Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected Laptop


  • Please log in to reply
1 reply to this topic

#1 Licky

Licky

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:03 AM

Posted 03 April 2008 - 12:46 PM

Hi - I am running Vista Home Basic 32 bit, on Toshiba Satellite Pro Laptop. I recently became a victim of the Vundo virus - I beleived I had removed the programme, but after posting on another site for help, they suggested that due to the problems i described on there that I may not have removed the virus completely, and they suggested that I ask for hel here!! Here is a copy of my post on the other forum:

""I have recently been invaded be Vundo virus - I have managed to get rid of it (Finally!) but now have a few problems.

The first is that my wallpaper is not displayed, I just have a black screen with taskbar showing and desktop items - I have tried several of the options listed on this site - to no avail! Any ideas. Also the pictures in "my pictures" folder do not show themselves. All you can see is a blank space with the name of the file underneath, although if you click on the picture it will appear in the picture and fax viewer.

Also the computer is extremely slow!

I am unable to use system restore as all previous restore points have disappeared! I do not appear to have a recovery disc that enables me to do a repair install, and I really do not want to re-install the whole system!!

Thanks in advance for your help!""

I have run a Deckards System Scan -

Extra.txt


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Home Basic (build 6001) SP 1.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® Dual CPU T2310 @ 1.46GHz
Percentage of Memory in Use: 86%
Physical Memory (total/avail): 1014.48 MiB / 134.23 MiB
Pagefile Memory (total/avail): 2293.29 MiB / 1031.11 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1894.74 MiB

C: is Fixed (NTFS) - 55.89 GiB total, 33.58 GiB free.
E: is Fixed (NTFS) - 54.43 GiB total, 54.33 GiB free.
F: is CDROM (UDF)

\\.\PHYSICALDRIVE0 - TOSHIBA MK1237GSX - 111.79 GiB - 3 partitions
\PARTITION0 - Unknown - 1500 MiB
\PARTITION1 (bootable) - Installable File System - 55.89 GiB - C:
\PARTITION2 - Installable File System - 54.43 GiB - E:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FW: ZoneAlarm Firewall v7.1.248.000 (Check Point, LTD.)
AV: AVG 7.5.519 v7.5.519 (Grisoft)
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation) Disabled
AS: SUPERAntiSpyware v4, 0, 0, 1154 (SUPERAntiSpyware.com) Disabled

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Lisa\AppData\Roaming
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=OWENS-PC
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Lisa
LOCALAPPDATA=C:\Users\Lisa\AppData\Local
LOGONSERVER=\\OWENS-PC
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 13, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0d
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\Lisa\AppData\Local\Temp
TMP=C:\Users\Lisa\AppData\Local\Temp
tvdumpflags=8
USERDOMAIN=Owens-PC
USERNAME=Lisa
USERPROFILE=C:\Users\Lisa
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

Lisa


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\InstallShield Installation Information\{A644254B-92F6-4970-8635-AB0775371E72}\setup.exe" --u:{A644254B-92F6-4970-8635-AB0775371E72}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{622E6F16-0904-49B6-BBE1-4CC836314CCF}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{697AFC77-F318-4CD4-BF16-F50F4C1072DA}\setup.exe" -l0x9
7-Zip 4.58 alpha 6 --> "C:\Program Files\7-Zip\Uninstall.exe"
Accessibility --> C:\Program Files\InstallShield Installation Information\{2C544254-39F2-4ACA-B779-ABF7297C96CF}\setup.exe -runfromtemp -l0x0009 -removeonly
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
ATK Hotkey --> C:\Program Files\InstallShield Installation Information\{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}\setup.exe -runfromtemp -l0x0009 -removeonly
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
BitTorrent --> C:\Program Files\BitTorrent\uninst.exe
BOClean --> C:\Windows\UNBOC.EXE
CD/DVD Drive Acoustic Silencer --> C:\Program Files\InstallShield Installation Information\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}\setup.exe -runfromtemp -l0x0009 -removeonly
DNA --> "C:\Users\Lisa\Program Files\DNA\btdna.exe" /UNINSTALL
Driving Test HPT Express v1.8.0.0 --> "C:\Program Files\Driving Test HPT Express\unins000.exe"
Driving Theory Test Express v1.8.0.0 --> "C:\Program Files\Driving Theory Test Express\unins000.exe"
DVD MovieFactory for TOSHIBA --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}\setup.exe" -l0x9
eBay Toolbar --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DB5FD00-BB93-4AF3-B925-77DAA0E4E2F4}\setup.exe" -l0x9 /z"Uninstall eBay Toolbar"
Glarysoft Registry Repair 2.7 --> "C:\Program Files\Registry Repair\unins000.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Intel® Graphics Media Accelerator Driver --> C:\Windows\system32\igxpun.exe -uninstall
Intel® Matrix Storage Manager --> C:\Windows\System32\Imsmudlg.exe
ISO Recorder --> MsiExec.exe /I{39600969-41C3-4658-876E-16F108FC5C92}
Java™ SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
Microsoft Office Live Small Business Image Uploader --> MsiExec.exe /X{A580547F-4FB6-433E-A595-21CAA858C556}
Microsoft Office PowerPoint Viewer 2003 --> MsiExec.exe /X{90AF0409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Word Viewer 2003 --> MsiExec.exe /I{90850409-6000-11D3-8CFE-0150048383C9}
Microsoft SQL Server 2005 Compact Edition [ENU] --> MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MSXML 4.0 SP2 (KB927978) --> MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
ParetoLogic Data Recovery --> MsiExec.exe /I{15D8D315-BB4C-4867-BCD7-2B829EF0F38B}
PokerStars --> "C:\Program Files\PokerStars\PokerStarsUninstall.exe" /u:PokerStars
Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista --> C:\Program Files\InstallShield Installation Information\{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}\setup.exe -runfromtemp -l0x0009 -removeonly
Realtek High Definition Audio Driver --> RtlUpd.exe -r -m
RegCure 1.5.0.0 --> C:\Program Files\RegCure\uninst.exe
RICOH R5C83x/84x Media Driver Vista x86 Ver.3.33.03 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\setup.exe" -l0x9 anything
Serial To Kline Interface --> C:\Windows\system32\CTU2KUN.exe
ShadowExplorer 0.1 --> "C:\Program Files\ShadowExplorer\unins000.exe"
Sky Broadband --> MsiExec.exe /I{14C35072-D7D0-4B29-B5BF-C94E426D77E9}
SoulSeek Client 156c --> "C:\Program Files\Soulseek\uninstall.exe"
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TOSHIBA Assist --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{12B3A009-A080-4619-9A2A-C6DB151D8D67}\setup.exe" -l0x9
TOSHIBA ConfigFree --> C:\Program Files\InstallShield Installation Information\{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}\setup.exe -runfromtemp -l0x0009 uninstall
TOSHIBA Disc Creator --> MsiExec.exe /X{5DA0E02F-970B-424B-BF41-513A5018E4C0}
TOSHIBA DVD PLAYER --> C:\Program Files\InstallShield Installation Information\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}\setup.exe -runfromtemp -l0x0009 -ADDREMOVE -removeonly
TOSHIBA Extended Tiles for Windows Mobility Center --> C:\Program Files\InstallShield Installation Information\{617C36FD-0CBE-4600-84B2-441CEB12FADF}\setup.exe -runfromtemp -l0x0409
TOSHIBA Manuals --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0F4F4815-76AD-4B26-8763-72F3344041C2}\setup.exe" -l0x9 -removeonly
TOSHIBA SD Memory Utilities --> MsiExec.exe /X{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}
TOSHIBA Software Modem --> Tosmreg -U
Toshiba TEMPO --> MsiExec.exe /X{4ACF5CB8-CADE-42C9-B3D3-B8751A2CDFD6}
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Mail --> MsiExec.exe /I{184E7118-0295-43C4-B72C-1D54AA75AAF7}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{0ED47137-C071-46CC-A243-E5E33271E10E}
Windows Media Encoder 9 Series --> msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series --> MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
ZoneAlarm --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type13934 / Success
Event Submitted/Written: 04/03/2008 05:35:58 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type13927 / Success
Event Submitted/Written: 04/03/2008 05:34:16 PM
Event ID/Source: 5617 / WinMgmt
Event Description:


Event Record #/Type13926 / Success
Event Submitted/Written: 04/03/2008 05:34:14 PM
Event ID/Source: 5615 / WinMgmt
Event Description:


Event Record #/Type13925 / Success
Event Submitted/Written: 04/03/2008 05:34:06 PM
Event ID/Source: 902 / Software Licensing Service
Event Description:
The Software Licensing service has started.

Event Record #/Type13914 / Warning
Event Submitted/Written: 04/03/2008 01:01:49 PM
Event ID/Source: 1530 / profsvc
Event Description:
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
9 user registry handles leaked from \Registry\User\S-1-5-21-1413977870-1018780249-1899820646-1000_Classes:
Process 3132 (\Device\HarddiskVolume2\Program Files\BitTorrent\bittorrent.exe) has opened key \REGISTRY\USER\S-1-5-21-1413977870-1018780249-1899820646-1000_CLASSES
Process 3132 (\Device\HarddiskVolume2\Program Files\BitTorrent\bittorrent.exe) has opened key \REGISTRY\USER\S-1-5-21-1413977870-1018780249-1899820646-1000_CLASSES
Process 1020 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1413977870-1018780249-1899820646-1000_CLASSES
Process 3132 (\Device\HarddiskVolume2\Program Files\BitTorrent\bittorrent.exe) has opened key \REGISTRY\USER\S-1-5-21-1413977870-1018780249-1899820646-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\21\ComDlg
Process 3132 (\Device\HarddiskVolume2\Program Files\BitTorrent\bittorrent.exe) has opened key \REGISTRY\USER\S-1-5-21-1413977870-1018780249-1899820646-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\21\ComDlg
Process 3132 (\Device\HarddiskVolume2\Program Files\BitTorrent\bittorrent.exe) has opened key \REGISTRY\USER\S-1-5-21-1413977870-1018780249-1899820646-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
Process 3132 (\Device\HarddiskVolume2\Program Files\BitTorrent\bittorrent.exe) has opened key \REGISTRY\USER\S-1-5-21-1413977870-1018780249-1899820646-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\21\Shell
Process 3132 (\Device\HarddiskVolume2\Program Files\BitTorrent\bittorrent.exe) has opened key \REGISTRY\USER\S-1-5-21-1413977870-1018780249-1899820646-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\21\Shell
Process 3132 (\Device\HarddiskVolume2\Program Files\BitTorrent\bittorrent.exe) has opened key \REGISTRY\USER\S-1-5-21-1413977870-1018780249-1899820646-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type38270 / Error
Event Submitted/Written: 04/03/2008 05:35:24 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
Ricoh xD-Picture Card Driver%%1058

Event Record #/Type38269 / Error
Event Submitted/Written: 04/03/2008 05:35:24 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
rimsptsk%%1058

Event Record #/Type38268 / Error
Event Submitted/Written: 04/03/2008 05:35:24 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
rimmptsk%%1058

Event Record #/Type38217 / Error
Event Submitted/Written: 04/03/2008 05:34:08 PM
Event ID/Source: 1002 / Dhcp
Event Description:
The IP address lease 192.168.0.3 for the Network Card with network address 001644893612 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).

Event Record #/Type38216 / Error
Event Submitted/Written: 04/03/2008 05:34:01 PM
Event ID/Source: 15016 / HTTP
Event Description:
\Device\Http\ReqQueueKerberos



-- End of Deckard's System Scanner: finished at 2008-04-03 17:51:15 ------------

main.txt

Deckard's System Scanner v20071014.68
Run by Lisa on 2008-04-03 17:43:46
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
8: 2008-04-03 09:42:51 UTC - RP172 - Installed ParetoLogic Data Recovery.
7: 2008-04-02 23:12:48 UTC - RP171 - Installed ISO Recorder
6: 2008-04-02 23:01:49 UTC - RP170 - Windows Modules Installer
5: 2008-04-02 15:33:09 UTC - RP169 - Windows Update
4: 2008-04-01 16:55:36 UTC - RP168 - Scheduled Checkpoint


-- First Restore Point --
1: 2008-04-01 00:09:18 UTC - RP165 - Removed SUPERAntiSpyware Free Edition


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 83% (more than 75%).
Total Physical Memory: 1015 MiB (1024 MiB recommended).


-- HijackThis (run as Lisa.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:45:54, on 03/04/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Toshiba TEMPO\Toshiba.Tempo.UI.TrayApplication.exe
C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Comodo\CBOClean\BOC425.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Users\Lisa\Downloads\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Lisa.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sky.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig?hl=en&source=iglk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided By Sky Broadband
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O4 - HKLM\..\Run: [Toshiba TEMPO] C:\Program Files\Toshiba TEMPO\Toshiba.Tempo.UI.TrayApplication.exe
O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [BOC-425] C:\PROGRA~1\Comodo\CBOClean\BOC425.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com (file missing)
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: eBay.co.uk - Buy It Sell It Love It - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/710-44557-9400-3/4 (file missing)
O9 - Extra button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redire...1&site=home (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: dlcf_device - - C:\Windows\system32\dlcfcoms.exe
O23 - Service: Notebook Performance Tuning Service (TempoMonitoringService) - Toshiba Europe GmbH - C:\Program Files\Toshiba TEMPO\TempoSVC.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe

--
End of file - 8490 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 Pcouffin (Low level access layer for CD devices) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>

S3 CTU2K (CTU2K.SYS CTU2K device driver) - c:\windows\system32\drivers\ctu2k.sys <Not Verified; FTDI Ltd.; FT8U232AX>
S3 SASENUM - \??\c:\program files\superantispyware\sasenum.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 ASLDRService (ASLDR Service) - c:\program files\atk hotkey\asldrsrv.exe <Not Verified; ; ADSMSrv>
R2 CFSvcs (ConfigFree Service) - c:\program files\toshiba\configfree\cfsvcs.exe <Not Verified; TOSHIBA CORPORATION; ConfigFree™>
R2 TNaviSrv (TOSHIBA Navi Support Service) - c:\program files\toshiba\toshiba dvd player\tnavisrv.exe <Not Verified; TOSHIBA Corporation; TOSHIBA DVD Player>
R2 TODDSrv (TOSHIBA Optical Disc Drive Service) - c:\windows\system32\toddsrv.exe <Not Verified; TOSHIBA Corporation; TDCSrv Application>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-04-03 17:34:07 436 --a------ C:\Windows\Tasks\RegCure Program Check.job
2008-04-03 17:34:01 370 --a------ C:\Windows\Tasks\RegCure.job
2008-04-03 17:34:01 414 --a------ C:\Windows\Tasks\ParetoLogic Update Version2.job
2008-04-03 17:34:01 440 --a------ C:\Windows\Tasks\ParetoLogic Registration.job


-- Files created between 2008-03-03 and 2008-04-03 -----------------------------

2008-04-03 11:04:52 0 d-------- C:\Program Files\RegCure
2008-04-03 10:43:24 0 d-------- C:\Users\All Users\ParetoLogic
2008-04-03 10:43:24 0 d-------- C:\Program Files\ParetoLogic
2008-04-03 10:43:24 0 d-------- C:\Program Files\Common Files\ParetoLogic
2008-04-03 10:42:40 0 d-------- C:\Users\All Users\Downloaded Installations
2008-04-03 10:35:15 0 d-------- C:\Program Files\ShadowExplorer
2008-04-03 00:13:14 0 d-------- C:\Program Files\Alex Feinman
2008-04-02 22:51:49 0 d-------- C:\Program Files\Registry Repair
2008-04-02 01:05:26 0 d-------- C:\Users\Lisa\Program Files
2008-04-01 22:31:22 0 d-------- C:\Program Files\DNA
2008-04-01 22:31:20 0 d-------- C:\Program Files\BitTorrent
2008-04-01 14:56:32 208896 --a------ C:\Windows\CMDLIC.DLL <Not Verified; COMODO; COMODO BOClean - AntiMalware>
2008-04-01 14:56:25 0 d-------- C:\Users\All Users\BOC425
2008-04-01 14:56:17 0 d-------- C:\Program Files\Comodo
2008-04-01 13:39:47 0 d-------- C:\Program Files\7-Zip
2008-04-01 12:30:26 0 d-------- C:\VundoFix Backups
2008-04-01 12:13:57 0 dr-h----- C:\$VAULT$.AVG
2008-04-01 01:02:26 3542 --a------ C:\Start_.cmd
2008-04-01 01:02:25 0 d-------- C:\327882R2FWJFW
2008-04-01 00:17:09 0 d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-04-01 00:16:55 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-03-31 21:47:41 0 d-a------ C:\Users\All Users\TEMP
2008-03-31 10:50:34 0 d-------- C:\Users\All Users\CheckPoint
2008-03-31 10:47:49 0 d-------- C:\Windows\system32\ZoneLabs
2008-03-31 10:46:30 0 d-------- C:\Windows\Internet Logs
2008-03-31 10:37:41 0 d-------- C:\Users\All Users\Grisoft
2008-03-31 10:37:41 0 d-------- C:\Users\All Users\avg7
2008-03-31 00:54:48 0 d-------- C:\Program Files\Trend Micro
2008-03-30 22:34:59 0 d-------- C:\Program Files\Lavasoft
2008-03-30 22:34:53 0 d-------- C:\Users\All Users\Lavasoft
2008-03-30 22:30:23 0 d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-03-29 23:35:09 0 d-------- C:\Users\All Users\Nero
2008-03-29 23:35:09 0 d-------- C:\Program Files\Common Files\Nero
2008-03-29 21:36:39 0 d-------- C:\Program Files\Avi2Dvd
2008-03-29 18:49:11 0 d-------- C:\Users\All Users\AVS4YOU
2008-03-29 18:24:20 0 d-------- C:\Program Files\Common Files\AVSMedia
2008-03-29 18:23:56 1700352 --a------ C:\Windows\system32\GdiPlus.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-03-29 18:23:54 139264 --a------ C:\Windows\system32\xvidvfw.dll
2008-03-29 18:23:54 524288 --a------ C:\Windows\system32\xvidcore.dll
2008-03-29 18:23:54 413760 --a------ C:\Windows\system32\mpg4c32.dll <Not Verified; Microsoft Corporation; Microsoft MPEG-4 Video Codec>
2008-03-29 18:23:54 261632 --a------ C:\Windows\system32\mcdvd_32.dll <Not Verified; MainConcept; MainConcept DV Codec "2.0.4>
2008-03-29 18:18:47 39264 --a------ C:\Windows\system32\drivers\Pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-03-28 10:13:43 0 d-------- C:\Program Files\Common Files\PX Storage Engine
2008-03-28 10:13:24 0 d-------- C:\Program Files\DivX
2008-03-27 23:29:05 0 d-------- C:\PerfLogs
2008-03-27 18:10:26 0 d-------- C:\65e6ecae29d6ed3619889f95801e
2008-03-27 18:06:26 192512 --a------ C:\Windows\system32\recdisc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-03-19 00:04:40 0 d-------- C:\Program Files\Driving Theory Test Express
2008-03-18 20:30:37 32768 --a------ C:\Windows\system32\REGTOOL5.DLL <Not Verified; Microsoft Corporation; Registry Access Functions>
2008-03-18 20:30:20 0 d-------- C:\Program Files\Driving Test HPT Express
2008-03-17 16:57:34 0 d-------- C:\Windows\pss
2008-03-16 11:01:31 81920 --a------ C:\Windows\system32\viscomwave.dll <Not Verified; Viscom Software; >
2008-03-16 11:01:31 139264 --a------ C:\Windows\system32\viscomqtde.dll <Not Verified; Viscom Software www.viscomsoft.com; >
2008-03-16 11:01:31 475136 --a------ C:\Windows\system32\SkinCrafter.dll <Not Verified; DMSoft Technologies; SkinCrafter Module>
2008-03-13 15:54:19 160768 --a------ C:\Windows\system32\CTU2KUN.exe <Not Verified; FTDI Ltd.; FTDI FTD2XX Drivers>
2008-03-13 15:54:18 24197 --a------ C:\Windows\system32\drivers\CTU2K.sys <Not Verified; FTDI Ltd.; FT8U232AX>
2008-03-13 15:54:18 35840 --a------ C:\Windows\system32\CTU2K.dll <Not Verified; FTDI Ltd; FTDI FTD2XX Drivers>
2008-03-13 11:24:47 317952 --a------ C:\Windows\system32\Roboex32.dll <Not Verified; Blue Sky Software Corporation.; RoboHELP Classic>
2008-03-13 11:21:47 0 d-------- C:\Users\All Users\Xerox
2008-03-09 01:42:35 0 d-------- C:\Users\All Users\WholeSecurity
2008-03-08 20:46:32 0 d-------- C:\Program Files\PokerStars
2008-03-07 20:20:09 0 d-------- C:\Users\All Users\eBay
2008-03-07 20:19:56 0 d-------- C:\Program Files\eBay
2008-03-04 00:16:59 0 d-------- C:\Users\Lisa\AbiSuite


-- Find3M Report ---------------------------------------------------------------

2008-04-03 17:43:14 0 d-------- C:\Users\Lisa\AppData\Roaming\AVG7
2008-04-03 12:17:40 0 d-------- C:\Users\Lisa\AppData\Roaming\BitTorrent
2008-04-03 10:43:24 0 d-------- C:\Program Files\Common Files
2008-04-02 22:54:05 0 d-------- C:\Users\Lisa\AppData\Roaming\GlarySoft
2008-04-02 01:11:42 0 d-------- C:\Users\Lisa\AppData\Roaming\DNA
2008-04-01 01:36:36 0 d-------- C:\Users\Lisa\AppData\Roaming\SUPERAntiSpyware.com
2008-04-01 01:36:34 0 d-------- C:\Program Files\ltmoh
2008-04-01 01:36:33 0 d-------- C:\Program Files\Dl_cats
2008-04-01 01:36:33 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-01 01:05:14 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-03-30 20:09:29 0 d-------- C:\Program Files\Windows Sidebar
2008-03-30 20:09:29 0 d-------- C:\Program Files\Windows Photo Gallery
2008-03-30 20:09:29 0 d-------- C:\Program Files\Windows Mail
2008-03-30 20:09:28 0 d-------- C:\Program Files\Windows Defender
2008-03-30 20:09:28 0 d-------- C:\Program Files\Windows Collaboration
2008-03-30 20:09:28 0 d-------- C:\Program Files\Windows Calendar
2008-03-30 20:09:28 0 d-------- C:\Program Files\Movie Maker
2008-03-29 23:45:43 0 d-------- C:\Users\Lisa\AppData\Roaming\Nero
2008-03-29 20:16:20 0 d-------- C:\Users\Lisa\AppData\Roaming\Video DVD Maker FREE
2008-03-29 19:39:36 0 d-------- C:\Users\Lisa\AppData\Roaming\Toshiba
2008-03-29 17:48:40 0 d-------- C:\Users\Lisa\AppData\Roaming\Ulead Systems
2008-03-28 10:15:32 0 d-------- C:\Users\Lisa\AppData\Roaming\DivX
2008-03-27 23:48:28 174 --ahs---- C:\Program Files\desktop.ini
2008-03-27 16:46:00 0 d-------- C:\Users\Lisa\AppData\Roaming\OpenOffice.org2
2008-03-22 02:16:06 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-22 02:14:34 0 d-------- C:\Users\Lisa\AppData\Roaming\InstallShield
2008-03-15 03:03:31 0 d-------- C:\Users\Lisa\AppData\Roaming\NetMeter
2008-03-07 20:23:55 0 d-------- C:\Users\Lisa\AppData\Roaming\eBay
2008-03-04 02:03:20 31007 --a------ C:\Users\Lisa\AppData\Roaming\UserTile.png
2008-03-04 02:03:20 0 d-------- C:\Users\Lisa\AppData\Roaming\PeerNetworking
2008-03-02 13:22:29 0 d-------- C:\Program Files\TOSHIBA
2008-02-28 02:36:04 0 d-------- C:\Program Files\Microsoft Office Live
2008-02-24 15:04:38 0 d-------- C:\Users\Lisa\AppData\Roaming\SystemGadgets
2008-02-24 14:54:53 0 d-------- C:\Users\Lisa\AppData\Roaming\MessengerGadget
2008-02-22 00:21:58 0 d-------- C:\Program Files\Toshiba TEMPO
2008-02-21 01:29:12 0 d-------- C:\Program Files\Soulseek
2008-02-19 19:04:07 0 d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-02-18 22:17:51 0 d-------- C:\Program Files\Common Files\Adobe
2008-02-16 04:06:25 0 d-------- C:\Users\Lisa\AppData\Roaming\Adobe
2008-02-15 00:54:24 0 d-------- C:\Users\Lisa\AppData\Roaming\DesktopSMS
2008-02-15 00:51:20 0 d-------- C:\Program Files\Windows Live
2008-02-15 00:46:01 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-02-14 23:07:50 0 d-------- C:\Program Files\Sky Broadband
2008-02-14 23:04:00 0 d-------- C:\Users\Lisa\AppData\Roaming\Macromedia
2008-02-14 22:30:28 0 d-------- C:\Users\Lisa\AppData\Roaming\Identities
2008-02-14 22:18:21 0 d-------- C:\Program Files\REALTEK USB Wireless LAN Driver


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Toshiba TEMPO"="C:\Program Files\Toshiba TEMPO\Toshiba.Tempo.UI.TrayApplication.exe" [29/10/2007 17:22]
"Toshiba Registration"="C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe" [04/05/2007 12:05]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [22/06/2007 18:37]
"Skytel"="Skytel.exe" [15/06/2007 15:45 C:\Windows\SkyTel.exe]
"RtHDVCpl"="RtHDVCpl.exe" [06/07/2007 10:06 C:\Windows\RtHDVCpl.exe]
"Persistence"="C:\Windows\system32\igfxpers.exe" [02/01/2008 18:07]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [02/01/2008 18:07]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [02/01/2008 18:06]
"eBayToolbar"="C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe" [22/03/2008 01:41]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 23:16]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [31/03/2008 10:38]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [09/01/2008 03:31]
"BOC-425"="C:\PROGRA~1\Comodo\CBOClean\BOC425.exe" [26/11/2007 10:38]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [19/01/2008 08:33]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 12:34]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [19/01/2008 08:33]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableUIADesktopToggle"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"disableregistrytools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [20/12/2006 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19/04/2007 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 31/03/2008 10:38 9216 C:\Windows\System32\avgwlntf.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Lisa^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ePrompter.lnk]
backup=C:\Windows\pss\ePrompter.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Lisa^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk]
backup=C:\Windows\pss\OpenOffice.org 2.3.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
"C:\Users\Lisa\Program Files\DNA\btdna.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cmds]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE WebClient SstpSvc
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc wlansvc EMDMgmt TabletInputService WPDBusEnum
LocalServiceNoNetwork PLA DPS BFE mpssvc


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-04-03 17:51:15 ------------



I hope you can help me.
Thanks in advance

Edited by Licky, 03 April 2008 - 12:49 PM.


BC AdBot (Login to Remove)

 


#2 Yourhighness

Yourhighness

    The BSG Malware Fighter


  • Malware Response Team
  • 7,943 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hamburg
  • Local time:02:03 AM

Posted 13 April 2008 - 11:35 PM

Hello Licky and welcome to BleepingComputer!

Apollogies for the delay. The forum has been very busy lately and. If you are still having problems, then please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic: Preparation Guide For Use Before Posting A Hijackthis Log.

Thanks,

Johannes

"How did I get infected?" - "Safe-hex" - Member of UNITE -
Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users