spybot search & destroy doesn't run,various infections detected at an online scan

[in_the_woods]

Hi,

First of all I can't run spybot - search & destroy. Every time I try , the pc will either freeze or shut down and restart by itself. I tried to run it in safe mode but had the same results. The pc had a symantec antivirus in the past but does not have an antivirus now , so I tried to do an online scan at kaspersky's website but the scan failed twice. I do not remember if the pc freezed or if it shut down. I managed to do a scan at panda's website and it found various infections.


The pc is very very slow and it will frequently shut down and restart. I was using internet explorer 7 and it to was very slow. I updated to IE8 but it performed like IE7. When I switched to mozilla , right after installation I noticed that mozilla would load instantly and so did the webpages , but after a while it was performing like IE , perhaps slightly better.

I found some days ago a file named "jkos-admin" which I deleted but I kept it in the recycle bin just in case it could give you some informations , I could not find it after a system restore was performed. Perhaps I emptied the recycle bin by mistake. I think it was here : documents and settings/admin/local settings/temp, but it is not there now.

Some weeks ago and with the pc performing as bad as it does now , I cleaned the registry with CCleaner. It didn't seem to affect the pc in some way.



1) There is a "P2P Networking" icon in the control's panel and a P2PNetworking.eng in my hard drive. Should I just delete this?

2)Do you want me to paste the log of the panda scan?


3)I have an older version of spybot. I installed the new version without updating through the old one , so now I have two installed. Should I uninstall the older version?. It has some items quarantined. What must I do with these?

I would very much appreciate any help and advise you could give. Thank you very much.

P.S. I don't speak English very well and I do not know much about computers so I apologise if something I wrought does not make much sence.





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:45:04 μμ, on 9/8/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\admin\Επιφάνεια εργασίας\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mech.ntua.gr/gr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Συνδέσεις
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Βοηθός εισόδου του Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: RX Toolbar - {25D8BACF-3DE2-4B48-AE22-D659B8D835B0} - C:\Program Files\RXToolBar\RXToolBar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: PartMetBackup.lnk.disabled
O4 - Startup: PowerReg Scheduler V3.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Ε&ξαγωγή στο Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {A0CC33E0-9DF0-4361-A94D-E55C4008788F} (BiosAgentPlus ActiveX Control) - http://biosagentplus.com/files/biosagentplus.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{63D0C496-2805-4133-96DE-A217E53D116A}: NameServer = 194.219.227.2,193.92.150.3
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe

--
End of file - 5600 bytes

[Shaba]

Hi in_the_woods

Yes please post panda scan log next

[in_the_woods]

Hi Shaba


;***********************************************************************************************************************************************************************************
ANALYSIS: 2009-08-05 10:25:05
PROTECTIONS: 0
MALWARE: 18
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00029258 application/altnet HackTools No 0 Yes No hkey_local_machine\software\classes\appid\altnet signing module.exe
00029258 application/altnet HackTools No 0 Yes No hkey_classes_root\appid\{99a8e2b2-3405-4c0d-9110-131c14caaf62}
00029258 application/altnet HackTools No 0 Yes No HKEY_CLASSES_ROOT\TypeLib\{5830698F-7FC0-40CD-A453-9A0CAFDF3A64}
00029258 application/altnet HackTools No 0 Yes No HKEY_CLASSES_ROOT\AppID\{8B0FEF15-54DC-49F5-8377-8172DE975F75}
00029258 application/altnet HackTools No 0 Yes No HKEY_CLASSES_ROOT\Interface\{E79DADC6-18D0-4A2A-831F-D196D41F8438}
00029258 application/altnet HackTools No 0 Yes No hkey_local_machine\software\classes\appid\{99a8e2b2-3405-4c0d-9110-131c14caaf62}
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\admin\Cookies\admin@doubleclick[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\admin\Cookies\admin@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\admin\Cookies\admin@atdmt[1].txt
00141436 Application/P2PNetworking HackTools No 0 Yes No C:\WINDOWS\system32\P2P Networking v1263.cpl
00141437 Application/P2PNetworking HackTools No 0 Yes No C:\WINDOWS\Downloaded Program Files\WebP2PInstaller3.dll
00145869 Cookie/SpyLog TrackingCookie No 0 Yes No C:\Documents and Settings\admin\Cookies\admin@spylog[1].txt
00151738 W32/Lovgate.BU.worm Virus/Worm No 0 Yes No C:\fsc.tmp\driver\chipset\sis_chipset_ide_v2_04a_w2k_wxp\setupdir\0804\Mafia Trainer!!!.exe
00167014 adware/rxtoolbar Adware No 1 Yes No hkey_classes_root\rxtoolbar.tbinfo.1
00167014 adware/rxtoolbar Adware No 1 Yes No hkey_current_user\software\rx toolbar
00167014 adware/rxtoolbar Adware No 1 Yes No c:\program files\rxtoolbar
00167014 adware/rxtoolbar Adware No 1 Yes No hkey_local_machine\software\rxresults
00167014 adware/rxtoolbar Adware No 1 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{59879FA4-4790-461c-A1CC-4EC4DE4CA483}
00167014 adware/rxtoolbar Adware No 1 Yes No HKEY_LOCAL_MACHINE\software\classes\protocols\filter\text/html\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}
00167014 adware/rxtoolbar Adware No 1 Yes No HKEY_CLASSES_ROOT\TypeLib\{66B20295-DC57-42B6-ACDF-52D916E86464}
00167014 adware/rxtoolbar Adware No 1 Yes No HKEY_CLASSES_ROOT\Interface\{FB590D02-0A82-4F44-9FAD-517948DCF4F3}
00167014 adware/rxtoolbar Adware No 1 Yes No HKEY_LOCAL_MACHINE\software\classes\CLSID\{25D8BACF-3DE2-4B48-AE22-D659B8D835B0}
00167014 adware/rxtoolbar Adware No 1 Yes No hkey_classes_root\clsid\{25d8bacf-3de2-4b48-ae22-d659b8d835b0}
00167014 adware/rxtoolbar Adware No 1 Yes No hkey_local_machine\software\classes\rxtoolbar.tbinfo.1
00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Documents and Settings\admin\Cookies\admin@yadro[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\admin\Cookies\admin@ad.yieldmanager[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\admin\Cookies\admin@advertising[1].txt
00169752 application/need2find HackTools No 0 Yes No hkey_current_user\software\need2find
00169752 application/need2find HackTools No 0 Yes No hkey_local_machine\software\need2find
00169752 application/need2find HackTools No 0 Yes No c:\program files\need2find
00169752 Application/Need2Find HackTools No 0 Yes No C:\Program Files\Mozilla Firefox\plugins\NPNd2fn.dll
00169752 Application/Need2Find HackTools No 0 Yes No C:\System Volume Information\_restore{6A7D3704-4820-4689-BD42-CB6D54847B88}\RP786\A0911225.DLL
00169753 Application/Need2Find HackTools No 0 Yes No C:\System Volume Information\_restore{6A7D3704-4820-4689-BD42-CB6D54847B88}\RP786\A0911224.DLL
00180282 Application/Need2Find HackTools No 0 Yes No C:\System Volume Information\_restore{6A7D3704-4820-4689-BD42-CB6D54847B88}\RP786\A0911231.DLL
00180282 Application/Need2Find HackTools No 0 Yes No C:\System Volume Information\_restore{6A7D3704-4820-4689-BD42-CB6D54847B88}\RP786\A0912229.dll
00211158 application/bestoffer HackTools No 0 Yes No c:\windows\smdat32m.sys
00349071 Adware/RXToolbar Adware No 1 Yes No C:\Program Files\RXToolBar\RXToolBar.dll
00527204 Application/PRScheduler HackTools Yes 0 Yes No C:\Documents and Settings\admin\Start Menu\Προγράμματα\Εκκίνηση\PowerReg Scheduler V3.exe
01907169 Trj/Zlob.LH Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{6A7D3704-4820-4689-BD42-CB6D54847B88}\RP797\A0952637.exe
;===================================================================================================================================================================================
SUSPECTS
Sent Location ^
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description ^
;===================================================================================================================================================================================
;===================================================================================================================================================================================

[Shaba]

Download at your desktop DDS from one of the links below:

Link 1
Link 2

• Double click the tool to run it.
• A black Screen will open, just read the contents and do nothing.
• When the tool finish it will open 2 reports.
• Copy/paste both reports back here and remove DDS from your desktop.

[in_the_woods]

DDS (Ver_09-07-30.01) - NTFSx86
Run by admin at 17:55:38,67 on ƒœ¬ 10/08/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.3.1253.30.1032.18.511.278 [GMT 3:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\admin\Επιφάνεια εργασίας\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.mech.ntua.gr/gr
uInternet Connection Wizard,ShellNext = iexplore
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Βοηθός εισόδου του Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: RX Toolbar: {25d8bacf-3de2-4b48-ae22-d659b8d835b0} - c:\program files\rxtoolbar\RXToolBar.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: {92A40B0A-740A-4A11-9DDB-70460C6DA383} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [P2P Networking] c:\windows\system32\p2p networking\P2P Networking.exe /AUTOSTART
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\documents and settings\admin\start menu\προγράμματα\εκκίνηση\PartMetBackup.lnk.disabled
StartupFolder: c:\documents and settings\admin\start menu\προγράμματα\εκκίνηση\PowerReg Scheduler V3.exe
IE: &eBay Search - c:\program files\ebay\ebay toolbar2\eBayTb.dll/RCSearch.html
IE: Ε&ξαγωγή στο Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {32505657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {A0CC33E0-9DF0-4361-A94D-E55C4008788F} - hxxp://biosagentplus.com/files/biosagentplus.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: {63D0C496-2805-4133-96DE-A217E53D116A} = 194.219.227.2,193.92.150.3
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admin\applic~1\mozilla\firefox\profiles\if238me7.default\
FF - prefs.js: browser.startup.homepage - hxxp://forums.spybot.info/showthread.php?t=50650
FF - plugin: c:\program files\mozilla firefox\plugins\NPNd2fn.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

S1 HWiNFO32;HWiNFO32 Kernel Driver;\??\c:\docume~1\admin\locals~1\temp\hwinfo32.sys --> c:\docume~1\admin\locals~1\temp\HWiNFO32.SYS [?]
S3 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2009-8-9 12672]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2008-9-23 13352]
S3 SE2Fbus;Sony Ericsson Device 047 Driver driver (WDM);c:\windows\system32\drivers\SE2Fbus.sys [2007-2-25 61600]
S3 SE2Fmdfl;Sony Ericsson Device 047 USB WMC Modem Filter;c:\windows\system32\drivers\SE2Fmdfl.sys [2007-2-25 9360]
S3 SE2Fmdm;Sony Ericsson Device 047 USB WMC Modem Driver;c:\windows\system32\drivers\SE2Fmdm.sys [2007-2-25 97184]
S3 SE2Fmgmt;Sony Ericsson Device 047 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\SE2Fmgmt.sys [2007-2-25 88688]
S3 se2Fnd5;Sony Ericsson Device 047 USB Ethernet Emulation SEMC47 (NDIS);c:\windows\system32\drivers\se2Fnd5.sys [2007-2-25 18704]
S3 SE2Fobex;Sony Ericsson Device 047 USB WMC OBEX Interface;c:\windows\system32\drivers\SE2Fobex.sys [2007-2-25 86560]
S3 se2Funic;Sony Ericsson Device 047 USB Ethernet Emulation SEMC47 (WDM);c:\windows\system32\drivers\se2Funic.sys [2007-2-25 90800]

=============== Created Last 30 ================

2009-08-09 21:27 12,672 a------- c:\windows\system32\drivers\cpuz132_x32.sys
2009-08-09 21:27 <DIR> --d----- c:\program files\CPUID
2009-08-09 14:10 <DIR> --d----- C:\katevasmata
2009-08-08 20:46 <DIR> --d----- c:\program files\DVD Identifier
2009-08-08 14:37 <DIR> --d----- c:\docume~1\admin\applic~1\Ashampoo
2009-08-08 14:37 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ashampoo
2009-08-08 14:37 <DIR> --d----- c:\program files\Ashampoo
2009-08-06 18:06 <DIR> --d----- c:\windows\system32\wbem\Repository
2009-08-06 18:04 <DIR> --d----- c:\program files\Incoming
2009-08-06 18:01 <DIR> --d----- c:\windows\cdmxtras
2009-07-21 13:03 <DIR> --d----- c:\docume~1\admin\applic~1\uTorrent
2009-07-19 16:04 <DIR> --d----- c:\program files\Panda Security
2009-07-19 15:55 <DIR> --d----- c:\program files\Safer Networking
2009-07-19 15:31 <DIR> --d----- c:\windows\ie8updates
2009-07-18 12:13 <DIR> --d----- c:\program files\nandub
2009-07-17 20:02 <DIR> --d----- c:\docume~1\admin\applic~1\Sony Ericsson
2009-07-17 20:02 <DIR> --d----- c:\docume~1\admin\applic~1\QA International
2009-07-17 20:01 <DIR> --d----- c:\program files\CosmoSoftware
2009-07-17 19:44 <DIR> --d----- c:\documents and settings\admin\IECompatCache
2009-07-17 19:43 <DIR> --d----- c:\documents and settings\admin\PrivacIE
2009-07-17 19:38 <DIR> --d----- c:\documents and settings\admin\IETldCache
2009-07-17 19:30 <DIR> -cd----- c:\windows\ie8
2009-07-15 11:26 <DIR> --d----- c:\program files\nandub-binary-1.0rc1
2009-07-14 13:41 <DIR> --d----- c:\program files\common files\ODBC
2009-07-13 10:21 <DIR> --d----- c:\docume~1\admin\applic~1\Any Video Converter
2009-07-13 10:21 <DIR> --d----- c:\program files\Any Video Converter

==================== Find3M ====================

2009-07-21 10:24 513,760 a------- c:\windows\system32\perfh008.dat
2009-07-21 10:24 88,668 a------- c:\windows\system32\perfc008.dat
2009-07-11 17:23 23,600 a------- c:\windows\system32\drivers\TVICHW32.SYS
2009-06-29 18:58 827,392 a------- c:\windows\system32\wininet.dll
2009-06-29 18:58 78,336 a------- c:\windows\system32\ieencode.dll
2009-06-29 18:58 17,408 a------- c:\windows\system32\corpol.dll
2009-06-16 17:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 17:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-03 22:10 1,299,456 a------- c:\windows\system32\quartz.dll
2009-05-16 14:34 34,376 a------- c:\docume~1\admin\applic~1\GDIPFONTCACHEV1.DAT
2009-05-13 08:04 915,456 a------- c:\windows\system32\wininet(4)(2).dll
2009-05-13 08:04 915,456 a------- c:\windows\system32\wininet(2).dll
2009-02-28 07:57 5,517,160 a------- c:\program files\bitcomet_setup.exe
2009-01-13 14:14 3,338,372 a------- c:\program files\cosmo_win95nt_eng.exe
2009-01-13 14:06 1,492,727 a------- c:\program files\SurfX3D.zip
2008-06-16 07:54 411,766 a------- c:\program files\tetris_gy.exe
2008-04-25 18:48 1,233,466 a------- c:\program files\wrar371el.exe
2007-11-03 13:50 348 a------- c:\program files\downloads.txt
2007-11-03 13:49 348 a------- c:\program files\downloads.bak
2007-09-07 16:57 136,704 a------- c:\program files\EModelZoomin.dll
2007-09-07 16:56 91,648 a------- c:\program files\EModelViewer.exe
2007-09-07 16:56 26,624 a------- c:\program files\edrwthumbnailprovider.dll
2007-09-07 16:55 594,944 a------- c:\program files\eDrawingOfficeAutomator.exe
2007-09-07 16:55 95,744 a------- c:\program files\EModelEx
2007-09-07 16:55 133,120 a------- c:\program files\EModelExport.dll
2007-09-07 16:55 6,802,944 a------- c:\program files\EModelXlator.dll
2007-09-07 16:54 733,184 a------- c:\program files\EModelSWDisplayLists.dll
2007-09-07 16:54 814,592 a------- c:\program files\EModelReviewer.dll
2007-09-07 16:52 135,168 a------- c:\program files\EModelMDReader.dll
2007-09-07 16:52 71,680 a------- c:\program files\EModelEventLog.dll
2007-09-07 16:51 2,186,240 a------- c:\program files\EModelView.dll
2007-09-07 16:48 57,344 a------- c:\program files\EModelUtilsVista.dll
2007-09-07 16:47 249,344 a------- c:\program files\EModelUtils.dll
2007-09-07 16:47 2,814,976 a------- c:\program files\HoopsManager.dll
2007-09-07 16:43 2,680,297 a------- c:\program files\EModelAddIn.dll
2007-09-07 15:53 7,168 a------- c:\program files\eulaedrawing.txt
2007-09-07 15:52 161,412 a------- c:\program files\GTOL.SYM
2007-09-07 15:51 509,472 a------- c:\program files\swlicservinst.exe
2007-09-07 15:51 299,552 a------- c:\program files\solidworkslicenseservice.dll
2007-09-07 15:50 17,920 a------- c:\program files\IMPLODE.DLL
2006-05-20 12:24 447,088 a------- c:\program files\AluriaLiteScannerInstall.exe
2006-03-10 22:55 300 a------- c:\program files\acadcd.mid
2006-02-01 11:00 1,400,248 a------- c:\program files\spybotsd_includes.exe
2006-02-01 10:46 789,515 a------- c:\program files\spybotsd14.exe
2006-01-24 23:26 429 a------- c:\program files\MediaBrowser.ini
2005-12-16 00:30 53,248 a------- c:\program files\Setup.exe
2005-08-09 12:57 1,211,083 a------- c:\program files\abcexcel.zip
2004-10-21 20:38 126,976 a------- c:\program files\MediaBrowser.exe
2002-02-22 12:35 43 a------- c:\program files\autorun.inf
2009-02-04 11:41 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009020420090205\index.dat

============= FINISH: 17:56:20,65 ===============














UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 8/9/2004 9:51:02 πμ
System Uptime: 8/10/2009 5:12:29 μμ (-1416 hours ago)

Motherboard: FUJITSU SIEMENS | | D1675
Processor: Intel(R) Pentium(R) 4 CPU 3.20GHz | CPU | 3200/800mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 75 GiB total, 27,227 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP773: 16/6/2009 9:51:19 μμ - Σημείο ελέγχου συστήματος
RP774: 24/6/2009 9:56:09 πμ - Σημείο ελέγχου συστήματος
RP775: 25/6/2009 10:24:05 πμ - Software Distribution Service 3.0
RP776: 27/6/2009 2:38:10 μμ - Σημείο ελέγχου συστήματος
RP777: 30/6/2009 8:14:29 πμ - Installed Windows Media Format Runtime
RP778: 1/7/2009 9:42:12 πμ - Software Distribution Service 3.0
RP779: 1/7/2009 6:12:22 μμ - Removed Fine Woodworking Archive
RP780: 1/7/2009 10:58:29 μμ - Software Distribution Service 3.0
RP781: 8/7/2009 9:54:24 πμ - Σημείο ελέγχου συστήματος
RP782: 9/7/2009 10:30:17 πμ - Σημείο ελέγχου συστήματος
RP783: 10/7/2009 2:13:56 μμ - Removed Kazaa 3.2.7
RP784: 10/7/2009 2:15:10 μμ - Removed Sony Ericsson PC Suite
RP785: 10/7/2009 2:36:31 μμ - Configured QuickTime
RP786: 10/7/2009 2:41:05 μμ - Removed Adobe® Photoshop® Album Starter Edition 3.0
RP787: 11/7/2009 12:40:41 μμ - Installed Diskeeper Lite
RP788: 11/7/2009 1:18:13 μμ - Removed Diskeeper Lite
RP789: 11/7/2009 1:39:14 μμ - Installed Diskeeper Lite
RP790: 11/7/2009 1:41:32 μμ - Removed Diskeeper Lite
RP791: 13/7/2009 9:10:40 πμ - Σημείο ελέγχου συστήματος
RP792: 14/7/2009 9:39:40 μμ - Σημείο ελέγχου συστήματος
RP793: 15/7/2009 6:48:32 μμ - Software Distribution Service 3.0
RP794: 17/7/2009 1:11:55 μμ - Software Distribution Service 3.0
RP795: 17/7/2009 7:25:08 μμ - Software Distribution Service 3.0
RP796: 17/7/2009 7:59:42 μμ - Λειτουργία επαναφοράς
RP797: 17/7/2009 9:11:49 μμ - Software Distribution Service 3.0
RP798: 19/7/2009 12:37:10 πμ - Σημείο ελέγχου συστήματος
RP799: 19/7/2009 3:24:23 μμ - Installed Windows Internet Explorer 8.
RP800: 19/7/2009 3:28:00 μμ - Software Distribution Service 3.0
RP801: 20/7/2009 6:03:50 μμ - Σημείο ελέγχου συστήματος
RP802: 21/7/2009 1:47:15 μμ - Removed Kazaa 3.2.7
RP803: 29/7/2009 11:34:05 μμ - Software Distribution Service 3.0
RP804: 4/8/2009 7:36:13 μμ - Σημείο ελέγχου συστήματος
RP805: 6/8/2009 5:12:59 μμ - Λειτουργία επαναφοράς
RP806: 6/8/2009 5:37:52 μμ - Λειτουργία επαναφοράς
RP807: 6/8/2009 5:50:52 μμ - Λειτουργία επαναφοράς
RP808: 7/8/2009 12:00:56 πμ - Software Distribution Service 3.0

==== Installed Programs ======================


Βοηθός εισόδου του Windows Live
Εργαλείο αποστολής του Windows Live
Ε9 Δήλωση στοιχείων Ακινήτων 2008 v1
Ενημέρωση ασφαλείας για Windows Internet Explorer 7 (KB938127)
Ενημέρωση ασφαλείας για Windows Internet Explorer 7 (KB950759)
Ενημέρωση ασφαλείας για Windows Internet Explorer 7 (KB958215)
Ενημέρωση ασφαλείας για Windows Internet Explorer 7 (KB960714)
Ενημέρωση ασφαλείας για Windows Internet Explorer 7 (KB961260)
Ενημέρωση ασφαλείας για Windows Internet Explorer 7 (KB963027)
Ενημέρωση ασφαλείας για Windows Internet Explorer 7 (KB969897)
Ενημέρωση ασφαλείας για Windows Internet Explorer 7 (KB972260)
Ενημέρωση ασφαλείας για Windows XP (KB923561)
Ενημέρωση ασφαλείας για Windows XP (KB938464-v2)
Ενημέρωση ασφαλείας για Windows XP (KB938464)
Ενημέρωση ασφαλείας για Windows XP (KB946648)
Ενημέρωση ασφαλείας για Windows XP (KB950760)
Ενημέρωση ασφαλείας για Windows XP (KB950762)
Ενημέρωση ασφαλείας για Windows XP (KB950974)
Ενημέρωση ασφαλείας για Windows XP (KB951066)
Ενημέρωση ασφαλείας για Windows XP (KB951376-v2)
Ενημέρωση ασφαλείας για Windows XP (KB951376)
Ενημέρωση ασφαλείας για Windows XP (KB951698)
Ενημέρωση ασφαλείας για Windows XP (KB951748)
Ενημέρωση ασφαλείας για Windows XP (KB952004)
Ενημέρωση ασφαλείας για Windows XP (KB952954)
Ενημέρωση ασφαλείας για Windows XP (KB953839)
Ενημέρωση ασφαλείας για Windows XP (KB954211)
Ενημέρωση ασφαλείας για Windows XP (KB954459)
Ενημέρωση ασφαλείας για Windows XP (KB954600)
Ενημέρωση ασφαλείας για Windows XP (KB955069)
Ενημέρωση ασφαλείας για Windows XP (KB956391)
Ενημέρωση ασφαλείας για Windows XP (KB956572)
Ενημέρωση ασφαλείας για Windows XP (KB956802)
Ενημέρωση ασφαλείας για Windows XP (KB956803)
Ενημέρωση ασφαλείας για Windows XP (KB956841)
Ενημέρωση ασφαλείας για Windows XP (KB957097)
Ενημέρωση ασφαλείας για Windows XP (KB958644)
Ενημέρωση ασφαλείας για Windows XP (KB958687)
Ενημέρωση ασφαλείας για Windows XP (KB958690)
Ενημέρωση ασφαλείας για Windows XP (KB959426)
Ενημέρωση ασφαλείας για Windows XP (KB960225)
Ενημέρωση ασφαλείας για Windows XP (KB960715)
Ενημέρωση ασφαλείας για Windows XP (KB960803)
Ενημέρωση ασφαλείας για Windows XP (KB961371)
Ενημέρωση ασφαλείας για Windows XP (KB961373)
Ενημέρωση ασφαλείας για Windows XP (KB961501)
Ενημέρωση ασφαλείας για Windows XP (KB968537)
Ενημέρωση ασφαλείας για Windows XP (KB969898)
Ενημέρωση ασφαλείας για Windows XP (KB970238)
Ενημέρωση ασφαλείας για Windows XP (KB971633)
Ενημέρωση ασφαλείας για Windows XP (KB973346)
Ενημέρωση για Windows XP (KB951072-v2)
Ενημέρωση για Windows XP (KB951978)
Ενημέρωση για Windows XP (KB955839)
Ενημέρωση για Windows XP (KB961503)
Ενημέρωση για Windows XP (KB967715)
Ενημερωμένη έκδοση ασφαλείας για Windows XP (KB923689)
Ενημερωμένη έκδοση ασφαλείας για Windows XP (KB941569)
Ενημερωμένη έκδοση ασφαλείας για το Windows Media Player (KB911564)
Ενημερωμένη έκδοση ασφαλείας για το Windows Media Player (KB952069)
Ενημερωμένη έκδοση ασφαλείας για το Windows Media Player 6.4 (KB925398)
Ενημερωμένη έκδοση ασφαλείας για το Windows Media Player 9 (KB911565)
Ενημερωμένη έκδοση ασφαλείας για το Windows Media Player 9 (KB917734)
Ενημερωμένη έκδοση ασφαλείας για το Windows Media Player 9 (KB936782)
Επείγουσα επιδιόρθωση για Windows XP (KB952287)
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0
Any Video Converter 2.7.5
AoA Audio Extractor 1.0
AOpen Multimedia Utilities
Ashampoo Burning Studio 6 FREE
Audiovisual
Autodesk DWF Viewer
C-Major Audio
CCleaner (remove only)
Choice Guard
CometBird (3.0.10)
CPUID CPU-Z 1.52.1
Defraggler (remove only)
DVD Decrypter (Remove Only)
DVD Identifier
eDrawings 2008
ERUNT 1.1j
HijackThis 2.0.2
ImgBurn
InPorte Home
Java(TM) 6 Update 13
K-Lite Codec Pack 4.7.0 (Full)
Kazaa 3.2.7
Lexmark 510 Series
Macromedia Flash Player 8
MetFileRegenerator v3.0.16
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Application Error Reporting
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional με FrontPage
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
mIRC
Mozilla Firefox (3.5.2)
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MyDVD
NVIDIA Display Driver
PowerDVD
Radar Sync Bar
Runtime 8.0 Libraries
Security Update for CAPICOM (KB931906)
Segoe UI
Smart Defrag 1.20
Sonic DLA
Sonic RecordNow DX
Sonic Simple Backup
Sonic Update Manager
Space Invaders '96 : The Year We Make Contact
Spybot - Search & Destroy
Spybot - Search & Destroy 1.3
VideoLAN VLC media player 0.8.6
WebFldrs XP
Winamp
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Media Format Runtime
Windows XP Service Pack 3
WinRAR 3.70 – Εφαρμογή Διαχείρισης Συμπιεσμένων Αρχείων

==== End Of File ===========================




I think that I have uninstalled Kazaa 3.2.7 and that it appeared again in the add/remove programms list after a system restore I performed. When I try now to remove it , I get a message saying that "InstallShield Setup Launcher encountered a problem"

[Shaba]

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

uTorrent


I'd like you to read the this thread.

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

Please run a new DDS log scan when finished and post the logs back here.

[in_the_woods]

Hi Shaba and for helping me my p.c.

Before seeking help here and having read the thread you gave me , I unistalled the first of 2 P2P (Peer to Peer) File Sharing Programs that I had , but I could not find the second one (utorrent) in the Control Panel > Add/Remove Programs. If it matters , I searched for it in the Add/Remove Programs list after performing a system restore to a restore point that was created before the installation of this program. Anyway I found and deleted (before seeking help here) a utorrent.exe which I believe was what I downloaded in order to install the program. Even now it is not precent in the Add/Remove Programs list.





DDS (Ver_09-07-30.01) - NTFSx86
Run by admin at 22:15:45,68 on ƒœ¬ 10/08/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.3.1253.30.1032.18.511.247 [GMT 3:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\admin\Επιφάνεια εργασίας\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.mech.ntua.gr/gr
uInternet Connection Wizard,ShellNext = iexplore
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Βοηθός εισόδου του Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: RX Toolbar: {25d8bacf-3de2-4b48-ae22-d659b8d835b0} - c:\program files\rxtoolbar\RXToolBar.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: {92A40B0A-740A-4A11-9DDB-70460C6DA383} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [P2P Networking] c:\windows\system32\p2p networking\P2P Networking.exe /AUTOSTART
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\documents and settings\admin\start menu\προγράμματα\εκκίνηση\PartMetBackup.lnk.disabled
StartupFolder: c:\documents and settings\admin\start menu\προγράμματα\εκκίνηση\PowerReg Scheduler V3.exe
IE: &eBay Search - c:\program files\ebay\ebay toolbar2\eBayTb.dll/RCSearch.html
IE: Ε&ξαγωγή στο Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {32505657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {A0CC33E0-9DF0-4361-A94D-E55C4008788F} - hxxp://biosagentplus.com/files/biosagentplus.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: {63D0C496-2805-4133-96DE-A217E53D116A} = 194.219.227.2,193.92.150.3
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admin\applic~1\mozilla\firefox\profiles\if238me7.default\
FF - prefs.js: browser.startup.homepage - hxxp://forums.spybot.info/showthread.php?t=50650
FF - plugin: c:\program files\mozilla firefox\plugins\NPNd2fn.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

S1 HWiNFO32;HWiNFO32 Kernel Driver;\??\c:\docume~1\admin\locals~1\temp\hwinfo32.sys --> c:\docume~1\admin\locals~1\temp\HWiNFO32.SYS [?]
S3 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2009-8-9 12672]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2008-9-23 13352]
S3 SE2Fbus;Sony Ericsson Device 047 Driver driver (WDM);c:\windows\system32\drivers\SE2Fbus.sys [2007-2-25 61600]
S3 SE2Fmdfl;Sony Ericsson Device 047 USB WMC Modem Filter;c:\windows\system32\drivers\SE2Fmdfl.sys [2007-2-25 9360]
S3 SE2Fmdm;Sony Ericsson Device 047 USB WMC Modem Driver;c:\windows\system32\drivers\SE2Fmdm.sys [2007-2-25 97184]
S3 SE2Fmgmt;Sony Ericsson Device 047 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\SE2Fmgmt.sys [2007-2-25 88688]
S3 se2Fnd5;Sony Ericsson Device 047 USB Ethernet Emulation SEMC47 (NDIS);c:\windows\system32\drivers\se2Fnd5.sys [2007-2-25 18704]
S3 SE2Fobex;Sony Ericsson Device 047 USB WMC OBEX Interface;c:\windows\system32\drivers\SE2Fobex.sys [2007-2-25 86560]
S3 se2Funic;Sony Ericsson Device 047 USB Ethernet Emulation SEMC47 (WDM);c:\windows\system32\drivers\se2Funic.sys [2007-2-25 90800]

=============== Created Last 30 ================

2009-08-09 21:27 12,672 a------- c:\windows\system32\drivers\cpuz132_x32.sys
2009-08-09 21:27 <DIR> --d----- c:\program files\CPUID
2009-08-09 14:10 <DIR> --d----- C:\katevasmata
2009-08-08 20:46 <DIR> --d----- c:\program files\DVD Identifier
2009-08-08 14:37 <DIR> --d----- c:\docume~1\admin\applic~1\Ashampoo
2009-08-08 14:37 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ashampoo
2009-08-08 14:37 <DIR> --d----- c:\program files\Ashampoo
2009-08-06 18:06 <DIR> --d----- c:\windows\system32\wbem\Repository
2009-08-06 18:04 <DIR> --d----- c:\program files\Incoming
2009-08-06 18:01 <DIR> --d----- c:\windows\cdmxtras
2009-07-21 13:03 <DIR> --d----- c:\docume~1\admin\applic~1\uTorrent
2009-07-19 16:04 <DIR> --d----- c:\program files\Panda Security
2009-07-19 15:55 <DIR> --d----- c:\program files\Safer Networking
2009-07-19 15:31 <DIR> --d----- c:\windows\ie8updates
2009-07-18 12:13 <DIR> --d----- c:\program files\nandub
2009-07-17 20:02 <DIR> --d----- c:\docume~1\admin\applic~1\Sony Ericsson
2009-07-17 20:02 <DIR> --d----- c:\docume~1\admin\applic~1\QA International
2009-07-17 20:01 <DIR> --d----- c:\program files\CosmoSoftware
2009-07-17 19:44 <DIR> --d----- c:\documents and settings\admin\IECompatCache
2009-07-17 19:43 <DIR> --d----- c:\documents and settings\admin\PrivacIE
2009-07-17 19:38 <DIR> --d----- c:\documents and settings\admin\IETldCache
2009-07-17 19:30 <DIR> -cd----- c:\windows\ie8
2009-07-15 11:26 <DIR> --d----- c:\program files\nandub-binary-1.0rc1
2009-07-14 13:41 <DIR> --d----- c:\program files\common files\ODBC
2009-07-13 10:21 <DIR> --d----- c:\docume~1\admin\applic~1\Any Video Converter
2009-07-13 10:21 <DIR> --d----- c:\program files\Any Video Converter

==================== Find3M ====================

2009-07-21 10:24 513,760 a------- c:\windows\system32\perfh008.dat
2009-07-21 10:24 88,668 a------- c:\windows\system32\perfc008.dat
2009-07-11 17:23 23,600 a------- c:\windows\system32\drivers\TVICHW32.SYS
2009-06-29 18:58 827,392 a------- c:\windows\system32\wininet.dll
2009-06-29 18:58 78,336 a------- c:\windows\system32\ieencode.dll
2009-06-29 18:58 17,408 a------- c:\windows\system32\corpol.dll
2009-06-16 17:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 17:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-03 22:10 1,299,456 a------- c:\windows\system32\quartz.dll
2009-05-16 14:34 34,376 a------- c:\docume~1\admin\applic~1\GDIPFONTCACHEV1.DAT
2009-05-13 08:04 915,456 a------- c:\windows\system32\wininet(4)(2).dll
2009-05-13 08:04 915,456 a------- c:\windows\system32\wininet(2).dll
2009-02-28 07:57 5,517,160 a------- c:\program files\bitcomet_setup.exe
2009-01-13 14:14 3,338,372 a------- c:\program files\cosmo_win95nt_eng.exe
2009-01-13 14:06 1,492,727 a------- c:\program files\SurfX3D.zip
2008-06-16 07:54 411,766 a------- c:\program files\tetris_gy.exe
2008-04-25 18:48 1,233,466 a------- c:\program files\wrar371el.exe
2007-11-03 13:50 348 a------- c:\program files\downloads.txt
2007-11-03 13:49 348 a------- c:\program files\downloads.bak
2007-09-07 16:57 136,704 a------- c:\program files\EModelZoomin.dll
2007-09-07 16:56 91,648 a------- c:\program files\EModelViewer.exe
2007-09-07 16:56 26,624 a------- c:\program files\edrwthumbnailprovider.dll
2007-09-07 16:55 594,944 a------- c:\program files\eDrawingOfficeAutomator.exe
2007-09-07 16:55 95,744 a------- c:\program files\EModelEx
2007-09-07 16:55 133,120 a------- c:\program files\EModelExport.dll
2007-09-07 16:55 6,802,944 a------- c:\program files\EModelXlator.dll
2007-09-07 16:54 733,184 a------- c:\program files\EModelSWDisplayLists.dll
2007-09-07 16:54 814,592 a------- c:\program files\EModelReviewer.dll
2007-09-07 16:52 135,168 a------- c:\program files\EModelMDReader.dll
2007-09-07 16:52 71,680 a------- c:\program files\EModelEventLog.dll
2007-09-07 16:51 2,186,240 a------- c:\program files\EModelView.dll
2007-09-07 16:48 57,344 a------- c:\program files\EModelUtilsVista.dll
2007-09-07 16:47 249,344 a------- c:\program files\EModelUtils.dll
2007-09-07 16:47 2,814,976 a------- c:\program files\HoopsManager.dll
2007-09-07 16:43 2,680,297 a------- c:\program files\EModelAddIn.dll
2007-09-07 15:53 7,168 a------- c:\program files\eulaedrawing.txt
2007-09-07 15:52 161,412 a------- c:\program files\GTOL.SYM
2007-09-07 15:51 509,472 a------- c:\program files\swlicservinst.exe
2007-09-07 15:51 299,552 a------- c:\program files\solidworkslicenseservice.dll
2007-09-07 15:50 17,920 a------- c:\program files\IMPLODE.DLL
2006-05-20 12:24 447,088 a------- c:\program files\AluriaLiteScannerInstall.exe
2006-03-10 22:55 300 a------- c:\program files\acadcd.mid
2006-02-01 11:00 1,400,248 a------- c:\program files\spybotsd_includes.exe
2006-02-01 10:46 789,515 a------- c:\program files\spybotsd14.exe
2006-01-24 23:26 429 a------- c:\program files\MediaBrowser.ini
2005-12-16 00:30 53,248 a------- c:\program files\Setup.exe
2005-08-09 12:57 1,211,083 a------- c:\program files\abcexcel.zip
2004-10-21 20:38 126,976 a------- c:\program files\MediaBrowser.exe
2002-02-22 12:35 43 a------- c:\program files\autorun.inf
2009-02-04 11:41 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009020420090205\index.dat

============= FINISH: 22:15:57,54 ===============














UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 8/9/2004 9:51:02 πμ
System Uptime: 8/10/2009 7:53:44 μμ (-1413 hours ago)

Motherboard: FUJITSU SIEMENS | | D1675
Processor: Intel(R) Pentium(R) 4 CPU 3.20GHz | CPU | 3200/800mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 75 GiB total, 27,224 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP773: 16/6/2009 9:51:19 μμ - Σημείο ελέγχου συστήματος
RP774: 24/6/2009 9:56:09 πμ - Σημείο ελέγχου συστήματος
RP775: 25/6/2009 10:24:05 πμ - Software Distribution Service 3.0
RP776: 27/6/2009 2:38:10 μμ - Σημείο ελέγχου συστήματος
RP777: 30/6/2009 8:14:29 πμ - Installed Windows Media Format Runtime
RP778: 1/7/2009 9:42:12 πμ - Software Distribution Service 3.0
RP779: 1/7/2009 6:12:22 μμ - Removed Fine Woodworking Archive
RP780: 1/7/2009 10:58:29 μμ - Software Distribution Service 3.0
RP781: 8/7/2009 9:54:24 πμ - Σημείο ελέγχου συστήματος
RP782: 9/7/2009 10:30:17 πμ - Σημείο ελέγχου συστήματος
RP783: 10/7/2009 2:13:56 μμ - Removed Kazaa 3.2.7
RP784: 10/7/2009 2:15:10 μμ - Removed Sony Ericsson PC Suite
RP785: 10/7/2009 2:36:31 μμ - Configured QuickTime
RP786: 10/7/2009 2:41:05 μμ - Removed Adobe® Photoshop® Album Starter Edition 3.0
RP787: 11/7/2009 12:40:41 μμ - Installed Diskeeper Lite
RP788: 11/7/2009 1:18:13 μμ - Removed Diskeeper Lite
RP789: 11/7/2009 1:39:14 μμ - Installed Diskeeper Lite
RP790: 11/7/2009 1:41:32 μμ - Removed Diskeeper Lite
RP791: 13/7/2009 9:10:40 πμ - Σημείο ελέγχου συστήματος
RP792: 14/7/2009 9:39:40 μμ - Σημείο ελέγχου συστήματος
RP793: 15/7/2009 6:48:32 μμ - Software Distribution Service 3.0
RP794: 17/7/2009 1:11:55 μμ - Software Distribution Service 3.0
RP795: 17/7/2009 7:25:08 μμ - Software Distribution Service 3.0
RP796: 17/7/2009 7:59:42 μμ - Λειτουργία επαναφοράς
RP797: 17/7/2009 9:11:49 μμ - Software Distribution Service 3.0
RP798: 19/7/2009 12:37:10 πμ - Σημείο ελέγχου συστήματος
RP799: 19/7/2009 3:24:23 μμ - Installed Windows Internet Explorer 8.
RP800: 19/7/2009 3:28:00 μμ - Software Distribution Service 3.0
RP801: 20/7/2009 6:03:50 μμ - Σημείο ελέγχου συστήματος
RP802: 21/7/2009 1:47:15 μμ - Removed Kazaa 3.2.7
RP803: 29/7/2009 11:34:05 μμ - Software Distribution Service 3.0
RP804: 4/8/2009 7:36:13 μμ - Σημείο ελέγχου συστήματος
RP805: 6/8/2009 5:12:59 μμ - Λειτουργία επαναφοράς
RP806: 6/8/2009 5:37:52 μμ - Λειτουργία επαναφοράς
RP807: 6/8/2009 5:50:52 μμ - Λειτουργία επαναφοράς
RP808: 7/8/2009 12:00:56 πμ - Software Distribution Service 3.0

==== Installed Programs ======================


Βοηθός εισόδου του Windows Live
Εργαλείο αποστολής του Windows Live
Ε9 Δήλωση στοιχείων Ακινήτων 2008 v1
Ενημέρωση ασφαλείας για Windows Internet Explorer 7 (KB938127)
Ενημέρωση ασφαλείας για Windows Internet Explorer 7 (KB950759)
Ενημέρωση ασφαλείας για Windows Internet Explorer 7 (KB958215)
Ενημέρωση ασφαλείας για Windows Internet Explorer 7 (KB960714)
Ενημέρωση ασφαλείας για Windows Internet Explorer 7 (KB961260)
Ενημέρωση ασφαλείας για Windows Internet Explorer 7 (KB963027)
Ενημέρωση ασφαλείας για Windows Internet Explorer 7 (KB969897)
Ενημέρωση ασφαλείας για Windows Internet Explorer 7 (KB972260)
Ενημέρωση ασφαλείας για Windows XP (KB923561)
Ενημέρωση ασφαλείας για Windows XP (KB938464-v2)
Ενημέρωση ασφαλείας για Windows XP (KB938464)
Ενημέρωση ασφαλείας για Windows XP (KB946648)
Ενημέρωση ασφαλείας για Windows XP (KB950760)
Ενημέρωση ασφαλείας για Windows XP (KB950762)
Ενημέρωση ασφαλείας για Windows XP (KB950974)
Ενημέρωση ασφαλείας για Windows XP (KB951066)
Ενημέρωση ασφαλείας για Windows XP (KB951376-v2)
Ενημέρωση ασφαλείας για Windows XP (KB951376)
Ενημέρωση ασφαλείας για Windows XP (KB951698)
Ενημέρωση ασφαλείας για Windows XP (KB951748)
Ενημέρωση ασφαλείας για Windows XP (KB952004)
Ενημέρωση ασφαλείας για Windows XP (KB952954)
Ενημέρωση ασφαλείας για Windows XP (KB953839)
Ενημέρωση ασφαλείας για Windows XP (KB954211)
Ενημέρωση ασφαλείας για Windows XP (KB954459)
Ενημέρωση ασφαλείας για Windows XP (KB954600)
Ενημέρωση ασφαλείας για Windows XP (KB955069)
Ενημέρωση ασφαλείας για Windows XP (KB956391)
Ενημέρωση ασφαλείας για Windows XP (KB956572)
Ενημέρωση ασφαλείας για Windows XP (KB956802)
Ενημέρωση ασφαλείας για Windows XP (KB956803)
Ενημέρωση ασφαλείας για Windows XP (KB956841)
Ενημέρωση ασφαλείας για Windows XP (KB957097)
Ενημέρωση ασφαλείας για Windows XP (KB958644)
Ενημέρωση ασφαλείας για Windows XP (KB958687)
Ενημέρωση ασφαλείας για Windows XP (KB958690)
Ενημέρωση ασφαλείας για Windows XP (KB959426)
Ενημέρωση ασφαλείας για Windows XP (KB960225)
Ενημέρωση ασφαλείας για Windows XP (KB960715)
Ενημέρωση ασφαλείας για Windows XP (KB960803)
Ενημέρωση ασφαλείας για Windows XP (KB961371)
Ενημέρωση ασφαλείας για Windows XP (KB961373)
Ενημέρωση ασφαλείας για Windows XP (KB961501)
Ενημέρωση ασφαλείας για Windows XP (KB968537)
Ενημέρωση ασφαλείας για Windows XP (KB969898)
Ενημέρωση ασφαλείας για Windows XP (KB970238)
Ενημέρωση ασφαλείας για Windows XP (KB971633)
Ενημέρωση ασφαλείας για Windows XP (KB973346)
Ενημέρωση για Windows XP (KB951072-v2)
Ενημέρωση για Windows XP (KB951978)
Ενημέρωση για Windows XP (KB955839)
Ενημέρωση για Windows XP (KB961503)
Ενημέρωση για Windows XP (KB967715)
Ενημερωμένη έκδοση ασφαλείας για Windows XP (KB923689)
Ενημερωμένη έκδοση ασφαλείας για Windows XP (KB941569)
Ενημερωμένη έκδοση ασφαλείας για το Windows Media Player (KB911564)
Ενημερωμένη έκδοση ασφαλείας για το Windows Media Player (KB952069)
Ενημερωμένη έκδοση ασφαλείας για το Windows Media Player 6.4 (KB925398)
Ενημερωμένη έκδοση ασφαλείας για το Windows Media Player 9 (KB911565)
Ενημερωμένη έκδοση ασφαλείας για το Windows Media Player 9 (KB917734)
Ενημερωμένη έκδοση ασφαλείας για το Windows Media Player 9 (KB936782)
Επείγουσα επιδιόρθωση για Windows XP (KB952287)
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0
Any Video Converter 2.7.5
AoA Audio Extractor 1.0
AOpen Multimedia Utilities
Ashampoo Burning Studio 6 FREE
Audiovisual
Autodesk DWF Viewer
C-Major Audio
CCleaner (remove only)
Choice Guard
CometBird (3.0.10)
CPUID CPU-Z 1.52.1
Defraggler (remove only)
DVD Decrypter (Remove Only)
DVD Identifier
eDrawings 2008
ERUNT 1.1j
HijackThis 2.0.2
ImgBurn
InPorte Home
Java(TM) 6 Update 13
K-Lite Codec Pack 4.7.0 (Full)
Kazaa 3.2.7
Lexmark 510 Series
Macromedia Flash Player 8
MetFileRegenerator v3.0.16
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Application Error Reporting
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional με FrontPage
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
mIRC
Mozilla Firefox (3.5.2)
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MyDVD
NVIDIA Display Driver
PowerDVD
Radar Sync Bar
Runtime 8.0 Libraries
Security Update for CAPICOM (KB931906)
Segoe UI
Smart Defrag 1.20
Sonic DLA
Sonic RecordNow DX
Sonic Simple Backup
Sonic Update Manager
Space Invaders '96 : The Year We Make Contact
Spybot - Search & Destroy
Spybot - Search & Destroy 1.3
VideoLAN VLC media player 0.8.6
WebFldrs XP
Winamp
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Media Format Runtime
Windows XP Service Pack 3
WinRAR 3.70 – Εφαρμογή Διαχείρισης Συμπιεσμένων Αρχείων

==== End Of File ===========================

[Shaba]

Download gmer.zip and save to your desktop.
alternate download site

• Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.
• When you have done this, disconnect from the Internet and close all running programs.
  There is a small chance this application may crash your computer so save any work you have open.
• Double-click on Gmer.exe to start the program.
• Allow the gmer.sys driver to load if asked.
• If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
• Click on the Rootkit tab.
• Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
• Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
• Click on the "Scan" and wait for the scan to finish.
  Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
• When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
• Note: If you have any problems, try running GMER in SAFE MODE"

Important! Please do not select the "Show all" checkbox during the scan..

[in_the_woods]

Hi Shaba,

I am disappointed as the computer crashes over an over again before the scan is completed. Sometimes in the first two minutes , sometimes after 15-16 minutes of scanning , in both modes , safe and normal.

[Shaba]

Might be driver/heat/hardware problem, hard to say.

We will continue with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

http://www.bleepingcomputer.com/comb...o-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
If you need help to disable your protection programs see here.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.