View Full Version : Another victim of Virtumonde...
The damn spyware won't get off my system :(
Here's the Kaspersky report:
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, June 02, 2008 2:45:20 AM
Operating System: Microsoft Windows Vista Home Edition, Service Pack 1 (Build 6001)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 1/06/2008
Kaspersky Anti-Virus database records: 820756
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
Scan Statistics:
Total number of scanned objects: 211222
Number of viruses found: 8
Number of infected objects: 54
Number of suspicious objects: 0
Duration of the scan process: 02:39:58
Infected Object Name / Virus Name / Last Action
C:\- Internet Related\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.631 skipped
C:\- PC Health\Panda\6d9b13f36fb92d23a37e3b3967a3f2f0PSK_NAMES Object is locked skipped
C:\- PC Health\Panda\6d9b13f36fb92d23a37e3b3967a3f2f0PSK_NAMES2 Object is locked skipped
C:\- PC Health\Panda\PavCntrs.dat Object is locked skipped
C:\boot\bcd Object is locked skipped
C:\boot\BCD.LOG Object is locked skipped
C:\ProgramData\CyberLink\TinyDB\EPGSignal Object is locked skipped
C:\ProgramData\CyberLink\TinyDB\Schedule Object is locked skipped
C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.55.Crwl Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.55.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.ci Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.wsb Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010005.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010006.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010007.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010008.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000D.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000E.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010012.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010016.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010017.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001A.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001B.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001D.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001E.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010020.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010023.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010026.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001002D.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010033.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010035.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010037.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010038.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\Used0000.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk1.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk2.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy140.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\NtfCB0B.tmp Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\NtfCB0C.tmp Object is locked skipped
C:\ProgramData\Microsoft\Windows Defender\Support\MPLog-11022006-050241.log Object is locked skipped
C:\ProgramData\sentinel\2.1\gwhashs.dat Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\Users\Orestes\AppData\Local\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Users\Orestes\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
C:\Users\Orestes\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped
C:\Users\Orestes\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Users\Orestes\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2YG3RYZF\kb456456[1] Infected: not-a-virus:AdWare.Win32.Virtumonde.wpu skipped
C:\Users\Orestes\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2YG3RYZF\kb516107[1] Infected: not-a-virus:AdWare.Win32.Virtumonde.wpv skipped
C:\Users\Orestes\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Users\Orestes\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Users\Orestes\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped
C:\Users\Orestes\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped
C:\Users\Orestes\AppData\Local\Microsoft\Windows\UsrClass.dat{cca86d37-1c7e-11dd-aa13-000000000000}.TM.blf Object is locked skipped
C:\Users\Orestes\AppData\Local\Microsoft\Windows\UsrClass.dat{cca86d37-1c7e-11dd-aa13-000000000000}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\Orestes\AppData\Local\Microsoft\Windows\UsrClass.dat{cca86d37-1c7e-11dd-aa13-000000000000}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Users\Orestes\AppData\Local\Microsoft\Windows Defender\FileTracker\{1E8025BE-CF16-4986-9694-A8E8DE132B1E} Object is locked skipped
C:\Users\Orestes\AppData\Local\Microsoft\Windows Sidebar\Settings.ini Object is locked skipped
C:\Users\Orestes\AppData\Local\Mozilla\Firefox\Profiles\6lpysjpo.default\Cache\2BFDAF34d01/RegistrySmart.msi/app.cab/TclLib Infected: not-a-virus:FraudTool.Win32.AntiSpywareBot.bp skipped
C:\Users\Orestes\AppData\Local\Mozilla\Firefox\Profiles\6lpysjpo.default\Cache\2BFDAF34d01/RegistrySmart.msi/app.cab/ZLib Infected: not-a-virus:FraudTool.Win32.AntiSpywareBot.bq skipped
C:\Users\Orestes\AppData\Local\Mozilla\Firefox\Profiles\6lpysjpo.default\Cache\2BFDAF34d01/RegistrySmart.msi/app.cab Infected: not-a-virus:FraudTool.Win32.AntiSpywareBot.bq skipped
C:\Users\Orestes\AppData\Local\Mozilla\Firefox\Profiles\6lpysjpo.default\Cache\2BFDAF34d01/RegistrySmart.msi Infected: not-a-virus:FraudTool.Win32.AntiSpywareBot.bq skipped
C:\Users\Orestes\AppData\Local\Mozilla\Firefox\Profiles\6lpysjpo.default\Cache\2BFDAF34d01 7-Zip: infected - 4 skipped
C:\Users\Orestes\AppData\Local\Mozilla\Firefox\Profiles\6lpysjpo.default\Cache\2BFDAF34d01 UPX: infected - 4 skipped
C:\Users\Orestes\AppData\Local\Mozilla\Firefox\Profiles\6lpysjpo.default\Cache\2BFDAF34d01 PE_Patch.UPX: infected - 4 skipped
C:\Users\Orestes\AppData\Local\Mozilla\Firefox\Profiles\6lpysjpo.default\Cache\_CACHE_001_ Object is locked skipped
C:\Users\Orestes\AppData\Local\Mozilla\Firefox\Profiles\6lpysjpo.default\Cache\_CACHE_002_ Object is locked skipped
C:\Users\Orestes\AppData\Local\Mozilla\Firefox\Profiles\6lpysjpo.default\Cache\_CACHE_003_ Object is locked skipped
C:\Users\Orestes\AppData\Local\Mozilla\Firefox\Profiles\6lpysjpo.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Users\Orestes\AppData\Local\Mozilla\Firefox\Profiles\6lpysjpo.default\XUL.mfl Object is locked skipped
C:\Users\Orestes\AppData\Local\Temp\awtuvSmM.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.trk skipped
C:\Users\Orestes\AppData\Local\Temp\ehmsas.txt Object is locked skipped
C:\Users\Orestes\AppData\Local\Temp\mlJCSmjG.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.trk skipped
C:\Users\Orestes\AppData\Local\Temp\tmp0001186f Infected: not-a-virus:AdWare.Win32.Virtumonde.trk skipped
C:\Users\Orestes\AppData\Local\Temp\tmp00013330 Infected: not-a-virus:AdWare.Win32.Virtumonde.trk skipped
C:\Users\Orestes\AppData\Local\Temp\tmp0001497d Infected: not-a-virus:AdWare.Win32.Virtumonde.trk skipped
C:\Users\Orestes\AppData\Local\Temp\tmp00014b9f Infected: not-a-virus:AdWare.Win32.Virtumonde.trk skipped
C:\Users\Orestes\AppData\Local\Temp\tmp00015418 Infected: not-a-virus:AdWare.Win32.Virtumonde.trk skipped
C:\Users\Orestes\AppData\Local\Temp\tmp00017167 Infected: not-a-virus:AdWare.Win32.Virtumonde.trk skipped
C:\Users\Orestes\AppData\Local\Temp\tmp00018a06 Infected: not-a-virus:AdWare.Win32.Virtumonde.trk skipped
C:\Users\Orestes\AppData\Local\Temp\tmp0001a350 Infected: not-a-virus:AdWare.Win32.Virtumonde.trk skipped
C:\Users\Orestes\AppData\Local\Temp\tmp0001a7c3 Infected: not-a-virus:AdWare.Win32.Virtumonde.trk skipped
C:\Users\Orestes\AppData\Local\Temp\tmp0001b5a7 Infected: not-a-virus:AdWare.Win32.Virtumonde.trk skipped
C:\Users\Orestes\AppData\Local\Temp\tmp0001c003 Infected: not-a-virus:AdWare.Win32.Virtumonde.trk skipped
C:\Users\Orestes\AppData\Local\Temp\tmp0001c37d Infected: not-a-virus:AdWare.Win32.Virtumonde.trk skipped
C:\Users\Orestes\AppData\Local\Temp\tmp0001c3f9 Infected: not-a-virus:AdWare.Win32.Virtumonde.trk skipped
C:\Users\Orestes\AppData\Local\Temp\tmp0001fa45 Infected: not-a-virus:AdWare.Win32.Virtumonde.trk skipped
C:\Users\Orestes\AppData\Local\Temp\tmp00022683 Infected: not-a-virus:AdWare.Win32.Virtumonde.trk skipped
C:\Users\Orestes\AppData\Local\Temp\tmp00029923 Infected: not-a-virus:AdWare.Win32.Virtumonde.trk skipped
C:\Users\Orestes\AppData\Local\Temp\tmp0003192a Infected: not-a-virus:AdWare.Win32.Virtumonde.trk skipped
C:\Users\Orestes\AppData\Local\Temp\tmp00032df2 Infected: not-a-virus:AdWare.Win32.Virtumonde.trk skipped
C:\Users\Orestes\AppData\Local\Temp\tmp0003498d Infected: not-a-virus:AdWare.Win32.Virtumonde.trk skipped
C:\Users\Orestes\AppData\Local\Temp\tmp0003a89d Infected: not-a-virus:AdWare.Win32.Virtumonde.trk skipped
C:\Users\Orestes\AppData\Local\Temp\tmp0004cc72 Infected: not-a-virus:AdWare.Win32.Virtumonde.trk skipped
C:\Users\Orestes\AppData\Local\Temp\tmp00079462 Infected: not-a-virus:AdWare.Win32.Virtumonde.trk skipped
C:\Users\Orestes\AppData\Local\Temp\tmp000864ca Infected: not-a-virus:AdWare.Win32.Virtumonde.trk skipped
C:\Users\Orestes\AppData\Local\Temp\tmp00290915 Infected: not-a-virus:AdWare.Win32.Virtumonde.trk skipped
C:\Users\Orestes\AppData\Local\Temp\tmp002a7e73 Infected: not-a-virus:AdWare.Win32.Virtumonde.trk skipped
C:\Users\Orestes\AppData\Local\Temp\tmp002dcb79 Infected: not-a-virus:AdWare.Win32.Virtumonde.trk skipped
C:\Users\Orestes\AppData\Local\Temp\tmp002e2b06 Infected: not-a-virus:AdWare.Win32.Virtumonde.trk skipped
C:\Users\Orestes\AppData\Local\Temp\tmp002e68ff Infected: not-a-virus:AdWare.Win32.Virtumonde.trk skipped
C:\Users\Orestes\AppData\Local\Temp\tmp00502f4b Infected: not-a-virus:AdWare.Win32.Virtumonde.trk skipped
C:\Users\Orestes\AppData\Local\Temp\wvUmjkIa.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.trk skipped
C:\Users\Orestes\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped
C:\Users\Orestes\AppData\Roaming\Mozilla\Firefox\Profiles\6lpysjpo.default\cert8.db Object is locked skipped
C:\Users\Orestes\AppData\Roaming\Mozilla\Firefox\Profiles\6lpysjpo.default\formhistory.dat Object is locked skipped
C:\Users\Orestes\AppData\Roaming\Mozilla\Firefox\Profiles\6lpysjpo.default\history.dat Object is locked skipped
C:\Users\Orestes\AppData\Roaming\Mozilla\Firefox\Profiles\6lpysjpo.default\key3.db Object is locked skipped
C:\Users\Orestes\AppData\Roaming\Mozilla\Firefox\Profiles\6lpysjpo.default\search.sqlite Object is locked skipped
C:\Users\Orestes\NTUSER.DAT Object is locked skipped
C:\Users\Orestes\ntuser.dat.LOG1 Object is locked skipped
C:\Users\Orestes\ntuser.dat.LOG2 Object is locked skipped
C:\Users\Orestes\NTUSER.DAT{cca86d35-1c7e-11dd-aa13-000000000000}.TM.blf Object is locked skipped
C:\Users\Orestes\NTUSER.DAT{cca86d35-1c7e-11dd-aa13-000000000000}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\Orestes\NTUSER.DAT{cca86d35-1c7e-11dd-aa13-000000000000}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\bthservsdp.dat Object is locked skipped
C:\Windows\Debug\PASSWD.LOG Object is locked skipped
C:\Windows\Debug\WIA\wiatrace.log Object is locked skipped
C:\Windows\Internet Logs\fwdbglog.txt Object is locked skipped
C:\Windows\Internet Logs\fwpktlog.txt Object is locked skipped
C:\Windows\Internet Logs\HYPERION.ldb Object is locked skipped
C:\Windows\Internet Logs\IAMDB.RDB Object is locked skipped
C:\Windows\Internet Logs\tvDebug.log Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WindowsUpdate.log Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG2 Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{cca86d33-1c7e-11dd-aa13-000000000000}.TM.blf Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{cca86d33-1c7e-11dd-aa13-000000000000}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{cca86d33-1c7e-11dd-aa13-000000000000}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG2 Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{cca86d31-1c7e-11dd-aa13-000000000000}.TM.blf Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{cca86d31-1c7e-11dd-aa13-000000000000}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{cca86d31-1c7e-11dd-aa13-000000000000}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\brjxvdxk.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.vjr skipped
C:\Windows\System32\catroot2\edb.log Object is locked skipped
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\ccxmshjr.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.vqf skipped
C:\Windows\System32\cdqlutkp.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.vqf skipped
C:\Windows\System32\config\COMPONENTS Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG1 Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG2 Object is locked skipped
C:\Windows\System32\config\DEFAULT Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG1 Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG2 Object is locked skipped
C:\Windows\System32\config\RegBack\COMPONENTS Object is locked skipped
C:\Windows\System32\config\RegBack\DEFAULT Object is locked skipped
C:\Windows\System32\config\RegBack\SAM Object is locked skipped
C:\Windows\System32\config\RegBack\SECURITY Object is locked skipped
C:\Windows\System32\config\RegBack\SOFTWARE Object is locked skipped
C:\Windows\System32\config\RegBack\SYSTEM Object is locked skipped
C:\Windows\System32\config\SAM Object is locked skipped
C:\Windows\System32\config\SAM.LOG1 Object is locked skipped
C:\Windows\System32\config\SAM.LOG2 Object is locked skipped
C:\Windows\System32\config\SECURITY Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG1 Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG2 Object is locked skipped
C:\Windows\System32\config\SOFTWARE Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG1 Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG2 Object is locked skipped
C:\Windows\System32\config\SYSTEM Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG1 Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG2 Object is locked skipped
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TM.blf Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000003.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000004.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{cca86d28-1c7e-11dd-aa13-000000000000}.TxR.0.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{cca86d28-1c7e-11dd-aa13-000000000000}.TxR.1.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{cca86d28-1c7e-11dd-aa13-000000000000}.TxR.2.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{cca86d28-1c7e-11dd-aa13-000000000000}.TxR.blf Object is locked skipped
C:\Windows\System32\ddcApmnn.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.trk skipped
C:\Windows\System32\drivers\sptd.sys Object is locked skipped
C:\Windows\System32\iiffDUnk.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.trk skipped
C:\Windows\System32\jKabxywT.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.trk skipped
C:\Windows\System32\lJaXOefe.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.trk skipped
C:\Windows\System32\LogFiles\Scm\SCM.EVM Object is locked skipped
C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\Windows\System32\Msdtc\KtmRmTm.blf Object is locked skipped
C:\Windows\System32\Msdtc\KtmRmTmContainer00000000000000000001 Object is locked skipped
C:\Windows\System32\Msdtc\KtmRmTmContainer00000000000000000002 Object is locked skipped
C:\Windows\System32\opnomnmM.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.trk skipped
C:\Windows\System32\pkwjobyk.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.wpu skipped
C:\Windows\System32\pmnkHATn.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.trk skipped
C:\Windows\System32\spool\SpoolerETW.etl Object is locked skipped
C:\Windows\System32\uiofvesi.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.vqf skipped
C:\Windows\System32\wbem\Logs\WMITracing.log Object is locked skipped
C:\Windows\System32\wbem\Repository\INDEX.BTR Object is locked skipped
C:\Windows\System32\wbem\Repository\MAPPING1.MAP Object is locked skipped
C:\Windows\System32\wbem\Repository\MAPPING2.MAP Object is locked skipped
C:\Windows\System32\wbem\Repository\OBJECTS.DATA Object is locked skipped
C:\Windows\System32\WDI\LogFiles\WdiContextLog.etl.002 Object is locked skipped
C:\Windows\System32\wfp\wfpdiag.etl Object is locked skipped
C:\Windows\System32\winevt\Logs\Application.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\DFS Replication.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\HardwareEvents.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Internet Explorer.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Key Management Service.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Media Center.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Metrics.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Leak-Diagnostic%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\ODiag.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\OSession.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Security.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\System.evtx Object is locked skipped
C:\Windows\System32\xjqsvehe.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.wpv skipped
C:\Windows\Tasks\SCHEDLGU.TXT Object is locked skipped
C:\Windows\Temp\ZLT027a5.TMP Object is locked skipped
C:\Windows\Temp\ZLT027a8.TMP Object is locked skipped
E:\System Volume Information\Desktop.ini Object is locked skipped
E:\System Volume Information\Folder.htt Object is locked skipped
E:\System Volume Information\protect.chinese hong kong Object is locked skipped
E:\System Volume Information\protect.chinese simplified Object is locked skipped
E:\System Volume Information\protect.chinese traditional Object is locked skipped
E:\System Volume Information\protect.czech Object is locked skipped
E:\System Volume Information\protect.danish Object is locked skipped
E:\System Volume Information\protect.dutch Object is locked skipped
E:\System Volume Information\Protect.ed Object is locked skipped
E:\System Volume Information\protect.english Object is locked skipped
E:\System Volume Information\protect.finnish Object is locked skipped
E:\System Volume Information\protect.french Object is locked skipped
E:\System Volume Information\protect.german Object is locked skipped
E:\System Volume Information\protect.greek Object is locked skipped
E:\System Volume Information\protect.hebrew Object is locked skipped
E:\System Volume Information\protect.hungarian Object is locked skipped
E:\System Volume Information\protect.italian Object is locked skipped
E:\System Volume Information\protect.japanese Object is locked skipped
E:\System Volume Information\protect.korean Object is locked skipped
E:\System Volume Information\protect.norwegian Object is locked skipped
E:\System Volume Information\protect.polish Object is locked skipped
E:\System Volume Information\protect.portuguese Object is locked skipped
E:\System Volume Information\protect.portuguese brazilian Object is locked skipped
E:\System Volume Information\protect.russian Object is locked skipped
E:\System Volume Information\protect.spanish Object is locked skipped
E:\System Volume Information\protect.swedish Object is locked skipped
E:\System Volume Information\protect.turkish Object is locked skipped
Scan process completed.
And here's the HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:42:43 πμ, on 2/6/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\- PC Health\Panda\PskSvc.exe
C:\- PC Health\Panda\pavsrvx86.exe
C:\- PC Health\Panda\AVENGINE.EXE
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\ZoneLabs\vsmon.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\- PC Health\Panda\PsCtrls.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Windows\system32\svchost.exe
C:\- PC Health\Panda\PsImSvc.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\- PC Health\Spyware Terminator\sp_rsser.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\- PC Health\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\conime.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\- PC Health\Panda\ApVxdWin.exe
C:\- PC Health\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\- PC Health\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\SAGEM\OTEnet-SAGEM Fast 800\dslmon.exe
C:\- Other Programs\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\- PC Health\Panda\WebProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Windows\explorer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Orestes\Desktop\hijack\HijackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=el_gr&c=81&bd=Pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=el_gr&c=81&bd=Pavilion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\-PCHEA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {882AED45-CE83-4DD9-858A-4DEB93E58CD4} - (no file)
O2 - BHO: Βοηθός εισόδου του Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A6EC4578-F215-4E31-8A58-1BAA7F13C9E9} - C:\Windows\system32\opnnmMGx.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: (no name) - {C8DF0E43-D610-4906-8D69-8D18C0BDB11E} - (no file)
O2 - BHO: (no name) - {D62FB3CC-2BDC-4685-BE8D-C3795B4C471D} - (no file)
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\lJaXOefe.dll,#1
O4 - HKLM\..\Run: [SpywareTerminator] "C:\-PCHEA~1\SPYWAR~1\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [APVXDWIN] "C:\- PC Health\Panda\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\- PC Health\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [BM2855ac47] Rundll32.exe "C:\Windows\system32\xjqsvehe.dll",s
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\- PC Health\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\- Other Programs\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&ξαγωγή στο Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\-PCHEA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\-PCHEA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{723EBC6A-4630-40E8-B3D5-B67C30C81478}: NameServer = 195.251.25.60 194.177.210.211
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\- PC Health\Panda\PsCtrls.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\- PC Health\Panda\pavsrvx86.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\- PC Health\Panda\PsImSvc.exe
O23 - Service: Panda PSK service (PskSvcRetail) - Panda Software International - C:\- PC Health\Panda\PskSvc.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\- PC Health\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\- PC Health\Spyware Terminator\sp_rsser.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
--
End of file - 13740 bytes
Every time I run Spybot it removes 1 .dll and 2 registry entries and when I restart the same file with 2 new registry entries are found. And this goes on forever...
Any help would be greatly appreciated!
Thanks in advance!
P.S.: Would formatting the PC eliminate Virtumonde or is it "format-resistant"?
Hi orestes
Please download Malwarebytes' Anti-Malware (http://www.besttechie.net/tools/mbam-setup.exe) to your desktop.
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Please post contents of that file in your next reply.
Download Deckard's System Scanner (DSS) (http://www.techsupportforum.com/sectools/Deckard/dss.exe) to your Desktop. Note: You must be logged onto an account with administrator privileges.
Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt to your post.
Post:
- dss logs (taken after mbam run)
- mbam report
Here you are:
-----------------------------------------------------
Malwarebytes' Anti-Malware 1.14
Database version: 814
8:43:41 μμ 2/6/2008
mbam-log-6-2-2008 (20-43-41).txt
Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 266321
Time elapsed: 1 hour(s), 3 minute(s), 39 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 7
Registry Values Infected: 3
Registry Data Items Infected: 2
Folders Infected: 1
Files Infected: 48
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\Windows\System32\cbXPjJaa.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\Windows\System32\opnnmMGx.dll (Trojan.Vundo) -> Unloaded module successfully.
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{0cf5d165-517e-48b6-b3c7-3054a24f8bf6} (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a8f8f917-49e9-4bb5-b0c5-d8818610e336} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a8f8f917-49e9-4bb5-b0c5-d8818610e336} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{0cf5d165-517e-48b6-b3c7-3054a24f8bf6} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM2855ac47 (Trojan.Agent) -> Delete on reboot.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\opnnmmgx -> Delete on reboot.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowNetPlaces (StartMenu.Hijack) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
Folders Infected:
C:\Users\Orestes\AppData\Roaming\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
Files Infected:
C:\Windows\System32\cbXPjJaa.dll (Trojan.Vundo) -> Delete on reboot.
C:\Users\Orestes\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2YG3RYZF\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Orestes\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PH2M7OG9\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Orestes\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TY0N8LVL\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Orestes\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WUHWKL8S\css4[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Orestes\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WUHWKL8S\kb516107[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Orestes\AppData\Local\Temp\awtuvSmM.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Orestes\AppData\Local\Temp\mlJCSmjG.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Orestes\AppData\Local\Temp\tmp0001186f (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Orestes\AppData\Local\Temp\tmp00013330 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Orestes\AppData\Local\Temp\tmp0001497d (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Orestes\AppData\Local\Temp\tmp00014b9f (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Orestes\AppData\Local\Temp\tmp00015418 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Orestes\AppData\Local\Temp\tmp00017167 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Orestes\AppData\Local\Temp\tmp00018a06 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Orestes\AppData\Local\Temp\tmp0001a350 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Orestes\AppData\Local\Temp\tmp0001a7c3 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Orestes\AppData\Local\Temp\tmp0001afce (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Orestes\AppData\Local\Temp\tmp0001b5a7 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Orestes\AppData\Local\Temp\tmp0001c003 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Orestes\AppData\Local\Temp\tmp0001c37d (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Orestes\AppData\Local\Temp\tmp0001c3f9 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Orestes\AppData\Local\Temp\tmp0001fa45 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Orestes\AppData\Local\Temp\tmp00022683 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Orestes\AppData\Local\Temp\tmp00029923 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Orestes\AppData\Local\Temp\tmp0003192a (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Orestes\AppData\Local\Temp\tmp00032df2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Orestes\AppData\Local\Temp\tmp0003498d (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Orestes\AppData\Local\Temp\tmp0003a89d (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Orestes\AppData\Local\Temp\tmp0004cc72 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Orestes\AppData\Local\Temp\tmp00079462 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Orestes\AppData\Local\Temp\tmp000864ca (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Orestes\AppData\Local\Temp\tmp00290915 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Orestes\AppData\Local\Temp\tmp002a7e73 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Orestes\AppData\Local\Temp\tmp002dcb79 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Orestes\AppData\Local\Temp\tmp002e2b06 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Orestes\AppData\Local\Temp\tmp002e68ff (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Orestes\AppData\Local\Temp\tmp00502f4b (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Orestes\AppData\Local\Temp\wvUmjkIa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\ddcApmnn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\iiffDUnk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\jKabxywT.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\opnomnmM.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\pkwjobyk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\pmnkHATn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\xjqsvehe.dll (Trojan.Agent) -> Delete on reboot.
C:\Windows\System32\opnnmMGx.dll (Trojan.Vundo) -> Delete on reboot.
C:\Users\Guest\Desktop\Get Bonuses!.lnk (Rogue.BugDoctor) -> Quarantined and deleted successfully.
--------------------------
main:
-----
Deckard's System Scanner v20071014.68
Run by Orestes on 2008-06-02 20:56:43
Computer is in Normal Mode.
--------------------------------------------------------------------------------
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Orestes.exe) ---------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:59:09 μμ, on 2/6/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\- PC Health\Panda\ApVxdWin.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\- PC Health\ZoneAlarm\zlclient.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\SAGEM\OTEnet-SAGEM Fast 800\dslmon.exe
C:\Windows\ehome\ehmsas.exe
C:\- Other Programs\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\- PC Health\Panda\WebProxy.exe
C:\Users\Orestes\Desktop\dss.exe
C:\Windows\system32\conime.exe
C:\Users\Orestes\Desktop\hijack\Orestes.exe
C:\Windows\system32\SearchFilterHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=el_gr&c=81&bd=Pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=el_gr&c=81&bd=Pavilion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\-PCHEA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {882AED45-CE83-4DD9-858A-4DEB93E58CD4} - (no file)
O2 - BHO: Βοηθός εισόδου του Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: (no name) - {C8DF0E43-D610-4906-8D69-8D18C0BDB11E} - (no file)
O2 - BHO: (no name) - {D62FB3CC-2BDC-4685-BE8D-C3795B4C471D} - (no file)
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SpywareTerminator] "C:\- PC Health\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [APVXDWIN] "C:\- PC Health\Panda\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\- PC Health\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\- Other Programs\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&ξαγωγή στο Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\-PCHEA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\-PCHEA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\- PC Health\Panda\PsCtrls.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\- PC Health\Panda\pavsrvx86.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\- PC Health\Panda\PsImSvc.exe
O23 - Service: Panda PSK service (PskSvcRetail) - Panda Software International - C:\- PC Health\Panda\PskSvc.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\- PC Health\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\- PC Health\Spyware Terminator\sp_rsser.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
--
End of file - 11184 bytes
-- File Associations -----------------------------------------------------------
.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 sp_rsdrv2 (Spyware Terminator Driver 2) - \??\c:\windows\system32\drivers\sp_rsdrv2.sys
R3 e4usbaw (USB ADSL2 WAN Adapter) - c:\windows\system32\drivers\e4usbaw.sys <Not Verified; Analog Devices Inc.; ADSL USB WAN Driver>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R2 HP Health Check Service - "c:\program files\hewlett-packard\hp health check\hphc_service.exe" <Not Verified; Hewlett-Packard; HP Health Check Service>
R2 sp_rssrv (Spyware Terminator Realtime Shield Service) - "c:\- pc health\spyware terminator\sp_rsser.exe" <Not Verified; Crawler.com; Crawler Spyware Terminator>
S3 Com4Qlb - "c:\program files\hewlett-packard\hp quick launch buttons\com4qlb.exe" <Not Verified; Hewlett-Packard Development Company, L.P.; HP Quick Launch Buttons>
S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Προσαρμογέας Microsoft 6to4
Device ID: ROOT\*6TO4MP\0000
Manufacturer: Microsoft
Name: 6TO4 Adapter
PNP Device ID: ROOT\*6TO4MP\0000
Service: tunnel
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Προσαρμογέας Microsoft 6to4
Device ID: ROOT\*6TO4MP\0001
Manufacturer: Microsoft
Name: 6TO4 Adapter
PNP Device ID: ROOT\*6TO4MP\0001
Service: tunnel
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Προσαρμογέας Microsoft 6to4
Device ID: ROOT\*6TO4MP\0002
Manufacturer: Microsoft
Name: 6TO4 Adapter
PNP Device ID: ROOT\*6TO4MP\0002
Service: tunnel
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Προσαρμογέας Microsoft 6to4
Device ID: ROOT\*6TO4MP\0003
Manufacturer: Microsoft
Name: 6TO4 Adapter
PNP Device ID: ROOT\*6TO4MP\0003
Service: tunnel
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Προσαρμογέας Microsoft 6to4
Device ID: ROOT\*6TO4MP\0004
Manufacturer: Microsoft
Name: 6TO4 Adapter
PNP Device ID: ROOT\*6TO4MP\0004
Service: tunnel
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Προσαρμογέας Microsoft 6to4
Device ID: ROOT\*6TO4MP\0005
Manufacturer: Microsoft
Name: 6TO4 Adapter
PNP Device ID: ROOT\*6TO4MP\0005
Service: tunnel
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Προσαρμογέας Microsoft 6to4
Device ID: ROOT\*6TO4MP\0006
Manufacturer: Microsoft
Name: 6TO4 Adapter
PNP Device ID: ROOT\*6TO4MP\0006
Service: tunnel
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Προσαρμογέας Microsoft 6to4
Device ID: ROOT\*6TO4MP\0007
Manufacturer: Microsoft
Name: 6TO4 Adapter
PNP Device ID: ROOT\*6TO4MP\0007
Service: tunnel
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Προσαρμογέας Microsoft 6to4
Device ID: ROOT\*6TO4MP\0008
Manufacturer: Microsoft
Name: 6TO4 Adapter
PNP Device ID: ROOT\*6TO4MP\0008
Service: tunnel
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Προσαρμογέας Microsoft 6to4
Device ID: ROOT\*6TO4MP\0009
Manufacturer: Microsoft
Name: 6TO4 Adapter
PNP Device ID: ROOT\*6TO4MP\0009
Service: tunnel
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Προσαρμογέας Microsoft 6to4
Device ID: ROOT\*6TO4MP\0010
Manufacturer: Microsoft
Name: 6TO4 Adapter
PNP Device ID: ROOT\*6TO4MP\0010
Service: tunnel
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Προσαρμογέας Microsoft 6to4
Device ID: ROOT\*6TO4MP\0011
Manufacturer: Microsoft
Name: 6TO4 Adapter
PNP Device ID: ROOT\*6TO4MP\0011
Service: tunnel
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Προσαρμογέας Microsoft 6to4
Device ID: ROOT\*6TO4MP\0012
Manufacturer: Microsoft
Name: 6TO4 Adapter
PNP Device ID: ROOT\*6TO4MP\0012
Service: tunnel
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Προσαρμογέας Microsoft 6to4
Device ID: ROOT\*6TO4MP\0013
Manufacturer: Microsoft
Name: 6TO4 Adapter
PNP Device ID: ROOT\*6TO4MP\0013
Service: tunnel
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Προσαρμογέας Microsoft 6to4
Device ID: ROOT\*6TO4MP\0014
Manufacturer: Microsoft
Name: 6TO4 Adapter
PNP Device ID: ROOT\*6TO4MP\0014
Service: tunnel
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Προσαρμογέας Microsoft 6to4
Device ID: ROOT\*6TO4MP\0015
Manufacturer: Microsoft
Name: 6TO4 Adapter
PNP Device ID: ROOT\*6TO4MP\0015
Service: tunnel
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Προσαρμογέας Microsoft 6to4
Device ID: ROOT\*6TO4MP\0016
Manufacturer: Microsoft
Name: 6TO4 Adapter
PNP Device ID: ROOT\*6TO4MP\0016
Service: tunnel
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Προσαρμογέας Microsoft 6to4
Device ID: ROOT\*6TO4MP\0017
Manufacturer: Microsoft
Name: 6TO4 Adapter
PNP Device ID: ROOT\*6TO4MP\0017
Service: tunnel
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Προσαρμογέας Microsoft 6to4
Device ID: ROOT\*6TO4MP\0018
Manufacturer: Microsoft
Name: 6TO4 Adapter
PNP Device ID: ROOT\*6TO4MP\0018
Service: tunnel
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Προσαρμογέας Microsoft 6to4
Device ID: ROOT\*6TO4MP\0019
Manufacturer: Microsoft
Name: 6TO4 Adapter
PNP Device ID: ROOT\*6TO4MP\0019
Service: tunnel
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Προσαρμογέας Microsoft 6to4
Device ID: ROOT\*6TO4MP\0020
Manufacturer: Microsoft
Name: 6TO4 Adapter
PNP Device ID: ROOT\*6TO4MP\0020
Service: tunnel
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Προσαρμογέας Microsoft ISATAP
Device ID: ROOT\*ISATAP\0001
Manufacturer: Microsoft
Name: isatap.{723EBC6A-4630-40E8-B3D5-B67C30C81478}
PNP Device ID: ROOT\*ISATAP\0001
Service: tunnel
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Προσαρμογέας Microsoft ISATAP
Device ID: ROOT\*ISATAP\0006
Manufacturer: Microsoft
Name: isatap.{723EBC6A-4630-40E8-B3D5-B67C30C81478}
PNP Device ID: ROOT\*ISATAP\0006
Service: tunnel
-- Files created between 2008-05-02 and 2008-06-02 -----------------------------
2008-06-02 18:06:43 0 d-------- C:\Users\All Users\Malwarebytes
2008-06-02 11:47:34 58880 -----n--- C:\Windows\system32\cbXPjJaa.dll
2008-06-01 22:56:48 126464 -----n--- C:\Windows\system32\xjqsvehe.dll
2008-05-31 16:45:03 332 --a------ C:\Windows\system32\kjudhelt.exe
2008-05-31 02:25:14 125440 --a------ C:\Windows\system32\cdqlutkp.dll
2008-05-31 02:22:28 125440 --a------ C:\Windows\system32\uiofvesi.dll
2008-05-31 02:20:45 125440 --a------ C:\Windows\system32\ccxmshjr.dll
2008-05-28 23:47:48 244436 --ahs---- C:\Windows\system32\SYbIRXbc.ini2
2008-05-28 00:54:09 116224 -----n--- C:\Windows\system32\brjxvdxk.dll
2008-05-28 00:39:37 0 d-------- C:\Users\All Users\CheckPoint
2008-05-28 00:33:51 0 d-------- C:\Windows\system32\ZoneLabs
2008-05-28 00:33:12 0 d-------- C:\Windows\Internet Logs
2008-05-27 21:19:19 0 d-------- C:\Users\All Users\sentinel
2008-05-27 21:18:07 184 --a------ C:\Windows\system32\PavCPL.dat
2008-05-27 21:17:56 0 d-------- C:\Windows\system32\PAV
2008-05-27 20:51:25 0 d-------- C:\Program Files\Common Files\Panda Software
2008-05-27 17:47:43 0 d-------- C:\Users\All Users\Kaspersky Lab
2008-05-27 12:29:57 176235 --a------ C:\Windows\system32\Primomonnt.dll
2008-05-27 12:29:55 0 d-------- C:\Program Files\activePDF
2008-05-27 12:29:53 0 d-------- C:\Windows\PrimoPDF4
2008-05-27 12:08:34 345 --ahs---- C:\Windows\system32\uvGhQXbc.ini2
2008-05-27 02:56:19 345 --ahs---- C:\Windows\system32\aadKjQru.ini2
2008-05-26 22:11:57 345 --ahs---- C:\Windows\system32\orCbdccf.ini2
2008-05-26 19:38:13 0 d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-05-26 19:35:48 0 d-------- C:\Program Files\SystemRequirementsLab
2008-05-26 19:32:52 0 d-------- C:\NVIDIA
2008-05-26 18:55:10 0 d-------- C:\Windows\system32\Kaspersky Lab
2008-05-26 17:54:39 0 d-------- C:\PerfLogs
2008-05-26 14:02:47 345 --ahs---- C:\Windows\system32\nVvwDcdd.ini2
2008-05-26 02:03:00 0 d-------- C:\Users\All Users\Grisoft
2008-05-26 00:42:45 0 d-------- C:\Users\All Users\Avira
2008-05-25 22:16:11 0 d-a------ C:\Users\All Users\TEMP
2008-05-25 22:15:41 0 d-------- C:\Program Files\Spyware Doctor
2008-05-25 22:13:30 0 d-------- C:\Users\All Users\Google Updater
2008-05-25 22:13:25 0 d-------- C:\Program Files\Google
2008-05-25 22:07:13 0 d-------- C:\Windows\pss
2008-05-25 18:32:20 141312 --a------ C:\Windows\system32\drivers\sp_rsdrv2.sys
2008-05-25 18:32:20 0 d-------- C:\Users\All Users\Spyware Terminator
2008-05-25 01:16:59 246262 --ahs---- C:\Windows\system32\xGMmnnpo.ini2
2008-05-24 16:48:54 0 d-------- C:\Users\All Users\Lavasoft
2008-05-24 01:55:05 0 d-------- C:\Program Files\Bonjour
2008-05-24 01:45:16 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-05-24 00:42:48 0 d-------- C:\Users\All Users\FLEXnet
2008-05-22 20:01:03 550 --a------ C:\Windows\eReg.dat
2008-05-17 16:42:55 39424 --a------ C:\Windows\system32\rpiAccessProcess.dll
2008-05-17 16:42:55 712704 --a------ C:\Windows\system32\_ISource21.dll <Not Verified; Smaller Animals Software, Inc.; _ISource21.DLL>
2008-05-17 16:42:54 57344 --a------ C:\Windows\system32\mp3SpecX4.dll <Not Verified; MicroProse Software; mp3SpecX4>
2008-05-17 16:42:53 278016 --a------ C:\Windows\system32\aisExif.dll <Not Verified; Watermarker.com; AiS EXIF ActiveX>
2008-05-17 16:42:52 32768 --a------ C:\Windows\system32\ce-scm.dll <Not Verified; Creative Element; Creative Element Power Tools>
2008-05-17 16:42:52 113664 --a------ C:\Windows\system32\APIGID32.DLL <Not Verified; Desaware; APIGID32 Dynamic Link Library>
2008-05-11 03:02:43 0 d-------- C:\Users\All Users\Stardock
-- Find3M Report ---------------------------------------------------------------
2008-06-02 20:56:29 556058 --a------ C:\Windows\system32\perfh008.dat
2008-06-02 20:56:29 89688 --a------ C:\Windows\system32\perfc008.dat
2008-06-02 20:52:59 27525 --a------ C:\Users\Orestes\AppData\Roaming\nvModes.001
2008-06-02 20:47:41 12 --a------ C:\Windows\bthservsdp.dat
2008-06-02 18:07:01 0 d-------- C:\Users\Orestes\AppData\Roaming\Malwarebytes
2008-06-02 14:03:48 0 d-------- C:\Users\Orestes\AppData\Roaming\Spyware Terminator
2008-06-02 14:00:20 27525 --a------ C:\Users\Orestes\AppData\Roaming\nvModes.dat
2008-05-27 21:17:39 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-27 20:51:25 0 d-------- C:\Program Files\Common Files
2008-05-27 12:32:49 6418 --a------ C:\Users\Orestes\AppData\Roaming\PrimoPDFSet.xml
2008-05-27 12:32:39 310 --a------ C:\Users\Orestes\AppData\Roaming\APUSet.xml
2008-05-26 20:59:15 0 d-------- C:\Users\Orestes\AppData\Roaming\uTorrent
2008-05-26 19:35:40 0 d-------- C:\Users\Orestes\AppData\Roaming\SystemRequirementsLab
2008-05-26 18:14:42 174 --ahs---- C:\Program Files\desktop.ini
2008-05-26 17:57:02 0 d-------- C:\Program Files\Windows Calendar
2008-05-26 17:57:02 0 d-------- C:\Program Files\Movie Maker
2008-05-26 17:57:01 0 d-------- C:\Program Files\Windows Sidebar
2008-05-26 17:57:01 0 d-------- C:\Program Files\Windows Mail
2008-05-26 17:57:00 0 d-------- C:\Program Files\Windows Collaboration
2008-05-26 17:56:59 0 d-------- C:\Program Files\Windows Photo Gallery
2008-05-26 17:56:59 0 d-------- C:\Program Files\Windows Journal
2008-05-26 17:56:53 0 d-------- C:\Program Files\Windows Defender
2008-05-26 14:25:27 0 d-------- C:\Program Files\Microsoft Silverlight
2008-05-26 00:45:51 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-05-25 23:01:41 0 d-------- C:\Users\Orestes\AppData\Roaming\Opera
2008-05-25 22:15:41 0 d-------- C:\Users\Orestes\AppData\Roaming\PC Tools
2008-05-24 03:11:57 0 d-------- C:\Users\Orestes\AppData\Roaming\Adobe
2008-05-24 01:55:02 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-19 13:20:38 0 d-------- C:\Program Files\Java
2008-05-16 19:48:18 0 d-------- C:\Users\Orestes\AppData\Roaming\mIRC
2008-05-08 17:13:20 0 d-------- C:\Users\Orestes\AppData\Roaming\IrfanView
2008-04-29 19:43:43 0 -rahs---- C:\MSDOS.SYS
2008-04-29 19:43:43 0 -rahs---- C:\IO.SYS
2008-04-19 18:46:39 0 d-------- C:\Users\Orestes\AppData\Roaming\CyberLink
2008-04-19 17:34:02 0 d-------- C:\Users\Orestes\AppData\Roaming\Abexo
2008-04-12 20:47:47 0 d-------- C:\Program Files\Messenger Plus! Live
2008-04-12 15:32:23 0 d-------- C:\Users\Orestes\AppData\Roaming\Logitech
2008-04-12 15:29:47 0 d-------- C:\Program Files\Common Files\Logishrd
2008-04-12 15:28:56 0 d-------- C:\Users\Orestes\AppData\Roaming\InstallShield
2008-04-11 21:28:10 12189 --a------ C:\Users\Orestes\AppData\Roaming\UserTile.png
2008-04-11 21:27:41 0 d-------- C:\Users\Orestes\AppData\Roaming\PeerNetworking
2008-04-11 21:10:10 0 d-------- C:\Program Files\Windows Live
2008-04-10 22:01:12 0 d-------- C:\Program Files\Microsoft Works
2008-04-10 21:59:59 0 d-------- C:\Program Files\Microsoft.NET
2008-04-09 19:44:34 0 d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-04-09 19:41:38 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-08 16:50:36 43520 --a------ C:\Windows\system32\CmdLineExt03.dll
2008-04-08 16:21:45 0 d-------- C:\Users\Orestes\AppData\Roaming\WinRAR
2008-04-07 20:42:02 0 d-------- C:\Users\Orestes\AppData\Roaming\GlobalSCAPE
2008-04-07 20:06:05 0 d-------- C:\Users\Orestes\AppData\Roaming\Media Player Classic
2008-04-07 16:20:32 0 d-------- C:\Users\Orestes\AppData\Roaming\HP
2008-04-07 14:56:05 0 d-------- C:\Program Files\MSXML 4.0
2008-04-07 14:45:19 0 d-------- C:\Users\Orestes\AppData\Roaming\Talkback
2008-04-07 14:45:13 0 --a------ C:\Windows\nsreg.dat
2008-04-07 14:45:09 0 d-------- C:\Users\Orestes\AppData\Roaming\Mozilla
2008-04-07 14:33:46 0 d-------- C:\Program Files\SAGEM
2008-04-07 14:26:58 0 d-------- C:\Users\Orestes\AppData\Roaming\Symantec
2008-04-07 14:26:17 0 d-------- C:\Users\Orestes\AppData\Roaming\Identities
2008-04-07 14:26:10 81 --a------ C:\Windows\system32\LOG
2008-04-07 14:24:27 0 d-------- C:\Users\Orestes\AppData\Roaming\Macromedia
2008-04-07 14:23:51 0 d-------- C:\Users\Orestes\AppData\Roaming\Hewlett-Packard
2008-04-07 14:23:47 0 dr------- C:\Program Files\Online Services
2008-04-07 14:18:41 0 d-------- C:\Program Files\HPQ
2008-04-07 14:18:18 0 d-------- C:\Program Files\Common Files\LightScribe
2008-04-07 14:17:39 0 d-------- C:\Program Files\HP
2008-03-22 18:30:02 2085376 --a------ C:\Windows\system32\x264vfw.dll
2008-03-04 12:33:18 7680 --a------ C:\Windows\system32\ff_vfw.dll
2008-03-02 04:52:50 315392 --a------ C:\Windows\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{882AED45-CE83-4DD9-858A-4DEB93E58CD4}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C8DF0E43-D610-4906-8D69-8D18C0BDB11E}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D62FB3CC-2BDC-4685-BE8D-C3795B4C471D}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [15/09/2007 11:29 §£]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [17/01/2007 04:34 ££]
"RtHDVCpl"="RtHDVCpl.exe" [17/08/2007 04:27 ££ C:\Windows\RtHDVCpl.exe]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [25/07/2007 09:02 §£]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [30/09/2007 08:34 ££]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [19/09/2007 03:31 ££]
"OnScreenDisplay"="C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [04/09/2007 02:54 ££]
"UCam_Menu"="C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [17/08/2007 12:13 §£]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [19/01/2008 10:38 §£]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [13/09/2007 09:47 §£]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [08/01/2007 04:53 ££]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25 §£]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [29/11/2007 02:17 §£ C:\Windows\KHALMNPR.Exe]
"SpywareTerminator"="C:\- PC Health\Spyware Terminator\SpywareTerminatorShield.exe" [25/05/2008 06:32 ££]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [19/09/2007 11:05 ££]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [19/09/2007 11:05 ££]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [19/09/2007 11:05 ££]
"APVXDWIN"="C:\- PC Health\Panda\APVXDWIN.exe" [04/10/2007 03:15 ££]
"ZoneAlarm Client"="C:\- PC Health\ZoneAlarm\zlclient.exe" [03/03/2008 03:05 ££]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [19/01/2008 10:33 §£]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [23/08/2007 05:36 ££]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [19/01/2008 10:33 §£]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [19/01/2008 10:33 §£]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [5/9/2007 2:09:54 ££]
DSLMON.lnk - C:\Program Files\SAGEM\OTEnet-SAGEM Fast 800\dslmon.exe [7/4/2008 2:34:00 ££]
Logitech SetPoint.lnk - C:\- Other Programs\Logitech\SetPoint\SetPoint.exe [12/4/2008 3:29:30 ££]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableLUA"=0 (0x0)
"EnableUIADesktopToggle"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 15/02/2007 07:02 ££ 50736 C:\Windows\System32\avldr.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Orestes^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Creative Element Power Tools Startup.lnk]
path=C:\Users\Orestes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Creative Element Power Tools Startup.lnk
backup=C:\Windows\pss\Creative Element Power Tools Startup.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2b669fdb]
rundll32.exe "C:\Windows\system32\aeryttoq.dll",b
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
"C:\- Other Programs\Alcohol 120\axcmd.exe" /automount
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\autoclk]
autoclk.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM2855ac47]
Rundll32.exe "C:\Windows\system32\bxloqesx.dll",s
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"AMDPT"=C:\- PC Health\ABEXO Memory Defragmenter and Process Tweak\amdpt.exe /auto
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"APVXDWIN"="C:\- PC Health\Panda\APVXDWIN.EXE" /s
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient SstpSvc
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
bthsvcs BthServ
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{983046d2-2447-11dd-89ff-000000000000}]
AutoRun\command- H:\autorun.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
-- Hosts -----------------------------------------------------------------------
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
8559 more entries in hosts file.
-- End of Deckard's System Scanner: finished at 2008-06-02 21:02:15 ------------
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft® Windows Vista™ Home Premium (build 6001) SP 1.0
Architecture: X86; Language: Other (0408) - see http://preview.tinyurl.com/mhhp6
CPU 0: Intel(R) Core(TM)2 Duo CPU T8300 @ 2.40GHz
Percentage of Memory in Use: 35%
Physical Memory (total/avail): 3069.68 MiB / 1987.03 MiB
Pagefile Memory (total/avail): 6346.42 MiB / 5260.77 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1889.49 MiB
C: is Fixed (NTFS) - 140.48 GiB total, 89.06 GiB free.
D: is Fixed (NTFS) - 149.05 GiB total, 134.98 GiB free.
E: is Fixed (NTFS) - 8.57 GiB total, 2.76 GiB free.
F: is CDROM (No Media)
G: is CDROM (No Media)
H: is CDROM (No Media)
\\.\PHYSICALDRIVE0 - WDC WD1600BEVS-60RST0 - 149.05 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 140.48 GiB - C:
\PARTITION1 - Installable File System - 8.57 GiB - E:
\\.\PHYSICALDRIVE1 - WDC WD1600BEVS-60RST0 - 149.05 GiB - 1 partition
\PARTITION0 - Installable File System - 149.05 GiB - D:
-- Security Center -------------------------------------------------------------
AUOptions is set to notify before download.
Windows Internal Firewall is disabled.
FW: ZoneAlarm Firewall v7.1.254.000 (Check Point, LTD.)
AV: Avira AntiVir PersonalEdition v8.0.1.18 (Avira GmbH)
AV: Panda Antivirus 2008 v3.01.00 (Panda Security)
AS: Panda Antivirus 2008 v3.01.00 (Panda Security)
AS: Spyware Doctor v5.5.0.204 (PC Tools) Disabled
AS: Avira AntiVir PersonalEdition v 7.0.0.2
(Avira GmbH) Outdated
AS: Spybot - Search and Destroy v1.0.0.5 (Safer Networking Ltd.) Disabled Outdated
AS: AVG Anti-Spyware v7, 5, 1, 43 (GRISOFT s.r.o.) Disabled Outdated
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Orestes\AppData\Roaming
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=HYPERION
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Orestes
LANG=EL
LOCALAPPDATA=C:\Users\Orestes\AppData\Local
LOGONSERVER=\\HYPERION
NUMBER_OF_PROCESSORS=2
OnlineServices=Online Services
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\CyberLink\Power2Go\;C:\- PC Health\Panda\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PCBRAND=Pavilion
PLATFORM=MCD
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 23 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=1706
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\Orestes\AppData\Local\Temp
TMP=C:\Users\Orestes\AppData\Local\Temp
tvdumpflags=8
USERDOMAIN=HYPERION
USERNAME=Orestes
USERPART=F:
USERPROFILE=C:\Users\Orestes
windir=C:\Windows
-- User Profiles ---------------------------------------------------------------
Orestes (admin)
Guest (guest)
-- Add/Remove Programs ---------------------------------------------------------
--> .
Συλλογή φωτογραφιών του Windows Live --> MsiExec.exe /X{CA24751D-6A9D-43D9-BEDA-7501B26AF098}
µTorrent --> "C:\- Internet Related\uTorrent\uTorrent.exe" /UNINSTALL
Βοηθός εισόδου του Windows Live --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Abexo Memory Defragmenter and Process Tweak --> C:\- PC Health\ABEXO Memory Defragmenter and Process Tweak\uninst.exe
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Dreamweaver CS3 --> C:\Program Files\Common Files\Adobe\Installers\7328fdfcb73660ec8b11d5a3d5c6232\Setup.exe
Adobe Dreamweaver CS3 --> MsiExec.exe /I{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}
Adobe ExtendScript Toolkit 2 --> C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe Extension Manager CS3 --> MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Reader 8.1.0 - Greek --> MsiExec.exe /I{AC76BA86-7AD7-1032-7B44-A81000000003}
Adobe Setup --> MsiExec.exe /I{0650BB10-BCF4-400A-85EE-04097E3046C6}
Adobe Setup --> MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
Adobe Shockwave Player --> C:\Windows\System32\Adobe\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Adobe\SHOCKW~1\Install.log
Adobe Shockwave Player --> MsiExec.exe /X{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
AusLogics Disk Defrag --> "C:\- PC Health\AusLogics Disk Defrag\unins000.exe"
Bink and Smacker --> C:\-MULTI~1\RADVideo\UNWISE.EXE C:\-MULTI~1\RADVideo\INSTALL.LOG
Black and White --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E51B4CD9-A0A6-4324-B26A-31B3F2DE26CE}\Setup.exe"
CDDRV_Installer --> MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
CDisplay 1.7 --> "C:\- Other Programs\CDisplay\unins000.exe"
Creative Element Power Tools --> C:\- Other Programs\Creative Element Power Tools\uninstall.exe
CuteFTP 8 Professional --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{91F34319-08DE-457A-99C0-0BCDFAC145B9}\Setup.exe" -l0x9
CyberLink YouCam --> "C:\Program Files\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall
Desperados 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{37155929-A51F-4BAB-B141-50B341F3299C}\Setup.exe" -l0x9 -removeonly
DVD Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
Emergency 3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F9787326-0394-4467-A2EE-817C34F6C751}\Setup.exe" -l0x9
ESU for Microsoft Vista --> MsiExec.exe /I{43FDA483-4C26-4B3E-90E6-CC8DD7B86197}
Evil Genius --> "D:\Games\Evil Genius\unins000.exe"
Fable - The Lost Chapters --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}
Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Hauppauge MCE XP/Vista Software Encoder (2.0.25149) --> C:\PROGRA~1\WinTV\UNSftMCE.EXE C:\PROGRA~1\WinTV\softMCE.LOG
Hewlett-Packard Active Check --> MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Hewlett-Packard Asset Agent for Health Check --> MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
HijackThis 2.0.2 --> "C:\Users\Orestes\Desktop\hijack\HijackThis.exe" /uninstall
HP Customer Experience Enhancements --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BD0E2B92-3814-46F0-893B-4612EA010C7E}\setup.exe" -l0x9 -removeonly
HP Doc Viewer --> MsiExec.exe /I{082702D5-5DD8-4600-BCE5-48B15174687F}
HP Easy Setup - Frontend --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9885A11E-60E4-417C-B58B-8B31B21C0B8A}\setup.exe" -l0x9 -removeonly
HP Help and Support --> MsiExec.exe /I{28EDCE9C-3304-4331-8AB3-F3EBE94C35B4}
HP Integrated Module with Bluetooth wireless technology 6.0.1.5500 --> MsiExec.exe /X{03D1988F-469F-4843-8E6E-E5FE9D17889D}
HP Quick Launch Buttons 6.30 E1 --> C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe -runfromtemp -l0x0008 uninst
HP QuickPlay 3.6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall
HP QuickTouch 1.00 C4 --> MsiExec.exe /I{7DC4A410-9986-4329-9E5D-687B2C42CA39}
HP Update --> MsiExec.exe /X{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}
HP User Guides 0088 --> MsiExec.exe /I{8347A7A5-4AB8-433F-82AA-496B0D189A9B}
HP Wireless Assistant --> MsiExec.exe /I{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}
Intel® Matrix Storage Manager --> C:\Windows\system32\imsmudlg.exe -uninstall
IrfanView (remove only) --> C:\- Other Programs\IrfanView\iv_uninstall.exe
Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
K-Lite Codec Pack 3.8.5 Full --> "C:\- Multimedia\K-Lite Codec Pack\unins000.exe"
Kaspersky Online Scanner --> C:\Windows\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
KhalInstallWrapper --> MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
LabelPrint --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\setup.exe" -uninstall
Logitech SetPoint --> C:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe -runfromtemp -l0x0008 -removeonly
Malwarebytes' Anti-Malware --> "C:\Users\Orestes\Desktop\Malwarebytes' Anti-Malware\unins000.exe"
Messenger Plus! Live --> "C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft Office Access MUI (Greek) 2007 --> MsiExec.exe /X{90120000-0015-0408-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (Greek) 2007 --> MsiExec.exe /X{90120000-0016-0408-0000-0000000FF1CE}
Microsoft Office Groove MUI (Greek) 2007 --> MsiExec.exe /X{90120000-00BA-0408-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Greek) 2007 --> MsiExec.exe /X{90120000-0044-0408-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Greek) 2007 --> MsiExec.exe /X{90120000-00A1-0408-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Greek) 2007 --> MsiExec.exe /X{90120000-001A-0408-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Greek) 2007 --> MsiExec.exe /X{90120000-0018-0408-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007 --> MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Greek) 2007 --> MsiExec.exe /X{90120000-001F-0408-0000-0000000FF1CE}
Microsoft Office Proofing (Greek) 2007 --> MsiExec.exe /X{90120000-002C-0408-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Greek) 2007 --> MsiExec.exe /X{90120000-0019-0408-0000-0000000FF1CE}
Microsoft Office Shared MUI (Greek) 2007 --> MsiExec.exe /X{90120000-006E-0408-0000-0000000FF1CE}
Microsoft Office Word MUI (Greek) 2007 --> MsiExec.exe /X{90120000-001B-0408-0000-0000000FF1CE}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU] --> MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works --> MsiExec.exe /I{784B4EE3-E308-4706-B3DC-51029944240B}
mIRC --> C:\- Internet Related\mIRC\uninstall.exe _?=C:\- Internet Related\mIRC
Motorola SM56 Data Fax Modem --> rundll32.exe sm56co6a.dll,SM56UnInstaller
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSCU for Microsoft Vista --> MsiExec.exe /I{42FADAAD-C7C7-4DEA-8455-47032C579118}
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
NVIDIA Drivers --> C:\Windows\system32\NVUNINST.EXE UninstallGUI
Opera 9.27 --> MsiExec.exe /X{503D6E3E-1A48-44F5-BB7C-EB3B593FAED0}
OTEnet-SAGEM Fast 800 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}\Setup.exe" -l0x8
Panda Antivirus 2008 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D1DA2BA7-2592-4036-9BB2-DCCABDE8DC1A}\SETUP.exe" -l0x8 -removeonly
Power2Go --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" -uninstall
PowerDirector --> "C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstall
PrimoPDF --> "C:\Windows\PrimoPDF4\uninstall.exe" "/U:C:\- Other Programs\PrimoPDF\Uninstall\uninstallPrimoPDF4.xml"
QuickPlay SlingPlayer 0.4.4 --> "C:\Program Files\HP\QuickPlay\unins000.exe"
Re-Volt --> C:\Windows\IsUninst.exe -fd:\games\Re-Volt\Uninst.isu
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista --> C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x0008 -removeonly
Realtek High Definition Audio Driver --> RtlUpd.exe -r -m
Revo Uninstaller 1.60 --> C:\- PC Health\Revo Uninstaller\uninst.exe
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\setup.exe" -l0x9 anything
Security Update for Excel 2007 (KB946974) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Microsoft Office Publisher 2007 (KB950114) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Office 2007 (KB934062) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33}
Security Update for Office 2007 (KB947801) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Outlook 2007 (KB946983) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
Security Update for Visio 2007 (KB947590) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Spybot - Search & Destroy --> "C:\- PC Health\Spybot - Search & Destroy\unins000.exe"
Spyware Doctor 5.5 --> C:\Program Files\Spyware Doctor\unins000.exe /LOG
Spyware Terminator --> "C:\- PC Health\Spyware Terminator\unins000.exe"
Srt2Sup a4.03 --> MsiExec.exe /X{5E6417D0-960A-4C18-9CB8-DD7678BDB8D0}
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe
Update for Office 2007 (KB932080) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7}
Update for Office 2007 (KB946691) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb950378) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F6296086-AED5-4EC0-938B-08EA0254F20E}
Vim 7.1 (self-installing) --> C:\- Authoring Tools\Vim\vim71\uninstall-gui.exe
Windows Live installer --> MsiExec.exe /X{1A304004-5798-44EF-9A0D-5C27FC3C4FD4}
Windows Live Mail --> MsiExec.exe /I{BB759F14-E59B-4475-92D5-15EAEAC6826E}
Windows Live Messenger --> MsiExec.exe /X{7924F96E-93F9-49F5-905F-444D96DCFC91}
Windows Media Player Firefox Plugin --> MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinRAR archiver --> C:\- Other Programs\WinRAR\uninstall.exe
ZoneAlarm --> C:\- PC Health\ZoneAlarm\zauninst.exe
-- Application Event Log -------------------------------------------------------
Event Record #/Type13992 / Success
Event Submitted/Written: 06/02/2008 08:49:14 PM
Event ID/Source: 5617 / WinMgmt
Event Description:
Event Record #/Type13991 / Success
Event Submitted/Written: 06/02/2008 08:49:13 PM
Event ID/Source: 5615 / WinMgmt
Event Description:
Event Record #/Type13986 / Success
Event Submitted/Written: 06/02/2008 08:49:01 PM
Event ID/Source: 902 / Software Licensing Service
Event Description:
Η Υπηρεσία παραχώρησης αδειών χρήσης λογισμικού εκκινήθηκε.
Event Record #/Type13978 / Warning
Event Submitted/Written: 06/02/2008 08:47:37 PM
Event ID/Source: 1530 / profsvc
Event Description:
Τα Windows διαπίστωσαν ότι το αρχείο μητρώου χρησιμοποιείται ακόμα από άλλες εφαρμογές ή υπηρεσίες. Η φόρτωση του αρχείου θα καταργηθεί τώρα. Οι εφαρμογές ή υπηρεσίες που κατέχουν το αρχείο μητρώου ενδέχεται να μην λειτουργούν σωστά στη συνέχεια.
ΛΕΠΤΟΜΕΡΕΙΑ -
5 user registry handles leaked from \Registry\User\S-1-5-21-723562235-3596179027-3789558969-1000_Classes:
Process 4436 (\Device\HarddiskVolume3\Games\Black & White\runblack.exe) has opened key \REGISTRY\USER\S-1-5-21-723562235-3596179027-3789558969-1000_CLASSES
Process 6864 (\Device\HarddiskVolume1\PROGRA~1\MOZILL~1\firefox.exe) has opened key \REGISTRY\USER\S-1-5-21-723562235-3596179027-3789558969-1000_CLASSES
Process 6864 (\Device\HarddiskVolume1\PROGRA~1\MOZILL~1\firefox.exe) has opened key \REGISTRY\USER\S-1-5-21-723562235-3596179027-3789558969-1000_CLASSES
Process 1008 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-723562235-3596179027-3789558969-1000_CLASSES
Process 1972 (\Device\HarddiskVolume1\Windows\System32\spoolsv.exe) has opened key \REGISTRY\USER\S-1-5-21-723562235-3596179027-3789558969-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
Event Record #/Type13977 / Warning
Event Submitted/Written: 06/02/2008 08:47:37 PM
Event ID/Source: 1530 / profsvc
Event Description:
Τα Windows διαπίστωσαν ότι το αρχείο μητρώου χρησιμοποιείται ακόμα από άλλες εφαρμογές ή υπηρεσίες. Η φόρτωση του αρχείου θα καταργηθεί τώρα. Οι εφαρμογές ή υπηρεσίες που κατέχουν το αρχείο μητρώου ενδέχεται να μην λειτουργούν σωστά στη συνέχεια.
ΛΕΠΤΟΜΕΡΕΙΑ -
23 user registry handles leaked from \Registry\User\S-1-5-21-723562235-3596179027-3789558969-1000:
Process 4436 (\Device\HarddiskVolume3\Games\Black & White\runblack.exe) has opened key \REGISTRY\USER\S-1-5-21-723562235-3596179027-3789558969-1000
Process 4436 (\Device\HarddiskVolume3\Games\Black & White\runblack.exe) has opened key \REGISTRY\USER\S-1-5-21-723562235-3596179027-3789558969-1000
Process 4436 (\Device\HarddiskVolume3\Games\Black & White\runblack.exe) has opened key \REGISTRY\USER\S-1-5-21-723562235-3596179027-3789558969-1000
Process 4436 (\Device\HarddiskVolume3\Games\Black & White\runblack.exe) has opened key \REGISTRY\USER\S-1-5-21-723562235-3596179027-3789558969-1000
Process 6864 (\Device\HarddiskVolume1\PROGRA~1\MOZILL~1\firefox.exe) has opened key \REGISTRY\USER\S-1-5-21-723562235-3596179027-3789558969-1000
Process 1008 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-723562235-3596179027-3789558969-1000
Process 6864 (\Device\HarddiskVolume1\PROGRA~1\MOZILL~1\firefox.exe) has opened key \REGISTRY\USER\S-1-5-21-723562235-3596179027-3789558969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts
Process 4436 (\Device\HarddiskVolume3\Games\Black & White\runblack.exe) has opened key \REGISTRY\USER\S-1-5-21-723562235-3596179027-3789558969-1000\Software\Lionhead Studios Ltd\Black & White\LHVersion\LH3DLib
Process 4436 (\Device\HarddiskVolume3\Games\Black & White\runblack.exe) has opened key \REGISTRY\USER\S-1-5-21-723562235-3596179027-3789558969-1000\Software\Lionhead Studios Ltd\Black & White\LHVersion\LH3DLib
Process 4436 (\Device\HarddiskVolume3\Games\Black & White\runblack.exe) has opened key \REGISTRY\USER\S-1-5-21-723562235-3596179027-3789558969-1000\Software\Microsoft\SystemCertificates\My
Process 4436 (\Device\HarddiskVolume3\Games\Black & White\runblack.exe) has opened key \REGISTRY\USER\S-1-5-21-723562235-3596179027-3789558969-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 4436 (\Device\HarddiskVolume3\Games\Black & White\runblack.exe) has opened key \REGISTRY\USER\S-1-5-21-723562235-3596179027-3789558969-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 4436 (\Device\HarddiskVolume3\Games\Black & White\runblack.exe) has opened key \REGISTRY\USER\S-1-5-21-723562235-3596179027-3789558969-1000\Software\Microsoft\SystemCertificates\Disallowed
Process 4436 (\Device\HarddiskVolume3\Games\Black & White\runblack.exe) has opened key \REGISTRY\USER\S-1-5-21-723562235-3596179027-3789558969-1000\Software\Microsoft\SystemCertificates\CA
Process 6864 (\Device\HarddiskVolume1\PROGRA~1\MOZILL~1\firefox.exe) has opened key \REGISTRY\USER\S-1-5-21-723562235-3596179027-3789558969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer
Process 4436 (\Device\HarddiskVolume3\Games\Black & White\runblack.exe) has opened key \REGISTRY\USER\S-1-5-21-723562235-3596179027-3789558969-1000\Software\Policies\Microsoft\SystemCertificates
Process 6864 (\Device\HarddiskVolume1\PROGRA~1\MOZILL~1\firefox.exe) has opened key \REGISTRY\USER\S-1-5-21-723562235-3596179027-3789558969-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Process 4436 (\Device\HarddiskVolume3\Games\Black & White\runblack.exe) has opened key \REGISTRY\USER\S-1-5-21-723562235-3596179027-3789558969-1000\System\CurrentControlSet\Control\MediaProperties\PrivateProperties\DirectInput\HPQREMHIDDEVICE&COL02\Calibration\0
Process 4436 (\Device\HarddiskVolume3\Games\Black & White\runblack.exe) has opened key \REGISTRY\USER\S-1-5-21-723562235-3596179027-3789558969-1000\Software\Microsoft\SystemCertificates\trust
Process 4436 (\Device\HarddiskVolume3\Games\Black & White\runblack.exe) has opened key \REGISTRY\USER\S-1-5-21-723562235-3596179027-3789558969-1000\System\CurrentControlSet\Control\MediaProperties\PrivateProperties\DirectInput\HPQREMHIDDEVICE&COL01\Calibration\0
Process 4436 (\Device\HarddiskVolume3\Games\Black & White\runblack.exe) has opened key \REGISTRY\USER\S-1-5-21-723562235-3596179027-3789558969-1000\Software\Microsoft\SystemCertificates\Root
Process 443
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type57301 / Warning
Event Submitted/Written: 06/02/2008 08:59:20 PM
Event ID/Source: 3004 / WinDefend
Event Description:
Ο παράγοντας προστασίας πραγματικού χρόνου %HYPERION27 εντόπισε αλλαγές. Η Microsoft σας συνιστά να ελέγξετε το λογισμικό που ευθύνεται για αυτές τις αλλαγές για πιθανό ρίσκο. Μπορείτε να χρησιμοποιήσετε τις πληροφορίες για το πως λειτουργούν αυτά τα προγράμματα για να επιλέξετε την επιτρεπόμενη εκτέλεση ή την κατάργηση τους από τον υπολογιστή σας. Επιτρέψτε τις αλλαγές μόνο όταν εμπιστεύεστε το πρόγραμμα ή τον εκδότη του λογισμικού. O %HYPERION27 δεν μπορεί να αναιρέσει τις αλλαγές που επιτρέπετε.
Για περισσότερες πληροφορίες, ανατρέξτε στα ακόλουθα:
%HYPERION275
Αναγνωριστικό ανίχνευσης: {7A0F3D71-04D5-472E-9606-96A1BC36C706}
Χρήστης: HYPERION\Orestes
Όνομα: %HYPERION271
Αναγνωριστικό: %HYPERION272
Αναγνωριστικό σοβαρότητας: %HYPERION273
Αναγνωριστικό κατηγορίας: %HYPERION274
Διαδρομή που εντοπίστηκε: %HYPERION276
Τύπος προειδοποίησης: %HYPERION278
Τύπος εντοπισμού: 1.1.1600.02
Event Record #/Type57300 / Warning
Event Submitted/Written: 06/02/2008 08:59:20 PM
Event ID/Source: 3004 / WinDefend
Event Description:
Ο παράγοντας προστασίας πραγματικού χρόνου %HYPERION27 εντόπισε αλλαγές. Η Microsoft σας συνιστά να ελέγξετε το λογισμικό που ευθύνεται για αυτές τις αλλαγές για πιθανό ρίσκο. Μπορείτε να χρησιμοποιήσετε τις πληροφορίες για το πως λειτουργούν αυτά τα προγράμματα για να επιλέξετε την επιτρεπόμενη εκτέλεση ή την κατάργηση τους από τον υπολογιστή σας. Επιτρέψτε τις αλλαγές μόνο όταν εμπιστεύεστε το πρόγραμμα ή τον εκδότη του λογισμικού. O %HYPERION27 δεν μπορεί να αναιρέσει τις αλλαγές που επιτρέπετε.
Για περισσότερες πληροφορίες, ανατρέξτε στα ακόλουθα:
%HYPERION275
Αναγνωριστικό ανίχνευσης: {1D7C4128-095B-43A1-99AE-EABEBEABE439}
Χρήστης: HYPERION\Orestes
Όνομα: %HYPERION271
Αναγνωριστικό: %HYPERION272
Αναγνωριστικό σοβαρότητας: %HYPERION273
Αναγνωριστικό κατηγορίας: %HYPERION274
Διαδρομή που εντοπίστηκε: %HYPERION276
Τύπος προειδοποίησης: %HYPERION278
Τύπος εντοπισμού: 1.1.1600.02
Event Record #/Type57299 / Warning
Event Submitted/Written: 06/02/2008 08:59:20 PM
Event ID/Source: 3004 / WinDefend
Event Description:
Ο παράγοντας προστασίας πραγματικού χρόνου %HYPERION27 εντόπισε αλλαγές. Η Microsoft σας συνιστά να ελέγξετε το λογισμικό που ευθύνεται για αυτές τις αλλαγές για πιθανό ρίσκο. Μπορείτε να χρησιμοποιήσετε τις πληροφορίες για το πως λειτουργούν αυτά τα προγράμματα για να επιλέξετε την επιτρεπόμενη εκτέλεση ή την κατάργηση τους από τον υπολογιστή σας. Επιτρέψτε τις αλλαγές μόνο όταν εμπιστεύεστε το πρόγραμμα ή τον εκδότη του λογισμικού. O %HYPERION27 δεν μπορεί να αναιρέσει τις αλλαγές που επιτρέπετε.
Για περισσότερες πληροφορίες, ανατρέξτε στα ακόλουθα:
%HYPERION275
Αναγνωριστικό ανίχνευσης: {2F5717A2-1FB5-43DC-8068-644F07D8D193}
Χρήστης: HYPERION\Orestes
Όνομα: %HYPERION271
Αναγνωριστικό: %HYPERION272
Αναγνωριστικό σοβαρότητας: %HYPERION273
Αναγνωριστικό κατηγορίας: %HYPERION274
Διαδρομή που εντοπίστηκε: %HYPERION276
Τύπος προειδοποίησης: %HYPERION278
Τύπος εντοπισμού: 1.1.1600.02
Event Record #/Type57298 / Warning
Event Submitted/Written: 06/02/2008 08:59:18 PM
Event ID/Source: 3004 / WinDefend
Event Description:
Ο παράγοντας προστασίας πραγματικού χρόνου %HYPERION27 εντόπισε αλλαγές. Η Microsoft σας συνιστά να ελέγξετε το λογισμικό που ευθύνεται για αυτές τις αλλαγές για πιθανό ρίσκο. Μπορείτε να χρησιμοποιήσετε τις πληροφορίες για το πως λειτουργούν αυτά τα προγράμματα για να επιλέξετε την επιτρεπόμενη εκτέλεση ή την κατάργηση τους από τον υπολογιστή σας. Επιτρέψτε τις αλλαγές μόνο όταν εμπιστεύεστε το πρόγραμμα ή τον εκδότη του λογισμικού. O %HYPERION27 δεν μπορεί να αναιρέσει τις αλλαγές που επιτρέπετε.
Για περισσότερες πληροφορίες, ανατρέξτε στα ακόλουθα:
%HYPERION275
Αναγνωριστικό ανίχνευσης: {59F179D7-8501-4F53-9AA6-56A7BC6B3F74}
Χρήστης: HYPERION\Orestes
Όνομα: %HYPERION271
Αναγνωριστικό: %HYPERION272
Αναγνωριστικό σοβαρότητας: %HYPERION273
Αναγνωριστικό κατηγορίας: %HYPERION274
Διαδρομή που εντοπίστηκε: %HYPERION276
Τύπος προειδοποίησης: %HYPERION278
Τύπος εντοπισμού: 1.1.1600.02
Event Record #/Type57297 / Warning
Event Submitted/Written: 06/02/2008 08:59:18 PM
Event ID/Source: 3004 / WinDefend
Event Description:
Ο παράγοντας προστασίας πραγματικού χρόνου %HYPERION27 εντόπισε αλλαγές. Η Microsoft σας συνιστά να ελέγξετε το λογισμικό που ευθύνεται για αυτές τις αλλαγές για πιθανό ρίσκο. Μπορείτε να χρησιμοποιήσετε τις πληροφορίες για το πως λειτουργούν αυτά τα προγράμματα για να επιλέξετε την επιτρεπόμενη εκτέλεση ή την κατάργηση τους από τον υπολογιστή σας. Επιτρέψτε τις αλλαγές μόνο όταν εμπιστεύεστε το πρόγραμμα ή τον εκδότη του λογισμικού. O %HYPERION27 δεν μπορεί να αναιρέσει τις αλλαγές που επιτρέπετε.
Για περισσότερες πληροφορίες, ανατρέξτε στα ακόλουθα:
%HYPERION275
Αναγνωριστικό ανίχνευσης: {DB19CFB4-2C93-4AC1-B576-CA7DC6467AEE}
Χρήστης: HYPERION\Orestes
Όνομα: %HYPERION271
Αναγνωριστικό: %HYPERION272
Αναγνωριστικό σοβαρότητας: %HYPERION273
Αναγνωριστικό κατηγορίας: %HYPERION274
Διαδρομή που εντοπίστηκε: %HYPERION276
Τύπος προειδοποίησης: %HYPERION278
Τύπος εντοπισμού: 1.1.1600.02
-- End of Deckard's System Scanner: finished at 2008-06-02 21:02:15 ------------
Hi
Open HijackThis, click do a system scan only and checkmark these:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank (unless you have set it)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {882AED45-CE83-4DD9-858A-4DEB93E58CD4} - (no file)
O2 - BHO: (no name) - {C8DF0E43-D610-4906-8D69-8D18C0BDB11E} - (no file)
O2 - BHO: (no name) - {D62FB3CC-2BDC-4685-BE8D-C3795B4C471D} - (no file)
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
Close all windows including browser and press fix checked.
Reboot.
Please download the OTMoveIt2 by OldTimer (http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe).
Save it to your desktop.
Please double-click OTMoveIt2.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
C:\Windows\system32\cbXPjJaa.dll
C:\Windows\system32\xjqsvehe.dll
C:\Windows\system32\kjudhelt.exe
C:\Windows\system32\cdqlutkp.dll
C:\Windows\system32\uiofvesi.dll
C:\Windows\system32\ccxmshjr.dll
C:\Windows\system32\SYbIRXbc.ini2
C:\Windows\system32\brjxvdxk.dll
C:\Windows\system32\uvGhQXbc.ini2
C:\Windows\system32\aadKjQru.ini2
C:\Windows\system32\orCbdccf.ini2
C:\Windows\system32\nVvwDcdd.ini2
Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light blue bar) and choose Paste.
Click the red Moveit! button.
Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTMoveIt2
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
Re-run dss.
Post:
- dss log
- otmoveit2 report
otmoveit2 report:
-----------------
LoadLibrary failed for C:\Windows\system32\cbXPjJaa.dll
C:\Windows\system32\cbXPjJaa.dll NOT unregistered.
C:\Windows\system32\cbXPjJaa.dll moved successfully.
LoadLibrary failed for C:\Windows\system32\xjqsvehe.dll
C:\Windows\system32\xjqsvehe.dll NOT unregistered.
C:\Windows\system32\xjqsvehe.dll moved successfully.
C:\Windows\system32\kjudhelt.exe moved successfully.
DllUnregisterServer procedure not found in C:\Windows\system32\cdqlutkp.dll
C:\Windows\system32\cdqlutkp.dll NOT unregistered.
C:\Windows\system32\cdqlutkp.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\system32\uiofvesi.dll
C:\Windows\system32\uiofvesi.dll NOT unregistered.
C:\Windows\system32\uiofvesi.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\system32\ccxmshjr.dll
C:\Windows\system32\ccxmshjr.dll NOT unregistered.
C:\Windows\system32\ccxmshjr.dll moved successfully.
C:\Windows\system32\SYbIRXbc.ini2 moved successfully.
DllUnregisterServer procedure not found in C:\Windows\system32\brjxvdxk.dll
C:\Windows\system32\brjxvdxk.dll NOT unregistered.
C:\Windows\system32\brjxvdxk.dll moved successfully.
C:\Windows\system32\uvGhQXbc.ini2 moved successfully.
C:\Windows\system32\aadKjQru.ini2 moved successfully.
C:\Windows\system32\orCbdccf.ini2 moved successfully.
C:\Windows\system32\nVvwDcdd.ini2 moved successfully.
Deckard's System Scanner v20071014.68
Run by Orestes on 2008-06-03 20:21:14
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- HijackThis (run as Orestes.exe) ---------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:21:21 μμ, on 3/6/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\- PC Health\Panda\PskSvc.exe
C:\- PC Health\Panda\pavsrvx86.exe
C:\- PC Health\Panda\AVENGINE.EXE
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\ZoneLabs\vsmon.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\- PC Health\Panda\PsCtrls.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Windows\system32\svchost.exe
C:\- PC Health\Panda\PsImSvc.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\- PC Health\Spyware Terminator\sp_rsser.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\- PC Health\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\- PC Health\Spyware Terminator\SpywareTerminatorShield.Exe
C:\Windows\System32\rundll32.exe
C:\- PC Health\Panda\ApVxdWin.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\- PC Health\ZoneAlarm\zlclient.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\SAGEM\OTEnet-SAGEM Fast 800\dslmon.exe
C:\- Other Programs\Logitech\SetPoint\SetPoint.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\- PC Health\Panda\WebProxy.exe
C:\Windows\system32\wbem\unsecapp.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Orestes\Desktop\dss.exe
C:\Users\Orestes\Desktop\hijack\Orestes.exe
C:\Windows\system32\DllHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=el_gr&c=81&bd=Pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=el_gr&c=81&bd=Pavilion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\-PCHEA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Βοηθός εισόδου του Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SpywareTerminator] "C:\- PC Health\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [APVXDWIN] "C:\- PC Health\Panda\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\- PC Health\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\- Multimedia\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\- Other Programs\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&ξαγωγή στο Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\-PCHEA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\-PCHEA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\- PC Health\Panda\PsCtrls.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\- PC Health\Panda\pavsrvx86.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\- PC Health\Panda\PsImSvc.exe
O23 - Service: Panda PSK service (PskSvcRetail) - Panda Software International - C:\- PC Health\Panda\PskSvc.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\- PC Health\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\- PC Health\Spyware Terminator\sp_rsser.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
--
End of file - 12935 bytes
-- Files created between 2008-05-03 and 2008-06-03 -----------------------------
2008-06-03 01:09:29 0 d-------- C:\Users\All Users\Apple Computer
2008-06-03 01:09:11 0 d-------- C:\Users\All Users\Apple
2008-06-03 01:09:11 0 d-------- C:\Program Files\Apple Software Update
2008-06-02 18:06:43 0 d-------- C:\Users\All Users\Malwarebytes
2008-05-28 00:39:37 0 d-------- C:\Users\All Users\CheckPoint
2008-05-28 00:33:51 0 d-------- C:\Windows\system32\ZoneLabs
2008-05-28 00:33:12 0 d-------- C:\Windows\Internet Logs
2008-05-27 21:19:19 0 d-------- C:\Users\All Users\sentinel
2008-05-27 21:18:07 184 --a------ C:\Windows\system32\PavCPL.dat
2008-05-27 21:17:56 0 d-------- C:\Windows\system32\PAV
2008-05-27 20:51:25 0 d-------- C:\Program Files\Common Files\Panda Software
2008-05-27 17:47:43 0 d-------- C:\Users\All Users\Kaspersky Lab
2008-05-27 12:29:57 176235 --a------ C:\Windows\system32\Primomonnt.dll
2008-05-27 12:29:55 0 d-------- C:\Program Files\activePDF
2008-05-27 12:29:53 0 d-------- C:\Windows\PrimoPDF4
2008-05-26 19:38:13 0 d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-05-26 19:35:48 0 d-------- C:\Program Files\SystemRequirementsLab
2008-05-26 19:32:52 0 d-------- C:\NVIDIA
2008-05-26 18:55:10 0 d-------- C:\Windows\system32\Kaspersky Lab
2008-05-26 17:54:39 0 d-------- C:\PerfLogs
2008-05-26 02:03:00 0 d-------- C:\Users\All Users\Grisoft
2008-05-26 00:42:45 0 d-------- C:\Users\All Users\Avira
2008-05-25 22:16:11 0 d-a------ C:\Users\All Users\TEMP
2008-05-25 22:15:41 0 d-------- C:\Program Files\Spyware Doctor
2008-05-25 22:13:30 0 d-------- C:\Users\All Users\Google Updater
2008-05-25 22:13:25 0 d-------- C:\Program Files\Google
2008-05-25 22:07:13 0 d-------- C:\Windows\pss
2008-05-25 18:32:20 141312 --a------ C:\Windows\system32\drivers\sp_rsdrv2.sys
2008-05-25 18:32:20 0 d-------- C:\Users\All Users\Spyware Terminator
2008-05-25 01:16:59 246262 --ahs---- C:\Windows\system32\xGMmnnpo.ini2
2008-05-24 16:48:54 0 d-------- C:\Users\All Users\Lavasoft
2008-05-24 01:55:05 0 d-------- C:\Program Files\Bonjour
2008-05-24 01:45:16 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-05-24 00:42:48 0 d-------- C:\Users\All Users\FLEXnet
2008-05-22 20:01:03 550 --a------ C:\Windows\eReg.dat
2008-05-17 16:42:55 39424 --a------ C:\Windows\system32\rpiAccessProcess.dll
2008-05-17 16:42:55 712704 --a------ C:\Windows\system32\_ISource21.dll <Not Verified; Smaller Animals Software, Inc.; _ISource21.DLL>
2008-05-17 16:42:54 57344 --a------ C:\Windows\system32\mp3SpecX4.dll <Not Verified; MicroProse Software; mp3SpecX4>
2008-05-17 16:42:53 278016 --a------ C:\Windows\system32\aisExif.dll <Not Verified; Watermarker.com; AiS EXIF ActiveX>
2008-05-17 16:42:52 32768 --a------ C:\Windows\system32\ce-scm.dll <Not Verified; Creative Element; Creative Element Power Tools>
2008-05-17 16:42:52 113664 --a------ C:\Windows\system32\APIGID32.DLL <Not Verified; Desaware; APIGID32 Dynamic Link Library>
2008-05-11 03:02:43 0 d-------- C:\Users\All Users\Stardock
-- Find3M Report ---------------------------------------------------------------
2008-06-03 20:20:27 556058 --a------ C:\Windows\system32\perfh008.dat
2008-06-03 20:20:26 89688 --a------ C:\Windows\system32\perfc008.dat
2008-06-03 20:18:30 27525 --a------ C:\Users\Orestes\AppData\Roaming\nvModes.001
2008-06-03 20:11:44 12 --a------ C:\Windows\bthservsdp.dat
2008-06-03 13:12:26 0 d-------- C:\Users\Orestes\AppData\Roaming\uTorrent
2008-06-03 11:57:16 0 d-------- C:\Users\Orestes\AppData\Roaming\Spyware Terminator
2008-06-02 18:07:01 0 d-------- C:\Users\Orestes\AppData\Roaming\Malwarebytes
2008-06-02 14:00:20 27525 --a------ C:\Users\Orestes\AppData\Roaming\nvModes.dat
2008-05-27 21:17:39 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-27 20:51:25 0 d-------- C:\Program Files\Common Files
2008-05-27 12:32:49 6418 --a------ C:\Users\Orestes\AppData\Roaming\PrimoPDFSet.xml
2008-05-27 12:32:39 310 --a------ C:\Users\Orestes\AppData\Roaming\APUSet.xml
2008-05-26 19:35:40 0 d-------- C:\Users\Orestes\AppData\Roaming\SystemRequirementsLab
2008-05-26 18:14:42 174 --ahs---- C:\Program Files\desktop.ini
2008-05-26 17:57:02 0 d-------- C:\Program Files\Windows Calendar
2008-05-26 17:57:02 0 d-------- C:\Program Files\Movie Maker
2008-05-26 17:57:01 0 d-------- C:\Program Files\Windows Sidebar
2008-05-26 17:57:01 0 d-------- C:\Program Files\Windows Mail
2008-05-26 17:57:00 0 d-------- C:\Program Files\Windows Collaboration
2008-05-26 17:56:59 0 d-------- C:\Program Files\Windows Photo Gallery
2008-05-26 17:56:59 0 d-------- C:\Program Files\Windows Journal
2008-05-26 17:56:53 0 d-------- C:\Program Files\Windows Defender
2008-05-26 14:25:27 0 d-------- C:\Program Files\Microsoft Silverlight
2008-05-26 00:45:51 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-05-25 23:01:41 0 d-------- C:\Users\Orestes\AppData\Roaming\Opera
2008-05-25 22:15:41 0 d-------- C:\Users\Orestes\AppData\Roaming\PC Tools
2008-05-24 03:11:57 0 d-------- C:\Users\Orestes\AppData\Roaming\Adobe
2008-05-24 01:55:02 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-19 13:20:38 0 d-------- C:\Program Files\Java
2008-05-16 19:48:18 0 d-------- C:\Users\Orestes\AppData\Roaming\mIRC
2008-05-08 17:13:20 0 d-------- C:\Users\Orestes\AppData\Roaming\IrfanView
2008-04-29 19:43:43 0 -rahs---- C:\MSDOS.SYS
2008-04-29 19:43:43 0 -rahs---- C:\IO.SYS
2008-04-19 18:46:39 0 d-------- C:\Users\Orestes\AppData\Roaming\CyberLink
2008-04-19 17:34:02 0 d-------- C:\Users\Orestes\AppData\Roaming\Abexo
2008-04-12 20:47:47 0 d-------- C:\Program Files\Messenger Plus! Live
2008-04-12 15:32:23 0 d-------- C:\Users\Orestes\AppData\Roaming\Logitech
2008-04-12 15:29:47 0 d-------- C:\Program Files\Common Files\Logishrd
2008-04-12 15:28:56 0 d-------- C:\Users\Orestes\AppData\Roaming\InstallShield
2008-04-11 21:28:10 12189 --a------ C:\Users\Orestes\AppData\Roaming\UserTile.png
2008-04-11 21:27:41 0 d-------- C:\Users\Orestes\AppData\Roaming\PeerNetworking
2008-04-11 21:10:10 0 d-------- C:\Program Files\Windows Live
2008-04-10 22:01:12 0 d-------- C:\Program Files\Microsoft Works
2008-04-10 21:59:59 0 d-------- C:\Program Files\Microsoft.NET
2008-04-09 19:44:34 0 d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-04-09 19:41:38 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-08 16:50:36 43520 --a------ C:\Windows\system32\CmdLineExt03.dll
2008-04-08 16:21:45 0 d-------- C:\Users\Orestes\AppData\Roaming\WinRAR
2008-04-07 20:42:02 0 d-------- C:\Users\Orestes\AppData\Roaming\GlobalSCAPE
2008-04-07 20:06:05 0 d-------- C:\Users\Orestes\AppData\Roaming\Media Player Classic
2008-04-07 16:20:32 0 d-------- C:\Users\Orestes\AppData\Roaming\HP
2008-04-07 14:56:05 0 d-------- C:\Program Files\MSXML 4.0
2008-04-07 14:45:19 0 d-------- C:\Users\Orestes\AppData\Roaming\Talkback
2008-04-07 14:45:13 0 --a------ C:\Windows\nsreg.dat
2008-04-07 14:45:09 0 d-------- C:\Users\Orestes\AppData\Roaming\Mozilla
2008-04-07 14:33:46 0 d-------- C:\Program Files\SAGEM
2008-04-07 14:26:58 0 d-------- C:\Users\Orestes\AppData\Roaming\Symantec
2008-04-07 14:26:17 0 d-------- C:\Users\Orestes\AppData\Roaming\Identities
2008-04-07 14:26:10 81 --a------ C:\Windows\system32\LOG
2008-04-07 14:24:27 0 d-------- C:\Users\Orestes\AppData\Roaming\Macromedia
2008-04-07 14:23:51 0 d-------- C:\Users\Orestes\AppData\Roaming\Hewlett-Packard
2008-04-07 14:23:47 0 dr------- C:\Program Files\Online Services
2008-04-07 14:18:41 0 d-------- C:\Program Files\HPQ
2008-04-07 14:18:18 0 d-------- C:\Program Files\Common Files\LightScribe
2008-04-07 14:17:39 0 d-------- C:\Program Files\HP
2008-03-22 18:30:02 2085376 --a------ C:\Windows\system32\x264vfw.dll
2008-03-04 12:33:18 7680 --a------ C:\Windows\system32\ff_vfw.dll
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [15/09/2007 11:29 §£]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [17/01/2007 04:34 ££]
"RtHDVCpl"="RtHDVCpl.exe" [17/08/2007 04:27 ££ C:\Windows\RtHDVCpl.exe]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [25/07/2007 09:02 §£]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [30/09/2007 08:34 ££]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [19/09/2007 03:31 ££]
"OnScreenDisplay"="C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [04/09/2007 02:54 ££]
"UCam_Menu"="C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [17/08/2007 12:13 §£]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [19/01/2008 10:38 §£]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [13/09/2007 09:47 §£]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [08/01/2007 04:53 ££]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25 §£]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [29/11/2007 02:17 §£ C:\Windows\KHALMNPR.Exe]
"SpywareTerminator"="C:\- PC Health\Spyware Terminator\SpywareTerminatorShield.exe" [25/05/2008 06:32 ££]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [19/09/2007 11:05 ££]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [19/09/2007 11:05 ££]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [19/09/2007 11:05 ££]
"APVXDWIN"="C:\- PC Health\Panda\APVXDWIN.exe" [04/10/2007 03:15 ££]
"ZoneAlarm Client"="C:\- PC Health\ZoneAlarm\zlclient.exe" [03/03/2008 03:05 ££]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [01/02/2008 12:55 ££]
"QuickTime Task"="C:\- Multimedia\QuickTime\QTTask.exe" [28/03/2008 11:37 ££]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [19/01/2008 10:33 §£]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [23/08/2007 05:36 ££]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [19/01/2008 10:33 §£]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [19/01/2008 10:33 §£]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [5/9/2007 2:09:54 ££]
DSLMON.lnk - C:\Program Files\SAGEM\OTEnet-SAGEM Fast 800\dslmon.exe [7/4/2008 2:34:00 ££]
Logitech SetPoint.lnk - C:\- Other Programs\Logitech\SetPoint\SetPoint.exe [12/4/2008 3:29:30 ££]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableLUA"=0 (0x0)
"EnableUIADesktopToggle"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 15/02/2007 07:02 ££ 50736 C:\Windows\System32\avldr.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Orestes^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Creative Element Power Tools Startup.lnk]
path=C:\Users\Orestes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Creative Element Power Tools Startup.lnk
backup=C:\Windows\pss\Creative Element Power Tools Startup.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2b669fdb]
rundll32.exe "C:\Windows\system32\aeryttoq.dll",b
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
"C:\- Other Programs\Alcohol 120\axcmd.exe" /automount
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\autoclk]
autoclk.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM2855ac47]
Rundll32.exe "C:\Windows\system32\bxloqesx.dll",s
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"AMDPT"=C:\- PC Health\ABEXO Memory Defragmenter and Process Tweak\amdpt.exe /auto
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"APVXDWIN"="C:\- PC Health\Panda\APVXDWIN.EXE" /s
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient SstpSvc
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
bthsvcs BthServ
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{983046d2-2447-11dd-89ff-000000000000}]
AutoRun\command- H:\autorun.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
-- End of Deckard's System Scanner: finished at 2008-06-03 20:24:04 ------------
Hi
Please download ATF Cleaner by Atribune (http://www.atribune.org/ccount/click.php?id=1) and save
it to desktop.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit to close ATF-Cleaner.
Re-scan with kaspersky.
Post:
- a fresh HijackThis log
- kaspersky report
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, June 04, 2008 1:43:35 AM
Operating System: Microsoft Windows Vista Home Edition, Service Pack 1 (Build 6001)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 3/06/2008
Kaspersky Anti-Virus database records: 825918
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
Scan Statistics:
Total number of scanned objects: 211562
Number of viruses found: 3
Number of infected objects: 3
Number of suspicious objects: 0
Duration of the scan process: 03:08:50
Infected Object Name / Virus Name / Last Action
C:\- Internet Related\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.631 skipped
C:\- PC Health\Panda\6d9b13f36fb92d23a37e3b3967a3f2f0PSK_NAMES Object is locked skipped
C:\- PC Health\Panda\6d9b13f36fb92d23a37e3b3967a3f2f0PSK_NAMES2 Object is locked skipped
C:\- PC Health\Panda\PavCntrs.dat Object is locked skipped
C:\boot\bcd Object is locked skipped
C:\boot\BCD.LOG Object is locked skipped
C:\Program Files\HP\QuickPlay\Kernel\Partner\libcurl.dll Infected: Trojan.Win32.Agent.qwt skipped
C:\ProgramData\CyberLink\TinyDB\EPGSignal Object is locked skipped
C:\ProgramData\CyberLink\TinyDB\Schedule Object is locked skipped
C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.57.Crwl Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.57.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.ci Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.wsb Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010005.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010006.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010007.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010008.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010009.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000A.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000B.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010011.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010012.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010013.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010014.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010015.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010017.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001D.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010020.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010023.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001002D.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\Used0000.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk1.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk2.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy141.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\NtfC17A.tmp Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\NtfC17B.tmp Object is locked skipped
C:\ProgramData\Microsoft\Windows Defender\Support\MPLog-11022006-050241.log Object is locked skipped
C:\ProgramData\sentinel\2.1\gwhashs.dat Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\Users\Orestes\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
C:\Users\Orestes\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db Object is locked skipped
C:\Users\Orestes\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped
C:\Users\Orestes\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Users\Orestes\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Users\Orestes\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Users\Orestes\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped
C:\Users\Orestes\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped
C:\Users\Orestes\AppData\Local\Microsoft\Windows\UsrClass.dat{cca86d37-1c7e-11dd-aa13-000000000000}.TM.blf Object is locked skipped
C:\Users\Orestes\AppData\Local\Microsoft\Windows\UsrClass.dat{cca86d37-1c7e-11dd-aa13-000000000000}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\Orestes\AppData\Local\Microsoft\Windows\UsrClass.dat{cca86d37-1c7e-11dd-aa13-000000000000}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Users\Orestes\AppData\Local\Microsoft\Windows Defender\FileTracker\{6B3E2418-AE54-4F97-97F9-23AF165A9A4A} Object is locked skipped
C:\Users\Orestes\AppData\Local\Microsoft\Windows Sidebar\Settings.ini Object is locked skipped
C:\Users\Orestes\AppData\Local\Temp\ehmsas.txt Object is locked skipped
C:\Users\Orestes\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped
C:\Users\Orestes\NTUSER.DAT Object is locked skipped
C:\Users\Orestes\ntuser.dat.LOG1 Object is locked skipped
C:\Users\Orestes\ntuser.dat.LOG2 Object is locked skipped
C:\Users\Orestes\NTUSER.DAT{cca86d35-1c7e-11dd-aa13-000000000000}.TM.blf Object is locked skipped
C:\Users\Orestes\NTUSER.DAT{cca86d35-1c7e-11dd-aa13-000000000000}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\Orestes\NTUSER.DAT{cca86d35-1c7e-11dd-aa13-000000000000}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\bthservsdp.dat Object is locked skipped
C:\Windows\Debug\PASSWD.LOG Object is locked skipped
C:\Windows\Debug\WIA\wiatrace.log Object is locked skipped
C:\Windows\Internet Logs\fwdbglog.txt Object is locked skipped
C:\Windows\Internet Logs\fwpktlog.txt Object is locked skipped
C:\Windows\Internet Logs\HYPERION.ldb Object is locked skipped
C:\Windows\Internet Logs\IAMDB.RDB Object is locked skipped
C:\Windows\Internet Logs\tvDebug.log Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WindowsUpdate.log Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG2 Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{cca86d33-1c7e-11dd-aa13-000000000000}.TM.blf Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{cca86d33-1c7e-11dd-aa13-000000000000}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{cca86d33-1c7e-11dd-aa13-000000000000}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG2 Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{cca86d31-1c7e-11dd-aa13-000000000000}.TM.blf Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{cca86d31-1c7e-11dd-aa13-000000000000}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{cca86d31-1c7e-11dd-aa13-000000000000}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\catroot2\edb.log Object is locked skipped
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\config\COMPONENTS Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG1 Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG2 Object is locked skipped
C:\Windows\System32\config\DEFAULT Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG1 Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG2 Object is locked skipped
C:\Windows\System32\config\RegBack\COMPONENTS Object is locked skipped
C:\Windows\System32\config\RegBack\DEFAULT Object is locked skipped
C:\Windows\System32\config\RegBack\SAM Object is locked skipped
C:\Windows\System32\config\RegBack\SECURITY Object is locked skipped
C:\Windows\System32\config\RegBack\SOFTWARE Object is locked skipped
C:\Windows\System32\config\RegBack\SYSTEM Object is locked skipped
C:\Windows\System32\config\SAM Object is locked skipped
C:\Windows\System32\config\SAM.LOG1 Object is locked skipped
C:\Windows\System32\config\SAM.LOG2 Object is locked skipped
C:\Windows\System32\config\SECURITY Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG1 Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG2 Object is locked skipped
C:\Windows\System32\config\SOFTWARE Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG1 Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG2 Object is locked skipped
C:\Windows\System32\config\SYSTEM Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG1 Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG2 Object is locked skipped
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TM.blf Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000003.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000004.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{cca86d28-1c7e-11dd-aa13-000000000000}.TxR.0.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{cca86d28-1c7e-11dd-aa13-000000000000}.TxR.1.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{cca86d28-1c7e-11dd-aa13-000000000000}.TxR.2.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{cca86d28-1c7e-11dd-aa13-000000000000}.TxR.blf Object is locked skipped
C:\Windows\System32\drivers\sptd.sys Object is locked skipped
C:\Windows\System32\LogFiles\Scm\SCM.EVM Object is locked skipped
C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\Windows\System32\Msdtc\KtmRmTm.blf Object is locked skipped
C:\Windows\System32\Msdtc\KtmRmTmContainer00000000000000000001 Object is locked skipped
C:\Windows\System32\Msdtc\KtmRmTmContainer00000000000000000002 Object is locked skipped
C:\Windows\System32\spool\SpoolerETW.etl Object is locked skipped
C:\Windows\System32\wbem\Logs\WMITracing.log Object is locked skipped
C:\Windows\System32\wbem\Repository\INDEX.BTR Object is locked skipped
C:\Windows\System32\wbem\Repository\MAPPING1.MAP Object is locked skipped
C:\Windows\System32\wbem\Repository\MAPPING2.MAP Object is locked skipped
C:\Windows\System32\wbem\Repository\OBJECTS.DATA Object is locked skipped
C:\Windows\System32\WDI\LogFiles\WdiContextLog.etl.002 Object is locked skipped
C:\Windows\System32\wfp\wfpdiag.etl Object is locked skipped
C:\Windows\System32\winevt\Logs\Application.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\DFS Replication.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\HardwareEvents.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Internet Explorer.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Key Management Service.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Media Center.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Metrics.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Leak-Diagnostic%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\ODiag.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\OSession.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Security.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\System.evtx Object is locked skipped
C:\Windows\Tasks\SCHEDLGU.TXT Object is locked skipped
C:\Windows\Temp\ZLT00f0f.TMP Object is locked skipped
C:\Windows\Temp\ZLT00f13.TMP Object is locked skipped
C:\_OTMoveIt\MovedFiles\06032008_201731\Windows\system32\brjxvdxk.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.vjr skipped
E:\System Volume Information\Desktop.ini Object is locked skipped
E:\System Volume Information\Folder.htt Object is locked skipped
E:\System Volume Information\protect.chinese hong kong Object is locked skipped
E:\System Volume Information\protect.chinese simplified Object is locked skipped
E:\System Volume Information\protect.chinese traditional Object is locked skipped
E:\System Volume Information\protect.czech Object is locked skipped
E:\System Volume Information\protect.danish Object is locked skipped
E:\System Volume Information\protect.dutch Object is locked skipped
E:\System Volume Information\Protect.ed Object is locked skipped
E:\System Volume Information\protect.english Object is locked skipped
E:\System Volume Information\protect.finnish Object is locked skipped
E:\System Volume Information\protect.french Object is locked skipped
E:\System Volume Information\protect.german Object is locked skipped
E:\System Volume Information\protect.greek Object is locked skipped
E:\System Volume Information\protect.hebrew Object is locked skipped
E:\System Volume Information\protect.hungarian Object is locked skipped
E:\System Volume Information\protect.italian Object is locked skipped
E:\System Volume Information\protect.japanese Object is locked skipped
E:\System Volume Information\protect.korean Object is locked skipped
E:\System Volume Information\protect.norwegian Object is locked skipped
E:\System Volume Information\protect.polish Object is locked skipped
E:\System Volume Information\protect.portuguese Object is locked skipped
E:\System Volume Information\protect.portuguese brazilian Object is locked skipped
E:\System Volume Information\protect.russian Object is locked skipped
E:\System Volume Information\protect.spanish Object is locked skipped
E:\System Volume Information\protect.swedish Object is locked skipped
E:\System Volume Information\protect.turkish Object is locked skipped
Scan process completed.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:45:05 πμ, on 4/6/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\- PC Health\Panda\PskSvc.exe
C:\- PC Health\Panda\pavsrvx86.exe
C:\- PC Health\Panda\AVENGINE.EXE
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\ZoneLabs\vsmon.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\- PC Health\Panda\PsCtrls.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Windows\system32\svchost.exe
C:\- PC Health\Panda\PsImSvc.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\- PC Health\Spyware Terminator\sp_rsser.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\- PC Health\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\- PC Health\Spyware Terminator\SpywareTerminatorShield.Exe
C:\Windows\System32\rundll32.exe
C:\- PC Health\Panda\ApVxdWin.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\- PC Health\ZoneAlarm\zlclient.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\SAGEM\OTEnet-SAGEM Fast 800\dslmon.exe
C:\- Other Programs\Logitech\SetPoint\SetPoint.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\- PC Health\Panda\WebProxy.exe
C:\Windows\system32\wbem\unsecapp.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\conime.exe
C:\- Multimedia\K-Lite Codec Pack\Media Player Classic\mplayerc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Orestes\Desktop\hijack\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=el_gr&c=81&bd=Pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=el_gr&c=81&bd=Pavilion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\-PCHEA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Βοηθός εισόδου του Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SpywareTerminator] "C:\- PC Health\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [APVXDWIN] "C:\- PC Health\Panda\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\- PC Health\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\- Multimedia\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\- Other Programs\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&ξαγωγή στο Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\-PCHEA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\-PCHEA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{723EBC6A-4630-40E8-B3D5-B67C30C81478}: NameServer = 195.251.25.60 194.177.210.211
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\- PC Health\Panda\PsCtrls.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\- PC Health\Panda\pavsrvx86.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\- PC Health\Panda\PsImSvc.exe
O23 - Service: Panda PSK service (PskSvcRetail) - Panda Software International - C:\- PC Health\Panda\PskSvc.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\- PC Health\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\- PC Health\Spyware Terminator\sp_rsser.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
--
End of file - 13055 bytes
Thanks a lot for all your help so far! :)
Hi
Please click this link-->Jotti (http://virusscan.jotti.org/)
Copy/paste the first file on the list into the white Upload a file box and click Submit/Send (depends on which one you are using Jotti or VirusTotal).
C:\Program Files\HP\QuickPlay\Kernel\Partner\libcurl.dll
Repeat steps for all files on the list.
Please post back the results of the scan in your next post.
If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/
Hello. I didn't really understand the meaning of the 'list' of files to be scanned, but as you indicated libcurl.dll, I scanned the other two files that are marked as infected in the Kaspersky report. (Although the last one -brjxvdxk.dll- is supposed to be moved/quarantined by OTMoveIt)...
Here you are:
-------------
File: libcurl.dll
Status: INFECTED/MALWARE
MD5: b37ddbcc5d9b0e1f288211e5f0b027fd
Packers detected: -
Scanner results
A-Squared Found nothing
AntiVir Found TR/Agent.qwt
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found Agent.WDC
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found Virus.Trojan.Win32.Agent.qwt
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found Mal/Generic-A
VirusBuster Found nothing
VBA32 Found nothing
File: mirc.exe_
Status: INFECTED/MALWARE
MD5: e72425de3cb77a4ddff9289f728017b4
Packers detected: -
Scanner results
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found Riskware.Client-irc.Mirc.631
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found PUA.IRC-Client.mIRC-34
CPsecure Found Client-IRC.W32.mIRC.631
Dr.Web Found Program.mIRC.623
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found not-a-virus:Client-IRC.Win32.mIRC.631 (6, 2, 601)
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found not-a-virus:Client-IRC.Win32.mIRC.631
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing
File: brjxvdxk.dll_
Status: INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5: 4c9ac269f1965ef765facde771c16695
Packers detected: -
Scanner results
A-Squared Found nothing
AntiVir Found ADSPY/Virtumonde.trz
ArcaVir Found Adware.Virtumonde.Vjr
Avast Found Win32:Vundo@dll
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found Trojan.Vundo-3260
CPsecure Found nothing
Dr.Web Found Trojan.Virtumod.412
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found not-a-virus:AdWare.Win32.Virtumonde.vjr (4, 1, 400)
Fortinet Found nothing
Ikarus Found Virus.Win32.Vundo@dll
Kaspersky Anti-Virus Found not-a-virus:AdWare.Win32.Virtumonde.vjr
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found Troj/Virtum-Gen
VirusBuster Found nothing
VBA32 Found AdWare.Win32.Virtumonde.vjr
Hi
Please delete this:
C:\Program Files\HP\QuickPlay\Kernel\Partner\libcurl.dll
And empty this folder:
C:\_OTMoveIt\MovedFiles\
Empty Recycle Bin.
Still problems?
No, no problems whatsoever. Sometimes, when trying to open a webpage it just won't open (and some of those times I get a message "Connection timed out" or something like that), a phenomenon which started along with my infection with Virtumonde. I don't really think it's relevant, and only time can tell if it'll continue to bug me or if it'll stop...
All in all, thanx for your attention and your help.
Really appreciated it! :)
Hi
You can test a bit and report back :)
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.
Note: If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than five days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.