TN-Sama
2008-10-02, 22:51
The last 2-3 days i've been facing this seveer problem with the viruses/malware i specify on the topic and some other ones that didn't seem that critical(to me at least).
I've read some other threads that seemed to refer to my problem and decided to follow the 1st step/reply indicated on this thread: http://forums.spybot.info/showthread.php?t=34589.
After that i've decided not to take any further action on my own and instead post the following:
MBAM Log:
Malwarebytes' Anti-Malware 1.28
Database version: 1225
Windows 5.1.2600 Service Pack 1
2/10/2008 11:10:44 μμ
mbam-log-2008-10-02 (23-10-44).txt
Scan type: Full Scan (A:\|C:\|F:\|)
Objects scanned: 133431
Time elapsed: 1 hour(s), 31 minute(s), 48 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 5
Registry Values Infected: 9
Registry Data Items Infected: 3
Folders Infected: 12
Files Infected: 34
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\WINDOWS\system32\geBtSIyV.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\ckvo1.dll (Trojan.Agent) -> Delete on reboot.
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e29275d3-7854-41ec-84ef-72c439518b29} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\gebtsiyv (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{e29275d3-7854-41ec-84ef-72c439518b29} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kamsoft (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{e29275d3-7854-41ec-84ef-72c439518b29} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smrhctnqj0e5ct (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\rhctnqj0e5ct (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphcpnqj0e5ct (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
C:\Documents and Settings\Stelios1\Application Data\Microsoft\dtsc (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stelios1\Application Data\rhctnqj0e5ct (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stelios1\Application Data\rhctnqj0e5ct\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stelios1\Application Data\rhctnqj0e5ct\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stelios1\Application Data\rhctnqj0e5ct\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stelios1\Application Data\rhctnqj0e5ct\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stelios1\Application Data\rhctnqj0e5ct\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stelios1\Application Data\rhctnqj0e5ct\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stelios1\Application Data\rhctnqj0e5ct\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stelios1\Application Data\rhctnqj0e5ct\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stelios1\Application Data\rhctnqj0e5ct\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stelios1\Application Data\rhctnqj0e5ct\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.
Files Infected:
C:\WINDOWS\system32\geBtSIyV.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\ckvo.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\6x8be16.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\83l3v.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Program Files\WinRAR\Default.SFX (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stelios1\Local Settings\Temporary Internet files\Content.IE5\HAK9TCN9\help[1].exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stelios1\Application Data\Microsoft\dtsc\s (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stelios1\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\9yqusig.bat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\b0j6j16.bat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\00hoeav.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ckvo0.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ckvo1.dll (Trojan.Agent) -> Delete on reboot.
C:\otyh.cmd (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\amvo.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\amvo2.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\Setup.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\blphcpnqj0e5ct.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lphcpnqj0e5ct.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\phcpnqj0e5ct.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pphcpnqj0e5ct.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stelios1\Local Settings\Temp\.tt3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stelios1\Local Settings\Temp\.tt4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stelios1\Local Settings\Temp\.tt5.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stelios1\Local Settings\Temp\.tt6.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stelios1\Local Settings\Temp\.tt7.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stelios1\Local Settings\Temp\.ttC.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stelios1\Local Settings\Temp\.ttE.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stelios1\Local Settings\Temp\.ttF.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stelios1\Local Settings\Temp\.tt3.tmp.vbs (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stelios1\Local Settings\Temp\.tt4.tmp.vbs (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stelios1\Local Settings\Temp\.tt5.tmp.vbs (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stelios1\Local Settings\Temp\.tt6.tmp.vbs (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stelios1\Local Settings\Temp\.tt7.tmp.vbs (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Log.txt
Logfile of random's system information tool 1.04 (written by random/random)
Run by Stelios1 at 2008-10-02 23:38:34
Microsoft Windows XP Professional Service Pack 1
System drive C: has 3 GB (8%) free of 38 GB
Total RAM: 2047 MB (71% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:39:52 μμ, on 2/10/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\WINDOWS\system32\cisvc.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Stelios1\Επιφάνεια εργασίας\RSIT.exe
C:\Program Files\trend micro\Stelios1.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://greek.toggle.com/el/index.php?rvs=hompag&d=79919192
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Συνδέσεις
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Ραδιόφωνο - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [pviever] "C:\Program Files\Gay-Lesbian-Photo\Gay-Lesbian-Photo.exe" hide
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [Recordpad] "C:\Program Files\NCH Swift Sound\Recordpad\recordpad.exe" -logon
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Γρήγορη εκκίνηση HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Ε&ξαγωγή στο Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
--
End of file - 8354 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-23 63136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 322368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]
FDMIECookiesBHO Class - C:\Program Files\Free Download Manager\iefdm2.dll [2008-06-18 94208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BA52B914-B692-46c4-B683-905236F6F655} - McAfee VirusScan - c:\progra~1\mcafee.com\vso\mcvsshl.dll [2005-07-01 114688]
{8E718888-423F-11D2-876E-00A0C9082467} - &Ραδιόφωνο - C:\WINDOWS\System32\msdxm.ocx [2002-09-24 848924]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MCUpdateExe"=C:\PROGRA~1\mcafee.com\agent\McUpdate.exe [2006-01-11 212992]
"MCAgentExe"=c:\PROGRA~1\mcafee.com\agent\mcagent.exe [2005-09-22 303104]
"VSOCheckTask"=C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe [2005-07-08 151552]
"VirusScan Online"=C:\Program Files\McAfee.com\VSO\mcvsshld.exe [2005-08-10 163840]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"Sony Ericsson PC Suite"=C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2007-01-26 495616]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-07-11 155648]
"pviever"=C:\Program Files\Gay-Lesbian-Photo\Gay-Lesbian-Photo.exe hide []
"OASClnt"=C:\Program Files\McAfee.com\VSO\oasclnt.exe [2005-08-11 53248]
"MPFExe"=C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe [2005-04-05 950272]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2004-02-12 49152]
"HP Component Manager"=C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2004-05-12 241664]
"AudioDeck"=C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe [2007-08-09 528384]
"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [2005-06-06 57344]
"H2O"=C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe [2007-12-11 307200]
"Recordpad"=C:\Program Files\NCH Swift Sound\Recordpad\recordpad.exe -logon []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"=C:\Program Files\MSN Messenger\MsnMsgr.Exe [2007-01-19 5674352]
"CTFMON.EXE"=C:\WINDOWS\System32\ctfmon.exe [2002-09-24 13312]
"Free Download Manager"=C:\Program Files\Free Download Manager\fdm.exe [2008-05-20 2474031]
"Orb"=C:\Program Files\Winamp Remote\bin\OrbTray.exe [2008-04-01 507904]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2005-08-18 307200]
C:\Documents and Settings\All Users\Start Menu\Προγράμματα\Εκκίνηση
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Γρήγορη εκκίνηση HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-11-02 122880]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispScrSavPage"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======List of files/folders created in the last 1 months======
2008-10-02 23:38:35 ----D---- C:\Program Files\trend micro
2008-10-02 23:38:34 ----D---- C:\rsit
2008-10-02 23:23:20 ----D---- C:\Avenger
2008-10-02 21:34:31 ----D---- C:\Documents and Settings\Stelios1\Application Data\Malwarebytes
2008-10-02 21:34:17 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-02 21:34:17 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-02 14:02:28 ----RSH---- C:\yew.bat
2008-09-27 12:26:55 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-09-27 12:26:55 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-27 11:57:51 ----RSH---- C:\wjlfhtfm.cmd
2008-09-26 21:49:45 ----A---- C:\WINDOWS\System32\3CA.tmp
2008-09-24 12:51:29 ----D---- C:\Downloads
2008-09-24 12:40:23 ----RSH---- C:\0u.cmd
2008-09-24 10:54:27 ----RSH---- C:\rdsfk.com
2008-09-21 16:34:03 ----RSH---- C:\xk2n.bat
2008-09-13 08:19:43 ----RSH---- C:\vxl.exe
2008-09-10 11:49:41 ----RSH---- C:\s.bat
2008-09-09 01:16:37 ----RSH---- C:\jdhc2x2.com
2008-09-09 01:16:21 ----RSH---- C:\1t6yxlxx.cmd
2008-09-04 18:48:04 ----D---- C:\Program Files\Combined Community Codec Pack
2008-09-04 18:13:20 ----D---- C:\Documents and Settings\Stelios1\Application Data\Media Player Classic
2008-09-04 18:06:30 ----D---- C:\Documents and Settings\All Users\Application Data\OrbNetworks
2008-09-04 18:06:12 ----D---- C:\Program Files\Winamp Remote
2008-09-04 18:04:50 ----D---- C:\Documents and Settings\Stelios1\Application Data\Winamp
2008-09-04 16:37:14 ----D---- C:\WINDOWS\Minidump
2008-09-04 08:28:40 ----RSH---- C:\ov.cmd
======List of files/folders modified in the last 1 months======
2008-10-02 23:39:43 ----D---- C:\Documents and Settings\Stelios1\Application Data\Free Download Manager
2008-10-02 23:38:41 ----D---- C:\WINDOWS\Prefetch
2008-10-02 23:38:35 ----D---- C:\Program Files
2008-10-02 23:27:28 ----D---- C:\Program Files\Mozilla Firefox
2008-10-02 23:25:41 ----D---- C:\WINDOWS\Temp
2008-10-02 23:25:22 ----D---- C:\WINDOWS
2008-10-02 23:24:31 ----D---- C:\WINDOWS\Debug
2008-10-02 23:23:21 ----D---- C:\WINDOWS\system32
2008-10-02 23:23:20 ----D---- C:\WINDOWS\System32\drivers
2008-10-02 23:22:48 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-02 23:10:44 ----SD---- C:\Documents and Settings\Stelios1\Application Data\Microsoft
2008-10-02 23:10:43 ----RSD---- C:\WINDOWS\Fonts
2008-10-02 20:56:14 ----D---- C:\WINDOWS\System32\Restore
2008-10-02 20:56:13 ----SHD---- C:\System Volume Information
2008-10-01 21:47:06 ----D---- C:\Documents and Settings\Stelios1\Application Data\uTorrent
2008-10-01 21:15:04 ----A---- C:\WINDOWS\wininit.ini
2008-09-27 11:58:34 ----D---- C:\Documents and Settings\Stelios1\Application Data\LimeWire
2008-09-27 11:58:34 ----D---- C:\Documents and Settings\Stelios1\Application Data\FrostWire
2008-09-26 21:42:59 ----D---- C:\WINDOWS\System32\CatRoot2
2008-09-19 10:02:49 ----D---- C:\Documents and Settings\Stelios1\Application Data\AdobeUM
2008-09-13 08:44:15 ----D---- C:\Documents and Settings\Stelios1\Application Data\MSN6
2008-09-13 06:34:49 ----D---- C:\WINDOWS\System32\config
2008-09-04 18:07:07 ----D---- C:\Program Files\Winamp
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 MPFIREWL;MPFIREWL; C:\WINDOWS\System32\Drivers\MpFirewall.sys [2005-04-05 67584]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2006-08-22 1723904]
R3 CLEDX;Team H2O CLEDX service; C:\WINDOWS\System32\DRIVERS\cledx.sys [2005-05-09 33792]
R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [2001-08-17 27165]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [2004-03-21 51088]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [2004-03-21 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [2004-03-21 21744]
R3 ms_mpu401;Πρόγραμμα οδήγησης Microsoft MPU-401 MIDI UART; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 NaiAvFilter1;NaiAvFilter1; C:\WINDOWS\system32\drivers\naiavf5x.sys [2005-08-10 114464]
R3 NCHSSVAD;SoundTap Recorder; C:\WINDOWS\system32\drivers\nchssvad.sys [2007-10-04 23616]
R3 usbccgp;Γενικό γονικό πρόγραμμα οδήγησης USB της Microsoft; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2003-07-03 28160]
R3 usbehci;Πρόγραμμα οδήγησης USB 2.0-προηγμένου κεντρικού ελεγκτή Miniport της Microsoft; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2003-07-03 25216]
R3 usbhub;Διανομέας με δυνατότητα USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2003-07-03 53120]
R3 usbprint;Κλάση εκτυπωτών Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2002-08-29 24960]
R3 usbscan;Πρόγραμμα οδήγησης σαρωτή USB; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2002-08-29 14208]
R3 USBSTOR;Πρόγραμμα οδήγησης μαζικής αποθήκευσης USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2002-08-29 21760]
R3 usbuhci;Πρόγραμμα οδήγησης Miniport ενιαίου κεντρικού ελεγκτή Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2003-07-03 19328]
R3 VIAudio;Vinyl AC'97 Audio Controller (WDM); C:\WINDOWS\system32\drivers\vinyl97.sys [2007-06-27 207488]
R3 zebrceb;Sony Ericsson Cable Emulation Bus (WDM); C:\WINDOWS\System32\DRIVERS\zebrceb.sys [2008-01-15 63360]
S3 Bridge;Γέφυρα MAC; C:\WINDOWS\System32\DRIVERS\bridge.sys [2002-08-29 68864]
S3 BridgeMP;Γέφυρα MAC Miniport; C:\WINDOWS\System32\DRIVERS\bridge.sys [2002-08-29 68864]
S3 HidUsb;Πρόγραμμα οδήγησης HID της Microsoft; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 k750bus;Sony Ericsson 750 driver (WDM); C:\WINDOWS\System32\DRIVERS\k750bus.sys [2006-03-13 55216]
S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter; C:\WINDOWS\System32\DRIVERS\k750mdfl.sys [2006-03-13 6576]
S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers; C:\WINDOWS\System32\DRIVERS\k750mdm.sys [2006-03-13 89872]
S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers; C:\WINDOWS\System32\DRIVERS\k750mgmt.sys [2006-03-13 81728]
S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers; C:\WINDOWS\System32\DRIVERS\k750obex.sys [2006-03-13 79488]
S3 lgmcbus;LGE Mobile driver (WDM); C:\WINDOWS\System32\DRIVERS\lgmcbus.sys []
S3 mouhid;Πρόγραμμα οδήγησης ποντικιού HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-11-27 12288]
S3 S3Psddr;S3Psddr; C:\WINDOWS\System32\DRIVERS\s3gnbm.sys [2003-03-13 166528]
S3 sea1bus;Sony Ericsson Device 0A1 driver (WDM); C:\WINDOWS\System32\DRIVERS\sea1bus.sys [2007-02-08 61536]
S3 sea1mdfl;Sony Ericsson Device 0A1 USB WMC Modem Filter; C:\WINDOWS\System32\DRIVERS\sea1mdfl.sys [2007-02-08 9360]
S3 sea1mdm;Sony Ericsson Device 0A1 USB WMC Modem Driver; C:\WINDOWS\System32\DRIVERS\sea1mdm.sys [2007-02-08 97088]
S3 sea1mgmt;Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM); C:\WINDOWS\System32\DRIVERS\sea1mgmt.sys [2007-02-08 88624]
S3 sea1nd5;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS); C:\WINDOWS\System32\DRIVERS\sea1nd5.sys [2007-02-08 18704]
S3 sea1obex;Sony Ericsson Device 0A1 USB WMC OBEX Interface; C:\WINDOWS\System32\DRIVERS\sea1obex.sys [2007-02-08 86432]
S3 sea1unic;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM); C:\WINDOWS\System32\DRIVERS\sea1unic.sys [2007-02-08 90800]
S3 USB_RNDIS;TI Remote NDIS USB Network Device Driver; C:\WINDOWS\System32\DRIVERS\usb8023.sys [2001-11-27 11136]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]
S3 zebrbus;Sony Ericsson Composite Device driver; C:\WINDOWS\System32\DRIVERS\zebrbus.sys [2008-01-15 83200]
S3 zebrmdfl;Sony Ericsson Modem Filter; C:\WINDOWS\System32\DRIVERS\zebrmdfl.sys [2008-01-15 14848]
S3 zebrmdm;Sony Ericsson Modem Driver; C:\WINDOWS\System32\DRIVERS\zebrmdm.sys [2008-01-15 109568]
S3 zebrmdmc;Sony Ericsson mRouter Port (WDM); C:\WINDOWS\System32\DRIVERS\zebrmdmc.sys [2008-01-15 109568]
S3 zebrsce;Sony Ericsson PC-Connect Port; C:\WINDOWS\System32\DRIVERS\zebrsce.sys [2008-01-15 91264]
S4 IntelIde;IntelIde; C:\WINDOWS\System32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 aawservice;Ad-Aware 2007 Service; C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe [2008-03-19 607576]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [2006-08-22 413696]
R2 McDetect.exe;McAfee WSC Integration; c:\program files\mcafee.com\agent\mcdetect.exe [2005-10-13 126976]
R2 McShield;McAfee.com McShield; c:\PROGRA~1\mcafee.com\vso\mcshield.exe [2005-08-10 221184]
R2 McTskshd.exe;McAfee Task Scheduler; c:\PROGRA~1\mcafee.com\agent\mctskshd.exe [2005-08-24 122368]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 MpfService;McAfee Personal Firewall Service; C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe [2005-04-05 552960]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\System32\wdfmgr.exe [2005-01-28 38912]
R3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\HPZipm12.exe [2004-03-18 65536]
R3 usnjsvc;Υπηρεσία ανάγνωσης χρονικού USN κοινόχρηστων φακέλων του Messenger; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-08-22 520192]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 mcupdmgr.exe;McAfee SecurityCenter Update Manager; C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe [2005-07-01 245760]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
-----------------EOF-----------------
[U]Info.txt
info.txt logfile of random's system information tool 1.04 2008-10-02 23:40:01
======Uninstall list======
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware 2007-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\System32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Flash Player Plugin-->C:\WINDOWS\System32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.5-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70500000002}
Adobe Shockwave Player 11-->C:\WINDOWS\System32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\System32\Adobe\SHOCKW~1\Install.log
Adobe® Photoshop® Album Starter Edition 3.0-->MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
ATI - Βοηθητικό πρόγραμμα απεγκατάστασης λογισμικού-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
ATI Display Driver-->rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI HYDRAVISION-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}\setup.exe"
ATI Parental Control & Encoder-->MsiExec.exe /I{36CDA33B-909B-4719-97D1-C4B99309BDC7}
AVIConverter 5.1.0-->C:\Program Files\AVIConverter\uninst.exe
AVIVO Codecs-->MsiExec.exe /X{C941F1F1-25B3-4DF5-83E6-888C51A1AAB6}
Azureus Vuze-->C:\Program Files\Azureus\uninstall.exe
Blaze Media Pro-->"C:\Documents and Settings\All Users\Application Data\{CFAB4006-0AE0-414D-866A-DCB2C46553CF}\setup_blazemp.exe" REMOVE=TRUE MODIFY=FALSE
Combined Community Codec Pack 2008-01-24-->"C:\Program Files\Combined Community Codec Pack\unins000.exe"
Disc2Phone-->MsiExec.exe /I{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}
EVEREST Home Edition v2.20-->"C:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe"
Express Burn-->C:\Program Files\NCH Swift Sound\ExpressBurn\uninst.exe
Express Rip-->C:\Program Files\NCH Swift Sound\ExpressRip\uninst.exe
Free Download Manager 2.5-->"C:\Program Files\Free Download Manager\unins000.exe"
GIMP 2.4.6-->"C:\Program Files\GIMP-2.0\setup\unins000.exe"
Golden Records-->C:\Program Files\NCH Swift Sound\Golden\uninst.exe
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
HP Image Zone 4.2-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP PSC & OfficeJet 4.2-->"C:\Program Files\HP\Digital Imaging\{A1062847-0846-427A-92A1-BB8251A91E91}\setup\hpzscr01.exe" -datfile hposcr04.dat
HP Software Update-->MsiExec.exe /X{457791C5-D702-4143-A7B2-2744BE9573F2}
LEGEA CATALOG 2008 1.0-->C:\Program Files\LEGEA CATALOG 2008\uninst.exe
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee Personal Firewall Plus-->C:\PROGRA~1\McAfee.com\PERSON~1\MpfUninstall.exe
McAfee SecurityCenter-->c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /appid=msc /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\screm.ui::uninstall.htm
McAfee VirusScan-->c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /appid=vso /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\vsoremui.dll::uninstall.htm
Microsoft .NET Framework 1.1 Greek Language Pack-->MsiExec.exe /X{3D9E9EB7-B14F-4AE4-8C1F-1AD4CF3093BE}
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110408-6000-11D3-8CFE-0150048383C9}
Microsoft Office Visio Professional 2003-->MsiExec.exe /I{90510409-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mozilla Firefox (3.0.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
Prism-->C:\Program Files\NCH Software\Prism\uninst.exe
ProSavageDDR and Utilities-->C:\PROGRA~1\S3\P4M266\s3setvga.exe -s -fC:\PROGRA~1\S3\P4M266\P4M266.uns
QuickTime-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083} /l1033
Recordpad-->C:\Program Files\NCH Swift Sound\Recordpad\uninst.exe
Roland Garros 1999-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Roland Garros\Uninst.isu"
S3Display-->s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Display'
S3Gamma2-->s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Gamma2'
S3Overlay-->s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Overlay'
Slice Uninstall-->C:\Program Files\NCH Swift Sound\Slice\uninst.exe
SmartFTP Client 2.5 Setup Files (remove only)-->C:\Program Files\SmartFTP Client 2.5 Setup Files\uninst-sftp.exe
SmartFTP Client-->MsiExec.exe /I{C169D3BB-9A27-43F5-9979-09A0D65FE95C}
Sony Ericsson PC Suite-->MsiExec.exe /I{668B2B3A-4241-409F-A4AE-79B5016A487E}
Sony Ericsson Symbian 9 Drivers-->C:\Program Files\Sony Ericsson\Sony Ericsson Symbian 9 Drivers\ZEBRUninstall.exe
SoulSeek 157 NS 13c-->"C:\Program Files\SoulseekNS\uninstall.exe"
SoulSeek Client 156c-->"C:\Program Files\Soulseek\uninstall.exe"
SoundTap-->C:\Program Files\NCH Swift Sound\SoundTap\uninst.exe
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Steinberg Nuendo v3.2.0.1128-->C:\PROGRA~1\STEINB~1\NUENDO~1\UNWISE.EXE C:\PROGRA~1\STEINB~1\NUENDO~1\INSTALL.LOG
Super Mp3 Converter 4.0-->"C:\Program Files\Admiresoft\Super Mp3 Converter\unins000.exe"
Switch-->C:\Program Files\NCH Swift Sound\Switch\uninst.exe
SyncroSoft Emu (Remove only)-->C:\Program Files\SyncroSoft\Pos\H2O\Uninst.exe
Syncrosoft's License Control-->C:\PROGRA~1\SYNCRO~1\UNWISE.EXE C:\PROGRA~1\SYNCRO~1\INSTALL.LOG
TotalImageConverter-->"C:\Program Files\TotalImageConverter\unins000.exe"
USB Remote NDIS Network Device-->C:\Program Files\InstallShield Installation Information\{7F628837-063A-4391-8B6E-9D9E21A7CE2D}\setup.exe -runfromtemp -l0x0409
VIA Audio Driver Setup Program-->RunDll32.exe UnAudioNT.dll,UninstallAudio C:\WINDOWS\IsUninst.exe -f"C:\PROGRA~1\VIATEC~1\VIAAUD~1/Uninst.isu"
VIA Διαχειριστής Συσκευών Πλατφόρμας-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
VideoLAN VLC media player 0.8.6i-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Winamp Remote-->"C:\Program Files\Winamp Remote\uninstall.exe"
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Installer 3.0 (KB884016)-->C:\WINDOWS\$MSI30UninstallMSI30-KB884016$\spuninst\spuninst.exe
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Live Messenger-->MsiExec.exe /I{39CD7D93-BF66-4B8F-9A9C-560A1F939A0E}
Windows Live Sign-in Assistant-->MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
WinRAR 3.70 – Εφαρμογή Διαχείρισης Συμπιεσμένων Αρχείων-->C:\Program Files\WinRAR\uninstall.exe
Άμεση επιδιόρθωση για Windows XP - KB822603-->C:\WINDOWS\$NtUninstallKB822603$\spuninst\spuninst.exe
======Hosts File======
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Teleca Shared;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0209
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip
-----------------EOF-----------------
I hope that can help you come up with a conclusion to the problem i am facing.
P.S. SpyBot's Teatimer was (during the processes) and still is deactivated
I've read some other threads that seemed to refer to my problem and decided to follow the 1st step/reply indicated on this thread: http://forums.spybot.info/showthread.php?t=34589.
After that i've decided not to take any further action on my own and instead post the following:
MBAM Log:
Malwarebytes' Anti-Malware 1.28
Database version: 1225
Windows 5.1.2600 Service Pack 1
2/10/2008 11:10:44 μμ
mbam-log-2008-10-02 (23-10-44).txt
Scan type: Full Scan (A:\|C:\|F:\|)
Objects scanned: 133431
Time elapsed: 1 hour(s), 31 minute(s), 48 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 5
Registry Values Infected: 9
Registry Data Items Infected: 3
Folders Infected: 12
Files Infected: 34
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\WINDOWS\system32\geBtSIyV.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\ckvo1.dll (Trojan.Agent) -> Delete on reboot.
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e29275d3-7854-41ec-84ef-72c439518b29} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\gebtsiyv (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{e29275d3-7854-41ec-84ef-72c439518b29} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kamsoft (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{e29275d3-7854-41ec-84ef-72c439518b29} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smrhctnqj0e5ct (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\rhctnqj0e5ct (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphcpnqj0e5ct (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
C:\Documents and Settings\Stelios1\Application Data\Microsoft\dtsc (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stelios1\Application Data\rhctnqj0e5ct (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stelios1\Application Data\rhctnqj0e5ct\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stelios1\Application Data\rhctnqj0e5ct\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stelios1\Application Data\rhctnqj0e5ct\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stelios1\Application Data\rhctnqj0e5ct\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stelios1\Application Data\rhctnqj0e5ct\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stelios1\Application Data\rhctnqj0e5ct\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stelios1\Application Data\rhctnqj0e5ct\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stelios1\Application Data\rhctnqj0e5ct\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stelios1\Application Data\rhctnqj0e5ct\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stelios1\Application Data\rhctnqj0e5ct\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.
Files Infected:
C:\WINDOWS\system32\geBtSIyV.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\ckvo.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\6x8be16.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\83l3v.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Program Files\WinRAR\Default.SFX (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stelios1\Local Settings\Temporary Internet files\Content.IE5\HAK9TCN9\help[1].exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stelios1\Application Data\Microsoft\dtsc\s (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stelios1\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\9yqusig.bat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\b0j6j16.bat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\00hoeav.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ckvo0.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ckvo1.dll (Trojan.Agent) -> Delete on reboot.
C:\otyh.cmd (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\amvo.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\amvo2.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\Setup.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\blphcpnqj0e5ct.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lphcpnqj0e5ct.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\phcpnqj0e5ct.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pphcpnqj0e5ct.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stelios1\Local Settings\Temp\.tt3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stelios1\Local Settings\Temp\.tt4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stelios1\Local Settings\Temp\.tt5.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stelios1\Local Settings\Temp\.tt6.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stelios1\Local Settings\Temp\.tt7.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stelios1\Local Settings\Temp\.ttC.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stelios1\Local Settings\Temp\.ttE.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stelios1\Local Settings\Temp\.ttF.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stelios1\Local Settings\Temp\.tt3.tmp.vbs (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stelios1\Local Settings\Temp\.tt4.tmp.vbs (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stelios1\Local Settings\Temp\.tt5.tmp.vbs (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stelios1\Local Settings\Temp\.tt6.tmp.vbs (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stelios1\Local Settings\Temp\.tt7.tmp.vbs (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Log.txt
Logfile of random's system information tool 1.04 (written by random/random)
Run by Stelios1 at 2008-10-02 23:38:34
Microsoft Windows XP Professional Service Pack 1
System drive C: has 3 GB (8%) free of 38 GB
Total RAM: 2047 MB (71% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:39:52 μμ, on 2/10/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\WINDOWS\system32\cisvc.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Stelios1\Επιφάνεια εργασίας\RSIT.exe
C:\Program Files\trend micro\Stelios1.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://greek.toggle.com/el/index.php?rvs=hompag&d=79919192
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Συνδέσεις
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Ραδιόφωνο - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [pviever] "C:\Program Files\Gay-Lesbian-Photo\Gay-Lesbian-Photo.exe" hide
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [Recordpad] "C:\Program Files\NCH Swift Sound\Recordpad\recordpad.exe" -logon
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Γρήγορη εκκίνηση HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Ε&ξαγωγή στο Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
--
End of file - 8354 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-23 63136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 322368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]
FDMIECookiesBHO Class - C:\Program Files\Free Download Manager\iefdm2.dll [2008-06-18 94208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BA52B914-B692-46c4-B683-905236F6F655} - McAfee VirusScan - c:\progra~1\mcafee.com\vso\mcvsshl.dll [2005-07-01 114688]
{8E718888-423F-11D2-876E-00A0C9082467} - &Ραδιόφωνο - C:\WINDOWS\System32\msdxm.ocx [2002-09-24 848924]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MCUpdateExe"=C:\PROGRA~1\mcafee.com\agent\McUpdate.exe [2006-01-11 212992]
"MCAgentExe"=c:\PROGRA~1\mcafee.com\agent\mcagent.exe [2005-09-22 303104]
"VSOCheckTask"=C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe [2005-07-08 151552]
"VirusScan Online"=C:\Program Files\McAfee.com\VSO\mcvsshld.exe [2005-08-10 163840]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"Sony Ericsson PC Suite"=C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2007-01-26 495616]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-07-11 155648]
"pviever"=C:\Program Files\Gay-Lesbian-Photo\Gay-Lesbian-Photo.exe hide []
"OASClnt"=C:\Program Files\McAfee.com\VSO\oasclnt.exe [2005-08-11 53248]
"MPFExe"=C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe [2005-04-05 950272]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2004-02-12 49152]
"HP Component Manager"=C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2004-05-12 241664]
"AudioDeck"=C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe [2007-08-09 528384]
"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [2005-06-06 57344]
"H2O"=C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe [2007-12-11 307200]
"Recordpad"=C:\Program Files\NCH Swift Sound\Recordpad\recordpad.exe -logon []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"=C:\Program Files\MSN Messenger\MsnMsgr.Exe [2007-01-19 5674352]
"CTFMON.EXE"=C:\WINDOWS\System32\ctfmon.exe [2002-09-24 13312]
"Free Download Manager"=C:\Program Files\Free Download Manager\fdm.exe [2008-05-20 2474031]
"Orb"=C:\Program Files\Winamp Remote\bin\OrbTray.exe [2008-04-01 507904]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2005-08-18 307200]
C:\Documents and Settings\All Users\Start Menu\Προγράμματα\Εκκίνηση
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Γρήγορη εκκίνηση HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-11-02 122880]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispScrSavPage"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======List of files/folders created in the last 1 months======
2008-10-02 23:38:35 ----D---- C:\Program Files\trend micro
2008-10-02 23:38:34 ----D---- C:\rsit
2008-10-02 23:23:20 ----D---- C:\Avenger
2008-10-02 21:34:31 ----D---- C:\Documents and Settings\Stelios1\Application Data\Malwarebytes
2008-10-02 21:34:17 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-02 21:34:17 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-02 14:02:28 ----RSH---- C:\yew.bat
2008-09-27 12:26:55 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-09-27 12:26:55 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-27 11:57:51 ----RSH---- C:\wjlfhtfm.cmd
2008-09-26 21:49:45 ----A---- C:\WINDOWS\System32\3CA.tmp
2008-09-24 12:51:29 ----D---- C:\Downloads
2008-09-24 12:40:23 ----RSH---- C:\0u.cmd
2008-09-24 10:54:27 ----RSH---- C:\rdsfk.com
2008-09-21 16:34:03 ----RSH---- C:\xk2n.bat
2008-09-13 08:19:43 ----RSH---- C:\vxl.exe
2008-09-10 11:49:41 ----RSH---- C:\s.bat
2008-09-09 01:16:37 ----RSH---- C:\jdhc2x2.com
2008-09-09 01:16:21 ----RSH---- C:\1t6yxlxx.cmd
2008-09-04 18:48:04 ----D---- C:\Program Files\Combined Community Codec Pack
2008-09-04 18:13:20 ----D---- C:\Documents and Settings\Stelios1\Application Data\Media Player Classic
2008-09-04 18:06:30 ----D---- C:\Documents and Settings\All Users\Application Data\OrbNetworks
2008-09-04 18:06:12 ----D---- C:\Program Files\Winamp Remote
2008-09-04 18:04:50 ----D---- C:\Documents and Settings\Stelios1\Application Data\Winamp
2008-09-04 16:37:14 ----D---- C:\WINDOWS\Minidump
2008-09-04 08:28:40 ----RSH---- C:\ov.cmd
======List of files/folders modified in the last 1 months======
2008-10-02 23:39:43 ----D---- C:\Documents and Settings\Stelios1\Application Data\Free Download Manager
2008-10-02 23:38:41 ----D---- C:\WINDOWS\Prefetch
2008-10-02 23:38:35 ----D---- C:\Program Files
2008-10-02 23:27:28 ----D---- C:\Program Files\Mozilla Firefox
2008-10-02 23:25:41 ----D---- C:\WINDOWS\Temp
2008-10-02 23:25:22 ----D---- C:\WINDOWS
2008-10-02 23:24:31 ----D---- C:\WINDOWS\Debug
2008-10-02 23:23:21 ----D---- C:\WINDOWS\system32
2008-10-02 23:23:20 ----D---- C:\WINDOWS\System32\drivers
2008-10-02 23:22:48 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-02 23:10:44 ----SD---- C:\Documents and Settings\Stelios1\Application Data\Microsoft
2008-10-02 23:10:43 ----RSD---- C:\WINDOWS\Fonts
2008-10-02 20:56:14 ----D---- C:\WINDOWS\System32\Restore
2008-10-02 20:56:13 ----SHD---- C:\System Volume Information
2008-10-01 21:47:06 ----D---- C:\Documents and Settings\Stelios1\Application Data\uTorrent
2008-10-01 21:15:04 ----A---- C:\WINDOWS\wininit.ini
2008-09-27 11:58:34 ----D---- C:\Documents and Settings\Stelios1\Application Data\LimeWire
2008-09-27 11:58:34 ----D---- C:\Documents and Settings\Stelios1\Application Data\FrostWire
2008-09-26 21:42:59 ----D---- C:\WINDOWS\System32\CatRoot2
2008-09-19 10:02:49 ----D---- C:\Documents and Settings\Stelios1\Application Data\AdobeUM
2008-09-13 08:44:15 ----D---- C:\Documents and Settings\Stelios1\Application Data\MSN6
2008-09-13 06:34:49 ----D---- C:\WINDOWS\System32\config
2008-09-04 18:07:07 ----D---- C:\Program Files\Winamp
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 MPFIREWL;MPFIREWL; C:\WINDOWS\System32\Drivers\MpFirewall.sys [2005-04-05 67584]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2006-08-22 1723904]
R3 CLEDX;Team H2O CLEDX service; C:\WINDOWS\System32\DRIVERS\cledx.sys [2005-05-09 33792]
R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [2001-08-17 27165]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [2004-03-21 51088]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [2004-03-21 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [2004-03-21 21744]
R3 ms_mpu401;Πρόγραμμα οδήγησης Microsoft MPU-401 MIDI UART; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 NaiAvFilter1;NaiAvFilter1; C:\WINDOWS\system32\drivers\naiavf5x.sys [2005-08-10 114464]
R3 NCHSSVAD;SoundTap Recorder; C:\WINDOWS\system32\drivers\nchssvad.sys [2007-10-04 23616]
R3 usbccgp;Γενικό γονικό πρόγραμμα οδήγησης USB της Microsoft; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2003-07-03 28160]
R3 usbehci;Πρόγραμμα οδήγησης USB 2.0-προηγμένου κεντρικού ελεγκτή Miniport της Microsoft; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2003-07-03 25216]
R3 usbhub;Διανομέας με δυνατότητα USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2003-07-03 53120]
R3 usbprint;Κλάση εκτυπωτών Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2002-08-29 24960]
R3 usbscan;Πρόγραμμα οδήγησης σαρωτή USB; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2002-08-29 14208]
R3 USBSTOR;Πρόγραμμα οδήγησης μαζικής αποθήκευσης USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2002-08-29 21760]
R3 usbuhci;Πρόγραμμα οδήγησης Miniport ενιαίου κεντρικού ελεγκτή Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2003-07-03 19328]
R3 VIAudio;Vinyl AC'97 Audio Controller (WDM); C:\WINDOWS\system32\drivers\vinyl97.sys [2007-06-27 207488]
R3 zebrceb;Sony Ericsson Cable Emulation Bus (WDM); C:\WINDOWS\System32\DRIVERS\zebrceb.sys [2008-01-15 63360]
S3 Bridge;Γέφυρα MAC; C:\WINDOWS\System32\DRIVERS\bridge.sys [2002-08-29 68864]
S3 BridgeMP;Γέφυρα MAC Miniport; C:\WINDOWS\System32\DRIVERS\bridge.sys [2002-08-29 68864]
S3 HidUsb;Πρόγραμμα οδήγησης HID της Microsoft; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 k750bus;Sony Ericsson 750 driver (WDM); C:\WINDOWS\System32\DRIVERS\k750bus.sys [2006-03-13 55216]
S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter; C:\WINDOWS\System32\DRIVERS\k750mdfl.sys [2006-03-13 6576]
S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers; C:\WINDOWS\System32\DRIVERS\k750mdm.sys [2006-03-13 89872]
S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers; C:\WINDOWS\System32\DRIVERS\k750mgmt.sys [2006-03-13 81728]
S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers; C:\WINDOWS\System32\DRIVERS\k750obex.sys [2006-03-13 79488]
S3 lgmcbus;LGE Mobile driver (WDM); C:\WINDOWS\System32\DRIVERS\lgmcbus.sys []
S3 mouhid;Πρόγραμμα οδήγησης ποντικιού HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-11-27 12288]
S3 S3Psddr;S3Psddr; C:\WINDOWS\System32\DRIVERS\s3gnbm.sys [2003-03-13 166528]
S3 sea1bus;Sony Ericsson Device 0A1 driver (WDM); C:\WINDOWS\System32\DRIVERS\sea1bus.sys [2007-02-08 61536]
S3 sea1mdfl;Sony Ericsson Device 0A1 USB WMC Modem Filter; C:\WINDOWS\System32\DRIVERS\sea1mdfl.sys [2007-02-08 9360]
S3 sea1mdm;Sony Ericsson Device 0A1 USB WMC Modem Driver; C:\WINDOWS\System32\DRIVERS\sea1mdm.sys [2007-02-08 97088]
S3 sea1mgmt;Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM); C:\WINDOWS\System32\DRIVERS\sea1mgmt.sys [2007-02-08 88624]
S3 sea1nd5;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS); C:\WINDOWS\System32\DRIVERS\sea1nd5.sys [2007-02-08 18704]
S3 sea1obex;Sony Ericsson Device 0A1 USB WMC OBEX Interface; C:\WINDOWS\System32\DRIVERS\sea1obex.sys [2007-02-08 86432]
S3 sea1unic;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM); C:\WINDOWS\System32\DRIVERS\sea1unic.sys [2007-02-08 90800]
S3 USB_RNDIS;TI Remote NDIS USB Network Device Driver; C:\WINDOWS\System32\DRIVERS\usb8023.sys [2001-11-27 11136]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]
S3 zebrbus;Sony Ericsson Composite Device driver; C:\WINDOWS\System32\DRIVERS\zebrbus.sys [2008-01-15 83200]
S3 zebrmdfl;Sony Ericsson Modem Filter; C:\WINDOWS\System32\DRIVERS\zebrmdfl.sys [2008-01-15 14848]
S3 zebrmdm;Sony Ericsson Modem Driver; C:\WINDOWS\System32\DRIVERS\zebrmdm.sys [2008-01-15 109568]
S3 zebrmdmc;Sony Ericsson mRouter Port (WDM); C:\WINDOWS\System32\DRIVERS\zebrmdmc.sys [2008-01-15 109568]
S3 zebrsce;Sony Ericsson PC-Connect Port; C:\WINDOWS\System32\DRIVERS\zebrsce.sys [2008-01-15 91264]
S4 IntelIde;IntelIde; C:\WINDOWS\System32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 aawservice;Ad-Aware 2007 Service; C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe [2008-03-19 607576]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [2006-08-22 413696]
R2 McDetect.exe;McAfee WSC Integration; c:\program files\mcafee.com\agent\mcdetect.exe [2005-10-13 126976]
R2 McShield;McAfee.com McShield; c:\PROGRA~1\mcafee.com\vso\mcshield.exe [2005-08-10 221184]
R2 McTskshd.exe;McAfee Task Scheduler; c:\PROGRA~1\mcafee.com\agent\mctskshd.exe [2005-08-24 122368]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 MpfService;McAfee Personal Firewall Service; C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe [2005-04-05 552960]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\System32\wdfmgr.exe [2005-01-28 38912]
R3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\HPZipm12.exe [2004-03-18 65536]
R3 usnjsvc;Υπηρεσία ανάγνωσης χρονικού USN κοινόχρηστων φακέλων του Messenger; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-08-22 520192]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 mcupdmgr.exe;McAfee SecurityCenter Update Manager; C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe [2005-07-01 245760]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
-----------------EOF-----------------
[U]Info.txt
info.txt logfile of random's system information tool 1.04 2008-10-02 23:40:01
======Uninstall list======
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware 2007-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\System32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Flash Player Plugin-->C:\WINDOWS\System32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.5-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70500000002}
Adobe Shockwave Player 11-->C:\WINDOWS\System32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\System32\Adobe\SHOCKW~1\Install.log
Adobe® Photoshop® Album Starter Edition 3.0-->MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
ATI - Βοηθητικό πρόγραμμα απεγκατάστασης λογισμικού-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
ATI Display Driver-->rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI HYDRAVISION-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}\setup.exe"
ATI Parental Control & Encoder-->MsiExec.exe /I{36CDA33B-909B-4719-97D1-C4B99309BDC7}
AVIConverter 5.1.0-->C:\Program Files\AVIConverter\uninst.exe
AVIVO Codecs-->MsiExec.exe /X{C941F1F1-25B3-4DF5-83E6-888C51A1AAB6}
Azureus Vuze-->C:\Program Files\Azureus\uninstall.exe
Blaze Media Pro-->"C:\Documents and Settings\All Users\Application Data\{CFAB4006-0AE0-414D-866A-DCB2C46553CF}\setup_blazemp.exe" REMOVE=TRUE MODIFY=FALSE
Combined Community Codec Pack 2008-01-24-->"C:\Program Files\Combined Community Codec Pack\unins000.exe"
Disc2Phone-->MsiExec.exe /I{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}
EVEREST Home Edition v2.20-->"C:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe"
Express Burn-->C:\Program Files\NCH Swift Sound\ExpressBurn\uninst.exe
Express Rip-->C:\Program Files\NCH Swift Sound\ExpressRip\uninst.exe
Free Download Manager 2.5-->"C:\Program Files\Free Download Manager\unins000.exe"
GIMP 2.4.6-->"C:\Program Files\GIMP-2.0\setup\unins000.exe"
Golden Records-->C:\Program Files\NCH Swift Sound\Golden\uninst.exe
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
HP Image Zone 4.2-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP PSC & OfficeJet 4.2-->"C:\Program Files\HP\Digital Imaging\{A1062847-0846-427A-92A1-BB8251A91E91}\setup\hpzscr01.exe" -datfile hposcr04.dat
HP Software Update-->MsiExec.exe /X{457791C5-D702-4143-A7B2-2744BE9573F2}
LEGEA CATALOG 2008 1.0-->C:\Program Files\LEGEA CATALOG 2008\uninst.exe
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee Personal Firewall Plus-->C:\PROGRA~1\McAfee.com\PERSON~1\MpfUninstall.exe
McAfee SecurityCenter-->c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /appid=msc /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\screm.ui::uninstall.htm
McAfee VirusScan-->c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /appid=vso /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\vsoremui.dll::uninstall.htm
Microsoft .NET Framework 1.1 Greek Language Pack-->MsiExec.exe /X{3D9E9EB7-B14F-4AE4-8C1F-1AD4CF3093BE}
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110408-6000-11D3-8CFE-0150048383C9}
Microsoft Office Visio Professional 2003-->MsiExec.exe /I{90510409-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mozilla Firefox (3.0.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
Prism-->C:\Program Files\NCH Software\Prism\uninst.exe
ProSavageDDR and Utilities-->C:\PROGRA~1\S3\P4M266\s3setvga.exe -s -fC:\PROGRA~1\S3\P4M266\P4M266.uns
QuickTime-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083} /l1033
Recordpad-->C:\Program Files\NCH Swift Sound\Recordpad\uninst.exe
Roland Garros 1999-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Roland Garros\Uninst.isu"
S3Display-->s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Display'
S3Gamma2-->s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Gamma2'
S3Overlay-->s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Overlay'
Slice Uninstall-->C:\Program Files\NCH Swift Sound\Slice\uninst.exe
SmartFTP Client 2.5 Setup Files (remove only)-->C:\Program Files\SmartFTP Client 2.5 Setup Files\uninst-sftp.exe
SmartFTP Client-->MsiExec.exe /I{C169D3BB-9A27-43F5-9979-09A0D65FE95C}
Sony Ericsson PC Suite-->MsiExec.exe /I{668B2B3A-4241-409F-A4AE-79B5016A487E}
Sony Ericsson Symbian 9 Drivers-->C:\Program Files\Sony Ericsson\Sony Ericsson Symbian 9 Drivers\ZEBRUninstall.exe
SoulSeek 157 NS 13c-->"C:\Program Files\SoulseekNS\uninstall.exe"
SoulSeek Client 156c-->"C:\Program Files\Soulseek\uninstall.exe"
SoundTap-->C:\Program Files\NCH Swift Sound\SoundTap\uninst.exe
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Steinberg Nuendo v3.2.0.1128-->C:\PROGRA~1\STEINB~1\NUENDO~1\UNWISE.EXE C:\PROGRA~1\STEINB~1\NUENDO~1\INSTALL.LOG
Super Mp3 Converter 4.0-->"C:\Program Files\Admiresoft\Super Mp3 Converter\unins000.exe"
Switch-->C:\Program Files\NCH Swift Sound\Switch\uninst.exe
SyncroSoft Emu (Remove only)-->C:\Program Files\SyncroSoft\Pos\H2O\Uninst.exe
Syncrosoft's License Control-->C:\PROGRA~1\SYNCRO~1\UNWISE.EXE C:\PROGRA~1\SYNCRO~1\INSTALL.LOG
TotalImageConverter-->"C:\Program Files\TotalImageConverter\unins000.exe"
USB Remote NDIS Network Device-->C:\Program Files\InstallShield Installation Information\{7F628837-063A-4391-8B6E-9D9E21A7CE2D}\setup.exe -runfromtemp -l0x0409
VIA Audio Driver Setup Program-->RunDll32.exe UnAudioNT.dll,UninstallAudio C:\WINDOWS\IsUninst.exe -f"C:\PROGRA~1\VIATEC~1\VIAAUD~1/Uninst.isu"
VIA Διαχειριστής Συσκευών Πλατφόρμας-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
VideoLAN VLC media player 0.8.6i-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Winamp Remote-->"C:\Program Files\Winamp Remote\uninstall.exe"
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Installer 3.0 (KB884016)-->C:\WINDOWS\$MSI30UninstallMSI30-KB884016$\spuninst\spuninst.exe
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Live Messenger-->MsiExec.exe /I{39CD7D93-BF66-4B8F-9A9C-560A1F939A0E}
Windows Live Sign-in Assistant-->MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
WinRAR 3.70 – Εφαρμογή Διαχείρισης Συμπιεσμένων Αρχείων-->C:\Program Files\WinRAR\uninstall.exe
Άμεση επιδιόρθωση για Windows XP - KB822603-->C:\WINDOWS\$NtUninstallKB822603$\spuninst\spuninst.exe
======Hosts File======
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Teleca Shared;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0209
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip
-----------------EOF-----------------
I hope that can help you come up with a conclusion to the problem i am facing.
P.S. SpyBot's Teatimer was (during the processes) and still is deactivated