start the program.

It may ask you to reboot at the end, click NO.

Then, please run this online virus scan: ActiveScan

Copy the results of the ActiveScan and paste them here along with a new HiJackThis log and the vundofix.txt file from the vundofix folder into this topic.

[sfried]

I forgot to add that I used cwshredded and ewido. CWSShredder now gives me an error whenever I start up:

CWShredder.exe - Application Error

The instruction at "0x0012e3f1" referenced memory at "0x00000001". The memory could not be "written"

Click on OK to terminate the program
Click on CANCEL to debug the program

I uninstalled ewido but I got it's scan report before doing so:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on:  12:01:09 PM, 9/10/2005
+ Report-Checksum:  75C9E685

+ Scan result:

:mozilla.9:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.26:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.27:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.29:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.30:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.31:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.32:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.36:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.37:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.38:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.39:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.40:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.41:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.42:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.43:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.44:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.45:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.46:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.47:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.48:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.49:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.50:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.51:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.52:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.53:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.54:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.55:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.56:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.57:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.58:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.59:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.60:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.61:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.62:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.63:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.64:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.65:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.66:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.67:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.82:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.Addynamix : Cleaned with backup
:mozilla.89:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.90:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.91:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.92:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.94:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.95:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.116:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.118:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.119:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.120:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.121:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.122:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.166:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.167:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.169:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.170:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.171:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.172:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.173:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.174:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.175:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.176:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.177:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.178:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.185:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.194:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.Custom-click : Cleaned with backup
:mozilla.195:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.Custom-click : Cleaned with backup
:mozilla.221:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.222:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.223:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.224:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.226:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.Estat : Cleaned with backup
:mozilla.342:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.343:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
:mozilla.421:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.422:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.440:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.448:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.Pro-market : Cleaned with backup
:mozilla.449:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.Pro-market : Cleaned with backup
:mozilla.450:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.451:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.452:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.471:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.478:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.479:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.480:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.481:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.487:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.488:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.489:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.490:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.491:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.492:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.493:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.494:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.495:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.496:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.497:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.498:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.499:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.500:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.501:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.521:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.522:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.523:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.524:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.525:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.526:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.527:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.528:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.585:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.586:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.587:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.588:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.589:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.590:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.602:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.603:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.604:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.605:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.606:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.607:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.608:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.623:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.630:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.Dbbsrv : Cleaned with backup
:mozilla.698:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.699:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.700:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.707:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.708:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.709:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.752:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
:mozilla.753:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.783:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6jmxqbn8.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
C:\WINDOWS\system32\gebxv.dll -> Spyware.Virtumonde : Cleaned with backup


::Report End

I also ran KillVundo.bat and did the proceedure, but HijackThis opened from the quickstart (I selected "Do a system scan and save a logfile").
The O2 - BHO: MSEvents Object and O20 - Winlogon Notify: gebxv - C:\WINDOWS\system32\gebxv.dll don't seem to appear (or maybe I'm in the wrong screen). Anyways, here's my current HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 1:59:09 PM, on 9/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\WINDOWS\System32\tabbtnu.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
c:\Toshiba\IVP\swupdate\swupdtmr.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\Program Files\Toshiba\TapButton\TapButt.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\Acceleration Utilities\TAcelMgr\TAcelMgr.exe
C:\Program Files\TOSHIBA\Acceleration Utilities\Shaker\TSkrMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Rotation Utility\TRot.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\00THotkey.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
C:\Program Files\TOSHIBA\TME3\TMETEMNU.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\system32\wtablet\TabUserW.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [TapButt] C:\Program Files\Toshiba\TapButton\TapButt.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [TAcelMgr] C:\Program Files\TOSHIBA\Acceleration Utilities\TAcelMgr\TAcelMgr.exe
O4 - HKLM\..\Run: [TSkrMain] C:\Program Files\TOSHIBA\Acceleration Utilities\Shaker\TSkrMain.exe
O4 - HKLM\..\Run: [TosRotation] "C:\Program Files\TOSHIBA\TOSHIBA Rotation Utility\TRot.exe"
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [TabletTip] "C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon
O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: TabUserW.lnk = C:\WINDOWS\system32\wtablet\TabUserW.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O20 - Winlogon Notify: loginkey - C:\Program Files\Common Files\Microsoft Shared\Ink\loginkey.dll
O20 - Winlogon Notify: Sebring - c:\WINDOWS\System32\LgNotify.dll
O20 - Winlogon Notify: TabBtnWL - C:\WINDOWS\SYSTEM32\TabBtnWL.dll
O20 - Winlogon Notify: tpgwlnotify - C:\WINDOWS\SYSTEM32\tpgwlnot.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CWShredder Service - InterMute, Inc. - C:\Documents and Settings\user\Desktop\CWShredder.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: DigitizerWacom (TabletService) - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: Tmesrv3 (Tmesrv) - Unknown owner - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe" /Service (file missing)

Edit: ActiveScan oddly enough did not give me a the option to save the log. It said instead that in order to get the log, I had to select "E-mail results" or something.
No files were found to be infected or anything, however.

Oh, and almost forgot the VundoFix log:

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 [email protected]
Suspending PID 156 'smss.exe'
Threads [160][164][168]

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 [email protected]
Error, Cannot find a process with an image name of explorer.exe

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 [email protected]
Error, Cannot find a process with an image name of rundll32.exe

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 [email protected]
Killing PID 228 'winlogon.exe'
Killing PID 228 'winlogon.exe'
File Deleted sucessfully.
Files Deleted sucessfully.

Edited by sfried, 10 September 2005 - 12:18 PM.

[don77]

Looks to have done the trick

How is it running ?

[don77]

Actually, Please have HJT fix this
O23 - Service: CWShredder Service - InterMute, Inc. - C:\Documents and Settings\user\Desktop\CWShredder.exe

reboot and see if you can run Ewido with out any problems now,

[sfried]

Actually, Please have HJT fix this
O23 - Service: CWShredder Service - InterMute, Inc. - C:\Documents and Settings\user\Desktop\CWShredder.exe

reboot and see if you can run Ewido with out any problems now,

Ah, I've already uninstalled Ewido from the system, but I did your HJT fix and everything seems fine. It's running smoothlier (less noisy and and less hot) than it did before. But I still run into the "Ending Task - Sample.exe" whenever I shut down (which doesn't seem to shut down by itself). Could this be just a driver problem? Other than that, everythings ok.

BTW, I also plan on uninstalling CWShredder (to save space and remove clutter), but I can't seem to find it in the Add/Remove Programs list. Is this tossable (just a standalone program that can be emptied into the Recycling Bin)?

Logfile:

Logfile of HijackThis v1.99.1
Scan saved at 3:46:08 PM, on 9/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\tabbtnu.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
c:\Toshiba\IVP\swupdate\swupdtmr.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\Program Files\Toshiba\TapButton\TapButt.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\Acceleration Utilities\TAcelMgr\TAcelMgr.exe
C:\Program Files\TOSHIBA\Acceleration Utilities\Shaker\TSkrMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Rotation Utility\TRot.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\System32\00THotkey.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\TOSHIBA\TME3\TMETEMNU.EXE
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\system32\wtablet\TabUserW.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [TapButt] C:\Program Files\Toshiba\TapButton\TapButt.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [TAcelMgr] C:\Program Files\TOSHIBA\Acceleration Utilities\TAcelMgr\TAcelMgr.exe
O4 - HKLM\..\Run: [TSkrMain] C:\Program Files\TOSHIBA\Acceleration Utilities\Shaker\TSkrMain.exe
O4 - HKLM\..\Run: [TosRotation] "C:\Program Files\TOSHIBA\TOSHIBA Rotation Utility\TRot.exe"
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [TabletTip] "C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon
O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: TabUserW.lnk = C:\WINDOWS\system32\wtablet\TabUserW.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O20 - Winlogon Notify: loginkey - C:\Program Files\Common Files\Microsoft Shared\Ink\loginkey.dll
O20 - Winlogon Notify: Sebring - c:\WINDOWS\System32\LgNotify.dll
O20 - Winlogon Notify: TabBtnWL - C:\WINDOWS\SYSTEM32\TabBtnWL.dll
O20 - Winlogon Notify: tpgwlnotify - C:\WINDOWS\SYSTEM32\tpgwlnot.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: DigitizerWacom (TabletService) - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: Tmesrv3 (Tmesrv) - Unknown owner - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe" /Service (file missing)

Edited by sfried, 10 September 2005 - 01:48 PM.

[don77]

BTW, I also plan on uninstalling CWShredder (to save space and remove clutter), but I can't seem to find it in the Add/Remove Programs list. Is this tossable (just a standalone program that can be emptied into the Recycling Bin)?

Yes.

Run this online scan ActiveScan
You will have an optionto save the log when it is completed please save the log and post it back here for me please

[sfried]

Run this online scan ActiveScan

The link you gave me doesn't work.

Edited by sfried, 10 September 2005 - 10:10 PM.

[don77]

Sorry about that try this one
Active scan

[sfried]

"No profiles have been created. To created a new profile, use the Mail icon in the Control Panel."

Huh?

"No viruses or other malicious software have been found!"
  Detected Disinfected
Virus 0 0
Spyware 0 0
Hacking Tools 0 0
Dialers 0 0
Security Risks  0 0
Suspicious files  0 0

Edited by sfried, 10 September 2005 - 11:59 PM.

[don77]

Everything looks fine lets see if we can find what this file is associated with

Make sure you can view all Hidden Files/Folders

Please double-click on My Computer and locate the file " Sample.exe ". Right-click on it and choose "Properties", then click on the "Version" tab at the top. Click on "Comments", "Company", "File Version", and "Internal Name" and please post whatever the text in the box immediately to the right says for each.

[sfried]

Actually, I could be mistaken, but it might not be a .exe file per-se. (It simply states "Ending Program - Sample" on the dialogue box)

Here are my search results.



I did uninstall Microsoft Works before, but it never gave me shutdown problems.

Edited by sfried, 11 September 2005 - 02:52 PM.

[don77]

Lets have a look for whats running here
Please click this link to download Silent Runners.
* Save it to the desktop.
* Run Silent Runner's by doubleclicking the "Silent Runners" icon on your desktop.
* You will see a text file appear on the desktop - it's not done yet, just let it run (it won't appear to be doing anything!)
* Once you receive the prompt "All Done!", double-click on the new text file on the desktop and copy that entire log and paste it here.

*NOTE* If you receive any warning message about scripts, please choose to allow the script to run.

[sfried]

Here's what I got:

"Silent Runners.vbs", revision 40.1, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"TapButt" = "C:\Program Files\Toshiba\TapButton\TapButt.exe" [" "]
"Apoint" = "C:\Program Files\Apoint2K\Apoint.exe" ["Alps Electric Co., Ltd."]
"TouchED" = "C:\Program Files\TOSHIBA\TouchED\TouchED.Exe" ["TOSHIBA Corporation"]
"SmoothView" = "C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" ["TOSHIBA Corporation"]
"TAcelMgr" = "C:\Program Files\TOSHIBA\Acceleration Utilities\TAcelMgr\TAcelMgr.exe" ["TOSHIBA Corporation"]
"TSkrMain" = "C:\Program Files\TOSHIBA\Acceleration Utilities\Shaker\TSkrMain.exe" ["TOSHIBA Corporation"]
"TosRotation" = ""C:\Program Files\TOSHIBA\TOSHIBA Rotation Utility\TRot.exe"" ["TOSHIBA"]
"TosHKCW.exe" = ""C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"" ["TOSHIBA CORPORATION"]
"PRONoMgr.exe" = "c:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe" ["Intel® Corporation"]
"SoundMAXPnP" = "C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" ["Analog Devices, Inc."]
"SoundMAX" = "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray" ["Analog Devices, Inc."]
"00THotkey" = "C:\WINDOWS\System32\00THotkey.exe" ["TOSHIBA Corp."]
"000StTHK" = "000StTHK.exe" [null data]
"TabletTip" = ""C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume" [MS]
"TMESRV.EXE" = "C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon" ["TOSHIBA"]
"TMERzCtl.EXE" = "C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service" ["TOSHIBA"]
"ccApp" = ""C:\Program Files\Common Files\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]
"vptray" = "C:\PROGRA~1\SYMANT~1\VPTray.exe" ["Symantec Corporation"]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
  -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
  -> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{C4213067-97B3-4929-9B98-B5600FBBBA13}" = "TouchED"
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\TOSHIBA\TouchED\TouchED.dll" ["TOSHIBA Corporation"]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
  -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
  -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{BDA77241-42F6-11d0-85E2-00AA001FE28C}" = "LDVP Shell Extensions"
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll" ["Symantec Corporation"]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! loginkey\DLLName = "C:\Program Files\Common Files\Microsoft Shared\Ink\loginkey.dll" [MS]
INFECTION WARNING! Sebring\DLLName = "c:\WINDOWS\System32\LgNotify.dll" ["Intel Corporation"]
INFECTION WARNING! TabBtnWL\DLLName = "TabBtnWL.dll" [MS]
INFECTION WARNING! tpgwlnotify\DLLName = "tpgwlnot.dll" [MS]

HKLM\Software\Classes\PROTOCOLS\Filter\
INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
LDVPMenu\(Default) = "{BDA77241-42F6-11d0-85E2-00AA001FE28C}"
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll" ["Symantec Corporation"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
LDVPMenu\(Default) = "{BDA77241-42F6-11d0-85E2-00AA001FE28C}"
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll" ["Symantec Corporation"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"


Startup items in "user" & "All Users" startup folders:
------------------------------------------------------

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"Adobe Gamma Loader" -> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]
"RAMASST" -> shortcut to: "C:\WINDOWS\system32\RAMASST.exe" ["Matsushita Electric Industrial Co., Ltd."]
"TabUserW" -> shortcut to: "C:\WINDOWS\system32\wtablet\TabUserW.exe" ["Wacom Technology, Corp."]


Enabled Scheduled Tasks:
------------------------

"Symantec NetDetect" -> launches: "C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 18
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Miscellaneous IE Hijack Points
------------------------------

C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

Added lines (compared with English-language version):
[Strings]: START_PAGE_URL=http://www.toshiba.com

Missing lines (compared with English-language version):
[Strings]: 1 line


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

DigitizerWacom, TabletService, "C:\WINDOWS\system32\Tablet.exe" ["Wacom Technology, Corp."]
DVD-RAM_Service, DVD-RAM_Service, "C:\WINDOWS\System32\DVDRAMSV.exe" ["Matsushita Electric Industrial Co., Ltd."]
Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
SoundMAX Agent Service, SoundMAX Agent Service (default), "C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe" ["Analog Devices, Inc."]
Swupdtmr, Swupdtmr, "c:\Toshiba\IVP\swupdate\swupdtmr.exe" [null data]
Symantec AntiVirus, Symantec AntiVirus, ""C:\Program Files\Symantec AntiVirus\Rtvscan.exe"" ["Symantec Corporation"]
Symantec AntiVirus Definition Watcher, DefWatch, ""C:\Program Files\Symantec AntiVirus\DefWatch.exe"" ["Symantec Corporation"]
Symantec Event Manager, ccEvtMgr, ""C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"]
Symantec Settings Manager, ccSetMgr, ""C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"" ["Symantec Corporation"]
Tmesrv3, Tmesrv, ""C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe" /Service" ["TOSHIBA"]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]


----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
  launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
  DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
  use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 46 seconds, including 20 seconds for message boxes)

Edited by sfried, 12 September 2005 - 11:05 PM.

[don77]

Hi there sfried.
Nothing malious running now probably a program on your computer is acting up on you.
Try disabling 1 program at a time through Msconfig and see if you get the shutdown error,