• Welcome Guest, to the Spybot Forums! It's 2025, and we just upgraded our forum software.

    Today is Safer Internet Day, and with our new forum, you can finally use passkeys to login. That was about time!

    Of course, you could ask if a forum is still useful, with so many social media networks out there where you might already have an account, and met a lot of users. You can now use your login from some of those networks to log in here. And by posting here, your question and data is stored on our servers and not automatically shared with a whole social media network.

    We'll also start using the forum for small bits of information, announcements and more again.

Zlob.DNSChanger.Rtk help me!!

6

666das666

New member
i am a new user so forgive my possible post mistakes.

Zlob.DNSChanger.Rtk appears on ssd scans, no matter if i fix it. avast antivirus cant find it. it redirects my searches of google to some ad sites. my os is XP sp2 and i use firefox. i dont have any ideas on how to remove it so i need a little help.
 
Hi 666das666

Click here to download HJTInstall.exe
  • Save HJTInstall.exe to your desktop.
  • Doubleclick on the HJTInstall.exe icon on your desktop.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed, it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button, its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

Please post also spybot report :)
 
thanx for replying :devil:

thelog:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:56:01 μμ, on 13/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Συνδέσεις
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [PtiuPbmd] Rundll32.exe ptipbm.dll,SetWriteBack
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [FlashGet] "C:\Program Files\FlashGet\FlashGet.exe" /min
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 -noicon
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: CoreCenter.lnk = C:\Program Files\MSI\Core Center\CoreCenter.exe
O8 - Extra context menu item: Ε&ξαγωγή στο Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Έρευνα - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{27912658-32A1-4149-A7E4-9FCADB9F0F3A}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{31846F54-B100-4318-8ABD-D5CD36BE47A3}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{CFEB08BC-FC22-4531-A846-F7BC15CBEB63}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\..\{27912658-32A1-4149-A7E4-9FCADB9F0F3A}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\..\{27912658-32A1-4149-A7E4-9FCADB9F0F3A}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

--
End of file - 9167 bytes
 
:snorkle:
ssd report part1:


--- Search result list ---
Zlob.DNSChanger.Rtk: [SBI $FE3023DF] Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System=...KDFPO.EXE...


--- Spybot - Search & Destroy version: 1.5 (build: 20070830) ---

2007-08-31 blindman.exe (1.0.0.6)
2007-08-31 SDMain.exe (1.0.0.4)
2007-08-31 SDUpdate.exe (1.0.6.4)
2007-08-31 SDWinSec.exe (1.0.0.8)
2007-08-31 SpybotSD.exe (1.5.1.15)
2007-08-31 TeaTimer.exe (1.5.0.9)
2007-08-30 unins000.exe (51.41.0.0)
2008-01-27 unins001.exe (51.46.0.0)
2007-08-31 Update.exe (1.4.0.5)
2007-08-31 advcheck.dll (1.5.3.0)
2007-04-02 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2007-04-02 DelZip179.dll (1.79.5.3)
2007-08-31 SDHelper.dll (1.5.0.8)
2007-08-31 Tools.dll (2.1.2.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2008-02-06 Includes\Cookies.sbi (*)
2007-12-26 Includes\Dialer.sbi (*)
2008-02-06 Includes\DialerC.sbi (*)
2008-02-06 Includes\HeavyDuty.sbi (*)
2008-02-06 Includes\Hijackers.sbi (*)
2008-02-06 Includes\HijackersC.sbi (*)
2007-10-04 Includes\Keyloggers.sbi (*)
2008-02-06 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2008-01-16 Includes\Malware.sbi (*)
2008-02-06 Includes\MalwareC.sbi (*)
2007-10-24 Includes\PUPS.sbi (*)
2008-02-06 Includes\PUPSC.sbi (*)
2008-02-06 Includes\Revision.sbi (*)
2008-01-09 Includes\Security.sbi (*)
2008-02-06 Includes\SecurityC.sbi (*)
2008-01-23 Includes\Spybots.sbi (*)
2008-02-06 Includes\SpybotsC.sbi (*)
2007-11-06 Includes\Tracks.uti
2008-02-06 Includes\Trojans.sbi (*)
2008-02-06 Includes\TrojansC.sbi (*)
2008-12-24 Plugins\TCPIPAddress.dll



--- System information ---
Windows XP (Build: 2600) Service Pack 2 (5.1.2600)
/ Internet Explorer 6 / SP1: Άμεση επιδιόρθωση για Windows XP - KB918439
/ Internet Explorer 6 / SP1: Άμεση επιδιόρθωση για Windows XP - KB918899
/ Internet Explorer 6 / SP1: Άμεση επιδιόρθωση για Windows XP - KB925486
/ Microsoft .NET Framework 2.0: This Security Update is for Microsoft .NET Framework 2.0. \n
If you later install a more recent service pack, this Security Update will be uninstalled automatically. \n
For more information, visit http://support.microsoft.com/kb/917283
/ Microsoft .NET Framework 2.0: This Security Update is for Microsoft .NET Framework 2.0. \n
If you later install a more recent service pack, this Security Update will be uninstalled automatically. \n
For more information, visit http://support.microsoft.com/kb/922770
/ Microsoft .NET Framework 2.0: This Security Update is for Microsoft .NET Framework 2.0. \n
If you later install a more recent service pack, this Security Update will be uninstalled automatically. \n
For more information, visit http://support.microsoft.com/kb/928365
/ MSXML4SP2: Security update for MSXML4 SP2 (KB936181)
/ Outlook Express 6 / SP1: Άμεση επιδιόρθωση για Windows XP - KB911567
/ Windows / SP1: Microsoft Internationalized Domain Names Mitigation APIs
/ Windows / SP1: Microsoft National Language Support Downlevel APIs
/ Windows Media Player 6.4: Ενημερωμένη έκδοση ασφαλείας για το Windows Media Player 6.4 (KB925398)
/ Windows Media Player 8: Ενημερωμένη έκδοση ασφαλείας για το Windows Media Player 8 (KB917734)
/ Windows Media Player 9: Ενημερωμένη έκδοση ασφαλείας για το Windows Media Player 9 (KB917734)
/ Windows Media Player 9: Ενημερωμένη έκδοση ασφαλείας για το Windows Media Player 9 (KB936782)
/ Windows XP: Ενημερωμένη έκδοση ασφαλείας για Windows XP (KB923689)
/ Windows XP: Ενημερωμένη έκδοση ασφαλείας για Windows XP (KB941569)
/ Windows XP / SP0: Ενημέρωση ασφαλείας για Windows Internet Explorer 7 (KB938127)
/ Windows XP / SP0: Ενημέρωση ασφαλείας για Windows Internet Explorer 7 (KB939653)
/ Windows XP / SP0: Ενημέρωση ασφαλείας για Windows Internet Explorer 7 (KB942615)
/ Windows XP / SP2: Windows XP Service Pack 2
/ Windows XP / SP3: Άμεση επιδιόρθωση για Windows XP - KB873339
/ Windows XP / SP3: Άμεση επιδιόρθωση για Windows XP - KB885835
/ Windows XP / SP3: Άμεση επιδιόρθωση για Windows XP - KB885836
/ Windows XP / SP3: Άμεση επιδιόρθωση για Windows XP - KB886185
/ Windows XP / SP3: Άμεση επιδιόρθωση για Windows XP - KB887472
/ Windows XP / SP3: Άμεση επιδιόρθωση για Windows XP - KB888302
/ Windows XP / SP3: Ενημέρωση ασφαλείας για Windows XP (KB890046)
/ Windows XP / SP3: Άμεση επιδιόρθωση για Windows XP - KB890859
/ Windows XP / SP3: Άμεση επιδιόρθωση για Windows XP - KB891781
/ Windows XP / SP3: Ενημέρωση ασφαλείας για Windows XP (KB893756)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Ενημέρωση ασφαλείας για Windows XP (KB896358)
/ Windows XP / SP3: Ενημέρωση ασφαλείας για Windows XP (KB896423)
/ Windows XP / SP3: Ενημέρωση ασφαλείας για Windows XP (KB896424)
/ Windows XP / SP3: Ενημέρωση ασφαλείας για Windows XP (KB896428)
/ Windows XP / SP3: Ενημέρωση για Windows XP (KB898461)
/ Windows XP / SP3: Ενημέρωση ασφαλείας για Windows XP (KB899587)
/ Windows XP / SP3: Ενημέρωση ασφαλείας για Windows XP (KB899589)
/ Windows XP / SP3: Ενημέρωση ασφαλείας για Windows XP (KB899591)
/ Windows XP / SP3: Ενημέρωση για Windows XP (KB900485)
/ Windows XP / SP3: Ενημέρωση ασφαλείας για Windows XP (KB900725)
/ Windows XP / SP3: Ενημέρωση ασφαλείας για Windows XP (KB901017)
/ Windows XP / SP3: Ενημέρωση ασφαλείας για Windows XP (KB901214)
/ Windows XP / SP3: Ενημέρωση ασφαλείας για Windows XP (KB902400)
/ Windows XP / SP3: Ενημέρωση ασφαλείας για Windows XP (KB904706)
/ Windows XP / SP3: Ενημέρωση για Windows XP (KB904942)
/ Windows XP / SP3: Ενημέρωση ασφαλείας για Windows XP (KB905414)
/ Windows XP / SP3: Ενημέρωση ασφαλείας για Windows XP (KB905749)
/ Windows XP / SP3: Ενημέρωση ασφαλείας για Windows XP (KB908519)
/ Windows XP / SP3: Ενημέρωση για Windows XP (KB908531)
/ Windows XP / SP3: Ενημέρωση για Windows XP (KB910437)
/ Windows XP / SP3: Ενημέρωση για Windows XP (KB911280)
/ Windows XP / SP3: Ενημέρωση ασφαλείας για Windows XP (KB911562)
/ Windows XP / SP3: Ενημέρωση ασφαλείας για Windows XP (KB911927)
/ Windows XP / SP3: Ενημέρωση ασφαλείας για Windows XP (KB912919)
/ Windows XP / SP3: Ενημέρωση ασφαλείας για Windows XP (KB913580)
/ Windows XP / SP3: Ενημέρωση ασφαλείας για Windows XP (KB914388)
/ Windows XP / SP3: Ενημέρωση ασφαλείας για Windows XP (KB914389)
/ Windows XP / SP3: Επείγουσα επιδιόρθωση για Windows XP (KB914440)
/ Windows XP / SP3: Hotfix for Windows XP (KB915865)
/ Windows XP / SP3: Ενημέρωση για Windows XP (KB916595)
/ Windows XP / SP3: Ενημέρωση ασφαλείας για Windows XP (KB917344)
/ Windows XP / SP3: Ενημέρωση ασφαλείας για Windows XP (KB917422)
/ Windows XP / SP3: Ενημέρωση ασφαλείας για Windows XP (KB917953)
/ Windows XP / SP3: Ενημέρωση ασφαλείας για Windows XP (KB918118)
/ Windows XP / SP3: Ενημέρωση ασφαλείας για Windows XP (KB919007)
/ Windows XP / SP3: Ενημέρωση ασφαλείας για Windows XP (KB920213)
/ Windows XP / SP3: Ενημέρωση ασφαλείας για Windows XP (KB920670)
/ Windows XP / SP3: Ενημέρωση ασφαλείας για Windows XP (KB920683)
/ Windows XP / SP3: Ενημέρωση ασφαλείας για Windows XP (KB920685)
/ Windows XP / SP3: Ενημέρωση για Windows XP (KB920872)
/ Windows XP / SP3: Ενημέρωση ασφαλείας για Windows XP (KB921398)
/ Windows XP / SP3: Ενημέρωση ασφαλείας για Windows XP (KB921503)
/ Windows XP / SP3: Ενημέρωση ασφαλείας για Windows XP (KB921883)
/ Windows XP / SP3: Ενημέρωση για Windows XP (KB922582)
/ Windows XP / SP3: Ενημέρωση ασφαλείας για Windows XP (KB922616)
/ Windows XP / SP3: Ενημέρωση ασφαλείας για Windows XP (KB922819)
/ Windows XP / SP3: Ενημέρωση ασφαλείας για Windows XP (KB923191)
/ Windows XP / SP3: Ενημέρωση ασφαλείας για Windows XP (KB923414)
/ Windows XP / SP3: Ενημέρωση ασφαλείας για Windows XP (KB923694)
/ Windows XP / SP3: Ενημέρωση ασφαλείας για Windows XP (KB923980)
/ Windows XP / SP3: Ενημέρωση ασφαλείας για Windows XP (KB924191)
/ Windows XP / SP3: Ενημέρωση ασφαλείας για Windows XP (KB924270)
/ Windows XP / SP3: Ενημέρωση ασφαλείας για Windows XP (KB924496)
/ Windows XP / SP3: Ενημέρωση ασφαλείας για Windows XP (KB924667)
/ Windows XP / SP3: Ενημέρωση ασφαλείας για Windows XP (KB925902)
/ Windows XP / SP3: Ενημέρωση ασφαλείας για Windows XP (KB926255)
/ Windows XP / SP3: Ενημέρωση ασφαλείας για Windows XP (KB926436)
/ Windows XP / SP3: Ενημέρωση ασφαλείας για Windows XP (KB927779)
/ Windows XP / SP3: Ενημέρωση ασφαλείας για Windows XP (KB927802)
/ Windows XP / SP3: Ενημέρωση για Windows XP (KB927891)
/ Windows XP / SP3: Ενημέρωση ασφαλείας για Windows XP (KB928090)
/ Windows XP / SP3: Ενημέρωση ασφαλείας για Windows XP (KB928255)
/ Windows XP / SP3: Ενημέρωση ασφαλείας για Windows XP (KB928843)
/ Windows XP / SP3: Ενημέρωση ασφαλείας για Windows XP (KB929123)
/ Windows XP / SP3: Ενημέρωση για Windows XP (KB929338)
/ Windows XP / SP3: Ενημέρωση ασφαλείας για Windows XP (KB929969)
/ Windows XP / SP3: Ενημέρωση ασφαλείας για Windows XP (KB930178)
/ Windows XP / SP3: Ενημέρωση για Windows XP (KB930916)
/ Windows XP / SP3: Ενημέρωση ασφαλείας για Windows XP (KB931261)
/ Windows XP / SP3: Ενημέρωση ασφαλείας για Windows XP (KB931768)
/ Windows XP / SP3: Ενημέρωση ασφαλείας για Windows XP (KB931784)
/ Windows XP / SP3: Ενημέρωση για Windows XP (KB931836)
/ Windows XP / SP3: Ενημέρωση ασφαλείας για Windows XP (KB932168)
/ Windows XP / SP3: Ενημέρωση για Windows XP (KB933360)
/ Windows XP / SP3: Ενημέρωση ασφαλείας για Windows XP (KB933566)
/ Windows XP / SP3: Ενημέρωση ασφαλείας για Windows XP (KB933729)
/ Windows XP / SP3: Ενημέρωση ασφαλείας για Windows XP (KB935839)
/ Windows XP / SP3: Ενημέρωση ασφαλείας για Windows XP (KB935840)
/ Windows XP / SP3: Ενημέρωση ασφαλείας για Windows XP (KB936021)
/ Windows XP / SP3: Ενημέρωση ασφαλείας για Windows XP (KB937143)
/ Windows XP / SP3: Ενημέρωση ασφαλείας για Windows XP (KB937894)
/ Windows XP / SP3: Ενημέρωση ασφαλείας για Windows XP (KB938127)
/ Windows XP / SP3: Ενημέρωση για Windows XP (KB938828)
/ Windows XP / SP3: Ενημέρωση ασφαλείας για Windows XP (KB938829)
/ Windows XP / SP3: Ενημέρωση ασφαλείας για Windows XP (KB939653)
/ Windows XP / SP3: Ενημέρωση ασφαλείας για Windows XP (KB941202)
/ Windows XP / SP3: Ενημέρωση ασφαλείας για Windows XP (KB941568)
/ Windows XP / SP3: Ενημέρωση ασφαλείας για Windows XP (KB941644)
/ Windows XP / SP3: Ενημέρωση για Windows XP (KB942763)
/ Windows XP / SP3: Ενημέρωση ασφαλείας για Windows XP (KB943460)
/ Windows XP / SP3: Ενημέρωση ασφαλείας για Windows XP (KB943485)
/ Windows XP / SP3: Ενημέρωση ασφαλείας για Windows XP (KB944653)


--- Startup entries list ---
Located: HK_LM:Run, {0228e555-4f9c-4e35-a3ec-b109a192b4c2}
command: C:\Program Files\Google\Gmail Notifier\gnotify.exe
file: C:\Program Files\Google\Gmail Notifier\gnotify.exe
size: 479232
MD5: 3DF7AC30A381C57D0C70EAEFEE3C4EF2

Located: HK_LM:Run, avast!
command: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
file: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
size: 79224
MD5: 88D86112DD9F2BB6A603674706C7E846

Located: HK_LM:Run, Easy-PrintToolBox
command: C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, FlashGet
command: "C:\Program Files\FlashGet\FlashGet.exe" /min
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, HP Software Update
command: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
file: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
size: 49152
MD5: 7AF5A466CF4AECA28E3DCBCF5B6FD220

Located: HK_LM:Run, NeroFilterCheck
command: C:\WINDOWS\system32\NeroCheck.exe
file: C:\WINDOWS\system32\NeroCheck.exe
size: 155648
MD5: 3E4C03CEFAD8DE135263236B61A49C90

Located: HK_LM:Run, NvCplDaemon
command: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, NvMediaCenter
command: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, nwiz
command: nwiz.exe /install
file: C:\WINDOWS\system32\nwiz.exe
size: 1622016
MD5: 0294E2A5E89BF786F24A9CC2FD753191

Located: HK_LM:Run, PtiuPbmd
command: Rundll32.exe ptipbm.dll,SetWriteBack
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
file: C:\Program Files\QuickTime\qttask.exe
size: 286720
MD5: C41FE114D9D7710EDA1189D304D85088

Located: HK_LM:Run, RaidTool
command: C:\Program Files\VIA\RAID\raid_tool.exe
file: C:\Program Files\VIA\RAID\raid_tool.exe
size: 1060864
MD5: 54A5D33C1406B7216B8D30096DD74F4C

Located: HK_LM:Run, RemoteControl
command: "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
file: C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
size: 32768
MD5: 8FB740D758B14B1BC950CC347C21E461

Located: HK_LM:Run, SoundMan
command: SOUNDMAN.EXE
file: C:\WINDOWS\SOUNDMAN.EXE
size: 577536
MD5: FB1BC9A15A3DF6CFD446E1B3BD0B5099

Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
file: C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
size: 83608
MD5: 9C1C80BBF8E6044980890E2D2D91091C

Located: HK_CU:Run, CTFMON.EXE
where: .DEFAULT...
command: C:\WINDOWS\System32\CTFMON.EXE
file: C:\WINDOWS\System32\CTFMON.EXE
size: 15360
MD5: E510F9CFE8618B2AA839BAC607255E51

Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-19...
command: C:\WINDOWS\System32\CTFMON.EXE
file: C:\WINDOWS\System32\CTFMON.EXE
size: 15360
MD5: E510F9CFE8618B2AA839BAC607255E51

Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-20...
command: C:\WINDOWS\System32\CTFMON.EXE
file: C:\WINDOWS\System32\CTFMON.EXE
size: 15360
MD5: E510F9CFE8618B2AA839BAC607255E51

Located: HK_CU:Run, ctfmon.exe
where: S-1-5-21-1844237615-1177238915-839522115-1003...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: E510F9CFE8618B2AA839BAC607255E51

Located: HK_CU:Run, DAEMON Tools
where: S-1-5-21-1844237615-1177238915-839522115-1003...
command: "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 -noicon
file: C:\Program Files\DAEMON Tools\daemon.exe
size: 165784
MD5: 41EF114A880A09073DAAB645C38C5E4A

Located: HK_CU:Run, MsnMsgr
where: S-1-5-21-1844237615-1177238915-839522115-1003...
command: "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
file: C:\Program Files\MSN Messenger\MsnMsgr.Exe
size: 5674352
MD5: C4281AD865739E71FD1E4DAC19A68D60

Located: HK_CU:Run, SpybotSD TeaTimer
where: S-1-5-21-1844237615-1177238915-839522115-1003...
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 1460560
MD5: B7D4586BFC0DD6C3BE7DCCC252A3E97E

Located: HK_CU:Run, SsAAD.exe
where: S-1-5-21-1844237615-1177238915-839522115-1003...
command: C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
file: C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
size: 472632
MD5: 37CF61D1AACFCD87B418A86647493061

Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-18...
command: C:\WINDOWS\System32\CTFMON.EXE
file: C:\WINDOWS\System32\CTFMON.EXE
size: 15360
MD5: E510F9CFE8618B2AA839BAC607255E51

Located: Startup (common), Adobe Gamma Loader.lnk
where: C:\Documents and Settings\All Users\Start Menu\Προγράμματα\Εκκίνηση...
command: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
file: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
size: 113664
MD5: C2FF17734176CD15221C10044EF0BA1A

Located: Startup (common), CoreCenter.lnk
where: C:\Documents and Settings\All Users\Start Menu\Προγράμματα\Εκκίνηση...
command: C:\Program Files\MSI\Core Center\CoreCenter.exe
file: C:\Program Files\MSI\Core Center\CoreCenter.exe
size: 932864
MD5: 276592729AE3CD06ED49EBE92B794C3B

Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, WgaLogon
command: WgaLogon.dll
file: WgaLogon.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
 
:snorkle:
ssd report part2:



--- Browser helper object list ---
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: AcroIEHlprObj Class
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll
info link: http://www.adobe.com/products/acrobat/readstep2.html
info source: TonyKlein
Path: C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\
Long name: AcroIEHelper.ocx
Short name: ACROIE~1.OCX
Date (created): 2/4/2007 1:09:54 μμ
Date (last access): 13/2/2008 7:04:08 μμ
Date (last write): 2/3/2001 11:02:04 πμ
Filesize: 37808
Attributes:
MD5: 8394ABFC1BE196A62C9F532511936DF7
CRC32: 71D6E350
Version: 1.0.0.1

{53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Spybot-S&D IE Protection
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\PROGRA~1\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 30/8/2007 7:40:30 μμ
Date (last access): 13/2/2008 7:04:06 μμ
Date (last write): 31/8/2007 4:46:14 μμ
Filesize: 1122128
Attributes: archive
MD5: B8958471DAA4481E93B03DF8F991DD6E
CRC32: 35E35F14
Version: 1.5.0.8

{68F9551E-0411-48E4-9AAF-4BC42A6A46BE} (Canon Easy Web Print Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: Canon Easy Web Print Helper
CLSID name: EWPBrowseObject Class
Path: C:\Program Files\Canon\Easy-WebPrint\
Long name: EWPBrowseLoader.dll
Short name: EWPBRO~1.DLL
Date (created): 29/5/2007 10:59:08 μμ
Date (last access): 13/2/2008 7:04:08 μμ
Date (last write): 9/6/2006 1:37:54 μμ
Filesize: 34304
Attributes: archive
MD5: 64E5EEE4FF6B9EF96CEB013CF20FA308
CRC32: DA0DB9C8
Version: 2.6.4.1

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: SSVHelper Class
Path: C:\Program Files\Java\jre1.6.0_01\bin\
Long name: ssv.dll
Short name:
Date (created): 1/5/2007 1:31:16 πμ
Date (last access): 13/2/2008 7:04:08 μμ
Date (last write): 14/3/2007 2:43:40 πμ
Filesize: 501400
Attributes: archive
MD5: 70FD57D6EDBED8D80C1995257C99D27E
CRC32: 3CE654AC
Version: 6.0.10.6

{7E853D72-626A-48EC-A868-BA8D5E23E045} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:

{9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Windows Live Sign-in Helper
Path: C:\Program Files\Common Files\Microsoft Shared\Windows Live\
Long name: WindowsLiveLogin.dll
Short name: WINDOW~1.DLL
Date (created): 31/8/2006 7:33:06 μμ
Date (last access): 13/2/2008 7:04:08 μμ
Date (last write): 31/8/2006 7:33:06 μμ
Filesize: 322368
Attributes: archive
MD5: E43F7CFDEE2B00A22C96C168147B20D3
CRC32: 2AEACC43
Version: 4.100.313.1



--- ActiveX list ---
Microsoft XML Parser for Java (Microsoft XML Parser for Java)
DPF name: Microsoft XML Parser for Java
CLSID name:
Installer:
Codebase: file:///C:/WINDOWS/Java/classes/xmldso.cab
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\xmldso.cab
info link:
info source: Patrick M. Kolla

{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object)
DPF name:
CLSID name: CKAVWebScan Object
Installer: C:\WINDOWS\Downloaded Program Files\kavwebscan.inf
Codebase: http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
description:
classification: Legitimate
known filename:
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\
Long name: kavwebscan.dll
Short name: KAVWEB~1.DLL
Date (created): 29/8/2007 3:49:54 μμ
Date (last access): 13/2/2008 7:04:08 μμ
Date (last write): 29/8/2007 3:49:54 μμ
Filesize: 950272
Attributes: archive
MD5: BC915C49931CE46222F9B0A7EFB56CEE
CRC32: 11048171
Version: 5.0.98.0

{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_01
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre1.6.0_01\bin\
Long name: npjpi160_01.dll
Short name: NPJPI1~1.DLL
Date (created): 14/3/2007 1:04:46 πμ
Date (last access): 13/2/2008 7:04:08 μμ
Date (last write): 14/3/2007 2:43:42 πμ
Filesize: 132760
Attributes: archive
MD5: F112FB2FD2EF66D439799E3F834DF000
CRC32: D2B09219
Version: 6.0.0.6

{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class)
DPF name:
CLSID name: ActiveScan Installer Class
Installer: C:\WINDOWS\Downloaded Program Files\asinst.inf
Codebase: http://acs.pandasoftware.com/activescan/as5free/asinst.cab
description:
classification: Legitimate
known filename: ASINST.DLL
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: asinst.dll
Short name:
Date (created): 24/8/2006 7:28:54 πμ
Date (last access): 13/2/2008 7:03:48 μμ
Date (last write): 24/8/2006 7:28:54 πμ
Filesize: 141424
Attributes: archive
MD5: CB0EBD772D7D003BD11A999FF515A89A
CRC32: 3CFE74C1
Version: 58.6.0.0

{BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner)
DPF name:
CLSID name: a-squared Scanner
Installer:
Codebase: http://ax.emsisoft.com/asquared.cab
description:
classification: Legitimate
known filename: axscan.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\DOWNLO~1\
Long name: asquared.ocx
Short name:
Date (created): 2/7/2007 3:44:26 μμ
Date (last access): 13/2/2008 7:04:08 μμ
Date (last write): 2/7/2007 3:44:26 μμ
Filesize: 941688
Attributes: archive
MD5: 1E80F3093FA93340A61174AB5F371457
CRC32: E2D562DD
Version: 3.0.0.3

{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_01
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi160_01.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.6.0_01\bin\
Long name: npjpi160_01.dll
Short name: NPJPI1~1.DLL
Date (created): 14/3/2007 1:04:46 πμ
Date (last access): 13/2/2008 7:04:08 μμ
Date (last write): 14/3/2007 2:43:42 πμ
Filesize: 132760
Attributes: archive
MD5: F112FB2FD2EF66D439799E3F834DF000
CRC32: D2B09219
Version: 6.0.0.6

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_01
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.6.0_01\bin\
Long name: npjpi160_01.dll
Short name: NPJPI1~1.DLL
Date (created): 14/3/2007 1:04:46 πμ
Date (last access): 13/2/2008 7:04:08 μμ
Date (last write): 14/3/2007 2:43:42 πμ
Filesize: 132760
Attributes: archive
MD5: F112FB2FD2EF66D439799E3F834DF000
CRC32: D2B09219
Version: 6.0.0.6

{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf
Codebase: http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\Macromed\Flash\
Long name: Flash9b.ocx
Short name:
Date (created): 9/11/2006 1:46:28 μμ
Date (last access): 13/2/2008 7:04:08 μμ
Date (last write): 9/11/2006 1:46:28 μμ
Filesize: 2262648
Attributes: readonly archive
MD5: F3B3EE66CA76C94510555ABE9D00A353
CRC32: A51F3CB4
Version: 9.0.28.0
 
:snorkle:
ssd report part3:



--- Process list ---
PID: 0 ( 0) [System]
PID: 608 ( 0) \SystemRoot\System32\smss.exe
size: 50688
PID: 680 ( 0) \??\C:\WINDOWS\system32\csrss.exe
size: 6144
PID: 704 ( 0) \??\C:\WINDOWS\system32\winlogon.exe
size: 508416
PID: 748 ( 0) C:\WINDOWS\system32\services.exe
size: 108544
MD5: 1F4074C8027DFA38A1AB8ACA6967C783
PID: 760 ( 0) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 0B11F8AFFBB80D0A6A728216FAD68343
PID: 920 ( 0) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: D0488D4C9C04CA3FFDA71D8A0D7959FA
PID: 1004 ( 0) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: D0488D4C9C04CA3FFDA71D8A0D7959FA
PID: 1096 ( 0) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: D0488D4C9C04CA3FFDA71D8A0D7959FA
PID: 1164 ( 0) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: D0488D4C9C04CA3FFDA71D8A0D7959FA
PID: 1364 ( 0) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: D0488D4C9C04CA3FFDA71D8A0D7959FA
PID: 1440 ( 0) C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
size: 17272
MD5: 591E7CDF35DE74D55CD462A13FBADE5E
PID: 1524 ( 0) C:\Program Files\Alwil Software\Avast4\ashServ.exe
size: 140664
MD5: DBBB6E20EC8C38902C4935B249AEBE2A
PID: 1700 ( 0) C:\WINDOWS\Explorer.EXE
size: 1037824
MD5: AD3142E6012B955DFEF6831E6D4C19CD
PID: 1960 ( 0) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: DA81EC57ACD4CDC3D4C51CF3D409AF9F
PID: 476 ( 0) C:\WINDOWS\system32\nvsvc32.exe
size: 159810
MD5: 0FEBE37DB6650FAA5965C00545009D1D
PID: 516 ( 0) C:\WINDOWS\system32\wdfmgr.exe
size: 38912
MD5: AB0A7CA90D9E3D6A193905DC1715DED0
PID: 1604 ( 0) C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
size: 247160
MD5: 36088BA16E85C081D7BC48725872D540
PID: 1904 ( 0) C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
size: 345464
MD5: 86ACF7955F4DB72880F61D724A97855A
PID: 548 ( 0) C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
size: 79224
MD5: 88D86112DD9F2BB6A603674706C7E846
PID: 1420 ( 0) C:\WINDOWS\System32\alg.exe
size: 44544
MD5: A9F056C108494B2480143B85275A4257
PID: 2212 ( 0) C:\Program Files\VIA\RAID\raid_tool.exe
size: 1060864
MD5: 54A5D33C1406B7216B8D30096DD74F4C
PID: 2252 ( 0) C:\WINDOWS\system32\RUNDLL32.EXE
size: 33792
MD5: 48D10D9EE7A910C083570B777AD89CB7
PID: 2268 ( 0) C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
size: 32768
MD5: 8FB740D758B14B1BC950CC347C21E461
PID: 2460 ( 0) C:\Program Files\Google\Gmail Notifier\gnotify.exe
size: 479232
MD5: 3DF7AC30A381C57D0C70EAEFEE3C4EF2
PID: 2556 ( 0) C:\WINDOWS\SOUNDMAN.EXE
size: 577536
MD5: FB1BC9A15A3DF6CFD446E1B3BD0B5099
PID: 2572 ( 0) C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
size: 83608
MD5: 9C1C80BBF8E6044980890E2D2D91091C
PID: 2664 ( 0) C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
size: 49152
MD5: 7AF5A466CF4AECA28E3DCBCF5B6FD220
PID: 2788 ( 0) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: D0488D4C9C04CA3FFDA71D8A0D7959FA
PID: 2808 ( 0) C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
size: 472632
MD5: 37CF61D1AACFCD87B418A86647493061
PID: 2820 ( 0) C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: E510F9CFE8618B2AA839BAC607255E51
PID: 2916 ( 0) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 1460560
MD5: B7D4586BFC0DD6C3BE7DCCC252A3E97E
PID: 3444 ( 0) C:\Program Files\MSN Messenger\usnsvc.exe
size: 97136
MD5: C5B70A6AA947667CE0E5FC84A05EC8B6
PID: 3608 ( 0) C:\Program Files\Winamp\winamp.exe
size: 1075200
MD5: AB967E74D20C8024691FD0CFBE54BB6B
PID: 888 ( 0) C:\Program Files\Mozilla Firefox\firefox.exe
size: 7655024
MD5: 5F5DB4D92B7095DAED04689DB6DFD586
PID: 840 ( 0) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4943184
MD5: C92780F50B8BB7A89E919585916494A9


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 13/2/2008 7:27:04 μμ

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{27912658-32A1-4149-A7E4-9FCADB9F0F3A}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{27912658-32A1-4149-A7E4-9FCADB9F0F3A}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{CFEB08BC-FC22-4531-A846-F7BC15CBEB63}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{CFEB08BC-FC22-4531-A846-F7BC15CBEB63}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{31846F54-B100-4318-8ABD-D5CD36BE47A3}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{31846F54-B100-4318-8ABD-D5CD36BE47A3}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{CDB11816-1439-4C91-9490-66D1EEB1B974}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{CDB11816-1439-4C91-9490-66D1EEB1B974}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{69E1BA2D-BEF8-4CC1-8119-9F2C5A8B916B}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{69E1BA2D-BEF8-4CC1-8119-9F2C5A8B916B}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS

Namespace Provider 2: Χώρος ονόματος Network Location Awareness (NLA)
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace
 
Hi

Wareout there.

Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://download.bleepingcomputer.com/lonny/Fixwareout.exe

  • Save it to your desktop and run it. Click Next, then Install, make sure Run fixit is checked and click Finish.
  • The fix will begin; follow the prompts.
  • You will be asked to reboot your computer; please do so.
  • Your system may take longer than usual to load; this is normal.
  • Once the desktop loads, post the text that will open (report.txt) and a new Hijackthis log in the forum please.
 
fixwareout report:



Username "das" - 13/02/2008 20:16:50 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check
HKLM\SOFTWARE\~\Winlogon\ "System"="kdfpo.exe"

Πέτυχε η εκκένωση της μνήμης cache Ανάλυσης DNS.


System was rebooted successfully.

~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system"=""
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....
~~~~~ Other
C:\WINDOWS\Temp\kdfpo.ren 73818 13/06/2007

~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"RaidTool"="C:\\Program Files\\VIA\\RAID\\raid_tool.exe"
"PtiuPbmd"="Rundll32.exe ptipbm.dll,SetWriteBack"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"FlashGet"="\"C:\\Program Files\\FlashGet\\FlashGet.exe\" /min"
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\\Program Files\\Google\\Gmail Notifier\\gnotify.exe"
"SoundMan"="SOUNDMAN.EXE"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
"Easy-PrintToolBox"="C:\\Program Files\\Canon\\Easy-PrintToolBox\\BJPSMAIN.EXE /logon"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033 -noicon"
"SsAAD.exe"="C:\\PROGRA~1\\Sony\\SONICS~1\\SsAAD.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"SpybotSD TeaTimer"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~
 
HJT log:



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:26:32 μμ, on 13/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\notepad.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\MSI\Core Center\CoreCenter.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Συνδέσεις
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [PtiuPbmd] Rundll32.exe ptipbm.dll,SetWriteBack
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [FlashGet] "C:\Program Files\FlashGet\FlashGet.exe" /min
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 -noicon
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: CoreCenter.lnk = C:\Program Files\MSI\Core Center\CoreCenter.exe
O8 - Extra context menu item: Ε&ξαγωγή στο Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Έρευνα - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{27912658-32A1-4149-A7E4-9FCADB9F0F3A}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{31846F54-B100-4318-8ABD-D5CD36BE47A3}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{CFEB08BC-FC22-4531-A846-F7BC15CBEB63}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\..\{27912658-32A1-4149-A7E4-9FCADB9F0F3A}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\..\{27912658-32A1-4149-A7E4-9FCADB9F0F3A}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

--
End of file - 9027 bytes
 
Hi

Sure :)

Do also this:

Open HijackThis, click do a system scan only and checkmark these:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O17 - HKLM\System\CCS\Services\Tcpip\..\{27912658-32A1-4149-A7E4-9FCADB9F0F3A}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{31846F54-B100-4318-8ABD-D5CD36BE47A3}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{CFEB08BC-FC22-4531-A846-F7BC15CBEB63}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\..\{27912658-32A1-4149-A7E4-9FCADB9F0F3A}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\..\{27912658-32A1-4149-A7E4-9FCADB9F0F3A}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222

Close all windows including browser and press fix checked.

Reboot.

Empty this folder:

C:\WINDOWS\Temp

Empty Recycle Bin.

Post back a fresh HijackThis log.
 
new HJT log:



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:08:20 μμ, on 13/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\MSI\Core Center\CoreCenter.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Συνδέσεις
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [PtiuPbmd] Rundll32.exe ptipbm.dll,SetWriteBack
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [FlashGet] "C:\Program Files\FlashGet\FlashGet.exe" /min
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 -noicon
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: CoreCenter.lnk = C:\Program Files\MSI\Core Center\CoreCenter.exe
O8 - Extra context menu item: Ε&ξαγωγή στο Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Έρευνα - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

--
End of file - 8148 bytes
 
Hi

Please do an online scan with Kaspersky Online Scanner. You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then start to download the latest definition files.
  • Once the scanner is installed and the definitions downloaded, click Next.
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:

    o Scan using the following Anti-Virus database:

    + Extended (If available otherwise Standard)

    o Scan Options:

    + Scan Archives
    + Scan Mail Bases
  • Click OK
  • Now under select a target to scan select My Computer
  • The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Note: This scanner will work with Internet Explorer Only!

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the license, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

Post:

- a fresh HijackThis log
- kaspersky report
 
kav report:



*KASPERSKY ONLINE SCANNER REPORT*
Friday, February 15, 2008 2:44:07 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2
(Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 14/02/2008
Kaspersky Anti-Virus database records: 565487

*Scan Settings*
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
*Scan Target* My Computer
A:\
C:\
D:\
E:\
F:\
G:\
H:\
*Scan Statistics*
Total number of scanned objects 137057
Number of viruses found 6
Number of infected objects 21
Number of suspicious objects 0
Duration of the scan process 01:54:47


*Infected Object Name* *Virus Name* *Last Action*
C:\Documents and Settings\All Users\Application
Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application
Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\das\Application
Data\Mozilla\Firefox\Profiles\959mu661.default\cert8.db Object is
locked skipped
C:\Documents and Settings\das\Application
Data\Mozilla\Firefox\Profiles\959mu661.default\flashgot.log Object is
locked skipped
C:\Documents and Settings\das\Application
Data\Mozilla\Firefox\Profiles\959mu661.default\history.dat Object is
locked skipped
C:\Documents and Settings\das\Application
Data\Mozilla\Firefox\Profiles\959mu661.default\key3.db Object is
locked skipped
C:\Documents and Settings\das\Application
Data\Mozilla\Firefox\Profiles\959mu661.default\parent.lock Object is
locked skipped
C:\Documents and Settings\das\Application
Data\Mozilla\Firefox\Profiles\959mu661.default\search.sqlite Object is
locked skipped
C:\Documents and Settings\das\Application
Data\Mozilla\Firefox\Profiles\959mu661.default\urlclassifier2.sqlite
Object is locked skipped
C:\Documents and Settings\das\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\das\Local Settings\Application
Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\das\Local Settings\Application
Data\Microsoft\Messenger\ugha@hotmail.com\SharingMetadata\Logs\Dfsr00005.log
Object is locked skipped
C:\Documents and Settings\das\Local Settings\Application
Data\Microsoft\Messenger\ugha@hotmail.com\SharingMetadata\pending.dat
Object is locked skipped
C:\Documents and Settings\das\Local Settings\Application
Data\Microsoft\Messenger\ugha@hotmail.com\SharingMetadata\Working\database_1428_8E59_288E_3A2E\dfsr.db
Object is locked skipped
C:\Documents and Settings\das\Local Settings\Application
Data\Microsoft\Messenger\ugha@hotmail.com\SharingMetadata\Working\database_1428_8E59_288E_3A2E\fsr.log
Object is locked skipped
C:\Documents and Settings\das\Local Settings\Application
Data\Microsoft\Messenger\ugha@hotmail.com\SharingMetadata\Working\database_1428_8E59_288E_3A2E\fsrtmp.log
Object is locked skipped
C:\Documents and Settings\das\Local Settings\Application
Data\Microsoft\Messenger\ugha@hotmail.com\SharingMetadata\Working\database_1428_8E59_288E_3A2E\tmp.edb
Object is locked skipped
C:\Documents and Settings\das\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\das\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\das\Local Settings\Application
Data\Microsoft\Windows Live
Contacts\ugha@hotmail.com\real\members.stg Object is locked skipped
C:\Documents and Settings\das\Local Settings\Application
Data\Microsoft\Windows Live
Contacts\ugha@hotmail.com\shadow\members.stg Object is locked skipped
C:\Documents and Settings\das\Local Settings\Application
Data\Mozilla\Firefox\Profiles\959mu661.default\Cache\_CACHE_001_ Object
is locked skipped
C:\Documents and Settings\das\Local Settings\Application
Data\Mozilla\Firefox\Profiles\959mu661.default\Cache\_CACHE_002_ Object
is locked skipped
C:\Documents and Settings\das\Local Settings\Application
Data\Mozilla\Firefox\Profiles\959mu661.default\Cache\_CACHE_003_ Object
is locked skipped
C:\Documents and Settings\das\Local Settings\Application
Data\Mozilla\Firefox\Profiles\959mu661.default\Cache\_CACHE_MAP_ Object
is locked skipped
C:\Documents and Settings\das\Local
Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\das\Local
Settings\History\History.IE5\MSHist012008021420080215\index.dat Object
is locked skipped
C:\Documents and Settings\das\Local Settings\Temp\~DF4BA4.tmp Object is
locked skipped
C:\Documents and Settings\das\Local Settings\Temp\~DF4BBD.tmp Object is
locked skipped
C:\Documents and Settings\das\Local Settings\Temp\~DFA67.tmp Object is
locked skipped
C:\Documents and Settings\das\Local Settings\Temp\~DFB4E.tmp Object is
locked skipped
C:\Documents and Settings\das\Local Settings\Temporary Internet
files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is
locked skipped
C:\Documents and Settings\das\Local Settings\Temporary Internet
files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\das\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\das\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\das\Επιφάνεια εργασίας\ugha
SCRIPT\backup\mirc.exe Infected:
not-a-virus:Client-IRC.Win32.mIRC.614 skipped
C:\Documents and Settings\das\Επιφάνεια εργασίας\ugha
SCRIPT\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.614
skipped
C:\Documents and Settings\das\Επιφάνεια εργασίας\ugha
SCRIPT\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
C:\Documents and Settings\LocalService\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local
Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local
Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary
Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked
skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is
locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is
locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local
Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary
Internet files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked
skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is
locked skipped
C:\Downloads\firefox
downloads\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected:
not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Downloads\firefox downloads\SmitfraudFix.exe/data.rar Infected:
not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Downloads\firefox downloads\SmitfraudFix.exe RarSFX: infected - 2
skipped
C:\Downloads\firefox
downloads\SmitfraudFix.zip/SmitfraudFix/Reboot.exe Infected:
not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Downloads\firefox downloads\SmitfraudFix.zip ZIP: infected - 1 skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is
locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is
locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int Object is
locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is
locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is
locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is
locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\report\Resident
protection.txt Object is locked skipped
C:\Program Files\Mozilla Firefox\SmitfraudFix\Reboot.exe Infected:
not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is
locked skipped
C:\System Volume
Information\_restore{4FF204C9-1B7F-4FEC-A198-FC6ECA31EB2D}\RP374\A0054207.exe/data0001
Infected: Trojan.Win32.DNSChanger.arn skipped
C:\System Volume
Information\_restore{4FF204C9-1B7F-4FEC-A198-FC6ECA31EB2D}\RP374\A0054207.exe
NSIS: infected - 1 skipped
C:\System Volume
Information\_restore{4FF204C9-1B7F-4FEC-A198-FC6ECA31EB2D}\RP394\A0059909.exe
Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume
Information\_restore{4FF204C9-1B7F-4FEC-A198-FC6ECA31EB2D}\RP396\A0060063.exe
Infected: Trojan.Win32.DNSChanger.apn skipped
C:\System Volume
Information\_restore{4FF204C9-1B7F-4FEC-A198-FC6ECA31EB2D}\RP397\change.log
Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked
skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked
skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked
skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked
skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked
skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked
skipped
C:\WINDOWS\Temp\Perflib_Perfdata_5d0.dat Object is locked skipped
C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\ughaSCRIPT\backup\mirc.exe Infected:
not-a-virus:Client-IRC.Win32.mIRC.614 skipped
D:\ughaSCRIPT\mIRC\mirc.exe Infected:
not-a-virus:Client-IRC.Win32.mIRC.614 skipped
D:\ughaSCRIPT\mirc.exe Infected:
not-a-virus:Client-IRC.Win32.mIRC.616 skipped
D:\mpakamp mpzilea\aplo mIRC\mirc.exe Infected:
not-a-virus:Client-IRC.Win32.mIRC.614 skipped
D:\mpakamp mpzilea\ughaSCRIPT\backup\mirc.exe Infected:
not-a-virus:Client-IRC.Win32.mIRC.614 skipped
D:\mpakamp mpzilea\ughaSCRIPT\mIRC\mirc.exe Infected:
not-a-virus:Client-IRC.Win32.mIRC.614 skipped
D:\mpakamp mpzilea\ughaSCRIPT\mirc.exe Infected:
not-a-virus:Client-IRC.Win32.mIRC.616 skipped
D:\mpakamp mpzilea\mirc aplo\mirc.exe Infected:
not-a-virus:Client-IRC.Win32.mIRC.612 skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is
locked skipped
*Scan process completed.*
 
HJT log



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:13:10 πμ, on 15/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Συνδέσεις
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [PtiuPbmd] Rundll32.exe ptipbm.dll,SetWriteBack
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [FlashGet] "C:\Program Files\FlashGet\FlashGet.exe" /min
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 -noicon
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: CoreCenter.lnk = C:\Program Files\MSI\Core Center\CoreCenter.exe
O8 - Extra context menu item: Ε&ξαγωγή στο Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Έρευνα - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

--
End of file - 8198 bytes
 
Hi

Logs look good.

Most of Kaspersky findings are not viruses at all; mIRC and smitfraudfix.

All viruses are in system restore and inactive.

I give you later instructions how to empty it.

Other than that, any problems left?
 
thanx alot.
i just scanned with ssd and it found nothing. as i can see my google searches are ok so far. if i notice sumthin should i post it here or in a new thread?


PS: question: is my pc in any danger because of the public access in this thread that i posted logs and stuff?
 
Hi

In this thread, please :)

No, there are no personal info about you in logs.

Any other concerns?
 
You must log in or register to reply here.
Back
Top