View Full Version : Can someone analyse my HijackThis Log?
plutomaniac
2009-06-11, 11:14
Hi, I'm new here so...here is my log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:12:50 πμ, on 11/6/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\PLUTOMANIAC\Documents\PLUTOMANIAC\Προγράμματα\Προγράμματα Προστασίας\TrendMicro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Βοηθός εισόδου του Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O8 - Extra context menu item: E&ξαγωγή στο Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Προσθήκη στο ιστολόγιο - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Προσθήκη στο ιστολόγιο στο Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Αποστολή στο OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Α&ποστολή στο OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone: http://sas.zone.msn.com
O15 - Trusted Zone: www.msn.com (http://www.msn.com)
O15 - Trusted Zone: http://zone.msn.com
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Roxio SAIB Service (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269) - Unknown owner - C:\Program Files (x86)\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate1c9b5cf9846a8ea) (gupdate1c9b5cf9846a8ea) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nHancer Support (nHancer) - KSE - Korndorfer Software Engineering - C:\Program Files\nHancer\nHancerService.exe
O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 11 - Sonic Solutions - C:\Program Files (x86)\Roxio Creator 2009 Ultimate\Digital Home 11\RoxioUPnPRenderer11.exe
O23 - Service: Roxio Upnp Server 11 - Sonic Solutions - C:\Program Files (x86)\Roxio Creator 2009 Ultimate\Digital Home 11\RoxioUpnpService11.exe
O23 - Service: LiveShare P2P Server 11 (RoxLiveShare11) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\11.0\SharedCOM\RoxLiveShare11.exe
O23 - Service: RoxMediaDB11 - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe
O23 - Service: Roxio Hard Drive Watcher 11 (RoxWatch11) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatch11.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 8331 bytes
Can someone help me because I think I am infected but I'm not so sure!:sad:
why can't I edit my post? - I wanted to tell you this:
Sorry if you see some Greek Words inside the log - my computer has Greek Windows and my folders are in Greek but all the other important things are in English so I don't think there will be any problem!;)
"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)
Can I edit my own posts?
In the Spybot-S&D forum, there is a 15 minute time frame to edit one's post.
In the Malware Removal Forum, members may not edit their posts. A helper may already be analysing the information given.
;)
ok sorry for doing wrong things. I read all this huge thread and understood!!!
A - What I did now:
1) First of all I temporarly uninstalled Spybot S&D
2) I made a Backup of my System Registry with ERUNT
3) I downloaded and installed HijackThis at Program Files
4) I didn't use the AnalyseThis button
5) I didn't fix anything yet
6) I unchecked "Word Wrap" in notepad
7) I disabled hot links to malware websites that where on the previous-above log file I posted
8) I posted in this post a new log from HijckThis which is better and fixed("Word Wrap" etc...)
B - What I will do after the clean-up:
1) I will post the final clean log of HijackThis so that I'll be sure I'm clean
2) I will reinstall Spybot S&D as soon as possible
C - What I may do:
1) Not bothering you again...
Here is my new log - I hope this time everything is right. I can't wait for your help!!!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:41:41 πμ, on 12/6/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Windows\SysWOW64\conime.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\SysWOW64\DllHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Βοηθός εισόδου του Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O8 - Extra context menu item: E&ξαγωγή στο Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Προσθήκη στο ιστολόγιο - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Προσθήκη στο ιστολόγιο στο Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Αποστολή στο OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Α&ποστολή στο OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone: http://sas.zone.msn.com
O15 - Trusted Zone: www.msn.com (http://www.msn.com)
O15 - Trusted Zone: http://zone.msn.com
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Roxio SAIB Service (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269) - Unknown owner - C:\Program Files (x86)\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate1c9b5cf9846a8ea) (gupdate1c9b5cf9846a8ea) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nHancer Support (nHancer) - KSE - Korndorfer Software Engineering - C:\Program Files\nHancer\nHancerService.exe
O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 11 - Sonic Solutions - C:\Program Files (x86)\Roxio Creator 2009 Ultimate\Digital Home 11\RoxioUPnPRenderer11.exe
O23 - Service: Roxio Upnp Server 11 - Sonic Solutions - C:\Program Files (x86)\Roxio Creator 2009 Ultimate\Digital Home 11\RoxioUpnpService11.exe
O23 - Service: LiveShare P2P Server 11 (RoxLiveShare11) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\11.0\SharedCOM\RoxLiveShare11.exe
O23 - Service: RoxMediaDB11 - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe
O23 - Service: Roxio Hard Drive Watcher 11 (RoxWatch11) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatch11.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 8508 bytes
PLEASE...CAN YOU HELP ME NOW???:sad::red::santa::eek::fear:
oh...I disabled all the links with this button http://forums.spybot.info/images/editor/unlink.gif but they are still active...I'm sorry for that - how can I disable them now?:oops:
(and sorry for double-posting but I can't edit my post!!!):sad:
Hi plutomaniac
To access the Uninstall Manager you would do the following:
1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.
You will now be presented with a screen similar to the one below:
http://img.bleepingcomputer.com/tutorials/hijackthis/uninstall-man.jpg
5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.
plutomaniac
2009-06-12, 14:49
I dont knwo why you need that but you are helping me so you must always be right. Here it is:
3D Sound Back Beta0.1
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1.2
Adobe Shockwave Player 11.5
Apple Software Update
AusLogics Disk Defrag
AusLogics Registry Cleaner
Belarc Advisor 7.2
CCleaner (remove only)
Choice Guard
CoffeeCup HTML Editor 2008
ConvertHelper 2.2
DH Mobility Modder.NET nVidia Edition
DHTML Editing Component
DirectX 9 Runtime
Driver Sweeper 1.5.5
EA Download Manager
ERUNT 1.1j
EVEREST Ultimate Edition v5.01
filehippo.com Update Checker
Flowol 3.1
Flowol More Secondary Mimics
Flowol More Secondary Mimics 2
Flowol Secondary Mimics
Google Earth
Google Earth Plugin
Google Update Helper
Grand Theft Auto IV
HDD Thermometer
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP USB Disk Storage Format Tool
J2SE Runtime Environment 5.0 Update 10
Java(TM) 6 Update 14
Junk Mail filter update
K-Lite Mega Codec Pack 4.8.5
Marvell Miniport Driver
MathType 6
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (Greek) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (Greek) 2007
Microsoft Office Groove MUI (Greek) 2007
Microsoft Office InfoPath MUI (Greek) 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (Greek) 2007
Microsoft Office Outlook MUI (Greek) 2007
Microsoft Office PowerPoint MUI (Greek) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Greek) 2007
Microsoft Office Proofing (Greek) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (Greek) 2007
Microsoft Office Shared MUI (Greek) 2007
Microsoft Office Word MUI (Greek) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft WSE 3.0 Runtime
MozBackup 1.4.9
Mozilla Firefox (3.0.10)
MSN BackUp 1.3.4
MSVCRT
MSXML 4.0 SP2 (KB954430)
mTC (remove only)
My Drivers 3.31
MyPhoneExplorer
Nasty File Remover v0.72 (remove only)
Notepad++
NVIDIA Display Driver Instrumentation Add-on
NVIDIA PerfHUD
NVIDIA Performance
NVIDIA Performance
NVIDIA PerfSDK
NVIDIA PhysX
NVIDIA System Monitor
NVIDIA System Monitor
NVIDIA System Update
NVIDIA System Update
OpenOffice.org 3.1
PC Wizard 2008.1.871
PDF Password Remover v3.0
PowerISO
QuickTime
Realtek High Definition Audio Driver
Recuva (remove only)
Reversi
Revo Uninstaller 1.83
Rockstar Games Social Club
Roxio Activation Module
Roxio BackOnTrack
Roxio Central
Roxio CinePlayer
Roxio CinePlayer Decoder Pack
Roxio Creator 2009 Ultimate
Roxio Creator 2009 Ultimate
Roxio Disaster Recovery
Roxio File Backup
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office Word 2007 (KB969604)
SmartSound Quicktracks Plugin
Sony Ericsson SS1018 x64 driver v3.5.3.0
Sony Ericsson Themes Creator 4.01
Sony Ericsson W302(c)/S302(c) x64 driver v3.5.3.0
Spelling Dictionaries Support For Adobe Reader 9
SUPER © Version 2009.bld.35 (Jan 5, 2009)
Super Internet TV v7.4
SWF Opener
System Requirements Lab
Texas Instruments PCIxx21/x515/xx12 drivers.
Texas Instruments PCIxx21/x515/xx12 drivers.
The Sims™ 3
Tinker Editor
Unknown Device Identifier 6.01
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office Outlook 2007 (KB969907)
Update for Outlook 2007 Junk Email Filter (kb970012)
Update Service
VAIO Control Center
Veoh Web Player
VirusTotal Uploader
Visual C++ 8.0 Runtime Setup Package (x64)
VLC media player 0.9.9
VobSub v2.23 (Remove Only)
Windows 7 Upgrade Advisor Beta
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker Beta
Windows Live OneCare safety scanner
Windows Live OneCare safety scanner
Windows Live Sync
Windows Live Toolbar
Windows Live Writer
WinRAR 3.80 – Εφαρμογή συμπίεσης και διαχείρισης συμπιεσμένων αρχείων
xNeat Application Builder
Βοηθός εισόδου του Windows Live
Ενημερωμένη έκδοση Microsoft Office Excel 2007 Help (KB963678)
Ενημερωμένη έκδοση Microsoft Office Powerpoint 2007 Help (KB963669)
Ενημερωμένη έκδοση Microsoft Office Word 2007 Help (KB963665)
Εργαλείο αποστολής του Windows Live
Πολυλεξικό Magenta
Συλλογή φωτογραφιών του Windows Live
Some things are in Greek Language - Sorry for that but my Windows Vista Ultiate x64 are in Greek and so...sorry for that - I hope this doesn't make your work harder...:red:
IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.
uTorrent
I'd like you to read the this thread (http://forums.spybot.info/showthread.php?t=282).
Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).
Please run a new HijackThis log scan when finished and post the log back here.
plutomaniac
2009-06-12, 16:44
here it is without utorrent - I don't have though problems with utorrent because I use this prog very carefully and don't download viruses from it especially because I donwload everything from a closed-trusted Greek Site and files like SP2 For Vista etc... Here:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:37:16 μμ, on 12/6/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\SysWOW64\conime.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Βοηθός εισόδου του Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O8 - Extra context menu item: E&ξαγωγή στο Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Προσθήκη στο ιστολόγιο - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Προσθήκη στο ιστολόγιο στο Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Αποστολή στο OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Α&ποστολή στο OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone: http://sas.zone.msn.com
O15 - Trusted Zone: www.msn.com (http://www.msn.com)
O15 - Trusted Zone: http://zone.msn.com
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Roxio SAIB Service (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269) - Unknown owner - C:\Program Files (x86)\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate1c9b5cf9846a8ea) (gupdate1c9b5cf9846a8ea) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nHancer Support (nHancer) - KSE - Korndorfer Software Engineering - C:\Program Files\nHancer\nHancerService.exe
O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 11 - Sonic Solutions - C:\Program Files (x86)\Roxio Creator 2009 Ultimate\Digital Home 11\RoxioUPnPRenderer11.exe
O23 - Service: Roxio Upnp Server 11 - Sonic Solutions - C:\Program Files (x86)\Roxio Creator 2009 Ultimate\Digital Home 11\RoxioUpnpService11.exe
O23 - Service: LiveShare P2P Server 11 (RoxLiveShare11) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\11.0\SharedCOM\RoxLiveShare11.exe
O23 - Service: RoxMediaDB11 - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe
O23 - Service: Roxio Hard Drive Watcher 11 (RoxWatch11) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatch11.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 8590 bytes
and also:
3D Sound Back Beta0.1
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1.2
Adobe Shockwave Player 11.5
Apple Software Update
AusLogics Disk Defrag
AusLogics Registry Cleaner
Belarc Advisor 7.2
CCleaner (remove only)
Choice Guard
CoffeeCup HTML Editor 2008
ConvertHelper 2.2
DH Mobility Modder.NET nVidia Edition
DHTML Editing Component
DirectX 9 Runtime
Driver Sweeper 1.5.5
EA Download Manager
ERUNT 1.1j
EVEREST Ultimate Edition v5.01
filehippo.com Update Checker
Flowol 3.1
Flowol More Secondary Mimics
Flowol More Secondary Mimics 2
Flowol Secondary Mimics
Google Earth
Google Earth Plugin
Google Update Helper
Grand Theft Auto IV
HDD Thermometer
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP USB Disk Storage Format Tool
J2SE Runtime Environment 5.0 Update 10
Java(TM) 6 Update 14
Junk Mail filter update
K-Lite Mega Codec Pack 4.8.5
Marvell Miniport Driver
MathType 6
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (Greek) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (Greek) 2007
Microsoft Office Groove MUI (Greek) 2007
Microsoft Office InfoPath MUI (Greek) 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (Greek) 2007
Microsoft Office Outlook MUI (Greek) 2007
Microsoft Office PowerPoint MUI (Greek) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Greek) 2007
Microsoft Office Proofing (Greek) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (Greek) 2007
Microsoft Office Shared MUI (Greek) 2007
Microsoft Office Word MUI (Greek) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft WSE 3.0 Runtime
MozBackup 1.4.9
Mozilla Firefox (3.0.10)
MSN BackUp 1.3.4
MSVCRT
MSXML 4.0 SP2 (KB954430)
mTC (remove only)
My Drivers 3.31
MyPhoneExplorer
Nasty File Remover v0.72 (remove only)
Notepad++
NVIDIA Display Driver Instrumentation Add-on
NVIDIA PerfHUD
NVIDIA Performance
NVIDIA Performance
NVIDIA PerfSDK
NVIDIA PhysX
NVIDIA System Monitor
NVIDIA System Monitor
NVIDIA System Update
NVIDIA System Update
OpenOffice.org 3.1
PC Wizard 2008.1.871
PDF Password Remover v3.0
PowerISO
QuickTime
Realtek High Definition Audio Driver
Recuva (remove only)
Reversi
Revo Uninstaller 1.83
Rockstar Games Social Club
Roxio Activation Module
Roxio BackOnTrack
Roxio Central
Roxio CinePlayer
Roxio CinePlayer Decoder Pack
Roxio Creator 2009 Ultimate
Roxio Creator 2009 Ultimate
Roxio Disaster Recovery
Roxio File Backup
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office Word 2007 (KB969604)
SmartSound Quicktracks Plugin
Sony Ericsson SS1018 x64 driver v3.5.3.0
Sony Ericsson Themes Creator 4.01
Sony Ericsson W302(c)/S302(c) x64 driver v3.5.3.0
Spelling Dictionaries Support For Adobe Reader 9
SUPER © Version 2009.bld.35 (Jan 5, 2009)
Super Internet TV v7.4
SWF Opener
System Requirements Lab
Texas Instruments PCIxx21/x515/xx12 drivers.
Texas Instruments PCIxx21/x515/xx12 drivers.
The Sims™ 3
Tinker Editor
Unknown Device Identifier 6.01
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office Outlook 2007 (KB969907)
Update for Outlook 2007 Junk Email Filter (kb970012)
Update Service
VAIO Control Center
Veoh Web Player
VirusTotal Uploader
Visual C++ 8.0 Runtime Setup Package (x64)
VLC media player 0.9.9
VobSub v2.23 (Remove Only)
Windows 7 Upgrade Advisor Beta
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker Beta
Windows Live OneCare safety scanner
Windows Live OneCare safety scanner
Windows Live Sync
Windows Live Toolbar
Windows Live Writer
WinRAR 3.80 – Εφαρμογή συμπίεσης και διαχείρισης συμπιεσμένων αρχείων
xNeat Application Builder
Βοηθός εισόδου του Windows Live
Ενημερωμένη έκδοση Microsoft Office Excel 2007 Help (KB963678)
Ενημερωμένη έκδοση Microsoft Office Powerpoint 2007 Help (KB963669)
Ενημερωμένη έκδοση Microsoft Office Word 2007 Help (KB963665)
Εργαλείο αποστολής του Windows Live
Πολυλεξικό Magenta
Συλλογή φωτογραφιών του Windows Live
That doesn't matter as it is against forum rules.
Download random's system information tool (RSIT) by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt (<< will be maximized) and info.txt (<< will be minimized)
plutomaniac
2009-06-12, 19:35
Log.txt:
Logfile of random's system information tool 1.06 (written by random/random)
Run by PLATO at 2009-06-12 19:14:52
Microsoft® Windows Vista™ Ultimate Service Pack 1
System drive C: has 5 GB (3%) free of 181 GB
Total RAM: 3070 MB (31% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:14:57 μμ, on 12/6/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\SysWOW64\conime.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Users\PLATO\Desktop\RSIT.exe
C:\Program Files (x86)\Trend Micro\HijackThis\PLATO.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Βοηθός εισόδου του Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O8 - Extra context menu item: E&ξαγωγή στο Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Προσθήκη στο ιστολόγιο - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Προσθήκη στο ιστολόγιο στο Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Αποστολή στο OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Α&ποστολή στο OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone: http://sas.zone.msn.com
O15 - Trusted Zone: www.msn.com (http://www.msn.com)
O15 - Trusted Zone: http://zone.msn.com
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Roxio SAIB Service (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269) - Unknown owner - C:\Program Files (x86)\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate1c9b5cf9846a8ea) (gupdate1c9b5cf9846a8ea) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nHancer Support (nHancer) - KSE - Korndorfer Software Engineering - C:\Program Files\nHancer\nHancerService.exe
O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 11 - Sonic Solutions - C:\Program Files (x86)\Roxio Creator 2009 Ultimate\Digital Home 11\RoxioUPnPRenderer11.exe
O23 - Service: Roxio Upnp Server 11 - Sonic Solutions - C:\Program Files (x86)\Roxio Creator 2009 Ultimate\Digital Home 11\RoxioUpnpService11.exe
O23 - Service: LiveShare P2P Server 11 (RoxLiveShare11) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\11.0\SharedCOM\RoxLiveShare11.exe
O23 - Service: RoxMediaDB11 - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe
O23 - Service: Roxio Hard Drive Watcher 11 (RoxWatch11) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatch11.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 8502 bytes
======Scheduled tasks folder======
C:\Windows\tasks\GoogleUpdateTaskMachine.job
C:\Windows\tasks\User_Feed_Synchronization-{0ACF17B2-3840-4C7F-BB24-6E984D5BA8FF}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Βοηθός εισόδου του Windows Live - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2009-06-05 41368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - Veoh Web Player Video Finder - C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll [2009-03-26 429816]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
""= []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MSIServer]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
"DisableStatusMessages"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoStartMenuMorePrograms"=0
"StartMenuLogOff"=0
"TaskbarNoThumbnail"=0
"HideSCABattery"=0
"HideSCANetwork"=0
"HideSCAVolume"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=
"NoActiveDesktopChanges"=
"ForceActiveDesktopOn"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
shell\AutoRun\command - H:\Autorun\Autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2c285f63-1d2b-11de-8d4f-806e6f6e6963}]
shell\AutoRun\command - wd_windows_tools\WDSetup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3a2060f9-2812-11de-816a-001a80fa1571}]
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\strongkey.exe
shell\default\command - F:\strongkey.exe
======File associations======
.js - edit - C:\Windows\SysWOW64\Notepad.exe %1
.js - open - C:\Windows\SysWOW64\WScript.exe "%1" %*
======List of files/folders created in the last 1 months======
2009-06-12 19:08:27 ----D---- C:\rsit
2009-06-12 00:40:24 ----D---- C:\Program Files (x86)\Trend Micro
2009-06-12 00:31:01 ----D---- C:\Program Files (x86)\ERUNT
2009-06-11 21:13:46 ----D---- C:\Program Files (x86)\VirusTotalUploader
2009-06-11 14:27:38 ----D---- C:\ProgramData\Windows Genuine Advantage
2009-06-11 01:33:02 ----A---- C:\Windows\system32\mshtml.dll
2009-06-11 01:32:58 ----A---- C:\Windows\system32\ieframe.dll
2009-06-11 01:32:56 ----A---- C:\Windows\system32\iertutil.dll
2009-06-11 01:32:55 ----A---- C:\Windows\system32\urlmon.dll
2009-06-11 01:32:54 ----A---- C:\Windows\system32\wininet.dll
2009-06-11 01:32:53 ----A---- C:\Windows\system32\iedkcs32.dll
2009-06-11 01:32:51 ----A---- C:\Windows\system32\jsproxy.dll
2009-06-11 01:32:51 ----A---- C:\Windows\system32\ieui.dll
2009-06-11 01:32:50 ----A---- C:\Windows\system32\ie4uinit.exe
2009-06-11 01:32:48 ----A---- C:\Windows\system32\iesetup.dll
2009-06-11 01:32:48 ----A---- C:\Windows\system32\iernonce.dll
2009-06-11 01:32:03 ----A---- C:\Windows\system32\EncDec.dll
2009-06-11 01:32:01 ----A---- C:\Windows\system32\psisdecd.dll
2009-06-11 01:31:46 ----A---- C:\Windows\system32\localspl.dll
2009-06-11 01:31:39 ----A---- C:\Windows\system32\rpcrt4.dll
2009-06-10 23:53:37 ----A---- C:\Windows\system32\E3TL.DLL
2009-06-10 23:53:10 ----D---- C:\ProgramData\Zenturi
2009-06-10 21:43:18 ----D---- C:\ProgramData\Spybot - Search & Destroy
2009-06-10 20:59:57 ----D---- C:\Windows\TEMP
2009-06-10 19:39:34 ----D---- C:\ProgramData\SecTaskMan
2009-06-10 18:47:11 ----D---- C:\ProgramData\PrevxCSI
2009-06-09 16:56:01 ----D---- C:\Program Files (x86)\Empire Interactive
2009-06-07 18:14:15 ----D---- C:\Program Files (x86)\Gabest
2009-06-06 21:13:04 ----D---- C:\Program Files (x86)\Super Internet TV
2009-06-05 19:40:21 ----D---- C:\ProgramData\Apple Computer
2009-06-05 19:40:21 ----D---- C:\Program Files (x86)\QuickTime
2009-06-05 19:37:35 ----A---- C:\Windows\system32\javaws.exe
2009-06-05 19:37:34 ----A---- C:\Windows\system32\javaw.exe
2009-06-05 19:37:34 ----A---- C:\Windows\system32\java.exe
2009-06-05 13:05:19 ----D---- C:\Program Files (x86)\MSN BackUp
2009-06-03 20:36:11 ----RHD---- C:\MSOCache
2009-06-03 18:16:05 ----D---- C:\Program Files (x86)\xNeat Application Builder
2009-06-03 10:42:13 ----A---- C:\Windows\system32\Ilda32.dll
2009-06-03 10:42:13 ----A---- C:\Windows\system32\BORLNDMM.DLL
2009-06-03 10:42:10 ----D---- C:\Program Files (x86)\CoffeeCup Software
2009-06-01 22:18:15 ----D---- C:\ProgramData\Electronic Arts
2009-06-01 22:14:59 ----D---- C:\Program Files (x86)\Microsoft WSE
2009-06-01 22:03:33 ----D---- C:\Program Files (x86)\Electronic Arts
2009-06-01 12:53:43 ----D---- C:\Program Files (x86)\KamLex
2009-06-01 11:25:31 ----A---- C:\Windows\system32\zoneoc.dll
2009-06-01 10:31:23 ----A---- C:\Windows\kk.ini
2009-06-01 10:30:34 ----D---- C:\Program Files (x86)\ReflexiveArcade
2009-06-01 08:27:59 ----D---- C:\Program Files (x86)\DriveKey
2009-05-31 12:05:50 ----D---- C:\ProgramData\ESET
2009-05-30 23:48:29 ----A---- C:\Windows\wininit.ini
2009-05-30 18:24:09 ----D---- C:\ProgramData\Apple
2009-05-30 18:24:09 ----D---- C:\Program Files (x86)\Apple Software Update
2009-05-29 14:28:22 ----D---- C:\Users\PLATO\AppData\Roaming\Auslogics
2009-05-29 12:51:44 ----D---- C:\Program Files (x86)\mTC
2009-05-27 16:04:00 ----A---- C:\Windows\system32\nvwgf2um.dll
2009-05-27 16:04:00 ----A---- C:\Windows\system32\nvoglv32.dll
2009-05-27 16:04:00 ----A---- C:\Windows\system32\nvencodemft.dll
2009-05-27 16:04:00 ----A---- C:\Windows\system32\nvdecodemft.dll
2009-05-27 16:04:00 ----A---- C:\Windows\system32\nvd3dum.dll
2009-05-27 16:04:00 ----A---- C:\Windows\system32\nvcuvid.dll
2009-05-27 16:04:00 ----A---- C:\Windows\system32\nvcuvenc.dll
2009-05-27 16:04:00 ----A---- C:\Windows\system32\nvcuda.dll
2009-05-27 16:04:00 ----A---- C:\Windows\system32\nvapi.dll
2009-05-24 13:29:36 ----D---- C:\Program Files (x86)\TimeAdjuster
2009-05-23 12:34:37 ----D---- C:\Program Files (x86)\WinRAR
2009-05-23 10:55:39 ----D---- C:\Program Files (x86)\DAMN NFO Viewer
2009-05-22 18:44:19 ----D---- C:\Users\PLATO\AppData\Roaming\MyPhoneExplorer
2009-05-22 18:43:56 ----D---- C:\Program Files (x86)\MyPhoneExplorer
2009-05-22 11:42:30 ----D---- C:\ProgramData\ABBYY
2009-05-21 15:12:11 ----AD---- C:\ProgramData\TEMP
2009-05-21 13:16:34 ----D---- C:\Windows\Java
2009-05-21 13:16:22 ----D---- C:\Program Files (x86)\PC Wizard 2008
2009-05-18 09:50:00 ----D---- C:\Users\PLATO\AppData\Roaming\nHancer
2009-05-18 09:48:29 ----D---- C:\ProgramData\nHancer
2009-05-16 14:36:29 ----D---- C:\Program Files (x86)\NVIDIA nTune Performance Application
2009-05-16 14:02:05 ----D---- C:\Program Files (x86)\MobilityDotNETnV
2009-05-14 19:12:23 ----D---- C:\Windows\pss
2009-05-14 14:03:07 ----A---- C:\Windows\system32\everest_cpl.ini
2009-05-14 13:57:19 ----D---- C:\Program Files (x86)\Lavalys
2009-05-13 21:03:44 ----D---- C:\Users\PLATO\AppData\Roaming\Download Manager
======List of files/folders modified in the last 1 months======
2009-06-12 19:14:56 ----D---- C:\Users\PLATO\AppData\Roaming\uTorrent
2009-06-12 19:12:29 ----D---- C:\Windows\Prefetch
2009-06-12 01:26:15 ----D---- C:\Windows\system32\drivers
2009-06-12 00:40:24 ----RD---- C:\Program Files (x86)
2009-06-11 21:01:31 ----SHD---- C:\System Volume Information
2009-06-11 16:20:46 ----SHD---- C:\Windows\Installer
2009-06-11 16:20:41 ----D---- C:\Users\PLATO\AppData\Roaming\Media Player Classic
2009-06-11 15:03:12 ----D---- C:\Windows
2009-06-11 14:41:38 ----RD---- C:\Users
2009-06-11 14:40:52 ----D---- C:\Windows\Debug
2009-06-11 14:32:33 ----RD---- C:\Program Files
2009-06-11 14:31:43 ----D---- C:\Windows\SysWOW64
2009-06-11 14:27:38 ----HD---- C:\ProgramData
2009-06-11 11:28:52 ----D---- C:\Windows\System32
2009-06-11 11:28:52 ----D---- C:\Windows\inf
2009-06-11 09:55:01 ----D---- C:\Windows\winsxs
2009-06-11 09:41:59 ----D---- C:\Program Files (x86)\Mozilla Firefox
2009-06-11 09:41:51 ----SD---- C:\Users\PLATO\AppData\Roaming\Microsoft
2009-06-11 09:41:49 ----D---- C:\ProgramData\avg8
2009-06-11 01:55:28 ----D---- C:\Windows\Microsoft.NET
2009-06-11 01:52:08 ----D---- C:\Windows\system32\migration
2009-06-11 01:52:08 ----D---- C:\Program Files (x86)\Internet Explorer
2009-06-11 01:52:02 ----D---- C:\Windows\ehome
2009-06-11 01:49:18 ----D---- C:\ProgramData\Microsoft Help
2009-06-11 01:00:53 ----D---- C:\ProgramData\NVIDIA
2009-06-11 00:01:06 ----SD---- C:\Windows\Downloaded Program Files
2009-06-10 23:59:29 ----D---- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2009-06-09 17:13:48 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2009-06-09 16:29:17 ----HD---- C:\$AVG8.VAULT$
2009-06-08 18:44:25 ----D---- C:\Program Files (x86)\NCBuy
2009-06-08 18:32:18 ----D---- C:\Program Files (x86)\Notepad++
2009-06-06 18:56:30 ----D---- C:\Program Files (x86)\AGEIA Technologies
2009-06-06 15:03:12 ----D---- C:\Program Files (x86)\Common Files\Sonic Shared
2009-06-05 19:37:10 ----A---- C:\Windows\system32\deploytk.dll
2009-06-03 11:34:25 ----D---- C:\Program Files (x86)\Auslogics
2009-06-03 11:34:03 ----D---- C:\ProgramData\HDD Thermometer
2009-06-02 23:51:50 ----D---- C:\Program Files (x86)\Common Files\microsoft shared
2009-06-01 22:15:05 ----RSD---- C:\Windows\assembly
2009-06-01 20:38:44 ----D---- C:\Users\PLATO\AppData\Roaming\Notepad++
2009-06-01 11:05:07 ----D---- C:\Windows\Help
2009-05-31 09:24:48 ----D---- C:\Program Files (x86)\Common Files
2009-05-30 18:36:45 ----D---- C:\Users\PLATO\AppData\Roaming\dvdcss
2009-05-30 16:18:08 ----D---- C:\Program Files (x86)\Google
2009-05-30 10:06:36 ----D---- C:\Users\PLATO\AppData\Roaming\vlc
2009-05-29 14:05:01 ----RSD---- C:\Windows\Fonts
2009-05-29 14:04:43 ----D---- C:\Program Files (x86)\OpenOffice.org 3
2009-05-29 13:52:48 ----D---- C:\Program Files (x86)\uTorrent
2009-05-29 12:52:13 ----D---- C:\Program Files (x86)\Sony Ericsson
2009-05-22 17:29:39 ----D---- C:\Program Files (x86)\K-Lite Codec Pack
2009-05-20 17:13:00 ----D---- C:\Users\PLATO\AppData\Roaming\WinRAR
2009-05-14 19:22:26 ----A---- C:\Windows\system32\nvRegDev.dll
2009-05-14 19:22:26 ----A---- C:\Windows\system32\nvPerfSDKUtil.dll
2009-05-14 19:22:01 ----A---- C:\Windows\system32\nvPerfHUDUtil.dll
2009-05-14 19:19:59 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2009-05-14 18:36:10 ----D---- C:\Program Files (x86)\Sony
2009-05-13 20:26:05 ----A---- C:\Windows\Lexicon.ini
2009-05-13 14:53:46 ----D---- C:\ProgramData\InstallShield
2009-05-13 10:44:29 ----D---- C:\Program Files (x86)\Windows Mail
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys []
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys []
R1 SaibVdAd64;Virtual Disk Driver; C:\Windows\System32\Drivers\SaibVdAd64.sys []
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys []
R2 eamon;eamon; C:\Windows\system32\DRIVERS\eamon.sys []
R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys []
R2 NVR0FLASHDev;NVR0FLASHDev; \??\C:\Windows\nvflsh64.sys [2009-01-07 40992]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys []
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\VSTDPV6.SYS []
R3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL6.SYS []
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []
R3 ksthunk;Kernel Streaming Thunks; C:\Windows\system32\drivers\ksthunk.sys []
R3 NETw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit; C:\Windows\system32\DRIVERS\NETw5v64.sys []
R3 NuidFltr;NUID filter driver; C:\Windows\system32\DRIVERS\NuidFltr.sys []
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys []
R3 NVR0Dev;NVR0Dev; \??\C:\Windows\nvoclk64.sys [2009-01-06 40480]
R3 SFEP;Sony Firmware Extension Parser; C:\Windows\system32\DRIVERS\SFEP.sys []
R3 ti21sony;ti21sony; C:\Windows\system32\drivers\ti21sony.sys []
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\VSTCNXT6.SYS []
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys []
R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x64.sys []
S1 RxFilter;RxFilter; C:\Windows\system32\drivers\RxFilter.sys [2008-08-11 65520]
S1 SonyFanC;FAN Control Device Service; C:\Windows\system32\drivers\SonyFanC.sys [2000-08-22 44504]
S3 arjtquwk;arjtquwk; C:\Windows\system32\drivers\arjtquwk.sys []
S3 cpuz129;cpuz129; \??\C:\Program Files (x86)\PC Wizard 2008\pcwiz64.sys [2008-01-25 17384]
S3 cpuz132;cpuz132; \??\C:\Windows\system32\drivers\cpuz132_x64.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys []
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys []
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys []
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys []
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys []
S3 NETw4v64;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 64 Bit; C:\Windows\system32\DRIVERS\NETw4v64.sys []
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys []
S3 SS1018mdm;Sony Ericsson Mobile Device Full USB Driver; C:\Windows\system32\DRIVERS\SS1018mdm_x64.sys []
S3 WimFltr;WimFltr; C:\Windows\system32\drivers\WimFltr.sys [2008-04-09 128104]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys []
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys []
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys []
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service; C:\Program Files (x86)\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe [2008-08-01 125424]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2009-02-06 727720]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2009-02-27 1461520]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2009-02-11 354840]
R2 MDM;Machine Debug Manager; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 nHancer;nHancer Support; C:\Program Files\nHancer\nHancerService.exe [2009-04-26 39424]
R2 nTuneService;Performance Service; C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe [2009-01-06 255008]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe []
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2009-02-27 830224]
R2 SeaPort;SeaPort; C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R2 UpdateCenterService;Update Center Service; C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe [2009-01-07 169504]
S2 gupdate1c9b5cf9846a8ea;Google Update Service (gupdate1c9b5cf9846a8ea); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-04-05 133104]
S2 Roxio Upnp Server 11;Roxio Upnp Server 11; C:\Program Files (x86)\Roxio Creator 2009 Ultimate\Digital Home 11\RoxioUpnpService11.exe [2008-08-14 367088]
S2 RoxLiveShare11;LiveShare P2P Server 11; C:\Program Files (x86)\Common Files\Roxio Shared\11.0\SharedCOM\RoxLiveShare11.exe [2008-08-14 309744]
S2 RoxWatch11;Roxio Hard Drive Watcher 11; C:\Program Files (x86)\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatch11.exe [2008-08-14 170480]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2008-07-27 93184]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-02-06 23296]
S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe []
S3 fsssvc;Windows Live Family Safety; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-21 19968]
S3 Roxio UPnP Renderer 11;Roxio UPnP Renderer 11; C:\Program Files (x86)\Roxio Creator 2009 Ultimate\Digital Home 11\RoxioUPnPRenderer11.exe [2008-08-14 313840]
S3 RoxMediaDB11;RoxMediaDB11; C:\Program Files (x86)\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe [2008-08-14 1124848]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe []
-----------------EOF-----------------
I think these files are bad:
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3a2060f9-2812-11de-816a-001a80fa1571}]
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\strongkey.exe
shell\default\command - F:\strongkey.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
shell\AutoRun\command - H:\Autorun\Autorun.exe
Info.txt:
info.txt logfile of random's system information tool 1.06 2009-06-12 19:08:40
======Uninstall list======
-->C:\Windows\SysWOW64\\MSIEXEC.EXE /x {7B91CBFD-0671-4819-9724-CABE3014E886}
-->MsiExec /X{B83FC356-B7C0-441F-8A4D-D71E088E7974}
3D Sound Back Beta0.1-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{39DB116F-E088-486F-B13C-8925ECE7A6E5}\setup.exe" -removeonly
Adobe AIR-->c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
Adobe Shockwave Player 11.5-->C:\Windows\system32\Adobe\uninstaller.exe
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
AusLogics Disk Defrag-->"C:\Program Files (x86)\Auslogics\AusLogics Disk Defrag\unins000.exe"
AusLogics Registry Cleaner-->"C:\Program Files (x86)\Auslogics\AusLogics Registry Cleaner\unins000.exe"
Belarc Advisor 7.2-->C:\PROGRA~2\Belarc\Advisor\Uninstall.exe C:\PROGRA~2\Belarc\Advisor\INSTALL.LOG
CCleaner (remove only)-->"C:\Program Files (x86)\CCleaner\uninst.exe"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
CoffeeCup HTML Editor 2008-->C:\PROGRA~2\COFFEE~1\UNWISE.EXE C:\PROGRA~2\COFFEE~1\INSTALL.LOG
ConvertHelper 2.2-->"C:\Program Files (x86)\ConvertHelper\unins000.exe"
DH Mobility Modder.NET nVidia Edition-->C:\Program Files (x86)\MobilityDotNETnV\Uninstall.exe
DHTML Editing Component-->MsiExec.exe /I{2EA870FA-585F-4187-903D-CB9FFD21E2E0}
DirectX 9 Runtime-->MsiExec.exe /I{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}
Driver Sweeper 1.5.5-->"C:\Program Files (x86)\Driver Sweeper\unins000.exe"
EA Download Manager-->C:\Program Files (x86)\Electronic Arts\EADM\Uninstall.exe
ERUNT 1.1j-->"C:\Program Files (x86)\ERUNT\unins000.exe"
EVEREST Ultimate Edition v5.01-->"C:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\unins000.exe"
filehippo.com Update Checker-->"C:\Program Files (x86)\filehippo.com\uninstall.exe"
Flowol 3.1-->MsiExec.exe /I{2F07D8DD-89E1-4042-BF12-F1661B8A1A75}
Flowol More Secondary Mimics 2-->MsiExec.exe /I{5E834C5C-EBF3-4623-AFE9-5D25F924E45D}
Flowol More Secondary Mimics-->MsiExec.exe /I{2213BB04-097F-428E-8F05-1E408BF7F3A0}
Flowol Secondary Mimics-->MsiExec.exe /I{B36A46BD-050E-4072-8AE0-66E29B5148B2}
Google Earth Plugin-->MsiExec.exe /I{CFA3D1B0-415C-11DE-8251-005056806466}
Google Earth-->MsiExec.exe /X{CC016F21-3970-11DE-B878-005056806466}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Grand Theft Auto IV-->"C:\Program Files (x86)\InstallShield Installation Information\{579BA58C-F33D-4970-9953-B94B43768AC3}\setup.exe" -runfromtemp -l0x0009 -removeonly
HDD Thermometer-->C:\Program Files (x86)\HDD Thermometer\uninstall.exe
HijackThis 2.0.2-->"C:\Users\PLATO\Documents\Πλάτωνας\Προγράμματα\Προγράμματα Προστασίας\TrendMicro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {08155812-0202-4D5F-A7FF-12A2782DC548} /qb+ REBOOTPROMPT=""
HP USB Disk Storage Format Tool-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}\Setup.exe" -l0x9 anything
J2SE Runtime Environment 5.0 Update 10-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
Java(TM) 6 Update 14-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216014FF}
Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}
K-Lite Mega Codec Pack 4.8.5-->"C:\Program Files (x86)\K-Lite Codec Pack\unins000.exe"
Marvell Miniport Driver-->C:\Program Files (x86)\Marvell\Miniport Driver\Uninst.exe
MathType 6-->"C:\Program Files (x86)\MathType\Setup.exe" -R
Microsoft Games for Windows - LIVE -->MsiExec.exe /X{4D243BA7-9AC4-46D1-90E5-EEB88974F501}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {E64BA721-2310-4B55-BE5A-2925F9706192}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Access MUI (Greek) 2007-->MsiExec.exe /X{90120000-0015-0408-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (Greek) 2007-->MsiExec.exe /X{90120000-0016-0408-0000-0000000FF1CE}
Microsoft Office Groove MUI (Greek) 2007-->MsiExec.exe /X{90120000-00BA-0408-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Greek) 2007-->MsiExec.exe /X{90120000-0044-0408-0000-0000000FF1CE}
Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
Microsoft Office OneNote MUI (Greek) 2007-->MsiExec.exe /X{90120000-00A1-0408-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Greek) 2007-->MsiExec.exe /X{90120000-001A-0408-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Greek) 2007-->MsiExec.exe /X{90120000-0018-0408-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Greek) 2007-->MsiExec.exe /X{90120000-001F-0408-0000-0000000FF1CE}
Microsoft Office Proofing (Greek) 2007-->MsiExec.exe /X{90120000-002C-0408-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Publisher MUI (Greek) 2007-->MsiExec.exe /X{90120000-0019-0408-0000-0000000FF1CE}
Microsoft Office Shared MUI (Greek) 2007-->MsiExec.exe /X{90120000-006E-0408-0000-0000000FF1CE}
Microsoft Office Word MUI (Greek) 2007-->MsiExec.exe /X{90120000-001B-0408-0000-0000000FF1CE}
Microsoft Search Enhancement Pack-->MsiExec.exe /X{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft WSE 3.0 Runtime-->MsiExec.exe /X{E3E71D07-CD27-46CB-8448-16D4FB29AA13}
MozBackup 1.4.9-->C:\Program Files (x86)\MozBackup\Uninstall.exe
Mozilla Firefox (3.0.10)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
MSN BackUp 1.3.4-->C:\Program Files (x86)\MSN BackUp\uninst.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
mTC (remove only)-->"C:\Program Files (x86)\mTC\mtc-uninst.exe"
My Drivers 3.31-->"C:\Program Files (x86)\My Drivers\unins000.exe"
MyPhoneExplorer-->C:\Program Files (x86)\MyPhoneExplorer\uninstall.exe
Nasty File Remover v0.72 (remove only)-->"C:\Program Files (x86)\NFR\unins_NFR.exe"
Notepad++-->C:\Program Files (x86)\Notepad++\uninstall.exe
NVIDIA Display Driver Instrumentation Add-on-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{80C77B6E-39EC-4DFB-A5B0-025D221B5EA8}\setup.exe" -l0x9
NVIDIA PerfHUD-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{70A66934-9248-4B31-A71A-E1E4239F7BC6}\setup.exe" -l0x9
NVIDIA Performance-->"C:\Program Files (x86)\InstallShield Installation Information\{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}\setup.exe" -runfromtemp -l0x0408 -removeonly
NVIDIA Performance-->MsiExec.exe /I{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}
NVIDIA PerfSDK-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{41B6EF3E-C5D2-4196-B915-7DDD8842F8C0}\setup.exe" -l0x9
NVIDIA PhysX-->MsiExec.exe /X{B83FC356-B7C0-441F-8A4D-D71E088E7974}
NVIDIA System Monitor-->"C:\Program Files (x86)\InstallShield Installation Information\{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}\setup.exe" -runfromtemp -l0x0408 -removeonly
NVIDIA System Monitor-->MsiExec.exe /I{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}
NVIDIA System Update-->"C:\Program Files (x86)\InstallShield Installation Information\{6F69C969-2942-4E7B-B594-75B37664B8BA}\setup.exe" -runfromtemp -l0x0408 -removeonly
NVIDIA System Update-->MsiExec.exe /I{6F69C969-2942-4E7B-B594-75B37664B8BA}
OpenOffice.org 3.1-->MsiExec.exe /I{A16B3EA2-8798-4960-8D8B-18D3149AD617}
PC Wizard 2008.1.871-->"C:\Program Files (x86)\PC Wizard 2008\unins000.exe"
PDF Password Remover v3.0-->"C:\Program Files (x86)\PDF Password Remover v3.0\unins000.exe"
PowerISO-->"C:\Program Files (x86)\PowerISO\uninstall.exe"
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -removeonly
Recuva (remove only)-->"C:\Program Files (x86)\Recuva\uninst.exe"
Reversi-->MsiExec.exe /I{169C556D-38B7-45AD-89D6-9E2C9B9DC29F}
Revo Uninstaller 1.83-->C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\uninst.exe
Rockstar Games Social Club-->"C:\Program Files (x86)\InstallShield Installation Information\{08B3869E-D282-424C-9AFC-870E04A4BA14}\setup.exe" -runfromtemp -l0x0009 -removeonly
Roxio Activation Module-->MsiExec.exe /I{1D53B6F9-E66E-42D8-A221-4FF8AC134FD7}
Roxio BackOnTrack-->MsiExec.exe /I{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}
Roxio Central-->MsiExec.exe /I{3383136B-4F86-4F05-8612-DD4BB16A1EAE}
Roxio CinePlayer Decoder Pack-->MsiExec.exe /I{C0FE37FA-0886-4B66-B01B-76CF70FB77AB}
Roxio CinePlayer-->MsiExec.exe /I{AA749D64-3741-4D5F-B804-B0BC05D179D1}
Roxio Creator 2009 Ultimate-->C:\ProgramData\Uninstall\{7919D8D9-69FB-4E94-B330-04C4AF251867}\setup.exe /x {7919D8D9-69FB-4E94-B330-04C4AF251867}
Roxio Creator 2009 Ultimate-->MsiExec.exe /I{09EA3E66-F60C-45EF-9C16-6CA2262E21C4}
Roxio Disaster Recovery-->MsiExec.exe /I{87A83C6F-F53C-448A-B078-FF00E3EAEB29}
Roxio File Backup-->MsiExec.exe /I{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969679)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB969682)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
SmartSound Quicktracks Plugin-->C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}
Sony Ericsson SS1018 x64 driver v3.5.3.0-->"C:\Program Files (x86)\Sony Ericsson\SS1018\Drivers\uninstall.exe" /ID=SS1018_x64
Sony Ericsson Themes Creator 4.01-->C:\Program Files (x86)\Sony Ericsson\Themes Creator\Uninstall.exe
Sony Ericsson W302(c)/S302(c) x64 driver v3.5.3.0-->"C:\Program Files (x86)\Sony Ericsson\W302_S302\Drivers\uninstall.exe" /ID=2G_FENG_AN_x64
Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004}
SUPER © Version 2009.bld.35 (Jan 5, 2009)-->C:\PROGRA~2\ERIGHT~1\SUPER\Setup.exe /remove /q0
Super Internet TV v7.4-->"C:\Program Files (x86)\Super Internet TV\unins000.exe"
SWF Opener-->"C:\Program Files (x86)\UnH Solutions\SWF Opener\unins000.exe"
System Requirements Lab-->C:\Program Files (x86)\SystemRequirementsLab\Uninstall.exe
Texas Instruments PCIxx21/x515/xx12 drivers.-->C:\Program Files (x86)\InstallShield Installation Information\{DB780B85-B4B5-4864-A49C-9B706B169C93}\setup.exe -runfromtemp -l0x0409
Texas Instruments PCIxx21/x515/xx12 drivers.-->C:\Program Files (x86)\InstallShield Installation Information\{F7B05784-334C-4F76-8BAB-30ABEB7FD534}\setup.exe -runfromtemp -l0x0409
The Sims™ 3-->"C:\Program Files (x86)\InstallShield Installation Information\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}\Sims3Setup.exe" -runfromtemp -l0x0008 -removeonly
Tinker Editor-->MsiExec.exe /I{FED8ABBB-FC3F-45A7-B4F3-23A42E7B1BA1}
Unknown Device Identifier 6.01-->"C:\Program Files (x86)\Unknown Device Identifier\unins000.exe"
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft Office Outlook 2007 (KB969907)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {74F98B24-AFBD-4800-9BD6-87D349B5C462}
Update for Outlook 2007 Junk Email Filter (kb970012)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {DC4A962B-9EC2-469C-BC9C-87312ADAEE81}
Update Service-->C:\Program Files (x86)\Sony Ericsson\Update Service\uninst.exe
VAIO Control Center-->"C:\Program Files (x86)\InstallShield Installation Information\{72042FA6-5609-489F-A8EA-3C2DD650F667}\setup.exe" -runfromtemp -l0x0009 -removeonly
Veoh Web Player-->"C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\uninst.exe"
VirusTotal Uploader-->"C:\Program Files (x86)\VirusTotalUploader\uninstall.exe"
Visual C++ 8.0 Runtime Setup Package (x64)-->MsiExec.exe /I{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}
VLC media player 0.9.9-->C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe
VobSub v2.23 (Remove Only)-->"C:\Program Files (x86)\Gabest\VobSub\uninstall.exe"
Windows 7 Upgrade Advisor Beta-->MsiExec.exe /I{4394DC3A-5DAC-4C80-A86E-FF462D0AD653}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{9EC9D0F4-30DA-40D9-9187-4F8E8054D482}
Windows Live Mail-->MsiExec.exe /I{D9774586-F0BF-462E-94B3-054A2D860475}
Windows Live Messenger-->MsiExec.exe /X{3DB32E25-391D-4151-B683-52F466EB95DE}
Windows Live Movie Maker Beta-->MsiExec.exe /X{521438C4-056C-4ACD-AD80-237AD77B12F3}
Windows Live OneCare safety scanner-->"C:\Program Files (x86)\Windows Live Safety Center\UnInstall.exe"
Windows Live OneCare safety scanner-->MsiExec.exe /X{FE0646A7-19D0-41B4-A2BB-2C35D644270D}
Windows Live Sync-->MsiExec.exe /X{7CEBA0CA-27CD-4D76-BF4D-B0131EA12C61}
Windows Live Toolbar-->MsiExec.exe /X{14001B93-0C6F-4353-8A10-BE96EE174E17}
Windows Live Writer-->MsiExec.exe /X{9D492015-8B58-4EEB-87B3-D2F82AD092A1}
WinRAR 3.80 – Εφαρμογή συμπίεσης και διαχείρισης συμπιεσμένων αρχείων-->C:\Program Files (x86)\WinRAR\uninstall.exe
xNeat Application Builder-->C:\Program Files (x86)\xNeat Application Builder\uninstall.exe
Βοηθός εισόδου του Windows Live-->MsiExec.exe /I{1A08F24B-CA66-4BA9-9933-A9D20A66E8D8}
Ενημερωμένη έκδοση Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0408-0000-0000000FF1CE} /uninstall {08A4BDB3-7A63-4F59-B9FA-EE80ADE88DC2}
Ενημερωμένη έκδοση Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0408-0000-0000000FF1CE} /uninstall {C52A655D-F8AE-485D-908D-62CEC754B6A4}
Ενημερωμένη έκδοση Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0408-0000-0000000FF1CE} /uninstall {054186C0-F351-472E-84E8-D5E16FA08241}
Εργαλείο αποστολής του Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Πολυλεξικό Magenta-->"C:\Windows\Πολυλεξικό Magenta\uninstall.exe" "/U:C:\Program Files (x86)\Πολυλεξικό Magenta\Uninstall\uninstall.xml"
Συλλογή φωτογραφιών του Windows Live-->MsiExec.exe /X{BD642C49-D86F-4871-848E-C4F97BC3A2A9}
======Security center information======
AS: Windows Defender
======System event log======
Computer Name: PLATONAS
Event Code: 7036
Message: Η υπηρεσία Windows Modules Installer έχει μεταβεί σε κατάσταση stopped.
Record Number: 37000
Source Name: Service Control Manager
Time Written: 20090612082642.000000-000
Event Type: Πληροφορίες (Information)
User:
Computer Name: PLATONAS
Event Code: 7036
Message: Η υπηρεσία WinHTTP Web Proxy Auto-Discovery Service έχει μεταβεί σε κατάσταση stopped.
Record Number: 37001
Source Name: Service Control Manager
Time Written: 20090612083245.000000-000
Event Type: Πληροφορίες (Information)
User:
Computer Name: PLATONAS
Event Code: 6013
Message: Ο χρόνος λειτουργίας του συστήματος είναι 92031 δευτερόλεπτα (System Working Time is 92031 Seconds).
Record Number: 37002
Source Name: EventLog
Time Written: 20090612090047.000000-000
Event Type: Πληροφορίες (Information)
User:
Computer Name: PLATONAS
Event Code: 7036
Message: Η υπηρεσία Windows CardSpace έχει μεταβεί σε κατάσταση running.
Record Number: 37003
Source Name: Service Control Manager
Time Written: 20090612120638.000000-000
Event Type: Πληροφορίες (Information)
User:
Computer Name: PLATONAS
Event Code: 7036
Message: Η υπηρεσία Windows CardSpace έχει μεταβεί σε κατάσταση stopped.
Record Number: 37004
Source Name: Service Control Manager
Time Written: 20090612130636.000000-000
Event Type: Πληροφορίες (Information)
User:
=====Application event log=====
Computer Name: PLATONAS
Event Code: 3013
Message: The entry <C:\USERS\PLATO\.HOUSECALL6.6\AU_LOG\TEMPSAVE\4020_4956\2\4\BPMNT.DLL> in the hash map cannot be updated.
Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
Record Number: 6860
Source Name: Microsoft-Windows-Search
Time Written: 20090611222808.000000-000
Event Type: Σφάλμα (Error)
User:
Computer Name: PLATONAS
Event Code: 1015
Message: Event ID 3013 for the Windows Search Service has been suppressed 52 time(s) since 1:28:10 πμ. This event is used to suppress Windows Search Service events that have occurred frequently within a short period of time. See Event ID 3013 for further details on this event.
Record Number: 6861
Source Name: Microsoft-Windows-Search
Time Written: 20090611225759.000000-000
Event Type: Προειδοποίηση (Warning)
User:
Computer Name: PLATONAS
Event Code: 0
Again some things especially at info.txt are in Greek and so I translated some of them for you to understand. For example Πληροφορίες = Information , Προειδοποίηση = Warning , Σφάλμα = Error etc... I also found from these logs some suspicious to me files like autorun.exe , check them please you too so that I know... :red:
Delete this folder:
C:\Users\PLATO\AppData\Roaming\uTorrent
Empty Recycle Bin.
Please go to Kaspersky website (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) and perform an online antivirus scan.
Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply along with a fresh HijackThis log.
plutomaniac
2009-06-13, 21:45
actually I have already done this two days before and it didn't find anything but I'll do it again and tell you If it found anything!:bigthumb:
OK, post back afterwards :)
plutomaniac
2009-06-14, 12:05
hi shaba,
I did what you told me and I'm clean according to KASPERSKY ONLINE SCANNER 7.0. The report is attached in this post. Now...what can I do? Maybe we should start checking the logs because the antiviruses don't find anything...;)
Well do you have any issues left?
plutomaniac
2009-06-14, 13:47
no but I think there are some strange things that need checking. Look at the log - this is the latest:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:12:12 μμ, on 14/6/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Βοηθός εισόδου του Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O8 - Extra context menu item: E&ξαγωγή στο Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Προσθήκη στο ιστολόγιο - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Προσθήκη στο ιστολόγιο στο Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Αποστολή στο OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Α&ποστολή στο OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone: http://sas.zone.msn.com
O15 - Trusted Zone: www.msn.com
O15 - Trusted Zone: http://zone.msn.com
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Roxio SAIB Service (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269) - Unknown owner - C:\Program Files (x86)\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate1c9b5cf9846a8ea) (gupdate1c9b5cf9846a8ea) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nHancer Support (nHancer) - KSE - Korndorfer Software Engineering - C:\Program Files\nHancer\nHancerService.exe
O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 11 - Sonic Solutions - C:\Program Files (x86)\Roxio Creator 2009 Ultimate\Digital Home 11\RoxioUPnPRenderer11.exe
O23 - Service: Roxio Upnp Server 11 - Sonic Solutions - C:\Program Files (x86)\Roxio Creator 2009 Ultimate\Digital Home 11\RoxioUpnpService11.exe
O23 - Service: LiveShare P2P Server 11 (RoxLiveShare11) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\11.0\SharedCOM\RoxLiveShare11.exe
O23 - Service: RoxMediaDB11 - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe
O23 - Service: Roxio Hard Drive Watcher 11 (RoxWatch11) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatch11.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 8432 bytes
What about these lines:
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O13 - Gopher Prefix:
Also, another person from another site told me to fix everything that says: (file missing) or (no file). Of caurse I didn't do it - I was waiting for you to tell me what to remove and what not to. These lines(do I have to fix them?):
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
Also, there is a file called dllhost.exe at C:\Windows\SysWOW64 and not C:\Windows\System32! I know that SysWOW64 is the Windows x64 System32 folder but is that file good?:confused:
plutomaniac
2009-06-14, 14:02
Also, that may help to find all the viruses. Before I ask for help here I saw at the first-first log I made that there where two links like that:
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - h***://esupport.sony.com/VaioInfo.CAB
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} (Hewlett-Packard Online Support Services) - h***://h20278.www2.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
Now, if you download this files you'll see inside all the viruses I had and removed succesfully. I made http:// to h***:// for security reasons. If you have Windows x32 you can open these rar files using SandBoxie so that you won't get infected at all but these files start when you double-click them so you can just see them - not click them! I have Windows Vista x64 and SandBoxie doesn't work for x64 systems and I don't want to open these cab files again. How do I know that these files contain all the vieuses I had? I downloaded the second one and opened it with WinRar without clicking anything and I saw inside all the viruses I had like: sortcut.exe, devenum.exe and a lot other... If you can open these files and see what they have inside and tell me which files to remove if they still excist at my computer I'll be greatfull!
Sorry for my English by the way - I'm from Greece!:red:
These are all related to vista and legit:
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O13 - Gopher Prefix:
These are leftovers from AVG, can be fixed:
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
As for 023 entries, HijackThis doesn't display them properly due to 64 bit Vista (shown as file missing and not whitelisted like they should). Files are there and they should be left alone.
"Also, there is a file called dllhost.exe at C:\Windows\SysWOW64 and not C:\Windows\System32! I know that SysWOW64 is the Windows x64 System32 folder but is that file good?"
Yes it is.
These are both legit, related to Sony and HP:
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - h***://esupport.sony.com/VaioInfo.CAB
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} (Hewlett-Packard Online Support Services) - h***://h20278.www2.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
plutomaniac
2009-06-14, 17:37
but I downloaded again after I had the viruses this file:
h***://h20278.www2.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
and there where inside viruses like sortcut.exe etc... This h20278.www2.hp.com could be a fake hp site that looks excactly like the original for people to download and install viruses! The one problem I had noticed while these files where active and running was that I couln't log in to Windows Live Messenger 9 at all. After the deletion and cleanup of these files I could log-in again so these files are not clean and legit Sony or HP files!:)
I also found a file mdm.exe running outside the Windows folder or System32/SysWOW64 from a directory C:\Program Files (x86)\Common Files\Microsoft shared\VHGSJF(or sth like that) by viewing the running processes from COMODO Firewall and I deleted the whole folder because according to Prevx that file was a virus especially because it was out of Windows folder!:rolleyes:
My current protection now is:
Eset Nod32 4 for Anti-Virus and Anti-Spyware *****
Comodo Firewall Free for Firewall Protection(Only Firewall) *****
Windows Defender for Anti-Spyware which is part of Windows Vista ****
AVG LinkScanner 8.5 for Browser Protection (Toolbar + Safe Search) ***
PC Tools Browser Defender for Browser Protection (Safe Search) **
Microsoft Windows Vista Firewall for Basic Firewall Protection *
Also tashi told me to tell you that I run both COMODO and Windows Firewall at the same time and till now they don't have any problem running together! What's your opinion?:police:
"but I downloaded again after I had the viruses this file:
h***://h20278.www2.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
and there where inside viruses like sortcut.exe etc... This h20278.www2.hp.com could be a fake hp site that looks excactly like the original for people to download and install viruses! The one problem I had noticed while these files where active and running was that I couln't log in to Windows Live Messenger 9 at all. After the deletion and cleanup of these files I could log-in again so these files are not clean and legit Sony or HP files!"
No, those are legit HP and Sony files :) Both are in hp.com and sony.com subdomain so they are legit.
Here (http://www.systemlookup.com/search.php?type=clsid&search=1851174C-97BD-4217-A0CC-E908F60D5B7A) and here (http://www.systemlookup.com/search.php?type=clsid&search=02CF1781-EA91-4FA5-A200-646E8241987C) are some good information for you.
"Also tashi told me to tell you that I run both COMODO and Windows Firewall at the same time and till now they don't have any problem running together! What's your opinion?"
Well it is a different thing running windows own firewall and third-party firewall than 2 third-party firewalls but that is not recommendable.
plutomaniac
2009-06-14, 18:23
ok, you conviced me with Sony and HP...what can i say...
Anyway, thank you very much for helping me out. I thnk now I'm...clean and happy! This is the final-final log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:22:31 μμ, on 14/6/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\AVG\AVGLS\avgtray.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVGLS\Toolbar\IEToolbar.dll
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\Browser Defender\PCTBrowserDefender.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVGLS\avgssie.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Βοηθός εισόδου του Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVGLS\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVGLS\Toolbar\IEToolbar.dll
O3 - Toolbar: Browser Defender Toolbar - {23B0D39A-E245-41B7-BF86-1238CF62625E} - C:\Program Files (x86)\Browser Defender\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~2\AVG\AVGLS\avgtray.exe
O8 - Extra context menu item: E&ξαγωγή στο Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Προσθήκη στο ιστολόγιο - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Προσθήκη στο ιστολόγιο στο Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Αποστολή στο OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Α&ποστολή στο OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone: http://sas.zone.msn.com
O15 - Trusted Zone: www.msn.com
O15 - Trusted Zone: http://zone.msn.com
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVGLS\avgpp.dll
O23 - Service: Roxio SAIB Service (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269) - Unknown owner - C:\Program Files (x86)\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AVG LinkScanner® WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~2\AVG\AVGLS\avgwdsvc.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files (x86)\Browser Defender\BDTUpdateService.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate1c9b5cf9846a8ea) (gupdate1c9b5cf9846a8ea) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Machine Debug Manager (MDM) - Unknown owner - C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nHancer Support (nHancer) - KSE - Korndorfer Software Engineering - C:\Program Files\nHancer\nHancerService.exe
O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 11 - Sonic Solutions - C:\Program Files (x86)\Roxio Creator 2009 Ultimate\Digital Home 11\RoxioUPnPRenderer11.exe
O23 - Service: Roxio Upnp Server 11 - Sonic Solutions - C:\Program Files (x86)\Roxio Creator 2009 Ultimate\Digital Home 11\RoxioUpnpService11.exe
O23 - Service: LiveShare P2P Server 11 (RoxLiveShare11) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\11.0\SharedCOM\RoxLiveShare11.exe
O23 - Service: RoxMediaDB11 - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe
O23 - Service: Roxio Hard Drive Watcher 11 (RoxWatch11) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatch11.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 9786 bytes
HAVE A NICE DAY!!!:santa::cool::rolleyes::eek::):santa::red::clown::p:
Good :)
See below for my tips:
Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
Next we remove all used tools.
Please download OTCleanIt (http://oldtimer.geekstogo.com/OTC.exe) and save it to desktop.
Double-click OTC.exe.
Click the CleanUp! button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.
Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
Update your AntiVirus Software and keep your other programs up-to-date
Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector (http://secunia.com/software_inspector/)
F-secure Health Check (http://www.f-secure.com/weblog/archives/00001356.html)
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com (http://www.windowsupdate.com) regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Install Malwarebytes' Anti-Malware - Malwarebytes''Anti-Malware is a new and powerful anti-malware tool. It is
totally free but for real-time protection you will have to pay a small one-time fee. Tutorial on installing & using this product can be found below:
Malwarebytes' Anti-Malware Setup Guide (http://www.lognrock.com/forum/index.php?showtopic=6926)
Malwarebytes' Anti-Malware Scanning Guide (http://www.lognrock.com/forum/index.php?showtopic=6913)
Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
A tutorial on installing & using this product can be found here:
Using SpywareBlaster to protect your computer from Spyware and Malware (http://www.bleepingcomputer.com/tutorials/tutorial49.html)
Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.
Here are some additional utilities that will enhance your safety
MVPS Hosts file (http://mvps.org/winhelp2002/hosts.htm) <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
Winpatrol (http://www.winpatrol.com/) <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
Using Winpatrol to protect your computer from malicious software (http://www.winpatrol.com/features.html)
Stand Up and Be Counted ---> Malware Complaints (http://www.malwarecomplaints.info/index.php) <--- where you can make difference!
The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.
Happy surfing and stay clean! :bigthumb:
plutomaniac
2009-06-14, 20:40
I did everything you told me at the above post - that was perfect! I liked a lot the Hosts file protection, SpywareBlaster, Secunia Software Inspector (http://secunia.com/software_inspector/)! Thank you ver much. I installed all these programs, disabled them from running at startup(only when I need them) and now I'll check for Windows Updates, Clean my pc with CCleaner and other software... I'll reboot and I'll have a very nicely and beatifully protected and healthy system thanks to you!:thanks:
plutomaniac
2009-06-14, 20:43
oh and something else, for my cookies and websites to be protected with SpywareBlaster does it have to run at system startup? (I don't think so since it doesn't have such an option ans I can't see any run coomands with CCleaner concerning this program):confused:
plutomaniac
2009-06-15, 10:41
I scanned my system with all the anti-viruses etc and Malwarebytes found an infection in registry at this key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
I deleted it with Malwarebytes and now at the log file it says:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully
Hope I did the right thing...:cowboy:
Those can be also set by you so not necessarily anything bad :)
Due to the lack of feedback this Topic is closed.
If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than four days since your last response and you need the thread re-opened, please send a private message (pm). A valid, working link to the closed topic is required.
Everyone else please begin a New Topic.