Vundo System Scanner Results (extra.txt attached)

kylefaust · 03-27-2008, 01:04 PM

My Norton Anti-virus scan shows 2 instances of Vundo on my computer, so I went and downloaded their Symantec Vundofix tool, but it was unsuccessful. I dont know what else to do. Here are the results from my DSS scan. SOMEONE PLEASE HELP!

Thanks,
Kyle

Deckard's System Scanner v20071014.68
Run by Kyle on 2008-03-27 15:57:40
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
5: 2008-03-27 19:57:49 UTC - RP5 - Deckard's System Scanner Restore Point
4: 2008-03-27 19:31:53 UTC - RP4 - Software Distribution Service 3.0
3: 2008-03-27 01:22:53 UTC - RP3 - Installed Symantec Technical Support Web Controls
2: 2008-03-27 00:02:52 UTC - RP2 - Removed CA eTrust PestPatrol
1: 2008-03-26 21:18:16 UTC - RP1 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 502 MiB (512 MiB recommended).

-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-03-27 16:00:10
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\DDWMon.exe
C:\WINDOWS\RTHDCPL.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\agrsmmsg.exe
C:\WINDOWS\system32\TPSMain.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\TOSHIBA\IVP\ISM\pinger.exe
C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\SmartPopupBlocker\SmartPopupBlockerTray.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Kyle\Local Settings\Temporary Internet Files\Content.IE5\QWLPNCWB\dss[1].exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = HTTP://WWW.GOOGLE.COM
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PopupBlockerBHO.CPopupBlockerBHO - {0D929918-C804-4756-B0AC-640EF3F061E9} - C:\Program Files\SmartPopupBlocker\PopupBlockerBHO.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Program Files\FlashFXP\IEFlash.dll
O3 - Toolbar: (no name) - SITEguard - (no file)
O4 - HKLM\..\Run: [THotkey] "C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe"
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [DDWMon] "C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PadTouch] "C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe"
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [Tvs] "C:\Program Files\Toshiba\Tvs\TvsTray.exe"
O4 - HKLM\..\Run: [SmoothView] "C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe"
O4 - HKLM\..\Run: [Pinger] "c:\toshiba\ivp\ism\pinger.exe" /run
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [MSKDetectorExe] "C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" /uninstall
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [DRam prosessor] msconfig.exe
O4 - HKLM\..\RunServices: [DRam prosessor] msconfig.exe
O4 - HKCU\..\Run: [TOSCDSPD] "C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp /HIDEBL
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - Global Startup: RAMASST.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1205875463015
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get.../ultrashim.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Swupdtmr - Unknown owner - C:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe

--
End of file - 12015 bytes

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 meiudf - c:\windows\system32\drivers\meiudf.sys <Not Verified; Matsushita Electric Industrial Co.,Ltd.; >
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.5.3.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.5.3.0>
R2 Netdevio (TOSHIBA Network Device Usermode I/O Protocol) - c:\windows\system32\drivers\netdevio.sys <Not Verified; TOSHIBA Corporation.; TOSHIBA Network Device Usermode I/O protocol>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R2 tdudf (TOSHIBA UDF File System Driver) - c:\windows\system32\drivers\tdudf.sys <Not Verified; TOSHIBA Corporation; TOSHIBA Direct Disc Writer>
R3 Iviaspi (IVI ASPI Shell) - c:\windows\system32\drivers\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell>
R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
R3 Pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
R3 tdcmdpst (TOSHIBA Writing Engine Filter Driver) - c:\windows\system32\drivers\tdcmdpst.sys <Not Verified; TOSHIBA Corporation.; >
R3 TVALD (Toshiba Mobile PC Service) - c:\windows\system32\drivers\nbsmi.sys <Not Verified; Toshiba Corporation; Toshiba Notebook PC SMI Service>
R3 Tvs (TOSHIBA Virtual Sound with SRS technologies) - c:\windows\system32\drivers\tvs.sys <Not Verified; TOSHIBA Corporation; Audio Filter>

S3 SVRPEDRV - c:\sysprep\pedrv.sys (file missing)
S3 tosrfec (Bluetooth ACPI from TOSHIBA) - c:\windows\system32\drivers\tosrfec.sys <Not Verified; TOSHIBA Corporation; TOSHIBA Bluetooth EC Driver>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R2 CFSvcs (ConfigFree Service) - c:\program files\toshiba\configfree\cfsvcs.exe <Not Verified; TOSHIBA CORPORATION; ConfigFree(TM)>
R2 DVD-RAM_Service - c:\windows\system32\dvdramsv.exe <Not Verified; Matsushita Electric Industrial Co., Ltd.; >
R2 RegSrvc (Intel(R) PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel(R) PROSet/Wireless Registry Service>
R2 Swupdtmr - c:\toshiba\ivp\swupdate\swupdtmr.exe
R2 TAPPSRV (TOSHIBA Application Service) - "c:\program files\toshiba\toshiba applet\tappsrv.exe" <Not Verified; TOSHIBA Corp.; TOSHIBA TAPPSRV>
R2 TODDSrv (TOSHIBA Optical Disc Drive Service) - c:\windows\system32\toddsrv.exe <Not Verified; TOSHIBA Corporation; TDCSrv Application>

S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Scheduled Tasks -------------------------------------------------------------

2008-03-24 20:00:00 554 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Kyle.job

-- Files created between 2008-02-27 and 2008-03-27 -----------------------------

2008-03-27 00:02:14 0 d-------- C:\WINDOWS\pss
2008-03-26 23:47:09 96978 --a------ C:\VirtumundoBeGone.exe <Not Verified; Business Information Solutions; VirtumundoBeGone v1.5 by secured2k@msn.com>
2008-03-26 22:15:57 0 d-------- C:\WINDOWS\system32\ActiveScan
2008-03-25 22:49:08 0 d-------- C:\Program Files\FlashFXP
2008-03-25 22:49:08 0 d-------- C:\Documents and Settings\All Users\Application Data\FlashFXP
2008-03-25 22:40:34 0 d-------- C:\Documents and Settings\Kyle\Application Data\FlashFXP
2008-03-25 22:40:01 0 d-------- C:\tempfolder
2008-03-25 22:26:18 921600 --a------ C:\WINDOWS\system32\vorbisenc.dll
2008-03-25 22:26:18 188416 --a------ C:\WINDOWS\system32\vorbis.dll
2008-03-25 22:26:18 237568 --a------ C:\WINDOWS\system32\OggDS.dll <Not Verified; ; Ogg DirectShow(tm) Filter Collection>
2008-03-25 22:26:18 45056 --a------ C:\WINDOWS\system32\ogg.dll
2008-03-25 22:26:18 242176 --a------ C:\WINDOWS\system32\fixflash.exe
2008-03-25 22:26:17 129024 --a------ C:\WINDOWS\system32\AVERM.dll
2008-03-25 22:26:16 28672 --a------ C:\WINDOWS\system32\AVEQT.dll
2008-03-25 22:26:15 0 d-------- C:\Program Files\Ultra Flash Video FLV Converter
2008-03-19 22:35:54 0 d-------- C:\Program Files\MSBuild
2008-03-19 22:34:41 0 d-------- C:\Program Files\Microsoft.NET
2008-03-19 22:30:48 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2008-03-19 22:29:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-19 22:18:41 0 d-------- C:\Program Files\PowerISO
2008-03-16 22:23:15 0 d-------- C:\Documents and Settings\Kyle\Application Data\Template
2008-03-16 22:23:14 150 --a------ C:\Documents and Settings\Kyle\Application Data\wklnhst.dat
2008-03-16 20:34:06 0 dr-h----- C:\Documents and Settings\Kyle\Application Data\SecuROM
2008-03-16 20:33:17 438272 --a------ C:\WINDOWS\system32\vp6vfw.dll <Not Verified; On2.com; On2_VP6>
2008-03-16 20:33:17 118832 --a------ C:\WINDOWS\system32\SHW32.DLL <Not Verified; MicroQuill Software Publishing, Inc.; SmartHeap>
2008-03-16 20

07 0 d-------- C:\Program Files\EA SPORTS
2008-03-16 19:03:31 0 d--h----- C:\WINDOWS\PIF
2008-03-14 02:04:29 46652 --a------ C:\WINDOWS\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
2008-03-13 21:10:40 0 d-------- C:\Documents and Settings\Kyle\Application Data\InterVideo
2008-03-11 14:04:23 0 d-------- C:\Documents and Settings\Amanda\Application Data\Viewpoint
2008-03-11 10:31:22 0 d-------- C:\Documents and Settings\Amanda\Application Data\Sun
2008-03-11 00:30:16 6144 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-03-11 00:30:14 0 d-------- C:\Program Files\ffdshow
2008-03-11 00:29:18 0 d-------- C:\Program Files\Tvforce Codec pack
2008-03-10 09:44:58 765952 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-03-10 09:44:57 180224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-03-10 09:44:57 0 d-------- C:\Program Files\Xvid
2008-03-10 01:21:16 0 d-------- C:\Program Files\AC3Filter
2008-03-09 22:48:19 0 d-------- C:\Program Files\MagicDVDRipper
2008-03-08 18:57:29 0 d-------- C:\Documents and Settings\Kyle\Application Data\Vso
2008-03-08 18:56:55 0 d-------- C:\Documents and Settings\Kyle\Application Data\WinRAR
2008-03-08 18:42:49 47360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-03-08 18:42:49 0 d-------- C:\Documents and Settings\Amanda\Application Data\Vso
2008-03-08 18:42:49 47360 --a------ C:\Documents and Settings\Amanda\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-03-08 18:42:38 217127 --a------ C:\WINDOWS\system32\drv43260.dll <Not Verified; RealNetworks, Inc.; RealVideo 9 (32-bit)>
2008-03-08 18:42:38 208935 --a------ C:\WINDOWS\system32\drv33260.dll <Not Verified; RealNetworks, Inc.; RealVideo 8 (32-bit)>
2008-03-08 18:42:38 176165 --a------ C:\WINDOWS\system32\drv23260.dll <Not Verified; RealNetworks, Inc.; RealVideo G2 (32-bit)>
2008-03-08 18:42:38 65602 --a------ C:\WINDOWS\system32\cook3260.dll <Not Verified; RealNetworks, Inc.; RealPlayer 10>
2008-03-08 18:42:37 626688 --a------ C:\WINDOWS\system32\vp7vfw.dll <Not Verified; On2.com; On2_VP70>
2008-03-08 18:42:34 0 d-------- C:\Program Files\VSO
2008-03-08 18:23:40 0 d-------- C:\Program Files\DVD Decrypter
2008-03-08 17:00:09 0 d-------- C:\Documents and Settings\Amanda\Application Data\WinRAR
2008-03-08 01:07:52 0 d-------- C:\Documents and Settings\Kyle\Application Data\AdobeUM
2008-03-07 21:37:06 0 d-------- C:\WINDOWS\Sun
2008-03-07 21:37:06 0 d-------- C:\Documents and Settings\Kyle\Application Data\Sun
2008-03-07 16:58:04 0 d-------- C:\Documents and Settings\Amanda\Application Data\acccore
2008-03-07 16:37:48 0 d-------- C:\Program Files\SmartPopupBlocker
2008-03-07 10:43:58 0 d-------- C:\Program Files\MSXML 4.0
2008-03-07 09:55:10 0 d-------- C:\WINDOWS\system32\PreInstall
2008-03-07 09:23:04 0 d-------- C:\Documents and Settings\Amanda\Application Data\Macromedia
2008-03-07 09:15:33 0 d-------- C:\Documents and Settings\Amanda\Application Data\Winamp
2008-03-07 09:13:17 0 d-------- C:\Documents and Settings\Amanda\Application Data\LimeWire
2008-03-06 23:32:12 0 dr------- C:\Documents and Settings\Amanda\Favorites
2008-03-06 23:32:12 0 d-------- C:\Documents and Settings\Amanda\Desktop
2008-03-06 23:32:12 0 d--hs---- C:\Documents and Settings\Amanda\Cookies
2008-03-06 23:32:12 0 d--h----- C:\Documents and Settings\Amanda\Application Data
2008-03-06 23:32:12 0 d-------- C:\Documents and Settings\Amanda\Application Data\You've Got Pictures Screensaver
2008-03-06 23:32:12 0 d-------- C:\Documents and Settings\Amanda\Application Data\toshiba
2008-03-06 23:32:12 0 d---s---- C:\Documents and Settings\Amanda\Application Data\Microsoft
2008-03-06 23:32:12 0 d-------- C:\Documents and Settings\Amanda\Application Data\Intel
2008-03-06 23:32:12 0 d-------- C:\Documents and Settings\Amanda\Application Data\Identities
2008-03-06 23:32:12 0 d-------- C:\Documents and Settings\Amanda\Application Data\AOL
2008-03-06 23:32:12 0 d-------- C:\Documents and Settings\Amanda\Application Data\Adobe
2008-03-06 23:32:11 0 d-------- C:\Documents and Settings\Amanda\WINDOWS
2008-03-06 23:32:11 0 d--h----- C:\Documents and Settings\Amanda\Templates
2008-03-06 23:32:11 0 dr------- C:\Documents and Settings\Amanda\Start Menu
2008-03-06 23:32:11 0 dr-h----- C:\Documents and Settings\Amanda\SendTo
2008-03-06 23:32:11 0 dr-h----- C:\Documents and Settings\Amanda\Recent
2008-03-06 23:32:11 0 d--h----- C:\Documents and Settings\Amanda\PrintHood
2008-03-06 23:32:11 3407872 --ah----- C:\Documents and Settings\Amanda\NTUSER.DAT
2008-03-06 23:32:11 0 d--h----- C:\Documents and Settings\Amanda\NetHood
2008-03-06 23:32:11 0 dr------- C:\Documents and Settings\Amanda\My Documents
2008-03-06 23:32:11 0 d--h----- C:\Documents and Settings\Amanda\Local Settings
2008-03-06 23:24:46 0 d-------- C:\Program Files\Winamp
2008-03-06 23:24:46 0 d-------- C:\Documents and Settings\Kyle\Application Data\Winamp
2008-03-06 22:30:12 0 d-------- C:\Documents and Settings\All Users\Application Data\SITEguard
2008-03-06 22:29:18 0 d-------- C:\Program Files\Common Files\iS3
2008-03-06 22:29:18 0 d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-03-06 22:24:33 0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-03-06 22:17:08 0 d-------- C:\Program Files\Bonjour
2008-03-06 22:07:44 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-03-06 18:55:47 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-06 18:55:39 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-03-06 18:55:39 0 d-------- C:\Documents and Settings\Kyle\Application Data\SUPERAntiSpyware.com
2008-03-06 18:14:00 0 d-------- C:\Program Files\Lavasoft
2008-03-06 18:13:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-06 18:12:43 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-06 16:08:22 0 d-------- C:\Program Files\LimeWire
2008-03-06 16:01:12 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-03-06 15:57:19 0 d-------- C:\Documents and Settings\Kyle\Application Data\LimeWire
2008-03-06 13:50:43 0 d-------- C:\Program Files\uTorrent
2008-03-06 13:50:23 0 d-------- C:\Documents and Settings\Kyle\Application Data\uTorrent
2008-03-06 13:01:22 0 d-------- C:\Program Files\Windows Media Connect 2
2008-03-06 12:59:07 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-03-06 12:57:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-03-06 00:56:55 0 d-------- C:\Documents and Settings\Kyle\Application Data\McAfee.com Personal Firewall
2008-03-06 00:55:31 0 dr------- C:\Documents and Settings\Kyle\Favorites
2008-03-06 00:55:31 0 d-------- C:\Documents and Settings\Kyle\Desktop
2008-03-06 00:55:31 0 d--hs---- C:\Documents and Settings\Kyle\Cookies
2008-03-06 00:55:31 0 d--h----- C:\Documents and Settings\Kyle\Application Data
2008-03-06 00:55:31 0 d-------- C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver
2008-03-06 00:55:31 0 d-------- C:\Documents and Settings\Kyle\Application Data\toshiba
2008-03-06 00:55:31 0 d-------- C:\Documents and Settings\Kyle\Application Data\Intel
2008-03-06 00:55:31 0 d-------- C:\Documents and Settings\Kyle\Application Data\Identities
2008-03-06 00:55:31 0 d-------- C:\Documents and Settings\Kyle\Application Data\AOL
2008-03-06 00:55:31 0 d-------- C:\Documents and Settings\Kyle\Application Data\Adobe
2008-03-06 00:55:30 0 d-------- C:\Documents and Settings\Kyle\WINDOWS
2008-03-06 00:55:30 0 d--h----- C:\Documents and Settings\Kyle\Templates
2008-03-06 00:55:30 0 dr------- C:\Documents and Settings\Kyle\Start Menu
2008-03-06 00:55:30 0 dr-h----- C:\Documents and Settings\Kyle\SendTo
2008-03-06 00:55:30 0 dr-h----- C:\Documents and Settings\Kyle\Recent
2008-03-06 00:55:30 0 d--h----- C:\Documents and Settings\Kyle\PrintHood
2008-03-06 00:55:30 3670016 --ah----- C:\Documents and Settings\Kyle\NTUSER.DAT
2008-03-06 00:55:30 0 d--h----- C:\Documents and Settings\Kyle\NetHood
2008-03-06 00:55:30 0 dr------- C:\Documents and Settings\Kyle\My Documents
2008-03-06 00:55:30 0 d--h----- C:\Documents and Settings\Kyle\Local Settings
2008-03-06 00:54:37 262144 --a------ C:\Documents and Settings\All Users\NTUSER.DAT
2008-03-06 00:54:15 21419 --a------ C:\WINDOWS\system32\drivers\AegisP.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.5.3.0>
2008-03-06 00:53:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Intel
2008-03-06 00:53:43 0 d-------- C:\Documents and Settings\Default User\Application Data\Intel
2008-03-06 00:53:43 0 d-------- C:\Documents and Settings\Administrator\Application Data\Intel
2008-03-06 00:53:31 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-03-06 00:53:01 0 d-------- C:\Documents and Settings\Default User\WINDOWS
2008-03-06 00:53:01 0 d-------- C:\Documents and Settings\Default User\Application Data\You've Got Pictures Screensaver
2008-03-06 00:53:01 0 d-------- C:\Documents and Settings\Default User\Application Data\toshiba
2008-03-06 00:53:01 0 d-------- C:\Documents and Settings\Default User\Application Data\AOL
2008-03-06 00:53:01 0 d-------- C:\Documents and Settings\Default User\Application Data\Adobe
2008-03-06 00:46:21 0 d-------- C:\Program Files\Common Files\InterVideo
2008-03-06 00:42:09 0 d--hs---- C:\System Volume Information
2008-03-05 23:50:43 0 d-------- C:\Documents and Settings\Kyle\Application Data\acccore
2008-03-05 23:50:07 0 d-------- C:\Program Files\AOL Search
2008-03-05 23:49:34 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-03-05 23:49:08 0 d-------- C:\Program Files\AIM6
2008-03-05 23:36:08 0 d-------- C:\Program Files\Windows Sidebar
2008-03-05 23:36:07 0 d-------- C:\Program Files\Norton AntiVirus
2008-03-05 23:35:39 0 d-------- C:\Program Files\Symantec
2008-03-05 23:35:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-03-05 23:35:12 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-03-05 23:15:07 0 d-------- C:\Documents and Settings\All Users\Symantec Temporary Files
2008-03-05 23:12:25 0 d--hs---- C:\Documents and Settings\Kyle\UserData
2008-03-05 23:08:01 0 d-------- C:\Documents and Settings\Kyle\Application Data\Macromedia
2008-03-05 23:07:17 0 d-------- C:\WINDOWS\system32\LogFiles

-- Find3M Report ---------------------------------------------------------------

2008-03-27 15:18:39 0 d-------- C:\Program Files\QuickTime
2008-03-27 00:09:05 0 d-------- C:\Program Files\Common Files\Real
2008-03-27 00:07:16 0 d-------- C:\Program Files\GemMaster
2008-03-27 00

00 0 d-------- C:\Program Files\Common Files
2008-03-26 22:55:30 0 d-------- C:\Program Files\Toshiba Games
2008-03-24 14:24:45 668 --a------ C:\Documents and Settings\Kyle\Application Data\vso_ts_preview.xml
2008-03-19 22:36:06 0 d-------- C:\Program Files\Microsoft Works
2008-03-16 20:33:17 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-06 22:17:06 0 d-------- C:\Program Files\Common Files\Adobe
2008-03-06 00:53:54 0 d-------- C:\Program Files\Intel
2008-03-06 00:46:17 0 d-------- C:\Program Files\InterVideo
2008-03-06 00:03:18 0 d-------- C:\Program Files\Pure Networks
2008-03-06 00:03:18 0 d-------- C:\Program Files\Common Files\AOL
2008-03-05 23:20:58 0 d-------- C:\Program Files\Yahoo!

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
03/05/2008 11:37 PM 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [08/02/2006 07:52 PM]
"SkyTel"="SkyTel.EXE" [05/16/2006 06:04 AM C:\WINDOWS\SkyTel.exe]
"NDSTray.exe"="NDSTray.exe" []
"DDWMon"="C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [04/25/2006 08:57 PM]
"RTHDCPL"="RTHDCPL.EXE" [08/23/2006 08:08 AM C:\WINDOWS\RTHDCPL.exe]
"Alcmtr"="ALCMTR.EXE" [05/03/2005 06:43 AM C:\WINDOWS\Alcmtr.exe]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [03/23/2006 12:17 AM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [03/23/2006 12:13 AM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [03/23/2006 12:17 AM]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [08/05/2005 04:56 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [03/02/2006 07:02 PM]
"AGRSMMSG"="AGRSMMSG.exe" [03/18/2006 11:22 AM C:\WINDOWS\agrsmmsg.exe]
"TPSMain"="TPSMain.exe" [06/01/2005 12:00 AM C:\WINDOWS\system32\TPSMain.exe]
"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [12/06/2005 01:06 AM]
"TFncKy"="TFncKy.exe" []
"Tvs"="C:\Program Files\Toshiba\Tvs\TvsTray.exe" [02/02/2006 03:11 PM]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [04/26/2005 07:13 PM]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [03/17/2005 08:37 PM]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [07/03/2006 05:07 AM]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [07/03/2006 01:50 AM]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [08/12/2005 07:16 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/25/2008 09:47 PM]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [02/07/2008 02:49 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [07/19/2006 10:40 PM]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [08/24/2007 07:00 AM]
"DRam prosessor"="msconfig.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [12/30/2004 03:32 AM]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [01/03/2008 12:15 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 08:00 AM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [03/16/2008 07:22 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"DRam prosessor"=msconfig.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [7/19/2006 7:11:37 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 01:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

-- End of Deckard's System Scanner: finished at 2008-03-27 16:00:50 ------------