Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vundo J, Vitumonde And Bad Start Up Of Computer


  • This topic is locked This topic is locked
2 replies to this topic

#1 peter66

peter66

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:11:02 AM

Posted 08 June 2008 - 04:41 AM

After my tiral licence of Norton Internet Security on my new pc ended i removed NOrton and installed a COMODO firewall and AVG anti-virus. To remove norton i used configuration --> software and then selected alle norton components. After installen Comodo and avg i got a lot of mesages which told me that i had Virtumonde trojans and vundo j installed. So to AVG i "told" to remove this but after each start-up these files are getting back. And when i start up my computer i get, after logging in, the whole time a black screen. With ctrl+alt+del and logging in again, after one or two times windows finally starts completely.

I have done the following till now:
- ATF cleaner
- spybot S&D
- Ad-aware
- AVG virus scanner

This didn't worked so i tried to go back to a system restore point, but this didn't worked, so i did the above again.

Karspersky didn't worked, i got the following notice:
"Update process FAILED. No further antivirus actions can be performed!

Attention, you must be online to activate Kaspersky Online Scanner, since the latest Anti-Virus bases version must be downloaded prior to scan. Otherwise we cannot guarantee detection of latest viruses. [21]"
This whil i installed active X, said ok, and also said ok as an administrator.

I hope someone can help me,

Thanks.

Below the dss log and the hijack this log:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Home Premium (build 6001) SP 1.0
Architecture: X86; Language: Dutch

CPU 0: Intel® Core™2 Duo CPU T5250 @ 1.50GHz
Percentage of Memory in Use: 46%
Physical Memory (total/avail): 2045.68 MiB / 1088.75 MiB
Pagefile Memory (total/avail): 4328.65 MiB / 3188.05 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1902.92 MiB

C: is Fixed (NTFS) - 84.67 GiB total, 48.78 GiB free.
D: is Fixed (NTFS) - 6.96 GiB total, 2.41 GiB free.
E: is CDROM (No Media)
F: is Fixed (NTFS) - 57.42 GiB total, 48.6 GiB free.

\\.\PHYSICALDRIVE0 - WDC WD1600BEVS-60RST0 - 149.05 GiB - 3 partitions
\PARTITION0 (bootable) - Installable File System - 84.67 GiB - C:
\PARTITION1 - Installable File System - 57.42 GiB - F:
\PARTITION2 - Installable File System - 6.96 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FW: COMODO Firewall Pro v3.0 (COMODO)
AV: AVG Anti-Virus Free v8.0 (AVG Technologies)
AS: AVG Anti-Virus Free v8.0 (AVG Technologies) Disabled
AS: Spybot - Search and Destroy v1.0.0.5 (Safer Networking Ltd.) Outdated
AS: AVG Anti-Spyware v7, 5, 1, 43 (GRISOFT s.r.o.)
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Tim\AppData\Roaming
CommonProgramFiles=C:\Program Files\Common Files
COMPIERE_HOME=C:\Compiere2
COMPUTERNAME=TIM
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Tim
JAVA_HOME=C:\Program Files\Java\jdk1.5.0_15
LOCALAPPDATA=C:\Users\Tim\AppData\Local
LOGONSERVER=\\TIM
NUMBER_OF_PROCESSORS=2
OnlineServices=Online Services
OS=Windows_NT
Path=C:\Program Files\Java\jdk1.5.0_15\bin;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;c:\Program Files\Bioscrypt\VeriSoft\bin
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PCBRAND=Pavilion
PLATFORM=MCD
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 13, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0d
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
RoxioCentral=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\Tim\AppData\Local\Temp
TMP=C:\Users\Tim\AppData\Local\Temp
USERDOMAIN=TIM
USERNAME=Tim
USERPROFILE=C:\Users\Tim
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

Tim
tinypgsvc


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0015-0413-0000-0000000FF1CE} /uninstall {4059772C-68BA-4FE4-9B6E-3EC37C0C4624}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0016-0413-0000-0000000FF1CE} /uninstall {4059772C-68BA-4FE4-9B6E-3EC37C0C4624}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0018-0413-0000-0000000FF1CE} /uninstall {4059772C-68BA-4FE4-9B6E-3EC37C0C4624}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0019-0413-0000-0000000FF1CE} /uninstall {4059772C-68BA-4FE4-9B6E-3EC37C0C4624}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001A-0413-0000-0000000FF1CE} /uninstall {4059772C-68BA-4FE4-9B6E-3EC37C0C4624}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001B-0413-0000-0000000FF1CE} /uninstall {4059772C-68BA-4FE4-9B6E-3EC37C0C4624}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0044-0413-0000-0000000FF1CE} /uninstall {4059772C-68BA-4FE4-9B6E-3EC37C0C4624}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-006E-0413-0000-0000000FF1CE} /uninstall {1120A001-69F4-43D2-83CE-716B2DC4366F}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-006E-0413-0000-0000000FF1CE} /uninstall {1120A001-69F4-43D2-83CE-716B2DC4366F}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-006E-0413-0000-0000000FF1CE} /uninstall {1120A001-69F4-43D2-83CE-716B2DC4366F}
Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player 9 ActiveX --> C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 - Nederlands --> MsiExec.exe /I{AC76BA86-7AD7-1043-7B44-A81200000003}
Adobe Shockwave Player 11 --> C:\Windows\system32\adobe\SHOCKW~1\UNWISE.EXE C:\Windows\system32\Adobe\SHOCKW~1\Install.log
AuthenTec Fingerprint Sensor Minimum Install --> MsiExec.exe /I{B61B6668-A674-4A06-8405-51944D5CCDDD}
AVG Free 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Avi2Dvd 0.4.5 beta --> C:\Program Files\Avi2Dvd\uninst.exe
AviSynth 2.5 --> "C:\Program Files\AviSynth 2.5\Uninstall.exe"
Azureus Vuze --> C:\Program Files\Azureus\uninstall.exe
Canon MP Navigator EX 1.0 --> "C:\Program Files\Canon\MP Navigator EX 1.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator EX 1.0\uninst.ini
Canon MP520 series --> "C:\Windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP520_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP520_series /L0x0013
Canon My Printer --> C:\Program Files\Canon\MyPrinter\uninst.exe uninst.ini
Canon Utilities Solution Menu --> C:\Program Files\Canon\SolutionMenu\uninst.exe uninst.ini
COMODO Firewall Pro --> C:\Program Files\COMODO\Firewall\cfpconfg.exe -u
COMODO SafeSurf --> C:\Program Files\COMODO\SafeSurf\cssconfg.exe -u
DC++ 0.705 --> "C:\Program Files\DC++\uninstall.exe"
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DivXG400 --> "C:\Windows\IPUI_DivXG400.exe" /U /D
ESU for Microsoft Vista --> MsiExec.exe /X{6DEAF5C3-28BF-45EA-88C0-90B2FB27D1D2}
FrostWire 4.13.5 --> C:\Program Files\FrostWire\Uninstall.exe
Gebruikersregistratie voor Canon MP520 series --> C:\Program Files\Canon\IJEREG\MP520 series\UNINST.EXE
Google Earth --> MsiExec.exe /I{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}
Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Hewlett-Packard Active Check --> MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Hewlett-Packard Asset Agent --> MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Active Support Library --> C:\Program Files\InstallShield Installation Information\{290B83AA-093A-45BF-A917-D1C4A1E8D917}\setup.exe -runfromtemp -l0x0409
HP Active Support Library 32 bit components --> MsiExec.exe /I{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}
HP Customer Experience Enhancements --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}\setup.exe" -l0x9 -removeonly
HP Doc Viewer --> MsiExec.exe /I{082702D5-5DD8-4600-BCE5-48B15174687F}
HP Easy Setup - Frontend --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40F7AED3-0C7D-4582-99F6-484A515C73F2}\setup.exe" -l0x9 -removeonly
HP Help and Support --> MsiExec.exe /I{9061CEF2-51F5-42C9-8A70-9ED351C6597A}
HP Photosmart Essential 2.0 --> C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Quick Launch Buttons 6.20 B1 --> C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe -runfromtemp -l0x0013 uninst
HP QuickPlay 3.2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\setup.exe" -uninstall
HP Update --> MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
HP User Guides 0056 --> MsiExec.exe /I{5AB56552-6938-4686-9F87-DB0ED8D1E06B}
HP Wireless Assistant --> MsiExec.exe /I{D32067CD-7409-4792-BFA0-1469BCD8F0C8}
Intel Matrix Storage Manager --> C:\Windows\system32\imsmudlg.exe -uninstall
J2SE Development Kit 5.0 Update 15 --> MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0150150}
J2SE Runtime Environment 5.0 Update 15 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150150}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
K-Lite Codec Pack 2.27 Full --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
Kaspersky Online Scanner --> C:\Windows\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
LiveUpdate Notice (Symantec Corporation) --> MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Microsoft Office Access MUI (Dutch) 2007 --> MsiExec.exe /X{90120000-0015-0413-0000-0000000FF1CE}
Microsoft Office Excel MUI (Dutch) 2007 --> MsiExec.exe /X{90120000-0016-0413-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Dutch) 2007 --> MsiExec.exe /X{90120000-0044-0413-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Dutch) 2007 --> MsiExec.exe /X{90120000-001A-0413-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Dutch) 2007 --> MsiExec.exe /X{90120000-0018-0413-0000-0000000FF1CE}
Microsoft Office Professional Editie 2003 --> MsiExec.exe /I{90110413-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Plus 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007 --> MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Project 2007 Service Pack 1 (SP1) --> msiexec /package {90120000-003B-0000-0000-0000000FF1CE} /uninstall {C1877F6E-C1C8-486D-A697-86431029690C}
Microsoft Office Project 2007 Service Pack 1 (SP1) --> msiexec /package {90120000-00B4-0413-0000-0000000FF1CE} /uninstall {74C62E21-DA95-4C54-8840-DE989162D4DF}
Microsoft Office Project MUI (Dutch) 2007 --> MsiExec.exe /X{90120000-00B4-0413-0000-0000000FF1CE}
Microsoft Office Project Professional 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PRJPRO /dll OSETUP.DLL
Microsoft Office Project Professional 2007 --> MsiExec.exe /X{90120000-003B-0000-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007 --> MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007 --> MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proofing (Dutch) 2007 --> MsiExec.exe /X{90120000-002C-0413-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Dutch) 2007 --> MsiExec.exe /X{90120000-0019-0413-0000-0000000FF1CE}
Microsoft Office Shared MUI (Dutch) 2007 --> MsiExec.exe /X{90120000-006E-0413-0000-0000000FF1CE}
Microsoft Office Visio 2007 Service Pack 1 (SP1) --> msiexec /package {90120000-0051-0000-0000-0000000FF1CE} /uninstall {AA4F2610-5FF1-4DCD-A6FB-BCA2D09A6443}
Microsoft Office Visio 2007 Service Pack 1 (SP1) --> msiexec /package {90120000-0054-0413-0000-0000000FF1CE} /uninstall {E6712B7E-3C7C-49B6-9662-E7113EB8B09C}
Microsoft Office Visio MUI (Dutch) 2007 --> MsiExec.exe /X{90120000-0054-0413-0000-0000000FF1CE}
Microsoft Office Visio Professional 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall VISPRO /dll OSETUP.DLL
Microsoft Office Visio Professional 2007 --> MsiExec.exe /X{90120000-0051-0000-0000-0000000FF1CE}
Microsoft Office Word MUI (Dutch) 2007 --> MsiExec.exe /X{90120000-001B-0413-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works --> MsiExec.exe /I{A2A0A82F-025F-458d-A0CD-9BB2320804B5}
Motorola SM56 Data Fax Modem --> rundll32.exe sm56co6a.dll,SM56UnInstaller
MSCU for Microsoft Vista --> MsiExec.exe /X{8657F94B-3BCD-40CE-879C-56DE0A04D76D}
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
NetBeans IDE 6.1 --> "C:\Program Files\NetBeans 6.1\uninstall.exe"
Nokia Connectivity Cable Driver --> RUNDLL32.EXE nsesetup.dll,DoNTUninst
NVIDIA Drivers --> C:\Windows\system32\NVUNINST.EXE UninstallGUI
PostgreSQL 8.2 --> MsiExec.exe /I{1F701DBD-1660-4108-B10A-FB435EA63BF0}
Realtek High Definition Audio Driver --> RtlUpd.exe -r -m
Roxio Activation Module --> MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
Roxio Creator Audio --> MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator Basic v9 --> MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Copy --> MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data --> MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator EasyArchive --> MsiExec.exe /I{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
Roxio Creator Tools --> MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Express Labeler 3 --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD Basic v9 --> MsiExec.exe /I{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}
ScanSoft OmniPage SE 4 --> MsiExec.exe /X{DEE88727-779B-47A9-ACEF-F87CA5F92A65}
Security Update for Excel 2007 (KB946974) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Microsoft Office Publisher 2007 (KB950114) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Office 2007 (KB947801) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Outlook 2007 (KB946983) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
Security Update for Visio 2007 (KB947590) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Security Update for Visio 2007 (KB947590) --> msiexec /package {90120000-0051-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Symantec Technical Support Web Controls --> MsiExec.exe /X{20C53FA2-4307-4671-A93F-9463B29DFCF1}
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Update for Office 2007 (KB946691) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Office 2007 (KB946691) --> msiexec /package {90120000-003B-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Office 2007 (KB946691) --> msiexec /package {90120000-0051-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb950378) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F6296086-AED5-4EC0-938B-08EA0254F20E}
VeriSoft Access Manager --> rundll32.exe "c:\Program Files\Bioscrypt\VeriSoft\Bin\SetupHelper.dll",ExecMain /Uninstall {0ABA40AF-288D-41F1-B735-C5155692CD7D}
version 6.0 --> "C:\Program Files\MikSoftware\Reading\unins000.exe"
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Live Messenger --> MsiExec.exe /I{9816B8B8-4B53-4D3D-9235-AD931252001D}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type9461 / Warning
Event Submitted/Written: 06/08/2008 11:02:10 AM
Event ID/Source: 1530 / profsvc
Event Description:
Uw registerbestand is nog steeds in gebruik door andere toepassingen of services. Het bestand wordt nu verwijderd. De toepassingen en services die het registerbestand nu gebruiken, werken achteraf mogelijk niet meer goed.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-1036322697-247106373-3628819309-1002_Classes:
Process 1128 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1036322697-247106373-3628819309-1002_CLASSES

Event Record #/Type9460 / Warning
Event Submitted/Written: 06/08/2008 11:02:09 AM
Event ID/Source: 1530 / profsvc
Event Description:
Uw registerbestand is nog steeds in gebruik door andere toepassingen of services. Het bestand wordt nu verwijderd. De toepassingen en services die het registerbestand nu gebruiken, werken achteraf mogelijk niet meer goed.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-1036322697-247106373-3628819309-1002:
Process 1128 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1036322697-247106373-3628819309-1002

Event Record #/Type9455 / Warning
Event Submitted/Written: 06/08/2008 11:01:41 AM
Event ID/Source: 1530 / profsvc
Event Description:
Uw registerbestand is nog steeds in gebruik door andere toepassingen of services. Het bestand wordt nu verwijderd. De toepassingen en services die het registerbestand nu gebruiken, werken achteraf mogelijk niet meer goed.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-1036322697-247106373-3628819309-1000_Classes:
Process 1128 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1036322697-247106373-3628819309-1000_CLASSES

Event Record #/Type9452 / Warning
Event Submitted/Written: 06/08/2008 11:01:41 AM
Event ID/Source: 1530 / profsvc
Event Description:
Uw registerbestand is nog steeds in gebruik door andere toepassingen of services. Het bestand wordt nu verwijderd. De toepassingen en services die het registerbestand nu gebruiken, werken achteraf mogelijk niet meer goed.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-1036322697-247106373-3628819309-1000:
Process 1128 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1036322697-247106373-3628819309-1000

Event Record #/Type9443 / Success
Event Submitted/Written: 06/08/2008 10:59:02 AM
Event ID/Source: 5617 / WinMgmt
Event Description:




-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type52551 / Warning
Event Submitted/Written: 06/08/2008 11:21:12 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%TIM27 Real-Time Protection-agent heeft wijzigingen gedetecteerd. Er wordt aanbevolen om de software die deze wijzigingen heeft gemaakt te onderzoeken op mogelijke risicio's. U kunt de informatie over hoet deze programma's werken, gebruiken om te bepalen of u deze op uw computer wilt uitvoeren of wilt verwijderen. Sta de wijzigingen alleen toe als u de software of de uitgever ervan vertrouwt.

Zie voor meer informatie:
%TIM275

Scan-id: {92200CE9-E4EE-4481-A5D7-CE57C7FCAC6A}

Gebruiker: TIM\Tim

Naam: %TIM271

Id: %TIM272

Ernst-id: %TIM273

Categorie-id: %TIM274

Gevonden pad: %TIM276

Type waarschuwing: %TIM278

Type detectie: 1.1.1600.02

Event Record #/Type52550 / Warning
Event Submitted/Written: 06/08/2008 11:21:12 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%TIM27 Real-Time Protection-agent heeft wijzigingen gedetecteerd. Er wordt aanbevolen om de software die deze wijzigingen heeft gemaakt te onderzoeken op mogelijke risicio's. U kunt de informatie over hoet deze programma's werken, gebruiken om te bepalen of u deze op uw computer wilt uitvoeren of wilt verwijderen. Sta de wijzigingen alleen toe als u de software of de uitgever ervan vertrouwt.

Zie voor meer informatie:
%TIM275

Scan-id: {87FBBA1D-1F38-46EE-AD3E-E09A858A86A2}

Gebruiker: TIM\Tim

Naam: %TIM271

Id: %TIM272

Ernst-id: %TIM273

Categorie-id: %TIM274

Gevonden pad: %TIM276

Type waarschuwing: %TIM278

Type detectie: 1.1.1600.02

Event Record #/Type52549 / Warning
Event Submitted/Written: 06/08/2008 11:21:12 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%TIM27 Real-Time Protection-agent heeft wijzigingen gedetecteerd. Er wordt aanbevolen om de software die deze wijzigingen heeft gemaakt te onderzoeken op mogelijke risicio's. U kunt de informatie over hoet deze programma's werken, gebruiken om te bepalen of u deze op uw computer wilt uitvoeren of wilt verwijderen. Sta de wijzigingen alleen toe als u de software of de uitgever ervan vertrouwt.

Zie voor meer informatie:
%TIM275

Scan-id: {A9C67828-CB86-4A61-8E8C-657E8C5FF672}

Gebruiker: TIM\Tim

Naam: %TIM271

Id: %TIM272

Ernst-id: %TIM273

Categorie-id: %TIM274

Gevonden pad: %TIM276

Type waarschuwing: %TIM278

Type detectie: 1.1.1600.02

Event Record #/Type52548 / Warning
Event Submitted/Written: 06/08/2008 11:21:09 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%TIM27 Real-Time Protection-agent heeft wijzigingen gedetecteerd. Er wordt aanbevolen om de software die deze wijzigingen heeft gemaakt te onderzoeken op mogelijke risicio's. U kunt de informatie over hoet deze programma's werken, gebruiken om te bepalen of u deze op uw computer wilt uitvoeren of wilt verwijderen. Sta de wijzigingen alleen toe als u de software of de uitgever ervan vertrouwt.

Zie voor meer informatie:
%TIM275

Scan-id: {18DB9C22-777D-4071-9B8C-8A394075D2B8}

Gebruiker: TIM\Tim

Naam: %TIM271

Id: %TIM272

Ernst-id: %TIM273

Categorie-id: %TIM274

Gevonden pad: %TIM276

Type waarschuwing: %TIM278

Type detectie: 1.1.1600.02

Event Record #/Type52547 / Warning
Event Submitted/Written: 06/08/2008 11:21:09 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%TIM27 Real-Time Protection-agent heeft wijzigingen gedetecteerd. Er wordt aanbevolen om de software die deze wijzigingen heeft gemaakt te onderzoeken op mogelijke risicio's. U kunt de informatie over hoet deze programma's werken, gebruiken om te bepalen of u deze op uw computer wilt uitvoeren of wilt verwijderen. Sta de wijzigingen alleen toe als u de software of de uitgever ervan vertrouwt.

Zie voor meer informatie:
%TIM275

Scan-id: {994E1841-357F-4AD0-8C11-007EA5D9937C}

Gebruiker: TIM\Tim

Naam: %TIM271

Id: %TIM272

Ernst-id: %TIM273

Categorie-id: %TIM274

Gevonden pad: %TIM276

Type waarschuwing: %TIM278

Type detectie: 1.1.1600.02



-- End of Deckard's System Scanner: finished at 2008-06-08 11:25:50 ------------



Deckard's System Scanner v20071014.68
Run by Tim on 2008-06-08 11:18:19
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
8: 2008-06-08 00:07:34 UTC - RP184 - Windows Update
7: 2008-06-07 18:08:52 UTC - RP183 - Removed Salling Clicker
6: 2008-06-07 18:05:35 UTC - RP182 - Removed Symantec Technical Support Web Controls
5: 2008-06-07 14:34:35 UTC - RP181 - Installed Ad-Aware
4: 2008-06-07 14:31:05 UTC - RP180 - Installed AVG Free 8.0


-- First Restore Point --
1: 2008-06-05 19:11:21 UTC - RP177 - Last known good configuration


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Tim.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:20:41, on 8-6-2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Internet Explorer\ieuser.exe
F:\Bureaublad\dss.exe
C:\Windows\system32\conime.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Tim.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {35B9495B-6DA7-4D00-AD74-81DE45049F92} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: (no name) - {CCB4D15E-11A5-48B7-B1DB-3C9BED48A6A9} - (no file)
O2 - BHO: VeriSoft Access Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll
O2 - BHO: (no name) - {F4EAAAFE-B057-4AAA-BDFF-BD080A04ABE5} - C:\Windows\system32\urqPjJDT.dll (file missing)
O2 - BHO: (no name) - {FE0F2805-B2C2-4827-B436-4F717BC447E6} - (no file)
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WinClicker.exe] "C:\Program Files\Salling Software AB\Salling Clicker\WinClicker.exe" -atboottime
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Tim\AppData\Local\Temp\rqRLcYrP.dll,#1
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\OFFICE~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_15\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_15\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\OFFICE~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/OnlineScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6D54C2DB-C57A-4781-8330-4ED1429A9324}: NameServer = 194.165.94.1,194.165.94.5
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: APSHook.dll,C:\Windows\system32\guard32.dll,C:\Windows\system32\cssdll32.dll,avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
O23 - Service: PostgreSQL4TinyERP (pgsql-8.2) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL4TinyERP\bin\pg_ctl.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe

--
End of file - 10840 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

All drivers whitelisted.


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 CLCapSvc (CyberLink Background Capture Service (CBCS)) - "c:\program files\hp\quickplay\kernel\tv\clcapsvc.exe" <Not Verified; ; CLCapSvc Module>

S2 CLSched (CyberLink Task Scheduler (CTS)) - "c:\program files\hp\quickplay\kernel\tv\clsched.exe" <Not Verified; ; CLSched Module>
S2 pgsql-8.2 (PostgreSQL4TinyERP) - "c:\program files\postgresql4tinyerp\bin\pg_ctl.exe" runservice -w -n "pgsql-8.2" -d "c:\program files\postgresql4tinyerp\data\" <Not Verified; PostgreSQL Global Development Group; PostgreSQL>
S3 Com4Qlb - "c:\program files\hewlett-packard\hp quick launch buttons\com4qlb.exe" <Not Verified; Hewlett-Packard Development Company, L.P.; HP Quick Launch Buttons>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2008-05-08 and 2008-06-08 -----------------------------

2008-06-08 00:03:18 0 d-------- C:\Program Files\Trend Micro
2008-06-07 23:50:01 0 d-------- C:\Windows\system32\Kaspersky Lab
2008-06-07 17:50:00 0 d-------- C:\Windows\pss
2008-06-07 16:41:14 0 d--h----- C:\$AVG8.VAULT$
2008-06-07 16:35:08 0 d-------- C:\Program Files\Lavasoft
2008-06-07 16:35:07 0 d-------- C:\Users\All Users\Lavasoft
2008-06-07 16:31:30 0 d-------- C:\Windows\system32\drivers\Avg
2008-06-07 16:31:19 0 d-------- C:\Users\All Users\avg8
2008-06-07 16:31:19 0 d-------- C:\Program Files\AVG
2008-06-07 16:06:20 0 -rahs---- C:\MSDOS.SYS
2008-06-07 16:06:20 0 -rahs---- C:\IO.SYS
2008-06-05 21:20:52 0 d-------- C:\Program Files\Alwil Software
2008-06-05 21:10:25 345 --ahs---- C:\Windows\system32\Xabddfii.ini2
2008-06-05 20:22:55 0 d-------- C:\Users\All Users\comodo
2008-06-05 20:22:55 0 d-------- C:\Program Files\COMODO
2008-06-05 19:00:09 345 --ahs---- C:\Windows\system32\TDJjPqru.ini2
2008-05-29 22:12:59 0 d-------- C:\Users\All Users\eSellerate
2008-05-29 22:11:24 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-26 19:49:41 0 d-------- C:\Windows\system32\temp
2008-05-26 19:49:41 0 d-------- C:\Windows\system32\deleteditems
2008-05-26 19:49:08 0 d-------- C:\Program Files\MikSoftware
2008-05-23 22:21:47 0 d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-05-23 20:23:11 0 d-------- C:\Windows\system32\Adobe
2008-05-23 20:08:08 0 d-------- C:\Users\Tim\.matplotlib
2008-05-23 19:25:45 0 d--hs---- C:\Users\tinypgsvc\Sjablonen
2008-05-23 19:25:45 0 d--hs---- C:\Users\tinypgsvc\SendTo
2008-05-23 19:25:45 0 d--hs---- C:\Users\tinypgsvc\Recent
2008-05-23 19:25:45 0 d--hs---- C:\Users\tinypgsvc\Netwerkprinteromgeving
2008-05-23 19:25:45 0 d--hs---- C:\Users\tinypgsvc\NetHood
2008-05-23 19:25:45 0 d--hs---- C:\Users\tinypgsvc\Mijn documenten
2008-05-23 19:25:45 0 d--hs---- C:\Users\tinypgsvc\Menu Start
2008-05-23 19:25:45 0 d--hs---- C:\Users\tinypgsvc\Local Settings
2008-05-23 19:25:45 0 d--hs---- C:\Users\tinypgsvc\Cookies
2008-05-23 19:25:45 0 d--hs---- C:\Users\tinypgsvc\Application Data
2008-05-23 19:25:43 0 dr------- C:\Users\tinypgsvc\Videos
2008-05-23 19:25:43 0 d-------- C:\Users\tinypgsvc\Saved Games
2008-05-23 19:25:43 0 dr------- C:\Users\tinypgsvc\Pictures
2008-05-23 19:25:43 200704 --a------ C:\Users\tinypgsvc\NTUSER.DAT
2008-05-23 19:25:43 0 dr------- C:\Users\tinypgsvc\Music
2008-05-23 19:25:43 0 dr------- C:\Users\tinypgsvc\Links
2008-05-23 19:25:43 0 dr------- C:\Users\tinypgsvc\Favorites
2008-05-23 19:25:43 0 dr------- C:\Users\tinypgsvc\Downloads
2008-05-23 19:25:43 0 dr------- C:\Users\tinypgsvc\Documents
2008-05-23 19:25:43 0 dr------- C:\Users\tinypgsvc\Desktop
2008-05-23 19:25:43 0 d--h----- C:\Users\tinypgsvc\AppData
2008-05-23 19:24:31 0 d-------- C:\Program Files\PostgreSQL4TinyERP
2008-05-23 19:22:37 0 d-------- C:\Program Files\TinyERP Client
2008-05-22 19:53:22 0 d-------- C:\Users\All Users\InstallShield
2008-05-22 19:52:48 0 d-------- C:\Users\All Users\ScanSoft
2008-05-22 19:52:48 0 d-------- C:\Program Files\Common Files\ScanSoft Shared
2008-05-22 19:52:06 0 d-------- C:\Program Files\ScanSoft
2008-05-22 18:04:25 0 d-------- C:\Program Files\Common Files\CANON
2008-05-22 17:46:14 0 d--h----- C:\Users\All Users\CanonBJ
2008-05-22 17:44:55 0 d--h----- C:\Windows\system32\CanonIJ Uninstaller Information
2008-05-22 17:42:08 0 d--h----- C:\Program Files\CanonBJ
2008-05-22 17:39:58 0 d-------- C:\Program Files\Canon
2008-05-17 23:22:40 0 d-------- C:\Users\Tim\.netbeans
2008-05-17 21:23:25 0 d-------- C:\Program Files\NetBeans 6.1
2008-05-17 19:34:40 0 d-------- C:\Compiere2
2008-05-17 15:06:57 0 d-------- C:\Windows\Sun
2008-05-11 13:27:45 0 d-------- C:\Users\All Users\Google Updater


-- Find3M Report ---------------------------------------------------------------

2008-06-08 11:02:23 27145 --a------ C:\Users\Tim\AppData\Roaming\nvModes.001
2008-06-07 14:51:05 0 d-------- C:\Users\Tim\AppData\Roaming\Azureus
2008-06-05 20:28:56 670314 --a------ C:\Windows\system32\perfh013.dat
2008-06-05 20:28:55 127900 --a------ C:\Windows\system32\perfc013.dat
2008-06-05 20:22:56 0 d-------- C:\Users\Tim\AppData\Roaming\Comodo
2008-06-05 20:21:01 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-05 20:18:36 0 d-------- C:\Program Files\Common Files
2008-06-05 18:29:57 0 d-------- C:\Users\Tim\AppData\Roaming\Symantec
2008-05-29 22:13:17 0 d-------- C:\Users\Tim\AppData\Roaming\Salling Software AB
2008-05-23 20:54:39 0 d-------- C:\Users\Tim\AppData\Roaming\Adobe
2008-05-23 19:56:16 0 d-------- C:\Users\Tim\AppData\Roaming\gtk-2.0
2008-05-22 19:53:08 0 d-------- C:\Users\Tim\AppData\Roaming\ScanSoft
2008-05-22 19:52:45 0 d-------- C:\Program Files\Common Files\InstallShield
2008-05-22 18:06:38 0 d-------- C:\Users\Tim\AppData\Roaming\Canon
2008-05-21 20:19:13 0 d-------- C:\Program Files\MSN Messenger
2008-05-19 19:49:25 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-17 21:22:58 0 d-------- C:\Program Files\Java
2008-05-17 16:02:03 0 d-------- C:\Users\Tim\AppData\Roaming\Flexsim4
2008-05-15 22:20:13 174 --ahs---- C:\Program Files\desktop.ini
2008-05-15 21:21:17 0 d-------- C:\Program Files\Windows Sidebar
2008-05-15 21:21:17 0 d-------- C:\Program Files\Windows Calendar
2008-05-15 21:21:16 0 d-------- C:\Program Files\Movie Maker
2008-05-15 21:21:15 0 d-------- C:\Program Files\Windows Mail
2008-05-15 21:21:12 0 d-------- C:\Program Files\Windows Collaboration
2008-05-15 21:21:11 0 d-------- C:\Program Files\Windows Journal
2008-05-15 21:21:10 0 d-------- C:\Program Files\Windows Photo Gallery
2008-05-15 21:21:04 0 d-------- C:\Program Files\Windows Defender
2008-05-11 13:32:14 0 d-------- C:\Users\Tim\AppData\Roaming\Google
2008-05-11 13:31:34 0 d-------- C:\Program Files\Google
2008-04-29 23:02:50 0 d-------- C:\Program Files\Avi2Dvd
2008-04-29 18:17:00 0 d-------- C:\Users\Tim\AppData\Roaming\Roxio
2008-04-26 15:02:47 0 d-------- C:\Users\Tim\AppData\Roaming\DivX
2008-04-26 09:55:37 0 d-------- C:\Program Files\AviSynth 2.5
2008-04-25 19:51:35 0 d-------- C:\Program Files\DivX
2008-04-25 19:51:28 0 d-------- C:\Program Files\Common Files\PX Storage Engine
2008-04-25 19:43:01 262865 --a------ C:\Windows\IPUI_DivXG400.exe <Not Verified; ; wingpack Application>
2008-04-24 20:28:29 21868 --a------ C:\Users\Tim\AppData\Roaming\Door lijstscheidingstekens gescheiden waarden (DOS).ADR
2008-04-24 20:14:45 38428 --a------ C:\Users\Tim\AppData\Roaming\Microsoft Excel 97-2003.ADR
2008-04-20 22:08:47 35682 --a------ C:\Users\Tim\AppData\Roaming\Door lijstscheidingstekens gescheiden waarden (Windows).ADR
2008-04-20 09:33:48 0 d-------- C:\Users\Tim\AppData\Roaming\WinRAR
2008-04-15 21:15:24 0 d-------- C:\Program Files\K-Lite Codec Pack
2008-04-15 19:20:39 0 d-------- C:\Program Files\Azureus
2008-04-14 21:21:30 0 d-------- C:\Users\Tim\AppData\Roaming\FrostWire
2008-04-13 20:45:03 0 d-------- C:\Users\Tim\AppData\Roaming\SecondLife
2008-04-13 20:44:08 0 d-------- C:\Users\Tim\AppData\Roaming\Mozilla
2008-04-12 13:36:59 27145 --a------ C:\Users\Tim\AppData\Roaming\nvModes.dat
2008-04-10 21:13:35 0 d-------- C:\Program Files\DC++
2008-04-10 19:24:15 0 d-------- C:\Program Files\Frostwire
2008-04-10 19:21:44 0 d-------- C:\Users\Tim\AppData\Roaming\Winamp
2008-04-10 19:16:03 0 d-------- C:\Program Files\Winamp
2008-04-10 18:49:12 0 d-------- C:\Program Files\Common Files\Adobe
2008-04-09 22:23:24 0 d-------- C:\Program Files\Firewall Plus
2008-04-09 21:19:13 0 d-------- C:\Program Files\Office 2003
2008-04-09 20:37:07 0 d-------- C:\Program Files\Microsoft Works
2008-04-09 20:36:51 0 d-------- C:\Program Files\MSBuild
2008-04-09 20:35:59 0 d-------- C:\Program Files\Microsoft.NET
2008-04-09 20:33:47 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2008-04-07 18:00:18 0 --a------ C:\Users\Tim\AppData\Roaming\wklnhst.dat
2008-04-06 22:00:48 24064 --a------ C:\Users\Tim\AppData\Roaming\UserTile.png
2008-04-06 15:18:34 81 --a------ C:\Windows\system32\LOG
2008-03-31 23:25:48 823296 --a------ C:\Windows\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-31 23:25:48 823296 --a------ C:\Windows\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-31 23:25:46 802816 --a------ C:\Windows\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-03-31 23:25:46 831488 --a------ C:\Windows\system32\divx_xx0a.dll
2008-03-31 23:25:46 682496 --a------ C:\Windows\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-21 22:30:08 3596288 --a------ C:\Windows\system32\qt-dx331.dll
2008-03-21 22:28:54 196608 --a------ C:\Windows\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-03-21 22:28:54 81920 --a------ C:\Windows\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-03-21 22:28:20 12288 --a------ C:\Windows\system32\DivXWMPExtType.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{35B9495B-6DA7-4D00-AD74-81DE45049F92}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CCB4D15E-11A5-48B7-B1DB-3C9BED48A6A9}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F4EAAAFE-B057-4AAA-BDFF-BD080A04ABE5}]
C:\Windows\system32\urqPjJDT.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FE0F2805-B2C2-4827-B436-4F717BC447E6}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [19-01-2008 09:38]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [09-10-2006 22:43]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [15-09-2007 02:50]
"RtHDVCpl"="RtHDVCpl.exe" [09-03-2007 19:50 C:\Windows\RtHDVCpl.exe]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [12-02-2007 16:37]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [23-04-2007 18:11]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [13-02-2007 11:38]
"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [12-03-2007 11:54]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [01-03-2007 13:18]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [10-01-2007 16:12]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [16-02-2005 23:11]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22-02-2008 04:25]
"CognizanceTS"="c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll" [22-12-2003 20:12]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [15-09-2007 02:29]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [01-05-2007 12:27]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [01-05-2007 12:27]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [01-05-2007 12:27]
"CanonSolutionMenu"="C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe" [14-05-2007 18:01]
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [03-04-2007 18:50]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [25-10-2006 09:03]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [04-02-2007 12:02]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" [29-01-2008 17:38]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [05-06-2008 20:22]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [07-06-2008 16:31]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [19-01-2008 09:33]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [28-01-2008 11:43]
"WinClicker.exe"="C:\Program Files\Salling Software AB\Salling Clicker\WinClicker.exe" []
"MSServer"="C:\Users\Tim\AppData\Local\Temp\rqRLcYrP.dll,#1" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"Launcher"=%WINDIR%\SMINST\launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableUIADesktopToggle"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=APSHook.dll,C:\Windows\system32\guard32.dll,C:\Windows\system32\cssdll32.dll,avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli ASWLNPkg
"Authentication Packages"= msv1_0 C:\Windows\system32\urqPjJDT

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\Windows\pss\Google Updater.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM1ebcc5b6]
Rundll32.exe "C:\Users\Tim\AppData\Local\Temp\qkpykgio.dll",s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSServer]
rundll32.exe C:\Users\Tim\AppData\Local\Temp\rqRLcYrP.dll,#1

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinClicker.exe]
"C:\Program Files\Salling Software AB\Salling Clicker\WinClicker.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient SstpSvc
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
Cognizance ASBroker ASChannel
GPSvcGroup GPSvc


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-06-08 11:25:50 ------------

BC AdBot (Login to Remove)

 


#2 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:11:02 AM

Posted 09 June 2008 - 09:38 AM

Hello Peter66 and welcome to BleepingComputer,

1. * Clean your Cache and Cookies in IE:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Under Browsing History, click Delete.
  • Click Delete Files, Delete cookies and Delete history
  • Click Close below.
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu..
  • Click the Clear now button below.. A new window will popup what to clear.
  • Select all and click the Clear button again.
  • Click OK to close the Options window
* Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.
2. Please download Malwarebytes' Anti-Malware from Here or Here

Doubleclick mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply along with a fresh HijackThis log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

3. Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.
The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you .

In the event you already have Combofix, delete your current version and download the latest version as described in the tutorial.
It must be saved directly to your desktop.


Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.

Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. :thumbsup:

If you have any questions along the way, STOP and ask them before proceeding !!

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#3 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:11:02 AM

Posted 07 July 2008 - 04:16 AM

Since there is no feedback anymore, I assume this issue is resolved ... so, this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users