Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

MSN Messenger Virus & Computer issues

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: MSN Messenger Virus & Computer issues

Unread postby jacquio » December 23rd, 2008, 4:44 am

Things seem to be going great (Cross fingers) Once you check things over, is there anything I need to 'turn back on' or re-install, and what scans etc should I do/keep doing that I have downloaded, on a regular basis. Should I delete the others I have that you don't reccommend? Also what is a good antivirus to install. Trend runs out in February, and my friend reccommended ESET.
jacquio
Regular Member
 
Posts: 28
Joined: December 9th, 2008, 2:19 am
Advertisement
Register to Remove

Re: MSN Messenger Virus & Computer issues

Unread postby Sharagoz » December 29th, 2008, 6:15 pm

Hi, I appologise for the long delay with this response. I got more busy than expected during xmas.
I will answer the questions you asked above after we've gotten rid of the last bits of malware.

RegistrySmart did not uninstall, so you need to remove it manually.

First delete this folder:
C:\Program Files\RegistrySmart

Then go to Add/Remove Programs and uninstall RegistrySmart.
You will most likely get a message saying that the program no longer exists, and will be asked if the uninstall entry should be removed.
Answer Yes to this question.

Finally get a new RIST log so I can see if anything has changed since your last log.
  • Delete this folder: C:\rsit
  • Double click on RSIT.exe (on your desktop) to run RSIT
  • Click Continue at the disclaimer screen to start the scanner
  • Once it has finished, two logs will open:
    • log.txt will be opened maximized
    • info.txt will be opened minimized
  • Post the contents of both log.txt and info.txt in your next reply
User avatar
Sharagoz
Retired Graduate
 
Posts: 985
Joined: February 22nd, 2008, 4:31 pm
Location: Norway

Re: MSN Messenger Virus & Computer issues

Unread postby jacquio » December 29th, 2008, 9:22 pm

I didn't expect you to be working over Christmas, so that is fine. Registry Smart is not in C drive in Program Files. I deleted it last time. It's definately not there. I have gone to Uninstall Programs, and it's not there either. I don't know how we are going to get rid of it, when I have not trace of it???
jacquio
Regular Member
 
Posts: 28
Joined: December 9th, 2008, 2:19 am

Re: MSN Messenger Virus & Computer issues

Unread postby jacquio » December 29th, 2008, 11:05 pm

I will send the logs through anyway:




Logfile of random's system information tool 1.05 (written by random/random)
Run by Jacqueline at 2008-12-30 14:01:03
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 25 GB (17%) free of 146 GB
Total RAM: 2045 MB (54% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:01:29 PM, on 30/12/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Jacqueline\Downloads\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Jacqueline.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe"
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [X-Cleaner Deluxe] "C:\PROGRA~1\X-CLEA~1\XCleaner_full.exe" -turbo -autostart -NOREBOOT
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Adobe Media Player.lnk = C:\Program Files\Adobe Media Player\Adobe Media Player.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} (Image Uploader Control) - http://photomax.lifepics.com/net/Upload ... ader45.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www4.snapfish.com.au/SnapfishActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/re ... den-au.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Fac ... oader3.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.bigwphotos.com.au/bigw/ax/ImageUploader5.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Fac ... loader.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-03.sun.com/s/ESD5/JSCDL/ ... 586-jc.cab
O16 - DPF: {AE6C4705-0F11-4ACB-BDD4-37F138BEF289} (Image Uploader Control) - http://photomax.lifepics.com/net/Upload ... ader45.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/f ... wflash.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Fac ... der4_5.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 11758 bytes

======Scheduled tasks folder======

C:\Windows\tasks\User_Feed_Synchronization-{20831A31-3878-48E9-BC8D-B1C40B28B27E}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-13 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2007-10-22 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-13 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2007-10-22 2403392]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-01-18 4349952]
"NDSTray.exe"=NDSTray.exe []
"KeNotify"=C:\Program Files\TOSHIBA\Utilities\KeNotify.exe [2006-11-07 34352]
"HWSetup"=C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [2006-11-02 413696]
"SVPWUTIL"=C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe [2006-11-02 438272]
"Camera Assistant Software"=C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe [2007-02-14 405504]
"TPwrMain"=C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [2006-12-20 411768]
"HSON"=C:\Program Files\TOSHIBA\TBS\HSON.exe [2006-12-08 55416]
"SmoothView"=C:\Program Files\Toshiba\SmoothView\SmoothView.exe [2007-01-19 448632]
"00TCrdMain"=C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [2007-01-18 534648]
"PSQLLauncher"=C:\Program Files\Protector Suite QL\launcher.exe [2006-11-06 49168]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-07-27 898344]
"SynTPStart"=C:\Program Files\Synaptics\SynTP\SynTPStart.exe [2007-07-27 204800]
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-09-28 185896]
"OpwareSE4"=C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe [2006-10-11 75304]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe [2007-03-09 63712]
"NvSvc"=C:\Windows\system32\nvsvc.dll [2007-01-13 90191]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2007-01-13 7766016]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2007-01-13 81920]
"UfSeAgnt.exe"=C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe [2008-07-29 1398024]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-09-03 111936]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-09-20 185896]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-13 136600]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-19 1233920]
"TOSCDSPD"=TOSCDSPD.EXE []
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]
"OE"=C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe [2008-02-16 492808]
"X-Cleaner Deluxe"=C:\PROGRA~1\X-CLEA~1\XCleaner_full.exe [2008-08-07 1062920]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

C:\Users\Jacqueline\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Media Player.lnk - C:\Program Files\Adobe Media Player\Adobe Media Player.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\psfus]
C:\Windows\system32\psqlpwd.dll [2006-11-06 52224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
psqlpwd

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableCAD"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{67649e30-ea81-11dc-a18f-0016d4f658e6}]
shell\AutoRun\command - H:\wd_windows_tools\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9522b5e8-d0c7-11dd-a476-0016d4f658e6}]
shell\AutoRun\command - G:\LaunchU3.exe -a


======List of files/folders created in the last 1 months======

2008-12-30 14:01:03 ----D---- C:\rsit
2008-12-23 18:35:33 ----D---- C:\ProgramData\NortonInstaller
2008-12-22 20:38:24 ----D---- C:\Program Files\a-squared Free
2008-12-20 18:53:31 ----D---- C:\Program Files\Bonjour
2008-12-20 18:53:27 ----SHD---- C:\Config.Msi
2008-12-19 20:27:23 ----D---- C:\Windows\ERDNT
2008-12-19 20:25:54 ----D---- C:\Program Files\ERUNT
2008-12-19 03:00:58 ----A---- C:\Windows\system32\mshtml.dll
2008-12-17 10:09:42 ----D---- C:\Users\Jacqueline\AppData\Roaming\Malwarebytes
2008-12-17 10:09:37 ----D---- C:\ProgramData\Malwarebytes
2008-12-17 10:09:37 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-17 09:52:45 ----D---- C:\Program Files\CCleaner
2008-12-12 11:18:16 ----A---- C:\Windows\system32\dns-sd.exe
2008-12-12 11:11:46 ----A---- C:\Windows\system32\dnssd.dll
2008-12-11 03:08:59 ----A---- C:\Windows\system32\tzres.dll
2008-12-10 08:07:05 ----D---- C:\Program Files\AxBx
2008-12-10 07:10:28 ----D---- C:\MSNCleaner
2008-12-10 07:08:51 ----A---- C:\Windows\system32\gdi32.dll
2008-12-10 07:08:46 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2008-12-10 07:08:46 ----A---- C:\Windows\system32\Apphlpdm.dll
2008-12-10 07:08:38 ----A---- C:\Windows\system32\shell32.dll
2008-12-10 07:08:21 ----A---- C:\Windows\explorer.exe
2008-12-10 07:08:12 ----A---- C:\Windows\system32\urlmon.dll
2008-12-10 07:08:11 ----A---- C:\Windows\system32\ieframe.dll
2008-12-10 07:08:10 ----A---- C:\Windows\system32\wininet.dll
2008-12-10 07:08:10 ----A---- C:\Windows\system32\mstime.dll
2008-12-10 07:08:09 ----A---- C:\Windows\system32\jsproxy.dll
2008-12-10 07:08:09 ----A---- C:\Windows\system32\iertutil.dll
2008-12-10 07:08:03 ----A---- C:\Windows\system32\mf.dll
2008-12-10 07:08:02 ----A---- C:\Windows\system32\WMVCORE.DLL
2008-12-10 07:08:02 ----A---- C:\Windows\system32\WMNetMgr.dll
2008-12-10 07:08:01 ----A---- C:\Windows\system32\logagent.exe
2008-12-09 07:11:31 ----D---- C:\Program Files\X-Cleaner
2008-12-08 16:59:46 ----D---- C:\ProgramData\Lavasoft
2008-12-07 12:33:26 ----D---- C:\Program Files\EsetOnlineScanner

======List of files/folders modified in the last 1 months======

2008-12-30 14:00:57 ----D---- C:\Windows\Temp
2008-12-30 12:21:48 ----D---- C:\Windows\System32
2008-12-30 12:10:51 ----D---- C:\Windows\inf
2008-12-30 12:10:51 ----A---- C:\Windows\system32\PerfStringBackup.INI
2008-12-30 12:07:59 ----D---- C:\Windows\system32\WDI
2008-12-26 12:54:05 ----D---- C:\Windows
2008-12-23 18:59:28 ----RD---- C:\Program Files
2008-12-23 18:59:26 ----D---- C:\Windows\system32\Macromed
2008-12-23 18:43:04 ----HD---- C:\ProgramData
2008-12-23 18:42:54 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-12-23 18:35:50 ----SHD---- C:\Windows\Installer
2008-12-22 20:28:02 ----D---- C:\Windows\Tasks
2008-12-20 18:52:37 ----D---- C:\Program Files\Safari
2008-12-20 14:41:16 ----SD---- C:\Windows\Downloaded Program Files
2008-12-19 20:35:31 ----D---- C:\Windows\Prefetch
2008-12-19 03:48:11 ----SHD---- C:\System Volume Information
2008-12-19 03:01:38 ----D---- C:\Windows\winsxs
2008-12-19 03:01:28 ----D---- C:\Windows\system32\catroot
2008-12-17 10:09:40 ----D---- C:\Windows\system32\drivers
2008-12-17 09:57:31 ----D---- C:\Windows\Debug
2008-12-17 09:49:21 ----D---- C:\Program Files\Common Files
2008-12-12 15:24:16 ----D---- C:\Program Files\Common Files\Adobe
2008-12-12 15:24:10 ----D---- C:\ProgramData\Adobe
2008-12-12 15:23:54 ----D---- C:\Program Files\Adobe
2008-12-11 03:38:33 ----D---- C:\Windows\rescache
2008-12-11 03:23:19 ----D---- C:\Windows\system32\catroot2
2008-12-11 03:19:40 ----D---- C:\Program Files\Windows Mail
2008-12-11 03:19:39 ----D---- C:\Windows\AppPatch
2008-12-11 03:19:36 ----D---- C:\Windows\system32\en-US
2008-12-11 03:13:21 ----D---- C:\ProgramData\Microsoft Help
2008-12-10 19:44:17 ----D---- C:\Program Files\Trend Micro
2008-12-09 16:32:49 ----D---- C:\Program Files\Windows Live
2008-12-09 16:30:34 ----D---- C:\ProgramData\WLInstaller
2008-12-07 09:58:04 ----D---- C:\Windows\system32\Tasks
2008-12-03 08:26:30 ----A---- C:\Windows\system32\mrt.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver; C:\Windows\system32\DRIVERS\tmlwf.sys [2008-02-16 141840]
R1 tmtdi;Trend Micro TDI Driver; C:\Windows\system32\DRIVERS\tmtdi.sys [2008-02-16 65936]
R1 Tosrfcom;Bluetooth RFCOMM; C:\Windows\System32\Drivers\tosrfcom.sys [2005-08-01 64896]
R2 tmactmon;tmactmon; C:\Windows\system32\DRIVERS\tmactmon.sys [2008-02-16 52496]
R2 tmcomm;tmcomm; C:\Windows\system32\DRIVERS\tmcomm.sys [2008-02-16 138384]
R2 tmevtmgr;tmevtmgr; C:\Windows\system32\DRIVERS\tmevtmgr.sys [2008-02-16 52240]
R2 tmpreflt;tmpreflt; C:\Windows\system32\DRIVERS\tmpreflt.sys [2008-08-16 36368]
R2 tmwfp;Trend Micro WFP Callout Driver; C:\Windows\system32\DRIVERS\tmwfp.sys [2008-02-16 234512]
R2 tmxpflt;tmxpflt; C:\Windows\system32\DRIVERS\tmxpflt.sys [2008-08-16 205328]
R2 vsapint;vsapint; C:\Windows\system32\DRIVERS\vsapint.sys [2008-08-16 1195448]
R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2006-11-28 1161888]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-01-18 1729632]
R3 NETw4v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2006-12-09 2206720]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-01-13 4452288]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-01-15 70144]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-19 88576]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-07-27 188336]
R3 TcUsb;TC USB Kernel Driver; C:\Windows\System32\Drivers\tcusb.sys [2007-04-03 46992]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\Windows\system32\DRIVERS\tdcmdpst.sys [2006-10-19 16128]
R3 tifm21;tifm21; C:\Windows\system32\drivers\tifm21.sys [2006-07-06 168448]
R3 tosporte;Bluetooth COM Port; C:\Windows\system32\DRIVERS\tosporte.sys [2006-10-10 41600]
R3 tosrfec;Bluetooth ACPI; C:\Windows\system32\DRIVERS\tosrfec.sys [2006-10-23 9216]
R3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
R3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2006-11-02 132352]
R3 UVCFTR;UVCFTR; C:\Windows\system32\DRIVERS\UVCFTR_S.SYS [2007-01-27 17712]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 tosrfbd;Bluetooth RFBUS; C:\Windows\system32\DRIVERS\tosrfbd.sys [2007-02-22 113920]
S3 tosrfbnp;Bluetooth RFBNEP; C:\Windows\System32\Drivers\tosrfbnp.sys [2006-11-20 36480]
S3 Tosrfhid;Bluetooth RFHID; C:\Windows\system32\DRIVERS\Tosrfhid.sys [2007-03-01 73728]
S3 tosrfnds;Bluetooth Personal Area Network; C:\Windows\system32\DRIVERS\tosrfnds.sys [2005-01-06 18612]
S3 TosRfSnd;Bluetooth Audio; C:\Windows\system32\drivers\tosrfsnd.sys [2007-01-22 53376]
S3 Tosrfusb;Bluetooth USB Controller; C:\Windows\system32\DRIVERS\tosrfusb.sys [2007-02-28 41344]
S3 TpChoice;Touch Pad Detection Filter driver; C:\Windows\system32\DRIVERS\TpChoice.sys []
S3 USB_RNDIS;Thomson ST Remote NDIS Device Driver; C:\Windows\system32\DRIVERS\usb8023.sys [2008-01-19 15872]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2008-10-01 32000]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 a2free;a-squared Free Service; C:\Program Files\a-squared Free\a2service.exe [2008-12-17 419448]
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2006-10-05 9216]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service; C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-11 30312]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2006-11-14 40960]
R2 SfCtlCom;Trend Micro Central Control Component; C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe [2008-07-29 698888]
R2 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2007-02-10 242544]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968]
R2 TMBMServer;Trend Micro Unauthorized Change Prevention Service; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [2008-02-16 333064]
R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe [2006-05-26 114688]
R2 TosCoSrv;TOSHIBA Power Saver; C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe [2006-12-20 428152]
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2007-02-25 125048]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2006-08-24 49152]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
R3 TmPfw;Trend Micro Personal Firewall; C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe [2008-02-16 488768]
R3 tmproxy;Trend Micro Proxy Service; C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [2008-02-16 648456]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-10-22 138168]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-02-26 29183504]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-27 145184]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]

-----------------EOF-----------------
jacquio
Regular Member
 
Posts: 28
Joined: December 9th, 2008, 2:19 am

Re: MSN Messenger Virus & Computer issues

Unread postby jacquio » December 29th, 2008, 11:06 pm

info.txt logfile of random's system information tool 1.05 2008-12-30 14:01:36

======Uninstall list======

-->"C:\Program Files\InstallShield Installation Information\{A644254B-92F6-4970-8635-AB0775371E72}\setup.exe" --u:{A644254B-92F6-4970-8635-AB0775371E72}
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Windows\UNNeroBackItUp.exe /UNINSTALL
-->C:\Windows\UNNeroMediaHome.exe /UNINSTALL
-->C:\Windows\UNNeroShowTime.exe /UNINSTALL
-->C:\Windows\UNNeroVision.exe /UNINSTALL
-->C:\Windows\UNRecode.exe /UNINSTALL
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{622E6F16-0904-49B6-BBE1-4CC836314CCF}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{697AFC77-F318-4CD4-BF16-F50F4C1072DA}\setup.exe" -l0x9
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office system-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROHYBRIDR /dll OSETUP.DLL
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
Adobe® Photoshop® Album Starter Edition 3.2-->MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArcSoft PhotoStudio 5.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85309D89-7BE9-4094-BB17-24999C6118FC}\SETUP.EXE" -l0x9
a-squared Free 4.0-->"C:\Program Files\a-squared Free\unins000.exe"
Blaze Video Magic 2.0-->"C:\Program Files\Blaze Video Magic\unins000.exe"
Bluetooth Stack for Windows by Toshiba-->MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Business Contact Manager for Outlook 2007 SP1-->"C:\Program Files\Microsoft Small Business\Business Contact Manager\SetupBootstrap\Setup.exe" /remove {B32C4059-6E7A-41EF-AD20-56DF1872B923}
Business Contact Manager for Outlook 2007 SP1-->MsiExec.exe /X{B32C4059-6E7A-41EF-AD20-56DF1872B923}
Camera Assistant Software for Toshiba-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{37C866E4-AA67-4725-9E95-A39968DD7960}\setup.exe" -l0x9
Canon MP Navigator 3.0-->"C:\Program Files\Canon\MP Navigator 3.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator 3.0\uninst.ini
Canon MP600-->"C:\Windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP600\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP600 /L0x0009
Canon Utilities Easy-PhotoPrint-->C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CD/DVD Drive Acoustic Silencer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}\setup.exe" -l0x9
CD-LabelPrint-->"C:\Program Files\Canon\CD-LabelPrint\Uninstal.exe" Canon.CDLabelPrint.Application
Clean Virus MSN-->"C:\Program Files\AxBx\Clean Virus MSN\unins000.exe"
CrossLoop 2.11-->"C:\Program Files\CrossLoop\unins000.exe"
DVD MovieFactory for TOSHIBA-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}\setup.exe" -l0x9
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
ESET Online Scanner-->C:\Windows\system32\OnlineScannerUninstaller.exe
GDR 3068 for SQL Server Database Services 2005 ENU (KB948109)-->C:\Windows\SQL9_KB948109_ENU\Hotfix.exe /Uninstall
Google Earth-->MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
Java(TM) 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Java(TM) SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Office 2003 Web Components-->MsiExec.exe /I{90A40409-6000-11D3-8CFE-0150048383C9}
Microsoft Office 2007 Primary Interop Assemblies-->MsiExec.exe /X{50120000-1105-0000-0000-0000000FF1CE}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Outlook Connector-->MsiExec.exe /I{95120000-011F-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROR /dll OSETUP.DLL
Microsoft Office Professional 2007-->MsiExec.exe /X{91120000-0014-0000-0000-0000000FF1CE}
Microsoft Office Professional Hybrid 2007-->MsiExec.exe /X{91120000-0031-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Small Business Connectivity Components-->MsiExec.exe /X{A939D341-5A04-4E0A-BB55-3E65B386432D}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)-->MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server 2005-->"C:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server Native Client-->MsiExec.exe /I{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}
Microsoft SQL Server Setup Support Files (English)-->MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
MobileMe Control Panel-->MsiExec.exe /I{6DA9102E-199F-43A0-A36B-6EF48081A658}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Nero 7 Demo-->MsiExec.exe /I{0D9E1F52-CE29-B03B-D79F-8EC434821033}
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
PokerRoom.com (remove only)-->"C:\Program Files\PokerRoom.com\uninstall.exe"
QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x0009 -removeonly
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
RegistrySmart-->MsiExec.exe /X{9716B4F1-AFD8-4162-B99F-708F39009E73}
Safari-->MsiExec.exe /I{582D2A53-F426-4C5E-A2E6-43C1AB36B907}
ScanSoft OmniPage SE 4.0-->MsiExec.exe /I{C1E693A4-B1D5-4DCD-B68D-2087835B7184}
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Security Update for Visio 2007 (KB947590)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Security Update for Visio 2007 (KB947590)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Security Update for Windows Media Encoder (KB954156)-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E} MSIPATCHREMOVE={E836F1B7-43FB-46B0-A0D9-E4D2A5951659} /qb
Spelling Dictionaries Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Talk to Me-->"C:\Program Files\Auralog\Talk to Me 7.0\Bin\unsetup.exe" -file "C:\Program Files\Auralog\Talk to Me 7.0\unsetup.aui"
Texas Instruments PCIxx21/x515/xx12 drivers.-->C:\Program Files\InstallShield Installation Information\{0409969E-BEFB-44D3-90B9-63BE50FBAE5E}\setup.exe -runfromtemp -l0x0409
TOSHIBA Assist-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{12B3A009-A080-4619-9A2A-C6DB151D8D67}\setup.exe" -l0x9
TOSHIBA ConfigFree-->C:\Program Files\InstallShield Installation Information\{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}\setup.exe -runfromtemp -l0x0009uninstall -removeonly
TOSHIBA Disc Creator-->MsiExec.exe /X{5DA0E02F-970B-424B-BF41-513A5018E4C0}
TOSHIBA Extended Tiles for Windows Mobility Center-->C:\Program Files\InstallShield Installation Information\{617C36FD-0CBE-4600-84B2-441CEB12FADF}\setup.exe -runfromtemp -l0x0409
TOSHIBA Flash Cards Support Utility-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{620BBA5E-F848-4D56-8BDA-584E44584C5E}
TOSHIBA Hardware Setup-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{5279374D-87FE-4879-9385-F17278EBB9D3} /l1033
TOSHIBA Recovery Disc Creator-->MsiExec.exe /X{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}
TOSHIBA SD Memory Utilities-->MsiExec.exe /X{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}
TOSHIBA Software Modem-->Tosmreg -U
TOSHIBA Speech System Applications-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}\Setup.exe" -l0x9
TOSHIBA Speech System SR Engine(U.S.) Version1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{008D69EB-70FF-46AB-9C75-924620DF191A}\Setup.exe" -l0x9 UNINSTALL
TOSHIBA Speech System TTS Engine(U.S.) Version1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}\Setup.exe" -l0x9
TOSHIBA Supervisor Password-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE} /l1033
TOSHIBA Value Added Package-->C:\Program Files\InstallShield Installation Information\{FEDD27A0-B306-45EF-BF58-B527406B42C8}\setup.exe -runfromtemp -l0x0409
TouchChip USB Driver 2.6-->MsiExec.exe /I{8E7D7400-4F4F-409D-8F8A-43BF1DAC575A}
Trend Micro Internet Security-->C:\Program Files\Trend Micro\Internet Security\remove.exe
Trend Micro Internet Security-->MsiExec.exe /X{A621B45A-D138-4A95-BE10-7CABA05EF94E}
Update for Microsoft Office 2007 Help for Common Features (KB957244)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {C8C72583-C907-4D20-8973-C3858D96BD9E}
Update for Microsoft Office 2007 Help for Common Features (KB957244)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {C8C72583-C907-4D20-8973-C3858D96BD9E}
Update for Microsoft Office Access 2007 Help (KB957241)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {D670F9B9-3E84-47B5-8A4A-618B65DB1593}
Update for Microsoft Office Access 2007 Help (KB957241)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {D670F9B9-3E84-47B5-8A4A-618B65DB1593}
Update for Microsoft Office Excel 2007 Help (KB957242)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {51864046-74C8-487B-97CD-6167A4B1DB56}
Update for Microsoft Office Excel 2007 Help (KB957242)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {51864046-74C8-487B-97CD-6167A4B1DB56}
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Microsoft Office Outlook 2007 Help (KB957246)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {6F0E4983-E419-4591-B7DD-EFB0073D3E47}
Update for Microsoft Office Outlook 2007 Help (KB957246)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {6F0E4983-E419-4591-B7DD-EFB0073D3E47}
Update for Microsoft Office PowerPoint 2007 Help (KB957247)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {B20E2C59-EEC5-4102-9E50-5DBB2093C37D}
Update for Microsoft Office PowerPoint 2007 Help (KB957247)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {B20E2C59-EEC5-4102-9E50-5DBB2093C37D}
Update for Microsoft Office Publisher 2007 Help (KB957249)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4E140A5A-4A90-404A-B955-10C2D98CD3EE}
Update for Microsoft Office Publisher 2007 Help (KB957249)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4E140A5A-4A90-404A-B955-10C2D98CD3EE}
Update for Microsoft Office Word 2007 Help (KB957252)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {54DF3345-0720-4224-9740-C7E00303F565}
Update for Microsoft Office Word 2007 Help (KB957252)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {54DF3345-0720-4224-9740-C7E00303F565}
Update for Microsoft Script Editor Help (KB957253)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {F21BF703-548C-47B2-B92A-6876E9566C42}
Update for Microsoft Script Editor Help (KB957253)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {F21BF703-548C-47B2-B92A-6876E9566C42}
Update for Office 2007 (KB946691)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Office 2007 (KB946691)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb958619)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {79B301C1-DBC0-467C-AFDA-2A6CDAFA4302}
Update for Outlook 2007 Junk Email Filter (kb958619)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {79B301C1-DBC0-467C-AFDA-2A6CDAFA4302}
WD Diagnostics-->MsiExec.exe /X{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Mail-->MsiExec.exe /I{184E7118-0295-43C4-B72C-1D54AA75AAF7}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Photo Gallery-->MsiExec.exe /X{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}
Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Encoder 9 Series-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
WinDVD for TOSHIBA-->C:\Program Files\InstallShield Installation Information\{20471B27-D702-4FE8-8DEC-0702CC8C0A85}\setup.exe -runfromtemp -l0x0409
X-Cleaner Deluxe-->C:\PROGRA~1\X-Cleaner\UNWISE.EXE C:\PROGRA~1\X-Cleaner\INSTALL.LOG
Xvid 1.1.3 final uninstall-->"C:\Program Files\Xvid\unins000.exe"

======Security center information======

AV: Trend Micro Internet Security
AS: Trend Micro PC-cillin Internet Security 2007 (disabled)
AS: Antispyware (disabled)
AS: Windows Defender (disabled) (outdated)

System event log

Computer Name: Jacqueline-PC
Event Code: 7036
Message: The Problem Reports and Solutions Control Panel Support service entered the stopped state.
Record Number: 166003
Source Name: Service Control Manager
Time Written: 20081230011904.000000-000
Event Type: Information
User:

Computer Name: Jacqueline-PC
Event Code: 7036
Message: The WinHTTP Web Proxy Auto-Discovery Service service entered the stopped state.
Record Number: 166004
Source Name: Service Control Manager
Time Written: 20081230012427.000000-000
Event Type: Information
User:

Computer Name: Jacqueline-PC
Event Code: 1103
Message: Your computer was successfully assigned an address from the network, and it can now connect to other computers.
Record Number: 166005
Source Name: Microsoft-Windows-Dhcp-Client
Time Written: 20081230013558.000000-000
Event Type: Information
User:

Computer Name: Jacqueline-PC
Event Code: 1103
Message: Your computer was successfully assigned an address from the network, and it can now connect to other computers.
Record Number: 166006
Source Name: Microsoft-Windows-Dhcp-Client
Time Written: 20081230020558.000000-000
Event Type: Information
User:

Computer Name: Jacqueline-PC
Event Code: 1103
Message: Your computer was successfully assigned an address from the network, and it can now connect to other computers.
Record Number: 166007
Source Name: Microsoft-Windows-Dhcp-Client
Time Written: 20081230023558.000000-000
Event Type: Information
User:

Application event log

Computer Name: Jacqueline-PC
Event Code: 223
Message: wlmail (5500) WindowsLiveMail0: Starting the backup of log files (range C:\Users\Jacqueline\AppData\Local\Microsoft\Windows Live Mail\edb00056.log - C:\Users\Jacqueline\AppData\Local\Microsoft\Windows Live Mail\edb00056.log).
Record Number: 24938
Source Name: ESENT
Time Written: 20081230010744.000000-000
Event Type: Information
User:

Computer Name: Jacqueline-PC
Event Code: 224
Message: wlmail (5500) WindowsLiveMail0: Deleting log files C:\Users\Jacqueline\AppData\Local\Microsoft\Windows Live Mail\edb00055.log to C:\Users\Jacqueline\AppData\Local\Microsoft\Windows Live Mail\edb00055.log.
Record Number: 24939
Source Name: ESENT
Time Written: 20081230010744.000000-000
Event Type: Information
User:

Computer Name: Jacqueline-PC
Event Code: 213
Message: wlmail (5500) WindowsLiveMail0: The backup procedure has been successfully completed.
Record Number: 24940
Source Name: ESENT
Time Written: 20081230010744.000000-000
Event Type: Information
User:

Computer Name: Jacqueline-PC
Event Code: 1001
Message: Performance counters for the WmiApRpl (WmiApRpl) service were removed successfully. The Record Data contains the new values of the system Last Counter and Last Help registry entries.
Record Number: 24941
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20081230011051.000000-000
Event Type: Information
User:

Computer Name: Jacqueline-PC
Event Code: 1000
Message: Performance counters for the WmiApRpl (WmiApRpl) service were loaded successfully. The Record Data in the data section contains the new index values assigned to this service.
Record Number: 24942
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20081230011051.000000-000
Event Type: Information
User:

Security event log

Computer Name: Jacqueline-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 19377
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081230030126.576437-000
Event Type: Audit Failure
User:

Computer Name: Jacqueline-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 19378
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081230030126.592037-000
Event Type: Audit Failure
User:

Computer Name: Jacqueline-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 19379
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081230030126.623237-000
Event Type: Audit Failure
User:

Computer Name: Jacqueline-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 19380
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081230030126.654437-000
Event Type: Audit Failure
User:

Computer Name: Jacqueline-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 19381
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081230030126.670037-000
Event Type: Audit Failure
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0f06
"NUMBER_OF_PROCESSORS"=2
"configsetroot"=%SystemRoot%\ConfigSetRoot
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------
jacquio
Regular Member
 
Posts: 28
Joined: December 9th, 2008, 2:19 am

Re: MSN Messenger Virus & Computer issues

Unread postby Sharagoz » December 30th, 2008, 7:58 am

Your logs still indicate that RegistrySmart is present in the uninstall list, but if you can't find it, we dont need to pursue it further.
A leftover uninstall entry isnt causing any harm.

Other than that your logs are clean, well done!
Unless you have discovered new problems since your last post its time to do the final steps.

1) Cleaning up after the removal procedures
  • 1.1) Uninstall through Add/Remove Programs
    • Press the windows key and the R key at the same time
      (The windows key is usually located two to the left of the space bar and is labeled with a windows logo)
    • A dialog box will Open. Type appwiz.cpl and press enter
    • This will take you to Add/Remove Programs
      (Optionally you can locate Add/Remove Programs through the control panel)
    • Locate and uninstall the below programs unless you want to keep some of them for future usage:
      CCleaner
      Malwarebytes' Anti-Malware
      A-Squared Free 4.0
      ERUNT 1.1j
      ESET Online Scanner
      (Malwarebytes' and A-Squared can be kept if you wish to regularily scan your computer)
    • You uninstall by selecting the program and then clicking the button labeled Remove or Uninstall
  • 1.2) Flush system restore
    This is to prevent you from getting reinfected should you ever need to do a system restore
    • Click the start button, right-click on Computer and chose Properties
    • On the left-hand side click System protection
    • Wait for your hard drives to show up under Available disks
      (this can take around half a minute)
    • Uncheck the hard drive that have a has (system) after its drive letter and name
      (It will often look like this: Local Disk (C:) (system))
    • Click Turn off system restore at the prompt, click OK in the control panel and restart your computer
    • After the computer has restarted, find System Restore again the same way you did before
    • Re-add the check-mark you previously removed and click OK
    • System Restore will now be enabled again, and a new restore point will be created.
  • 1.3) Other deletions
    • RSIT.exe (on your desktop)
      fix.reg (on your desktop)
      C:\rsit (folder)
      norton_removal_tool.exe
    • Delete any other logs remain on your desktop.

You can also re-enable Windows Defender now.

2) Taking measures to prevent your computer from being infected again
    Now that your computer is free from malware you may want to know how you can prevent this from happening again.
    Below I'm quoting a tutorial I've written which I post to everybody I help here at MWR.
    It covers the key parts of the software side of computer security. What steps you take or dont take to increase your own computers security is of course up to you.
    In purple I have added some comments that apply spesifically to your computer.
    The tutorial will take a little while to get through, but I hope you find it to be worth your time.
    If you have any questions beyond this, feel free to ask.

  • 2.1) Windows updates
    This is the most important security measure. With an unpatched operating system you will be defenseless even with top-notch security software.
    Malware often exploit security holes in your operating system to install itself, and keeping your OS up to date at all times will make sure this risk is at a minimum.
    Visit http://update.microsoft.com/ using Internet Explorer, and get all critical updates.
    You may have to repeat the update procedure several times before you get all updates. Repeat it until there are no more critical updates showing as missing.
    Also, I recommend you turn on automatic updates if you havent already.

  • 2.2) Immunization software
    These security measures does not do any realtime scanning. All they do is block sites that hosts malware, sites that advertises for malware, malicious ActiveX objects, malicious browser helpers, and cookies that have been identified as bad.
    These protection measures have proven very effective against "internet related" threats and require virtually no computer resources.
    - MVP hosts
      Blocks rougly 25k online domains that hosts or advertises for malware.
      Will significantly reduce the chance of getting in trouble by accidently visiting the wrong page.
    • Download hosts.zip from here
    • Extract the content to your desktop.
    • Copy the file called "HOSTS" to the folder C:\windows\system32\drivers\etc
    • And say "yes" to overwriting the existing file
    • Delete the installation files from your desktop
    Notes:
    If you have previously added custom entries to your own hosts file, these will have to be re-added after the new hosts file is installed.
    The MVP hosts file should be downloaded and re-installed every now and then to keep it up to date.
    If you install MVP Hosts you should disable a service called "DNS client".
    If you dont, your browser(s) will use 10-60 seconds longer to start than what you are used to.
    Disabling this service will have no side-effects. Its purpose is to put domains in cache, but there is no noticeable increase in browsing speed.
    To disable the "DNS Client" service, do the following:
    • Press the windows key and the R key at the same time to open the run dialog box
      (the windows key is usually located to the left of the space bar and is labeled with a windows logo).
    • Type in "services.msc" (without the quotes) and press enter.
    • Right-click on "DNS client" and chose "Stop".
    • After the service has stopped, right-click on it again, chose "Properties" and set "startup type" to "disabled, press "Apply" and "OK".

    - Javacool Spywareblaster
      Multi-purpose blocker of activeX objects, browser helpers and unwanted cookies.
    • Download Spywareblaster from here and install it using default settings
    • Launch Spywareblaster
    • Click "manual updating" (automatic require a subscription)
    • Click "updates"->"check for updates"
    • When the updates are finished downloading, click "protection status" -> "enable all protection"
    Note:
    The last two steps should be repeated from time to time to keep the protection up to date.

    - Spybot immunization
      Multi-purpose blocker of domains, activeX objects, browsers helpers and unwanted cookies.
    • Download Spybot from here
    • When installing spybot, be sure to uncheck "Security center integration", "Separate secure shredder application" and "use system settings protection (teatimer)".
      These features have more cons than pros.
    • Launch Spybot
    • Click "update" -> "check for updates" and install all available updates.
    • Click "Immunize" in the left menu and then "immunize" in the right-hand window to enable the protection. (this may take a couple of minutes to finish)
    Note:
    The last two steps should be repeated from time to time to keep the protection up to date.

    After immunization you will start to notice that on some pages advertisements are not displayed, instead it shows an icon indicating that an image couldnt be loaded.
    The reason for this is that the immunization is blocking the site that are hosting the ads because it has been found to advertise for malicious software.
    If you try to enter a website that is being blocked, the browser will simply say "the webpage could not be displayed".

    2.3) Real-time protection
    These security measures work in real time and scans computer activity as it is happening (anti-virus/anti-malware scans a file before it allows it to be opened, a firewall controls network traffic and blocks it unless you have allowed it to happen).
    This requires a lot of system resources, so what we are looking for is applications with good detection rate, low resource usage, that dont cause problems for legitimate applications.
    These are my recommendations.
    - Anti-virusNote:
    Never have more than one Anti-virus application installed. Installing a second one is likely to cause conflicts between the two and apart from making your system unstable it will reduce your security rather than increase it.

    - Anti-malware
      These applications are ment to supplement your antivirus as they are aimed spesifically at detecting malicious programs.
      This can be displaying advertising (adware), track your internet surfing (spyware), give other people control over your computer (backdoors) and the likes.
      Unfortuntly, in the anti-malware department there arent any great free alternatives like there are in the anti-virus department.
      If you want an anti-malware application worth using you'll need to purchase one. Here are three good alternatives:
    • Malwarebytes' Anti-Malware
    • A-squared Anti-Malware (can be tried for 30 days for free)
    • SUPERAntiSpyware (can be tried for 14 days for free)
    Note:
    You can have more than one of these running at the same time, but I don't recommend it because it only gives a small increase in security while a big increase in usage of system resources.

    - 3rd party Firewall
      Modern operating systems and routers have firewalls built into them that control incoming traffic so the only reason to install a 3rd party firewall is to control outgoing traffic.
      Firewalls are different from other security software as it really is a tool you need to learn how to use, rather than an automatic security solution. An anti-virus application for instance you usually just install and then it runs in the background and only alerts you if something is wrong.
      That is not the case with firewalls. It will alert you whenever something tries to connect to the internet, whether its good or bad, and then its up to you to allow or deny the request. So ultimately you are increasing the security yourself with the help of the firewall.
      If you want to have top notch security you need a 3rd party firewall and the knowledge of how to use it. This will be your last line of defense should something bad get through your immunzation, and anti-virus/anti-malware protection.
      It enables you to prevent a trojan downloader from downloading malware to your computer should you end up with one, or prevent malware from sending personal information after it has collected it.
      Here are three good, free alternatives. They each have their own support forum that can help you learn how setup and use their firewall.
    • Comodo
      (If you chose this one, be sure to uncheck the following alternatives during installation:
      "Install Comodo SafeSurf..", "Make Comodo my default search provider" and "Make Comodo Search my homepage")
    • PCTools Firewall
    • Online Armor

    - Winpatrol
      This program is not strictly a security application, but gives you a lot more control over your computer.
      Like a firewall it's a tool you need to learn how to use.
      Basically it watches your system settings and alerts you if an application tries to change something. Then its up to you to accept or deny this change.
      Its main purpose is to watch programs that add themselfs to auto-start, but it also watches file associations, activeX objects and Internet Explorer helpers.
      Most programs do not need to be on auto-start, and the bad thing about auto-start is that it clogs down system resources.
      With winpatrol you can easily detect and prevent when an unwanted auto-start entry is added, and this becomes an additional security layer because most malware will add itself to auto-start.
      You can download winpatrol from here
      And here's a link to a place where you can get more information on how to use it

    If you managed to read through all of that you're probably asking "do I really need that much security software?".
    That depends on what your computer is used for.
    I'd say that everybody who uses a computer on the internet today really needs the following:
    - Windows updates (having all windows updates is more important than any security software)
    - The immunization features in step 2.2
    - Anti-virus
    That's the minimum.
    If you use your computer for financial transactions (online bank, web-shopping, etc) or have sensitive information stored on the computer, you should strongly consider buying an anti-malware app and get a 3rd party firewall to enhance security.
    If you like to use your computer freely and install a lot of different programs, use file-sharing applications and surf all over the web you should also consider enhancing security as you'll be more at risk for infections.

    Finally, I will recommend you read this article called How did I get infected in the first place?
    Some of the advice related to security software is a bit outdated, but the first part called "Safe Computer Practices" is still as valid and important as ever.



In direct response to the question you asked:
what is a good antivirus to install. Trend runs out in February, and my friend reccommended ESET

Since your Trend-Micro subscription is about to run out you need to decide if you want to continue using it, or if you should get something else.
As you can see, Trend-Micro is not on my recommended list but ESET (that your friend also recommended) is. Trend-Micro has a decent security suite, but most if not all experts dont recommend using security suites, because security suites attempts to cover all fields of computer security, and currently there are no security company that is the best in all these fields.
In addition, security suites tend to be heavy on resource usage.
You should either keep Trend-Micro or uninstall Trend-Micro and pick security software from step 2.3 to replace it
In either case you should install the immunization software in step 2.2.


Thats it.
If you have questions or comments, please respond back and let me know. If you do not respond, this thread will be closed within 48 hours.
User avatar
Sharagoz
Retired Graduate
 
Posts: 985
Joined: February 22nd, 2008, 4:31 pm
Location: Norway

Re: MSN Messenger Virus & Computer issues

Unread postby jacquio » December 31st, 2008, 2:06 pm

I haven't had a chance to do the final steps yet, due to work, so am hoping you don't close off just yet, incase I have some questions. I hope to finish off on Wednesday.
jacquio
Regular Member
 
Posts: 28
Joined: December 9th, 2008, 2:19 am

Re: MSN Messenger Virus & Computer issues

Unread postby Sharagoz » December 31st, 2008, 5:08 pm

Does that mean Wednesday a week from now?
Hopefully the moderators will read this and keep the thread open a little longer than usuall.
If the thread does get closed you can send me or an admin a PM and ask to have the thread re-opened.
User avatar
Sharagoz
Retired Graduate
 
Posts: 985
Joined: February 22nd, 2008, 4:31 pm
Location: Norway

Re: MSN Messenger Virus & Computer issues

Unread postby jacquio » January 1st, 2009, 6:29 pm

Sorry about the confusion, that was meant to be Friday, not Wednesday (I'm a shiftworker, and half the time don't know what day it is, and it was 5am when I wrote that)

Anway, I have done everything you have listed on the last post, except the following:


2.2) Immunization software
These security measures does not do any realtime scanning. All they do is block sites that hosts malware, sites that advertises for malware, malicious ActiveX objects, malicious browser helpers, and cookies that have been identified as bad.
These protection measures have proven very effective against "internet related" threats and require virtually no computer resources.
- MVP hosts
Blocks rougly 25k online domains that hosts or advertises for malware.
Will significantly reduce the chance of getting in trouble by accidently visiting the wrong page.

Download hosts.zip from here
Extract the content to your desktop.
Copy the file called "HOSTS" to the folder C:\windows\system32\drivers\etc
And say "yes" to overwriting the existing file
Delete the installation files from your desktop
Notes:
If you have previously added custom entries to your own hosts file, these will have to be re-added after the new hosts file is installed.
The MVP hosts file should be downloaded and re-installed every now and then to keep it up to date.
If you install MVP Hosts you should disable a service called "DNS client".
If you dont, your browser(s) will use 10-60 seconds longer to start than what you are used to.
Disabling this service will have no side-effects. Its purpose is to put domains in cache, but there is no noticeable increase in browsing speed.
To disable the "DNS Client" service, do the following:
Press the windows key and the R key at the same time to open the run dialog box
(the windows key is usually located to the left of the space bar and is labeled with a windows logo).
Type in "services.msc" (without the quotes) and press enter.
Right-click on "DNS client" and chose "Stop".
After the service has stopped, right-click on it again, chose "Properties" and set "startup type" to "disabled, press "Apply" and "OK".

I am having troubles with this, and am not sure if I am doing it right. When I click on your link, it asks to 'Open/Save' I have tried both. It then just lists a heap of files. There is no 'Extracting to desktop' So I just copied the file 'HOSTS' that was there on the list, to the folder C:\windows\system32\drivers\etc. There was then no 'And say "yes" to overwriting the existing file'. And I also couldn't 'Delete the installation files from your desktop' as it never went there. I wasn't sure if I did this right or not. So I deleted any sign of 'HOSTS' on my computer, and have tried to do this twice. Was I doing it right, and should I do it again, as I did the first time. Once I have done this, is that all you do with it? It doesn't seem to do anything?

I have installed and run everything else with no problems.
jacquio
Regular Member
 
Posts: 28
Joined: December 9th, 2008, 2:19 am

Re: MSN Messenger Virus & Computer issues

Unread postby Sharagoz » January 1st, 2009, 9:53 pm

I just copied the file 'HOSTS' that was there on the list, to the folder C:\windows\system32\drivers\etc

That should have worked correctly.
But since you deleted every trace of any HOSTS file on your computer you must redo this step.
My instructions may not have been 100% accurate. Here's an updated version of the procedure which hopefully is easier to understand:
  • Download hosts.zip from here and save the file to your desktop
  • Open hosts.zip and extract the file called HOSTS to the folder C:\windows\system32\drivers\etc
  • Answer Yes if asked about overwriting an existing file
  • Delete hosts.zip
If you installed Spybot you should reapply the immunization after you have installed the new HOSTS file.

Btw, did you do the part of the instruction that involved disabling the DNS Client service?
Also, out of curiosity, did you keep Trend-Micro or have you replaced it with something else?
User avatar
Sharagoz
Retired Graduate
 
Posts: 985
Joined: February 22nd, 2008, 4:31 pm
Location: Norway

Re: MSN Messenger Virus & Computer issues

Unread postby jacquio » January 2nd, 2009, 12:13 am

My brother came over and had a go, as per your first instructions, and did it perfectly first time. (Not sure what I did differently) Anyway we've done that, then followed the next step of disabling DNS Client. I've also reapplied the Spybot Immunization.

So that should be it hey? All I have to do now, is subscribe to Malwarebytes, which i'll do later on. I will be changing over to ESET for sure as my new anti virus, seeing as though you guys reccommend it too, but will wait till Trend expires.

Thank you so much for all your help and patience, and your very easy to read and follow instructions. I highly reccommend this site, and will definately be reccommending to friends and family, and will use your services again in the future if needed. Fingers crossed I don't!!!!!

Thanks again! :colors:
jacquio
Regular Member
 
Posts: 28
Joined: December 9th, 2008, 2:19 am

Re: MSN Messenger Virus & Computer issues

Unread postby Sharagoz » January 2nd, 2009, 12:21 am

So that should be it hey?

Yep, thats it!
ESET Nod32 + MBAM is an excelent choice. At this point in time I dont belive its possible to find better real-time protection. Hope that works out for you!
Thank you so much for all your help and patience

You're welcome :)
User avatar
Sharagoz
Retired Graduate
 
Posts: 985
Joined: February 22nd, 2008, 4:31 pm
Location: Norway

Re: MSN Messenger Virus & Computer issues

Unread postby NonSuch » January 4th, 2009, 4:29 am

As this issue is resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27302
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove

Previous

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 19 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware