Virtumonde help please...

[fatmama]

hi i need help with virtumonde

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, June 04, 2008 2:37:03 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 3/06/2008
Kaspersky Anti-Virus database records: 826461
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 118166
Number of viruses found: 33
Number of infected objects: 70
Number of suspicious objects: 0
Duration of the scan process: 01:53:55

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\sentinel\2.1\gwhashs.dat Object is locked skipped
C:\Documents and Settings\gido\Application Data\Mozilla\Firefox\Profiles\r3s0fnmq.default\cert8.db Object is locked skipped
C:\Documents and Settings\gido\Application Data\Mozilla\Firefox\Profiles\r3s0fnmq.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\gido\Application Data\Mozilla\Firefox\Profiles\r3s0fnmq.default\history.dat Object is locked skipped
C:\Documents and Settings\gido\Application Data\Mozilla\Firefox\Profiles\r3s0fnmq.default\key3.db Object is locked skipped
C:\Documents and Settings\gido\Application Data\Mozilla\Firefox\Profiles\r3s0fnmq.default\search.sqlite Object is locked skipped
C:\Documents and Settings\gido\Application Data\Mozilla\Firefox\Profiles\r3s0fnmq.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\gido\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\gido\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\gido\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\gido\Local Settings\Application Data\Mozilla\Firefox\Profiles\r3s0fnmq.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\gido\Local Settings\Application Data\Mozilla\Firefox\Profiles\r3s0fnmq.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\gido\Local Settings\Application Data\Mozilla\Firefox\Profiles\r3s0fnmq.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\gido\Local Settings\Application Data\Mozilla\Firefox\Profiles\r3s0fnmq.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\gido\Local Settings\Application Data\Mozilla\Firefox\Profiles\r3s0fnmq.default\XUL.mfl Object is locked skipped
C:\Documents and Settings\gido\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\gido\Local Settings\History\History.IE5\MSHist012008060420080605\index.dat Object is locked skipped
C:\Documents and Settings\gido\Local Settings\Temporary Internet files\Content.IE5\90PD1818\installer_gr[1].exe Object is locked skipped
C:\Documents and Settings\gido\Local Settings\Temporary Internet files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\gido\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\gido\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\gido\Τα έγγραφά μου\TORRENT\Nero 9 ULTRA EDITION + SERIALS (FULL WORKING)\Nero 9 Ultra.exe/data0000.cab/NERO9U~1.EXE/Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
C:\Documents and Settings\gido\Τα έγγραφά μου\TORRENT\Nero 9 ULTRA EDITION + SERIALS (FULL WORKING)\Nero 9 Ultra.exe/data0000.cab/NERO9U~1.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
C:\Documents and Settings\gido\Τα έγγραφά μου\TORRENT\Nero 9 ULTRA EDITION + SERIALS (FULL WORKING)\Nero 9 Ultra.exe/data0000.cab Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
C:\Documents and Settings\gido\Τα έγγραφά μου\TORRENT\Nero 9 ULTRA EDITION + SERIALS (FULL WORKING)\Nero 9 Ultra.exe Rsrc-Package: infected - 3 skipped
C:\Documents and Settings\gido\Τα έγγραφά μου\TORRENT\RapidShare_Download_Direct pro + crack\setup\dldsetup.exe/data0000.cab/UNINST~1.EXE Infected: not-a-virus:AdWare.Win32.Virtumonde.rji skipped
C:\Documents and Settings\gido\Τα έγγραφά μου\TORRENT\RapidShare_Download_Direct pro + crack\setup\dldsetup.exe/data0000.cab Infected: not-a-virus:AdWare.Win32.Virtumonde.rji skipped
C:\Documents and Settings\gido\Τα έγγραφά μου\TORRENT\RapidShare_Download_Direct pro + crack\setup\dldsetup.exe Rsrc-Package: infected - 2 skipped
C:\Documents and Settings\gido\Τα έγγραφά μου\TORRENT\torrent rest\CLONECDv5.2.9.1\Slysoft.exe Infected: Backdoor.Win32.Hupigon.cdnk skipped
C:\Documents and Settings\gido\Τα έγγραφά μου\TORRENT\torrent rest\Nero 9 ULTRA EDITION + SERIALS (FULL WORKING)\Nero 9 Ultra.exe/data0000.cab/NERO9U~1.EXE/Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
C:\Documents and Settings\gido\Τα έγγραφά μου\TORRENT\torrent rest\Nero 9 ULTRA EDITION + SERIALS (FULL WORKING)\Nero 9 Ultra.exe/data0000.cab/NERO9U~1.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
C:\Documents and Settings\gido\Τα έγγραφά μου\TORRENT\torrent rest\Nero 9 ULTRA EDITION + SERIALS (FULL WORKING)\Nero 9 Ultra.exe/data0000.cab Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
C:\Documents and Settings\gido\Τα έγγραφά μου\TORRENT\torrent rest\Nero 9 ULTRA EDITION + SERIALS (FULL WORKING)\Nero 9 Ultra.exe Rsrc-Package: infected - 3 skipped
C:\Documents and Settings\gido\Τα έγγραφά μου\TORRENT\torrent rest\RapidShare_Download_Direct pro + crack\setup\dldsetup.exe/data0000.cab/UNINST~1.EXE Infected: not-a-virus:AdWare.Win32.Virtumonde.rji skipped
C:\Documents and Settings\gido\Τα έγγραφά μου\TORRENT\torrent rest\RapidShare_Download_Direct pro + crack\setup\dldsetup.exe/data0000.cab Infected: not-a-virus:AdWare.Win32.Virtumonde.rji skipped
C:\Documents and Settings\gido\Τα έγγραφά μου\TORRENT\torrent rest\RapidShare_Download_Direct pro + crack\setup\dldsetup.exe Rsrc-Package: infected - 2 skipped
C:\Documents and Settings\gido\Τα έγγραφά μου\TORRENT\torrent rest\RapidShare_Download_Direct pro + crack.rar/RapidShare_Download_Direct pro + crack/setup/dldsetup.exe/data0000.cab/UNINST~1.EXE Infected: not-a-virus:AdWare.Win32.Virtumonde.rji skipped
C:\Documents and Settings\gido\Τα έγγραφά μου\TORRENT\torrent rest\RapidShare_Download_Direct pro + crack.rar/RapidShare_Download_Direct pro + crack/setup/dldsetup.exe/data0000.cab Infected: not-a-virus:AdWare.Win32.Virtumonde.rji skipped
C:\Documents and Settings\gido\Τα έγγραφά μου\TORRENT\torrent rest\RapidShare_Download_Direct pro + crack.rar/RapidShare_Download_Direct pro + crack/setup/dldsetup.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.rji skipped
C:\Documents and Settings\gido\Τα έγγραφά μου\TORRENT\torrent rest\RapidShare_Download_Direct pro + crack.rar RAR: infected - 3 skipped
C:\Documents and Settings\gido\Τα έγγραφά μου\Ληφθέντα αρχεία\Internet TV\TVUPlayer2.3.3beta2.exe/data0017 Infected: Trojan.Win32.Agent.qwt skipped
C:\Documents and Settings\gido\Τα έγγραφά μου\Ληφθέντα αρχεία\Internet TV\TVUPlayer2.3.3beta2.exe NSIS: infected - 1 skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Panda Security\Panda Internet Security 2008\AntiSpam\MshConf\scoffset.bin.incr Object is locked skipped
C:\Program Files\Panda Security\Panda Internet Security 2008\f4d4851e8935eebef0f2eb52b3212bc9PSK_NAMES Object is locked skipped
C:\Program Files\Panda Security\Panda Internet Security 2008\f4d4851e8935eebef0f2eb52b3212bc9PSK_NAMES2 Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{70720771-0E60-443A-AAFA-4AF9A4DFD64D}\RP100\A0022160.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.sca skipped
C:\System Volume Information\_restore{70720771-0E60-443A-AAFA-4AF9A4DFD64D}\RP100\A0023165.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.rsp skipped
C:\System Volume Information\_restore{70720771-0E60-443A-AAFA-4AF9A4DFD64D}\RP100\A0023188.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.rsp skipped
C:\System Volume Information\_restore{70720771-0E60-443A-AAFA-4AF9A4DFD64D}\RP100\A0023189.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.trw skipped
C:\System Volume Information\_restore{70720771-0E60-443A-AAFA-4AF9A4DFD64D}\RP101\A0024183.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.srh skipped
C:\System Volume Information\_restore{70720771-0E60-443A-AAFA-4AF9A4DFD64D}\RP102\A0024329.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
C:\System Volume Information\_restore{70720771-0E60-443A-AAFA-4AF9A4DFD64D}\RP103\A0024522.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.syt skipped
C:\System Volume Information\_restore{70720771-0E60-443A-AAFA-4AF9A4DFD64D}\RP105\A0024798.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{70720771-0E60-443A-AAFA-4AF9A4DFD64D}\RP107\A0025939.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.tra skipped
C:\System Volume Information\_restore{70720771-0E60-443A-AAFA-4AF9A4DFD64D}\RP107\A0026084.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.sce skipped
C:\System Volume Information\_restore{70720771-0E60-443A-AAFA-4AF9A4DFD64D}\RP107\A0026146.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.rkm skipped
C:\System Volume Information\_restore{70720771-0E60-443A-AAFA-4AF9A4DFD64D}\RP107\A0026261.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.trp skipped
C:\System Volume Information\_restore{70720771-0E60-443A-AAFA-4AF9A4DFD64D}\RP107\A0026314.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.ec skipped
C:\System Volume Information\_restore{70720771-0E60-443A-AAFA-4AF9A4DFD64D}\RP109\A0026483.dll Infected: Trojan.Win32.Monder.jn skipped
C:\System Volume Information\_restore{70720771-0E60-443A-AAFA-4AF9A4DFD64D}\RP109\A0027519.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.tsk skipped
C:\System Volume Information\_restore{70720771-0E60-443A-AAFA-4AF9A4DFD64D}\RP110\A0028599.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.tsm skipped
C:\System Volume Information\_restore{70720771-0E60-443A-AAFA-4AF9A4DFD64D}\RP110\A0028612.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.ec skipped
C:\System Volume Information\_restore{70720771-0E60-443A-AAFA-4AF9A4DFD64D}\RP110\A0028618.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.vps skipped
C:\System Volume Information\_restore{70720771-0E60-443A-AAFA-4AF9A4DFD64D}\RP110\A0028783.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.vjr skipped
C:\System Volume Information\_restore{70720771-0E60-443A-AAFA-4AF9A4DFD64D}\RP110\A0028784.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.vjr skipped
C:\System Volume Information\_restore{70720771-0E60-443A-AAFA-4AF9A4DFD64D}\RP112\A0029206.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.vqd skipped
C:\System Volume Information\_restore{70720771-0E60-443A-AAFA-4AF9A4DFD64D}\RP113\A0029276.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.vps skipped
C:\System Volume Information\_restore{70720771-0E60-443A-AAFA-4AF9A4DFD64D}\RP114\A0029445.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.wpu skipped
C:\System Volume Information\_restore{70720771-0E60-443A-AAFA-4AF9A4DFD64D}\RP115\change.log Object is locked skipped
C:\System Volume Information\_restore{70720771-0E60-443A-AAFA-4AF9A4DFD64D}\RP60\A0010746.exe Infected: not-a-virus:AdWare.Win32.NaviPromo.ec skipped
C:\System Volume Information\_restore{70720771-0E60-443A-AAFA-4AF9A4DFD64D}\RP60\A0010747.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.ec skipped
C:\System Volume Information\_restore{70720771-0E60-443A-AAFA-4AF9A4DFD64D}\RP61\A0010792.exe/data0017 Infected: Trojan.Win32.Agent.qwt skipped
C:\System Volume Information\_restore{70720771-0E60-443A-AAFA-4AF9A4DFD64D}\RP61\A0010792.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{70720771-0E60-443A-AAFA-4AF9A4DFD64D}\RP64\A0011071.dll Infected: Trojan.Win32.Agent.qwt skipped
C:\System Volume Information\_restore{70720771-0E60-443A-AAFA-4AF9A4DFD64D}\RP70\A0015913.exe Infected: Trojan.Win32.Obfuscated.aqn skipped
C:\System Volume Information\_restore{70720771-0E60-443A-AAFA-4AF9A4DFD64D}\RP71\A0017207.exe/data0017 Infected: Trojan.Win32.Agent.qwt skipped
C:\System Volume Information\_restore{70720771-0E60-443A-AAFA-4AF9A4DFD64D}\RP71\A0017207.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{70720771-0E60-443A-AAFA-4AF9A4DFD64D}\RP80\A0018079.exe Infected: Backdoor.Win32.Hupigon.cdnk skipped
C:\System Volume Information\_restore{70720771-0E60-443A-AAFA-4AF9A4DFD64D}\RP80\A0018081.exe/data0000.cab/NERO9U~1.EXE/Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
C:\System Volume Information\_restore{70720771-0E60-443A-AAFA-4AF9A4DFD64D}\RP80\A0018081.exe/data0000.cab/NERO9U~1.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
C:\System Volume Information\_restore{70720771-0E60-443A-AAFA-4AF9A4DFD64D}\RP80\A0018081.exe/data0000.cab Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
C:\System Volume Information\_restore{70720771-0E60-443A-AAFA-4AF9A4DFD64D}\RP80\A0018081.exe Rsrc-Package: infected - 3 skipped
C:\System Volume Information\_restore{70720771-0E60-443A-AAFA-4AF9A4DFD64D}\RP97\A0021752.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.rqy skipped
C:\System Volume Information\_restore{70720771-0E60-443A-AAFA-4AF9A4DFD64D}\RP97\A0021777.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.trg skipped
C:\System Volume Information\_restore{70720771-0E60-443A-AAFA-4AF9A4DFD64D}\RP98\A0022049.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.trg skipped
C:\System Volume Information\_restore{70720771-0E60-443A-AAFA-4AF9A4DFD64D}\RP99\A0022109.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.sbz skipped
C:\System Volume Information\_restore{70720771-0E60-443A-AAFA-4AF9A4DFD64D}\RP99\A0022137.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.sby skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\S3EED914A.tmp Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\arqpwvyp.dll Object is locked skipped
C:\WINDOWS\system32\axutogcf.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.vqh skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped
C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\deytfypy.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.wpu skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\gktgiajq.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.rqz skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\lwoggatw.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.tro skipped
C:\WINDOWS\system32\sssnuvkw.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.rkn skipped
C:\WINDOWS\system32\svdhost.exe Infected: Net-Worm.Win32.Kolab.ws skipped
C:\WINDOWS\system32\tthxekms.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.wpv skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\wvokwjas.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.wpv skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:53:19 μμ, on 5/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\TPSrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\PsCtrls.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\pavsrv51.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\AVENGINE.EXE
C:\Program Files\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe
c:\program files\panda security\panda internet security 2008\firewall\PSHOST.EXE
C:\Program Files\Panda Security\Panda Internet Security 2008\PsImSvc.exe
C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business XII.SP2\RpcAgentSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rmctrl.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Panda Security\Panda Internet Security 2008\APVXDWIN.EXE
C:\WINDOWS\system32\svdhost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CleanMyPC\Registry Cleaner\RCHelper.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\SRVLOAD.EXE
C:\Program Files\Panda Security\Panda Internet Security 2008\WebProxy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\PavBckPT.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Συνδέσεις
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\system32\rmctrl.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Internet Security 2008\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Security\Panda Internet Security 2008\Inicio.exe"
O4 - HKLM\..\Run: [Windows Sound] svdhost.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [b41cca23] rundll32.exe "C:\WINDOWS\system32\pwfiidao.dll",b
O4 - HKLM\..\Run: [BMb72ff9bf] Rundll32.exe "C:\WINDOWS\system32\icpdgcoe.dll",s
O4 - HKLM\..\RunServices: [Windows Sound] svdhost.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Registry Cleaner Scheduler] "C:\Program Files\CleanMyPC\Registry Cleaner\RCHelper.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [bifmi] c:\documents and settings\gido\local settings\application data\bifmi.exe bifmi
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Θύρα Symantec Fax Starter Edition.lnk = C:\Program Files\Microsoft Office\Office\1032\OLFSNT40.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Mahjong Escape - Ancient Japan\Images\stg_drm.ocx
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Mahjong Escape - Ancient Japan\Images\armhelper.ocx
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\pavsrv51.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe
O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda security\panda internet security 2008\firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\PsImSvc.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business XII.SP2\RpcAgentSrv.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\TPSrv.exe

--
End of file - 8882 bytes

[steamwiz]

Hi

Download Deckard's System

Scanner (formerly Comboscan) to your Desktop.

1. Close all applications and windows.
2. Double-click on comboscan.exe to run it, and follow the prompts.
3. When the scan is complete, a text file will open - ComboScan.txt
4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of ComboScan.txt in your next reply.
5. A folder, C:\ComboScan, will also open. In it will be another text file, Supplementary.txt.
6. Please copy and paste the contents of Supplementary.txt to your post.

Please remember to post both txt files ...


Note: some firewalls may warn that sigcheck.exe is trying to access the internet - please

ensure that you allow sigcheck.exe permission to do so.

THEN ..

Please Download Malwarebytes' Anti-Malware from Here :-

http://www.majorgeeks.com/Malwarebyt...are_d5756.html

or here :-

http://www.besttechie.net/tools/mbam-setup.exe

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then

click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy and Paste the entire report in your next reply.

steam

[fatmama]

HI!!!!!!
I got so excited when I saw a reply thanks thanks thanks.
I hope this is what you've asked.



Deckard's System Scanner v20071014.68
Run by gido on 2008-06-06 23:10:22
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as gido.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:10:25 μμ, on 6/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\TPSrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\PsCtrls.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\pavsrv51.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe
c:\program files\panda security\panda internet security 2008\firewall\PSHOST.EXE
C:\Program Files\Panda Security\Panda Internet Security 2008\PsImSvc.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\AVENGINE.EXE
C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business XII.SP2\RpcAgentSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\PavBckPT.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\rmctrl.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\svdhost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CleanMyPC\Registry Cleaner\RCHelper.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\gido\Επιφάνεια εργασίας\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\gido.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Συνδέσεις
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {04ADEFB0-0C2F-43F4-8DA8-36AECEC41B9C} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {106BCF01-2EDC-48CF-AA73-81C3C1FD5243} - (no file)
O2 - BHO: (no name) - {14B90970-A9DF-46B0-B48C-138536FC6977} - (no file)
O2 - BHO: (no name) - {1900F706-E761-46ED-9371-FEE65D9C8B3F} - C:\WINDOWS\system32\nnnnMEvW.dll
O2 - BHO: (no name) - {22EEC686-AF64-4F12-B098-DC163EC5D745} - (no file)
O2 - BHO: (no name) - {252086E9-8E8E-4796-A85A-6DE548B6F0D5} - (no file)
O2 - BHO: (no name) - {2AA0726C-95B7-4216-AA43-B5BDD524892F} - C:\WINDOWS\system32\fccaYspM.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6584C510-924B-486A-A1A0-E380DE08C2DB} - (no file)
O2 - BHO: (no name) - {68D52A22-B60E-48E3-880B-2E9F00D17A07} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {8DAFE62D-139E-418C-83FA-0B04F29880CE} - (no file)
O2 - BHO: (no name) - {9DA49EB1-EE5E-474B-A2D6-F0965F750700} - (no file)
O2 - BHO: (no name) - {9E4D38EF-17A4-4DFD-8A35-49251DB041AE} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {B629042C-AA98-4258-8C45-7E3308009FAC} - (no file)
O2 - BHO: (no name) - {B894FDFF-1C04-46E5-9581-CD5A97F5193B} - (no file)
O2 - BHO: (no name) - {C1C43F4B-9384-4DA6-9CC5-E1EB24C8546D} - C:\WINDOWS\system32\nnnoNdET.dll (file missing)
O2 - BHO: (no name) - {C949E37D-E55C-4BD8-8461-9C800C25CBE3} - (no file)
O2 - BHO: (no name) - {D701188A-47F3-4DC4-9840-2F5F91374B67} - (no file)
O2 - BHO: (no name) - {E22FAC81-F237-4C4F-A80A-A75D1ADCBBAD} - (no file)
O2 - BHO: (no name) - {ECC96ACA-7337-4462-8A71-97EF52ED6013} - (no file)
O2 - BHO: (no name) - {FFAAEF6A-BA13-4AFA-A8D5-D30446967D4B} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\system32\rmctrl.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Internet Security 2008\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Security\Panda Internet Security 2008\Inicio.exe"
O4 - HKLM\..\Run: [Windows Sound] svdhost.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [b41cca23] rundll32.exe "C:\WINDOWS\system32\tjdxpqsy.dll",b
O4 - HKLM\..\Run: [BMb72ff9bf] Rundll32.exe "C:\WINDOWS\system32\ulxkoijm.dll",s
O4 - HKLM\..\RunServices: [Windows Sound] svdhost.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Registry Cleaner Scheduler] "C:\Program Files\CleanMyPC\Registry Cleaner\RCHelper.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [bifmi] c:\documents and settings\gido\local settings\application data\bifmi.exe bifmi
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Θύρα Symantec Fax Starter Edition.lnk = C:\Program Files\Microsoft Office\Office\1032\OLFSNT40.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
O20 - Winlogon Notify: fccaYspM - C:\WINDOWS\SYSTEM32\fccaYspM.dll
O20 - Winlogon Notify: tuvVNGWQ - C:\WINDOWS\
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\pavsrv51.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe
O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda security\panda internet security 2008\firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\PsImSvc.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business XII.SP2\RpcAgentSrv.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\TPSrv.exe

--
End of file - 9966 bytes

-- Files created between 2008-05-06 and 2008-06-06 -----------------------------

2008-06-06 17:45:11 118272 --a------ C:\WINDOWS\system32\tjdxpqsy.dll
2008-06-06 17:42:15 325 --a------ C:\WINDOWS\system32\mbcufwvs.exe
2008-06-06 17:39:53 127488 --a------ C:\WINDOWS\system32\ulxkoijm.dll
2008-06-06 17:39:10 378937 --ahs---- C:\WINDOWS\system32\WvEMnnnn.ini2
2008-06-06 17:39:08 373760 --a------ C:\WINDOWS\system32\nnnnMEvW.dll
2008-06-06 17:31:15 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-06-06 17:08:01 0 d-------- C:\WINDOWS\CSC
2008-06-06 17:04:48 0 d-------- C:\Documents and Settings\Administrator\Τα έγγραφά μου
2008-06-06 17:04:48 0 d-------- C:\Documents and Settings\Administrator\Επιφάνεια εργασίας
2008-06-06 17:04:48 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-06-06 17:04:48 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-06-06 17:04:48 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-06-06 17:04:48 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-06-06 17:04:48 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-06-06 17:04:48 2097152 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-06-06 17:04:48 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-06-06 17:04:48 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-06-06 17:04:48 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-06-06 17:04:48 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-06-06 17:04:48 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-06-06 17:04:48 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-06-06 16:06:08 125440 --a------ C:\WINDOWS\system32\qyiufbyx.dll
2008-06-06 16:05:24 380471 --ahs---- C:\WINDOWS\system32\vDdMlnpo.ini2
2008-06-06 01:25:04 0 d-------- C:\Program Files\Real
2008-06-05 20:51:17 0 d-------- C:\Program Files\Trend Micro
2008-06-05 16:12:34 325 --a------ C:\WINDOWS\system32\sboqakfn.exe
2008-06-05 16:09:35 147456 --a------ C:\WINDOWS\system32\quljbygi.dll
2008-06-05 16:04:43 156160 --a------ C:\WINDOWS\system32\icpdgcoe.dll
2008-06-04 01:47:55 325 --a------ C:\WINDOWS\system32\kucixgft.exe
2008-06-04 01:38:57 125952 --a------ C:\WINDOWS\system32\ytpediwc.dll
2008-06-03 23:10:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-06-03 23:10:40 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-06-03 01:40:16 325 --a------ C:\WINDOWS\system32\klwhylxd.exe
2008-06-03 01:37:04 418529 --ahs---- C:\WINDOWS\system32\TEdNonnn.ini2
2008-06-02 23:42:10 325 --a------ C:\WINDOWS\system32\jnmoyvvy.exe
2008-06-02 23:41:29 373040 --ahs---- C:\WINDOWS\system32\kUxGOqss.ini2
2008-06-02 20:51:43 325 --a------ C:\WINDOWS\system32\gcfiderm.exe
2008-06-02 20:45:45 125952 --a------ C:\WINDOWS\system32\relbewta.dll
2008-06-01 20:47:24 325 --a------ C:\WINDOWS\system32\dtyltpeg.exe
2008-06-01 20:45:09 126464 --a------ C:\WINDOWS\system32\wvokwjas.dll
2008-06-01 20:44:22 381900 --ahs---- C:\WINDOWS\system32\QpAIOqss.ini2
2008-06-01 11:22:50 114176 --a------ C:\WINDOWS\system32\deytfypy.dll
2008-06-01 11:19:50 325 --a------ C:\WINDOWS\system32\sdgusoih.exe
2008-06-01 11:14:46 126464 --a------ C:\WINDOWS\system32\tthxekms.dll
2008-05-30 08:28:17 325 --a------ C:\WINDOWS\system32\modblgnm.exe
2008-05-29 22:22:58 0 d-------- C:\WINDOWS\pss
2008-05-29 02:19:54 325 --a------ C:\WINDOWS\system32\xjapdrvj.exe
2008-05-28 17:10:22 0 d-------- C:\WINDOWS\Supermarket Mania
2008-05-28 02:19:52 325 --a------ C:\WINDOWS\system32\qnvhqjjs.exe
2008-05-28 02:10:48 246162 --ahs---- C:\WINDOWS\system32\kknUvGgh.ini2
2008-05-27 23:48:47 283735 --ahs---- C:\WINDOWS\system32\xxwHNXbc.ini2
2008-05-27 17:53:56 115712 --a------ C:\WINDOWS\system32\sljkvqww.dll
2008-05-27 17:50:55 302202 --ahs---- C:\WINDOWS\system32\RsBbaGgh.ini2
2008-05-25 13:38:59 0 d-------- C:\Documents and Settings\gido\Application Data\Media Player Classic
2008-05-25 12:14:17 369445 --ahs---- C:\WINDOWS\system32\MTwvvGgh.ini2
2008-05-24 22:21:34 217088 --a------ C:\WINDOWS\system32\yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec>
2008-05-24 22:21:33 159839 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-05-24 22:21:33 755027 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-05-24 22:21:33 682496 --a------ C:\WINDOWS\system32\divx.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-24 22:21:32 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-05-24 22:21:31 0 d-------- C:\Program Files\K-Lite Codec Pack
2008-05-24 19:46:04 126464 --a------ C:\WINDOWS\system32\lwoggatw.dll
2008-05-24 11:25:57 57344 --a------ C:\WINDOWS\system32\qoMcaAQG.dll
2008-05-24 01:29:32 0 d--h----- C:\WINDOWS\PIF
2008-05-24 00:16:56 0 d-------- C:\Program Files\Common Files\PC Tools
2008-05-23 23:59:17 0 d-------- C:\WINDOWS\CD95F661A5C444F5A6AAECDD91C240B6.TMP
2008-05-22 21:22:16 0 d-------- C:\Program Files\Download Direct
2008-05-22 21:21:47 57344 --a------ C:\WINDOWS\system32\qoMdBUMf.dll
2008-05-22 19:45:49 125952 --a------ C:\WINDOWS\system32\kxldceeu.dll
2008-05-21 19:48:10 115200 --a------ C:\WINDOWS\system32\vcqiwdmm.dll
2008-05-18 19:44:56 237 --a------ C:\WINDOWS\system32\itcjqkpc.exe
2008-05-18 00:36:58 0 d-------- C:\Program Files\Gabest
2008-05-18 00:36:31 196608 --a------ C:\WINDOWS\system32\avisynth.dll
2008-05-18 00:35:29 414272 --a------ C:\WINDOWS\system32\DivXc32f.dll <Not Verified; Hacked with Joy !; DivX ;-) MPEG-4 Video Codec>
2008-05-18 00:35:29 414272 --a------ C:\WINDOWS\system32\DivXc32.dll <Not Verified; Hacked with Joy !; DivX ;-) MPEG-4 Video Codec>
2008-05-18 00:35:20 33280 --a------ C:\WINDOWS\system32\HUFFYUV.DLL <Not Verified; Disappearing Inc.; Huffyuv>
2008-05-18 00:35:19 0 d-------- C:\Program Files\GordianKnot
2008-05-17 20:38:01 0 d-------- C:\Documents and Settings\gido\Application Data\LimeWire
2008-05-17 19:48:19 237 --a------ C:\WINDOWS\system32\ddkdsrfa.exe
2008-05-16 22:41:26 0 d-------- C:\Documents and Settings\All Users\Application Data\sentinel
2008-05-16 22:36:06 261 --a------ C:\WINDOWS\system32\PavCPL.dat
2008-05-16 22:35:50 266888 --a------ C:\WINDOWS\system32\drivers\APPFCONT.DAT
2008-05-16 22:35:21 0 d-------- C:\Documents and Settings\All Users\Application Data\Backup
2008-05-16 22:35:03 446464 --a------ C:\WINDOWS\system32\HHActiveX.dll <Not Verified; eHelp Corporation.; RoboHELP HTML 9.2>
2008-05-16 22:34:53 0 d-------- C:\WINDOWS\system32\PAV
2008-05-16 22:32:37 0 d-------- C:\Program Files\Panda Security
2008-05-16 22:21:55 0 d-------- C:\Program Files\Common Files\Panda Software
2008-05-14 19:36:29 0 d-------- C:\Program Files\SiSoftware
2008-05-14 17:39:58 126464 --a------ C:\WINDOWS\system32\gktgiajq.dll
2008-05-13 16:58:47 335 --a------ C:\WINDOWS\mozregistry.dat
2008-05-13 16:26:22 57344 --a------ C:\WINDOWS\system32\tuvUnoOf.dll
2008-05-12 21:28:43 0 d-------- C:\Program Files\CleanMyPC
2008-05-12 17:23:04 0 d-------- C:\Documents and Settings\gido\Application Data\Roxio
2008-05-12 17:10:46 0 d-------- C:\Program Files\Roxio
2008-05-12 16:47:52 0 d-------- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
2008-05-12 16:35:29 125952 --a------ C:\WINDOWS\system32\sssnuvkw.dll
2008-05-11 16:33:42 331040 --ahs---- C:\WINDOWS\system32\BdgQBcdd.ini2
2008-05-11 16:28:35 57344 --a------ C:\WINDOWS\system32\fccaYspM.dll
2008-05-11 15:53:46 0 d-------- C:\WINDOWS\RegisteredPackages
2008-05-11 15:47:32 1 --a------ C:\WINDOWS\system32\sav80231.sys
2008-05-11 15:47:26 2226176 --a------ C:\WINDOWS\system32\3D Solar System.scr
2008-05-11 15:47:26 0 d-------- C:\Program Files\SCREENSAVERS
2008-05-10 22:50:15 0 d-------- C:\Program Files\Activision
2008-05-10 22:03:08 0 d-------- C:\Program Files\Subtitle Workshop
2008-05-10 22:02:27 231936 --a------ C:\WINDOWS\ApophysisScreenSaver.scr
2008-05-10 22:02:27 0 d-------- C:\Program Files\ApophysisScreenSaver
2008-05-08 23:12:36 0 d-------- C:\WINDOWS\OPTIONS
2008-05-06 20:15:34 0 d-------- C:\Program Files\Stardock
2008-05-06 17:44:42 0 d-------- C:\Program Files\dream aquarium


-- Find3M Report ---------------------------------------------------------------

2008-06-06 01:40:59 0 d-------- C:\Documents and Settings\gido\Application Data\uTorrent
2008-06-06 01:24:58 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-06 01:24:38 0 d-------- C:\Program Files\GAMES
2008-06-01 21:23:41 505996 --a------ C:\WINDOWS\system32\perfh008.dat
2008-06-01 21:23:41 85918 --a------ C:\WINDOWS\system32\perfc008.dat
2008-05-24 22:20:01 0 d-------- C:\Program Files\DivX
2008-05-24 00:16:56 0 d-------- C:\Program Files\Common Files
2008-05-21 23:08:27 0 d-------- C:\Program Files\uTorrent
2008-05-18 00:47:26 416304 --a------ C:\WINDOWS\system32\Mpg4c32.dll <Not Verified; Microsoft Corporation; Microsoft MPEG-4 Video Codec>
2008-05-18 00:42:38 0 d-------- C:\Program Files\CDex_170b2
2008-05-17 15:46:32 0 d-------- C:\Program Files\Messenger
2008-05-15 22:36:06 0 d-------- C:\Program Files\tv
2008-05-13 17:27:07 0 d-------- C:\Program Files\Yahoo!
2008-05-13 16:05:31 551936 -rahs---- C:\WINDOWS\system32\svdhost.exe
2008-05-12 17:13:40 0 d-------- C:\Program Files\Common Files\Roxio Shared
2008-05-11 16:52:51 0 d-------- C:\Program Files\EA GAMES
2008-05-11 15:58:13 0 d-------- C:\Program Files\nero6
2008-05-10 22:01:33 0 d-------- C:\Program Files\UTILITIES
2008-05-09 01:29:18 0 d-------- C:\Program Files\Elaborate Bytes
2008-05-08 23:12:36 0 d-------- C:\Program Files\Realtek
2008-05-05 20:59:12 0 d-------- C:\Program Files\Common Files\InstallShield
2008-05-04 23:11:25 0 d-------- C:\Program Files\Common Files\EasyInfo
2008-05-04 12:50:11 204077 --ahs---- C:\WINDOWS\system32\mpYbHRqr.ini2
2008-05-04 03:31:23 0 d-------- C:\Documents and Settings\gido\Application Data\Adobe
2008-05-03 11:49:05 0 d-------- C:\Documents and Settings\gido\Application Data\Talkback
2008-05-03 03:52:51 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-03 03:44:01 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-05-03 03:07:25 0 d-------- C:\Documents and Settings\gido\Application Data\Yahoo!
2008-05-02 22:49:12 0 d-------- C:\Program Files\Common Files\ACD Systems
2008-05-02 17:42:56 0 d-------- C:\Documents and Settings\gido\Application Data\DivX
2008-05-02 15:03:40 139264 --a------ C:\WINDOWS\system32\hpzjrd01.dll <Not Verified; Hewlett Packard; Hewlett Packard Rediscovery Library>
2008-05-02 02:11:07 0 d-------- C:\Program Files\AnvSoft
2008-05-02 01:41:59 0 d-------- C:\Program Files\VirtualDJ
2008-05-01 02:44:48 0 d-------- C:\Program Files\Mahjong Escape - Ancient Japan
2008-05-01 02:44:45 0 d-------- C:\Documents and Settings\gido\Application Data\SpinTop
2008-04-30 22:27:33 0 d-------- C:\Documents and Settings\gido\Application Data\Sun
2008-04-30 22:27:12 0 d-------- C:\Program Files\Java
2008-04-30 22:26:20 0 d-------- C:\Program Files\Common Files\Java
2008-04-30 19:17:51 0 d-------- C:\Documents and Settings\gido\Application Data\.BitTornado
2008-04-28 15:02:31 0 d-------- C:\Documents and Settings\gido\Application Data\TVU Networks
2008-04-28 00:00:31 0 d-------- C:\Program Files\kaspersky
2008-04-27 22:39:06 0 d-------- C:\Program Files\CyberDefender
2008-04-27 22:14:05 0 d-------- C:\Program Files\BitTornado
2008-04-27 19:17:05 0 d-------- C:\Documents and Settings\gido\Application Data\AVG7
2008-04-26 14:54:09 1169 --a------ C:\WINDOWS\mozver.dat
2008-04-26 00:04:15 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-26 00:04:12 0 d-------- C:\Documents and Settings\gido\Application Data\Mozilla
2008-04-25 19:29:01 0 d-------- C:\Program Files\GammonEmpire
2008-04-24 01:03:37 0 d-------- C:\Documents and Settings\gido\Application Data\WinRAR
2008-04-23 23:40:31 0 d-------- C:\Program Files\Plus!
2008-04-23 23:24:53 0 d-------- C:\Program Files\Acez.com Wallpaper
2008-04-23 23:18:54 9728 --a------ C:\WINDOWS\system32\UnInstall A Happy Easter.exe
2008-04-23 23:14:07 0 d-------- C:\Program Files\UselessCreations
2008-04-23 16:36:03 0 d-------- C:\Program Files\obj
2008-04-23 15:40:01 0 d-------- C:\Documents and Settings\gido\Application Data\Google
2008-04-22 21:21:00 0 d-------- C:\Documents and Settings\gido\Application Data\InstallShield
2008-04-22 20:35:07 3531 --a------ C:\Documents and Settings\gido\Application Data\HPCOM_48BitScanUpdate.log
2008-04-22 20:33:59 3596 --a------ C:\Documents and Settings\gido\Application Data\PatchUpdate_IZClosingDiscError.log
2008-04-22 20:33:55 2814 --a------ C:\Documents and Settings\gido\Application Data\PatchUpdate_InstantShareJPG.log
2008-04-22 20:33:49 103761 --a------ C:\Documents and Settings\gido\Application Data\Update_HP_RedboxHprblog_HPSU.log
2008-04-22 20:33:37 349 --a------ C:\Documents and Settings\gido\Application Data\HelpFilesUpdatePatch_PRINTHELPWRAPPER.log
2008-04-22 20:33:35 0 --a------ C:\Documents and Settings\gido\Application Data\HelpFilesUpdatePatch_HELPFILEREPLACE.log
2008-04-22 20:33:32 2382 --a------ C:\Documents and Settings\gido\Application Data\PatchUpdate_HP_ISRegionListUpdatelog_HPSU.log
2008-04-22 20:33:27 110248 --a------ C:\Documents and Settings\gido\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log
2008-04-22 20:33:13 0 d-------- C:\Program Files\HP
2008-04-21 10:47:25 0 d-------- C:\Program Files\Online Services
2008-04-20 01:38:58 21848170 --a------ C:\WINDOWS\85500.exe <Not Verified; ; Application>
2008-04-07 05:12:09 0 dr-h----- C:\Documents and Settings\gido\Application Data\SecuROM
2008-03-21 23:28:54 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{04ADEFB0-0C2F-43F4-8DA8-36AECEC41B9C}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{106BCF01-2EDC-48CF-AA73-81C3C1FD5243}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{14B90970-A9DF-46B0-B48C-138536FC6977}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1900F706-E761-46ED-9371-FEE65D9C8B3F}]
06/06/2008 05:39 ££ 373760 --a------ C:\WINDOWS\system32\nnnnMEvW.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{22EEC686-AF64-4F12-B098-DC163EC5D745}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{252086E9-8E8E-4796-A85A-6DE548B6F0D5}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2AA0726C-95B7-4216-AA43-B5BDD524892F}]
11/05/2008 04:28 ££ 57344 --a------ C:\WINDOWS\system32\fccaYspM.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6584C510-924B-486A-A1A0-E380DE08C2DB}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{68D52A22-B60E-48E3-880B-2E9F00D17A07}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8DAFE62D-139E-418C-83FA-0B04F29880CE}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9DA49EB1-EE5E-474B-A2D6-F0965F750700}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9E4D38EF-17A4-4DFD-8A35-49251DB041AE}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B629042C-AA98-4258-8C45-7E3308009FAC}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B894FDFF-1C04-46E5-9581-CD5A97F5193B}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C1C43F4B-9384-4DA6-9CC5-E1EB24C8546D}]
C:\WINDOWS\system32\nnnoNdET.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C949E37D-E55C-4BD8-8461-9C800C25CBE3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D701188A-47F3-4DC4-9840-2F5F91374B67}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E22FAC81-F237-4C4F-A80A-A75D1ADCBBAD}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ECC96ACA-7337-4462-8A71-97EF52ED6013}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFAAEF6A-BA13-4AFA-A8D5-D30446967D4B}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [05/12/2007 01:41 §£]
"nwiz"="nwiz.exe" [05/12/2007 01:41 §£ C:\WINDOWS\system32\nwiz.exe]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [22/11/2006 04:08 §£]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [06/02/2007 02:52 §£]
"RemoteControl"="C:\WINDOWS\system32\rmctrl.exe" [26/12/2003 01:37 §£]
"RTHDCPL"="RTHDCPL.EXE" [05/07/2007 04:08 ££ C:\WINDOWS\RTHDCPL.exe]
"Alcmtr"="ALCMTR.EXE" [03/05/2005 06:43 ££ C:\WINDOWS\Alcmtr.exe]
"APVXDWIN"="C:\Program Files\Panda Security\Panda Internet Security 2008\APVXDWIN.exe" [23/11/2007 02:33 ££]
"SCANINICIO"="C:\Program Files\Panda Security\Panda Internet Security 2008\Inicio.exe" [11/07/2007 02:17 ££]
"Windows Sound"="svdhost.exe" [13/05/2008 04:05 ££ C:\WINDOWS\system32\svdhost.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [05/12/2007 01:41 §£]
"b41cca23"="C:\WINDOWS\system32\tjdxpqsy.dll" [06/06/2008 05:45 ££]
"BMb72ff9bf"="C:\WINDOWS\system32\ulxkoijm.dll" [06/06/2008 05:39 ££]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04/09/2004 06:45 §£]
"Registry Cleaner Scheduler"="C:\Program Files\CleanMyPC\Registry Cleaner\RCHelper.exe" [02/03/2008 10:18 ££]
"MSMSGS"="C:\Program Files\Messenger\MSMSGS.exe" [14/04/2003 07:30 ££]
"bifmi"="c:\documents and settings\gido\local settings\application data\bifmi.exe" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"Windows Sound"=svdhost.exe

C:\Documents and Settings\All Users\Start Menu\�¨¦š¨α££˜«˜\„΅΅ε¤ž©ž\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [1/1/2008 10:07:17 §£]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [17/2/1999 8:05:56 ££]
‡η¨˜ Symantec Fax Starter Edition.lnk - C:\Program Files\Microsoft Office\Office\1032\OLFSNT40.EXE [9/7/1999 6:42:54 ££]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{2AA0726C-95B7-4216-AA43-B5BDD524892F}"= C:\WINDOWS\system32\fccaYspM.dll [11/05/2008 04:28 ££ 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 15/02/2007 07:02 ££ 50736 C:\WINDOWS\system32\avldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccaYspM]
fccaYspM.dll 11/05/2008 04:28 ££ 57344 C:\WINDOWS\system32\fccaYspM.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvVNGWQ]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\nnnnMEvW

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Προγράμματα^Εκκίνηση^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Προγράμματα\Εκκίνηση\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Προγράμματα^Εκκίνηση^Γρήγορη εκκίνηση HP Image Zone.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Προγράμματα\Εκκίνηση\Γρήγορη εκκίνηση HP Image Zone.lnk
backup=C:\WINDOWS\pss\Γρήγορη εκκίνηση HP Image Zone.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\b41cca23]
rundll32.exe "C:\WINDOWS\system32\elvoulip.dll",b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bifmi]
c:\documents and settings\gido\local settings\application data\bifmi.exe bifmi

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMb72ff9bf]
Rundll32.exe "C:\WINDOWS\system32\kkrylsdr.dll",s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDElbyCDFL]
"C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
"C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\messengerskinner]
C:\Program Files\MessengerSkinner\MessengerSkinner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Updates]
svehost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioAudioCentral]
"C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
"C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]
"C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fa718d5c-aad0-11dc-9245-fd3200b177df}]
AutoRun\command- F:\LaunchU3.exe




-- End of Deckard's System Scanner: finished at 2008-06-06 23:11:18 ------------

[fatmama]

Deckard's System Scanner v20071014.68
Run by gido on 2008-06-06 23:10:22
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as gido.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:10:25 μμ, on 6/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\TPSrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\PsCtrls.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\pavsrv51.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe
c:\program files\panda security\panda internet security 2008\firewall\PSHOST.EXE
C:\Program Files\Panda Security\Panda Internet Security 2008\PsImSvc.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\AVENGINE.EXE
C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business XII.SP2\RpcAgentSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\PavBckPT.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\rmctrl.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\svdhost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CleanMyPC\Registry Cleaner\RCHelper.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\gido\Επιφάνεια εργασίας\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\gido.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Συνδέσεις
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {04ADEFB0-0C2F-43F4-8DA8-36AECEC41B9C} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {106BCF01-2EDC-48CF-AA73-81C3C1FD5243} - (no file)
O2 - BHO: (no name) - {14B90970-A9DF-46B0-B48C-138536FC6977} - (no file)
O2 - BHO: (no name) - {1900F706-E761-46ED-9371-FEE65D9C8B3F} - C:\WINDOWS\system32\nnnnMEvW.dll
O2 - BHO: (no name) - {22EEC686-AF64-4F12-B098-DC163EC5D745} - (no file)
O2 - BHO: (no name) - {252086E9-8E8E-4796-A85A-6DE548B6F0D5} - (no file)
O2 - BHO: (no name) - {2AA0726C-95B7-4216-AA43-B5BDD524892F} - C:\WINDOWS\system32\fccaYspM.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6584C510-924B-486A-A1A0-E380DE08C2DB} - (no file)
O2 - BHO: (no name) - {68D52A22-B60E-48E3-880B-2E9F00D17A07} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {8DAFE62D-139E-418C-83FA-0B04F29880CE} - (no file)
O2 - BHO: (no name) - {9DA49EB1-EE5E-474B-A2D6-F0965F750700} - (no file)
O2 - BHO: (no name) - {9E4D38EF-17A4-4DFD-8A35-49251DB041AE} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {B629042C-AA98-4258-8C45-7E3308009FAC} - (no file)
O2 - BHO: (no name) - {B894FDFF-1C04-46E5-9581-CD5A97F5193B} - (no file)
O2 - BHO: (no name) - {C1C43F4B-9384-4DA6-9CC5-E1EB24C8546D} - C:\WINDOWS\system32\nnnoNdET.dll (file missing)
O2 - BHO: (no name) - {C949E37D-E55C-4BD8-8461-9C800C25CBE3} - (no file)
O2 - BHO: (no name) - {D701188A-47F3-4DC4-9840-2F5F91374B67} - (no file)
O2 - BHO: (no name) - {E22FAC81-F237-4C4F-A80A-A75D1ADCBBAD} - (no file)
O2 - BHO: (no name) - {ECC96ACA-7337-4462-8A71-97EF52ED6013} - (no file)
O2 - BHO: (no name) - {FFAAEF6A-BA13-4AFA-A8D5-D30446967D4B} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\system32\rmctrl.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Internet Security 2008\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Security\Panda Internet Security 2008\Inicio.exe"
O4 - HKLM\..\Run: [Windows Sound] svdhost.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [b41cca23] rundll32.exe "C:\WINDOWS\system32\tjdxpqsy.dll",b
O4 - HKLM\..\Run: [BMb72ff9bf] Rundll32.exe "C:\WINDOWS\system32\ulxkoijm.dll",s
O4 - HKLM\..\RunServices: [Windows Sound] svdhost.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Registry Cleaner Scheduler] "C:\Program Files\CleanMyPC\Registry Cleaner\RCHelper.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [bifmi] c:\documents and settings\gido\local settings\application data\bifmi.exe bifmi
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Θύρα Symantec Fax Starter Edition.lnk = C:\Program Files\Microsoft Office\Office\1032\OLFSNT40.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
O20 - Winlogon Notify: fccaYspM - C:\WINDOWS\SYSTEM32\fccaYspM.dll
O20 - Winlogon Notify: tuvVNGWQ - C:\WINDOWS\
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\pavsrv51.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe
O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda security\panda internet security 2008\firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\PsImSvc.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business XII.SP2\RpcAgentSrv.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\TPSrv.exe

--
End of file - 9966 bytes

-- Files created between 2008-05-06 and 2008-06-06 -----------------------------

2008-06-06 17:45:11 118272 --a------ C:\WINDOWS\system32\tjdxpqsy.dll
2008-06-06 17:42:15 325 --a------ C:\WINDOWS\system32\mbcufwvs.exe
2008-06-06 17:39:53 127488 --a------ C:\WINDOWS\system32\ulxkoijm.dll
2008-06-06 17:39:10 378937 --ahs---- C:\WINDOWS\system32\WvEMnnnn.ini2
2008-06-06 17:39:08 373760 --a------ C:\WINDOWS\system32\nnnnMEvW.dll
2008-06-06 17:31:15 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-06-06 17:08:01 0 d-------- C:\WINDOWS\CSC
2008-06-06 17:04:48 0 d-------- C:\Documents and Settings\Administrator\Τα έγγραφά μου
2008-06-06 17:04:48 0 d-------- C:\Documents and Settings\Administrator\Επιφάνεια εργασίας
2008-06-06 17:04:48 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-06-06 17:04:48 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-06-06 17:04:48 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-06-06 17:04:48 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-06-06 17:04:48 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-06-06 17:04:48 2097152 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-06-06 17:04:48 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-06-06 17:04:48 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-06-06 17:04:48 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-06-06 17:04:48 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-06-06 17:04:48 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-06-06 17:04:48 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-06-06 16:06:08 125440 --a------ C:\WINDOWS\system32\qyiufbyx.dll
2008-06-06 16:05:24 380471 --ahs---- C:\WINDOWS\system32\vDdMlnpo.ini2
2008-06-06 01:25:04 0 d-------- C:\Program Files\Real
2008-06-05 20:51:17 0 d-------- C:\Program Files\Trend Micro
2008-06-05 16:12:34 325 --a------ C:\WINDOWS\system32\sboqakfn.exe
2008-06-05 16:09:35 147456 --a------ C:\WINDOWS\system32\quljbygi.dll
2008-06-05 16:04:43 156160 --a------ C:\WINDOWS\system32\icpdgcoe.dll
2008-06-04 01:47:55 325 --a------ C:\WINDOWS\system32\kucixgft.exe
2008-06-04 01:38:57 125952 --a------ C:\WINDOWS\system32\ytpediwc.dll
2008-06-03 23:10:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-06-03 23:10:40 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-06-03 01:40:16 325 --a------ C:\WINDOWS\system32\klwhylxd.exe
2008-06-03 01:37:04 418529 --ahs---- C:\WINDOWS\system32\TEdNonnn.ini2
2008-06-02 23:42:10 325 --a------ C:\WINDOWS\system32\jnmoyvvy.exe
2008-06-02 23:41:29 373040 --ahs---- C:\WINDOWS\system32\kUxGOqss.ini2
2008-06-02 20:51:43 325 --a------ C:\WINDOWS\system32\gcfiderm.exe
2008-06-02 20:45:45 125952 --a------ C:\WINDOWS\system32\relbewta.dll
2008-06-01 20:47:24 325 --a------ C:\WINDOWS\system32\dtyltpeg.exe
2008-06-01 20:45:09 126464 --a------ C:\WINDOWS\system32\wvokwjas.dll
2008-06-01 20:44:22 381900 --ahs---- C:\WINDOWS\system32\QpAIOqss.ini2
2008-06-01 11:22:50 114176 --a------ C:\WINDOWS\system32\deytfypy.dll
2008-06-01 11:19:50 325 --a------ C:\WINDOWS\system32\sdgusoih.exe
2008-06-01 11:14:46 126464 --a------ C:\WINDOWS\system32\tthxekms.dll
2008-05-30 08:28:17 325 --a------ C:\WINDOWS\system32\modblgnm.exe
2008-05-29 22:22:58 0 d-------- C:\WINDOWS\pss
2008-05-29 02:19:54 325 --a------ C:\WINDOWS\system32\xjapdrvj.exe
2008-05-28 17:10:22 0 d-------- C:\WINDOWS\Supermarket Mania
2008-05-28 02:19:52 325 --a------ C:\WINDOWS\system32\qnvhqjjs.exe
2008-05-28 02:10:48 246162 --ahs---- C:\WINDOWS\system32\kknUvGgh.ini2
2008-05-27 23:48:47 283735 --ahs---- C:\WINDOWS\system32\xxwHNXbc.ini2
2008-05-27 17:53:56 115712 --a------ C:\WINDOWS\system32\sljkvqww.dll
2008-05-27 17:50:55 302202 --ahs---- C:\WINDOWS\system32\RsBbaGgh.ini2
2008-05-25 13:38:59 0 d-------- C:\Documents and Settings\gido\Application Data\Media Player Classic
2008-05-25 12:14:17 369445 --ahs---- C:\WINDOWS\system32\MTwvvGgh.ini2
2008-05-24 22:21:34 217088 --a------ C:\WINDOWS\system32\yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec>
2008-05-24 22:21:33 159839 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-05-24 22:21:33 755027 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-05-24 22:21:33 682496 --a------ C:\WINDOWS\system32\divx.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-24 22:21:32 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-05-24 22:21:31 0 d-------- C:\Program Files\K-Lite Codec Pack
2008-05-24 19:46:04 126464 --a------ C:\WINDOWS\system32\lwoggatw.dll
2008-05-24 11:25:57 57344 --a------ C:\WINDOWS\system32\qoMcaAQG.dll
2008-05-24 01:29:32 0 d--h----- C:\WINDOWS\PIF
2008-05-24 00:16:56 0 d-------- C:\Program Files\Common Files\PC Tools
2008-05-23 23:59:17 0 d-------- C:\WINDOWS\CD95F661A5C444F5A6AAECDD91C240B6.TMP
2008-05-22 21:22:16 0 d-------- C:\Program Files\Download Direct
2008-05-22 21:21:47 57344 --a------ C:\WINDOWS\system32\qoMdBUMf.dll
2008-05-22 19:45:49 125952 --a------ C:\WINDOWS\system32\kxldceeu.dll
2008-05-21 19:48:10 115200 --a------ C:\WINDOWS\system32\vcqiwdmm.dll
2008-05-18 19:44:56 237 --a------ C:\WINDOWS\system32\itcjqkpc.exe
2008-05-18 00:36:58 0 d-------- C:\Program Files\Gabest
2008-05-18 00:36:31 196608 --a------ C:\WINDOWS\system32\avisynth.dll
2008-05-18 00:35:29 414272 --a------ C:\WINDOWS\system32\DivXc32f.dll <Not Verified; Hacked with Joy !; DivX ;-) MPEG-4 Video Codec>
2008-05-18 00:35:29 414272 --a------ C:\WINDOWS\system32\DivXc32.dll <Not Verified; Hacked with Joy !; DivX ;-) MPEG-4 Video Codec>
2008-05-18 00:35:20 33280 --a------ C:\WINDOWS\system32\HUFFYUV.DLL <Not Verified; Disappearing Inc.; Huffyuv>
2008-05-18 00:35:19 0 d-------- C:\Program Files\GordianKnot
2008-05-17 20:38:01 0 d-------- C:\Documents and Settings\gido\Application Data\LimeWire
2008-05-17 19:48:19 237 --a------ C:\WINDOWS\system32\ddkdsrfa.exe
2008-05-16 22:41:26 0 d-------- C:\Documents and Settings\All Users\Application Data\sentinel
2008-05-16 22:36:06 261 --a------ C:\WINDOWS\system32\PavCPL.dat
2008-05-16 22:35:50 266888 --a------ C:\WINDOWS\system32\drivers\APPFCONT.DAT
2008-05-16 22:35:21 0 d-------- C:\Documents and Settings\All Users\Application Data\Backup
2008-05-16 22:35:03 446464 --a------ C:\WINDOWS\system32\HHActiveX.dll <Not Verified; eHelp Corporation.; RoboHELP HTML 9.2>
2008-05-16 22:34:53 0 d-------- C:\WINDOWS\system32\PAV
2008-05-16 22:32:37 0 d-------- C:\Program Files\Panda Security
2008-05-16 22:21:55 0 d-------- C:\Program Files\Common Files\Panda Software
2008-05-14 19:36:29 0 d-------- C:\Program Files\SiSoftware
2008-05-14 17:39:58 126464 --a------ C:\WINDOWS\system32\gktgiajq.dll
2008-05-13 16:58:47 335 --a------ C:\WINDOWS\mozregistry.dat
2008-05-13 16:26:22 57344 --a------ C:\WINDOWS\system32\tuvUnoOf.dll
2008-05-12 21:28:43 0 d-------- C:\Program Files\CleanMyPC
2008-05-12 17:23:04 0 d-------- C:\Documents and Settings\gido\Application Data\Roxio
2008-05-12 17:10:46 0 d-------- C:\Program Files\Roxio
2008-05-12 16:47:52 0 d-------- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
2008-05-12 16:35:29 125952 --a------ C:\WINDOWS\system32\sssnuvkw.dll
2008-05-11 16:33:42 331040 --ahs---- C:\WINDOWS\system32\BdgQBcdd.ini2
2008-05-11 16:28:35 57344 --a------ C:\WINDOWS\system32\fccaYspM.dll
2008-05-11 15:53:46 0 d-------- C:\WINDOWS\RegisteredPackages
2008-05-11 15:47:32 1 --a------ C:\WINDOWS\system32\sav80231.sys
2008-05-11 15:47:26 2226176 --a------ C:\WINDOWS\system32\3D Solar System.scr
2008-05-11 15:47:26 0 d-------- C:\Program Files\SCREENSAVERS
2008-05-10 22:50:15 0 d-------- C:\Program Files\Activision
2008-05-10 22:03:08 0 d-------- C:\Program Files\Subtitle Workshop
2008-05-10 22:02:27 231936 --a------ C:\WINDOWS\ApophysisScreenSaver.scr
2008-05-10 22:02:27 0 d-------- C:\Program Files\ApophysisScreenSaver
2008-05-08 23:12:36 0 d-------- C:\WINDOWS\OPTIONS
2008-05-06 20:15:34 0 d-------- C:\Program Files\Stardock
2008-05-06 17:44:42 0 d-------- C:\Program Files\dream aquarium


-- Find3M Report ---------------------------------------------------------------

2008-06-06 01:40:59 0 d-------- C:\Documents and Settings\gido\Application Data\uTorrent
2008-06-06 01:24:58 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-06 01:24:38 0 d-------- C:\Program Files\GAMES
2008-06-01 21:23:41 505996 --a------ C:\WINDOWS\system32\perfh008.dat
2008-06-01 21:23:41 85918 --a------ C:\WINDOWS\system32\perfc008.dat
2008-05-24 22:20:01 0 d-------- C:\Program Files\DivX
2008-05-24 00:16:56 0 d-------- C:\Program Files\Common Files
2008-05-21 23:08:27 0 d-------- C:\Program Files\uTorrent
2008-05-18 00:47:26 416304 --a------ C:\WINDOWS\system32\Mpg4c32.dll <Not Verified; Microsoft Corporation; Microsoft MPEG-4 Video Codec>
2008-05-18 00:42:38 0 d-------- C:\Program Files\CDex_170b2
2008-05-17 15:46:32 0 d-------- C:\Program Files\Messenger
2008-05-15 22:36:06 0 d-------- C:\Program Files\tv
2008-05-13 17:27:07 0 d-------- C:\Program Files\Yahoo!
2008-05-13 16:05:31 551936 -rahs---- C:\WINDOWS\system32\svdhost.exe
2008-05-12 17:13:40 0 d-------- C:\Program Files\Common Files\Roxio Shared
2008-05-11 16:52:51 0 d-------- C:\Program Files\EA GAMES
2008-05-11 15:58:13 0 d-------- C:\Program Files\nero6
2008-05-10 22:01:33 0 d-------- C:\Program Files\UTILITIES
2008-05-09 01:29:18 0 d-------- C:\Program Files\Elaborate Bytes
2008-05-08 23:12:36 0 d-------- C:\Program Files\Realtek
2008-05-05 20:59:12 0 d-------- C:\Program Files\Common Files\InstallShield
2008-05-04 23:11:25 0 d-------- C:\Program Files\Common Files\EasyInfo
2008-05-04 12:50:11 204077 --ahs---- C:\WINDOWS\system32\mpYbHRqr.ini2
2008-05-04 03:31:23 0 d-------- C:\Documents and Settings\gido\Application Data\Adobe
2008-05-03 11:49:05 0 d-------- C:\Documents and Settings\gido\Application Data\Talkback
2008-05-03 03:52:51 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-03 03:44:01 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-05-03 03:07:25 0 d-------- C:\Documents and Settings\gido\Application Data\Yahoo!
2008-05-02 22:49:12 0 d-------- C:\Program Files\Common Files\ACD Systems
2008-05-02 17:42:56 0 d-------- C:\Documents and Settings\gido\Application Data\DivX
2008-05-02 15:03:40 139264 --a------ C:\WINDOWS\system32\hpzjrd01.dll <Not Verified; Hewlett Packard; Hewlett Packard Rediscovery Library>
2008-05-02 02:11:07 0 d-------- C:\Program Files\AnvSoft
2008-05-02 01:41:59 0 d-------- C:\Program Files\VirtualDJ
2008-05-01 02:44:48 0 d-------- C:\Program Files\Mahjong Escape - Ancient Japan
2008-05-01 02:44:45 0 d-------- C:\Documents and Settings\gido\Application Data\SpinTop
2008-04-30 22:27:33 0 d-------- C:\Documents and Settings\gido\Application Data\Sun
2008-04-30 22:27:12 0 d-------- C:\Program Files\Java
2008-04-30 22:26:20 0 d-------- C:\Program Files\Common Files\Java
2008-04-30 19:17:51 0 d-------- C:\Documents and Settings\gido\Application Data\.BitTornado
2008-04-28 15:02:31 0 d-------- C:\Documents and Settings\gido\Application Data\TVU Networks
2008-04-28 00:00:31 0 d-------- C:\Program Files\kaspersky
2008-04-27 22:39:06 0 d-------- C:\Program Files\CyberDefender
2008-04-27 22:14:05 0 d-------- C:\Program Files\BitTornado
2008-04-27 19:17:05 0 d-------- C:\Documents and Settings\gido\Application Data\AVG7
2008-04-26 14:54:09 1169 --a------ C:\WINDOWS\mozver.dat
2008-04-26 00:04:15 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-26 00:04:12 0 d-------- C:\Documents and Settings\gido\Application Data\Mozilla
2008-04-25 19:29:01 0 d-------- C:\Program Files\GammonEmpire
2008-04-24 01:03:37 0 d-------- C:\Documents and Settings\gido\Application Data\WinRAR
2008-04-23 23:40:31 0 d-------- C:\Program Files\Plus!
2008-04-23 23:24:53 0 d-------- C:\Program Files\Acez.com Wallpaper
2008-04-23 23:18:54 9728 --a------ C:\WINDOWS\system32\UnInstall A Happy Easter.exe
2008-04-23 23:14:07 0 d-------- C:\Program Files\UselessCreations
2008-04-23 16:36:03 0 d-------- C:\Program Files\obj
2008-04-23 15:40:01 0 d-------- C:\Documents and Settings\gido\Application Data\Google
2008-04-22 21:21:00 0 d-------- C:\Documents and Settings\gido\Application Data\InstallShield
2008-04-22 20:35:07 3531 --a------ C:\Documents and Settings\gido\Application Data\HPCOM_48BitScanUpdate.log
2008-04-22 20:33:59 3596 --a------ C:\Documents and Settings\gido\Application Data\PatchUpdate_IZClosingDiscError.log
2008-04-22 20:33:55 2814 --a------ C:\Documents and Settings\gido\Application Data\PatchUpdate_InstantShareJPG.log
2008-04-22 20:33:49 103761 --a------ C:\Documents and Settings\gido\Application Data\Update_HP_RedboxHprblog_HPSU.log
2008-04-22 20:33:37 349 --a------ C:\Documents and Settings\gido\Application Data\HelpFilesUpdatePatch_PRINTHELPWRAPPER.log
2008-04-22 20:33:35 0 --a------ C:\Documents and Settings\gido\Application Data\HelpFilesUpdatePatch_HELPFILEREPLACE.log
2008-04-22 20:33:32 2382 --a------ C:\Documents and Settings\gido\Application Data\PatchUpdate_HP_ISRegionListUpdatelog_HPSU.log
2008-04-22 20:33:27 110248 --a------ C:\Documents and Settings\gido\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log
2008-04-22 20:33:13 0 d-------- C:\Program Files\HP
2008-04-21 10:47:25 0 d-------- C:\Program Files\Online Services
2008-04-20 01:38:58 21848170 --a------ C:\WINDOWS\85500.exe <Not Verified; ; Application>
2008-04-07 05:12:09 0 dr-h----- C:\Documents and Settings\gido\Application Data\SecuROM
2008-03-21 23:28:54 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{04ADEFB0-0C2F-43F4-8DA8-36AECEC41B9C}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{106BCF01-2EDC-48CF-AA73-81C3C1FD5243}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{14B90970-A9DF-46B0-B48C-138536FC6977}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1900F706-E761-46ED-9371-FEE65D9C8B3F}]
06/06/2008 05:39 ££ 373760 --a------ C:\WINDOWS\system32\nnnnMEvW.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{22EEC686-AF64-4F12-B098-DC163EC5D745}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{252086E9-8E8E-4796-A85A-6DE548B6F0D5}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2AA0726C-95B7-4216-AA43-B5BDD524892F}]
11/05/2008 04:28 ££ 57344 --a------ C:\WINDOWS\system32\fccaYspM.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6584C510-924B-486A-A1A0-E380DE08C2DB}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{68D52A22-B60E-48E3-880B-2E9F00D17A07}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8DAFE62D-139E-418C-83FA-0B04F29880CE}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9DA49EB1-EE5E-474B-A2D6-F0965F750700}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9E4D38EF-17A4-4DFD-8A35-49251DB041AE}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B629042C-AA98-4258-8C45-7E3308009FAC}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B894FDFF-1C04-46E5-9581-CD5A97F5193B}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C1C43F4B-9384-4DA6-9CC5-E1EB24C8546D}]
C:\WINDOWS\system32\nnnoNdET.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C949E37D-E55C-4BD8-8461-9C800C25CBE3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D701188A-47F3-4DC4-9840-2F5F91374B67}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E22FAC81-F237-4C4F-A80A-A75D1ADCBBAD}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ECC96ACA-7337-4462-8A71-97EF52ED6013}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFAAEF6A-BA13-4AFA-A8D5-D30446967D4B}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [05/12/2007 01:41 §£]
"nwiz"="nwiz.exe" [05/12/2007 01:41 §£ C:\WINDOWS\system32\nwiz.exe]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [22/11/2006 04:08 §£]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [06/02/2007 02:52 §£]
"RemoteControl"="C:\WINDOWS\system32\rmctrl.exe" [26/12/2003 01:37 §£]
"RTHDCPL"="RTHDCPL.EXE" [05/07/2007 04:08 ££ C:\WINDOWS\RTHDCPL.exe]
"Alcmtr"="ALCMTR.EXE" [03/05/2005 06:43 ££ C:\WINDOWS\Alcmtr.exe]
"APVXDWIN"="C:\Program Files\Panda Security\Panda Internet Security 2008\APVXDWIN.exe" [23/11/2007 02:33 ££]
"SCANINICIO"="C:\Program Files\Panda Security\Panda Internet Security 2008\Inicio.exe" [11/07/2007 02:17 ££]
"Windows Sound"="svdhost.exe" [13/05/2008 04:05 ££ C:\WINDOWS\system32\svdhost.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [05/12/2007 01:41 §£]
"b41cca23"="C:\WINDOWS\system32\tjdxpqsy.dll" [06/06/2008 05:45 ££]
"BMb72ff9bf"="C:\WINDOWS\system32\ulxkoijm.dll" [06/06/2008 05:39 ££]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04/09/2004 06:45 §£]
"Registry Cleaner Scheduler"="C:\Program Files\CleanMyPC\Registry Cleaner\RCHelper.exe" [02/03/2008 10:18 ££]
"MSMSGS"="C:\Program Files\Messenger\MSMSGS.exe" [14/04/2003 07:30 ££]
"bifmi"="c:\documents and settings\gido\local settings\application data\bifmi.exe" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"Windows Sound"=svdhost.exe

C:\Documents and Settings\All Users\Start Menu\�¨¦š¨α££˜«˜\„΅΅ε¤ž©ž\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [1/1/2008 10:07:17 §£]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [17/2/1999 8:05:56 ££]
‡η¨˜ Symantec Fax Starter Edition.lnk - C:\Program Files\Microsoft Office\Office\1032\OLFSNT40.EXE [9/7/1999 6:42:54 ££]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{2AA0726C-95B7-4216-AA43-B5BDD524892F}"= C:\WINDOWS\system32\fccaYspM.dll [11/05/2008 04:28 ££ 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 15/02/2007 07:02 ££ 50736 C:\WINDOWS\system32\avldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccaYspM]
fccaYspM.dll 11/05/2008 04:28 ££ 57344 C:\WINDOWS\system32\fccaYspM.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvVNGWQ]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\nnnnMEvW

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Προγράμματα^Εκκίνηση^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Προγράμματα\Εκκίνηση\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Προγράμματα^Εκκίνηση^Γρήγορη εκκίνηση HP Image Zone.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Προγράμματα\Εκκίνηση\Γρήγορη εκκίνηση HP Image Zone.lnk
backup=C:\WINDOWS\pss\Γρήγορη εκκίνηση HP Image Zone.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\b41cca23]
rundll32.exe "C:\WINDOWS\system32\elvoulip.dll",b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bifmi]
c:\documents and settings\gido\local settings\application data\bifmi.exe bifmi

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMb72ff9bf]
Rundll32.exe "C:\WINDOWS\system32\kkrylsdr.dll",s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDElbyCDFL]
"C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
"C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\messengerskinner]
C:\Program Files\MessengerSkinner\MessengerSkinner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Updates]
svehost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioAudioCentral]
"C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
"C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]
"C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fa718d5c-aad0-11dc-9245-fd3200b177df}]
AutoRun\command- F:\LaunchU3.exe




-- End of Deckard's System Scanner: finished at 2008-06-06 23:11:18 ------------







Malwarebytes' Anti-Malware 1.15
Database version: 835

11:57:56 μμ 6/6/2008
mbam-log-6-6-2008 (23-57-56).txt

Scan type: Quick Scan
Objects scanned: 40351
Time elapsed: 3 minute(s), 44 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 3
Registry Keys Infected: 12
Registry Values Infected: 3
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 24

Memory Processes Infected:
C:\WINDOWS\system32\svdhost.exe (Worm.Rbot) -> Unloaded process successfully.

Memory Modules Infected:
C:\WINDOWS\system32\nnnnMEvW.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\tjdxpqsy.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\fccaYspM.dll (Trojan.Vundo) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1900f706-e761-46ed-9371-fee65d9c8b3f} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{1900f706-e761-46ed-9371-fee65d9c8b3f} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2aa0726c-95b7-4216-aa43-b5bdd524892f} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2aa0726c-95b7-4216-aa43-b5bdd524892f} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\fccayspm (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\b41cca23 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BMb72ff9bf (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{2aa0726c-95b7-4216-aa43-b5bdd524892f} (Trojan.Vundo) -> Delete on reboot.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\nnnnmevw -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\nnnnmevw -> Delete on reboot.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\deytfypy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ypyftyed.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nnnnMEvW.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\WvEMnnnn.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\WvEMnnnn.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\quljbygi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\igybjluq.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sljkvqww.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wwqvkjls.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tjdxpqsy.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\ysqpxdjt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vcqiwdmm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mmdwiqcv.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\icpdgcoe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\gido\Local Settings\Temporary Internet Files\Content.IE5\29IWZ7IT\CAJMAX7F (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\gido\Local Settings\Temporary Internet Files\Content.IE5\4PUBC1MB\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ulxkoijm.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\svdhost.exe (Worm.Rbot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tuvUnoOf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qoMcaAQG.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qoMdBUMf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fccaYspM.dll (Trojan.Vundo) -> Delete on reboot.

[steamwiz]

Hi

You posted the same Deckard's System Scanner report twice, there should have been 2 different ones

You still have a lot of malware to remove .... please do this next :-

Please follow these directions to run Combofix & post a log.

http://www.bleepingcomputer.com/comb...o-use-combofix

steam

[fatmama]

Hi again


ComboFix 08-06-07.3 - gido 2008-06-08 14:56:51.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1253.1.1032.18.1513 [GMT 3:00]
Running from: C:\Documents and Settings\gido\Επιφάνεια εργασίας\ComboFix.exe
* Created a new restore point
.
ADS - explorer.exe: deleted 88 bytes in 2 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Start Menu\Προγράμματα\MessengerSkinner
C:\Documents and Settings\All Users\Start Menu\Προγράμματα\MessengerSkinner\MessengerSkinner.lnk
C:\Documents and Settings\All Users\Start Menu\Προγράμματα\MessengerSkinner\Privacy Policy.url
C:\Documents and Settings\All Users\Start Menu\Προγράμματα\MessengerSkinner\Terms and Conditions.url
C:\Documents and Settings\All Users\Start Menu\Προγράμματα\MessengerSkinner\Uninstall.lnk
C:\Documents and Settings\All Users\Start Menu\Προγράμματα\MessengerSkinner\Website.url
C:\WINDOWS\BMb72ff9bf.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\ayokunkp.ini
C:\WINDOWS\system32\BdgQBcdd.ini
C:\WINDOWS\system32\BdgQBcdd.ini2
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\fccaYspM.dll
C:\WINDOWS\system32\gktgiajq.dll
C:\WINDOWS\system32\hhlomueh.ini
C:\WINDOWS\system32\hhvcsklp.ini
C:\WINDOWS\system32\isesqdwy.ini
C:\WINDOWS\system32\iuvptqif.ini
C:\WINDOWS\system32\iyshcqaf.ini
C:\WINDOWS\system32\jeqmujkg.ini
C:\WINDOWS\system32\kknUvGgh.ini
C:\WINDOWS\system32\kknUvGgh.ini2
C:\WINDOWS\system32\krymvrev.ini
C:\WINDOWS\system32\kUxGOqss.ini
C:\WINDOWS\system32\kUxGOqss.ini2
C:\WINDOWS\system32\kxldceeu.dll
C:\WINDOWS\system32\lwoggatw.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mdm.exe
C:\WINDOWS\system32\mpYbHRqr.ini
C:\WINDOWS\system32\mpYbHRqr.ini2
C:\WINDOWS\system32\MTwvvGgh.ini
C:\WINDOWS\system32\MTwvvGgh.ini2
C:\WINDOWS\system32\oadiifwp.ini
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pcagnkyh.ini
C:\WINDOWS\system32\piluovle.ini
C:\WINDOWS\system32\QpAIOqss.ini
C:\WINDOWS\system32\QpAIOqss.ini2
C:\WINDOWS\system32\qyiufbyx.dll
C:\WINDOWS\system32\rmsgxqjc.ini
C:\WINDOWS\system32\RsBbaGgh.ini
C:\WINDOWS\system32\RsBbaGgh.ini2
C:\WINDOWS\system32\smklumdt.ini
C:\WINDOWS\system32\sssnuvkw.dll
C:\WINDOWS\system32\TEdNonnn.ini
C:\WINDOWS\system32\TEdNonnn.ini2
C:\WINDOWS\system32\tgcuwicw.ini
C:\WINDOWS\system32\tjdxpqsy.dll
C:\WINDOWS\system32\tthxekms.dll
C:\WINDOWS\system32\uicuhluo.ini
C:\WINDOWS\system32\uuakpqyq.ini
C:\WINDOWS\system32\vDdMlnpo.ini
C:\WINDOWS\system32\vDdMlnpo.ini2
C:\WINDOWS\system32\wpcap.dll
C:\WINDOWS\system32\WvEMnnnn.ini
C:\WINDOWS\system32\wvokwjas.dll
C:\WINDOWS\system32\xxwHNXbc.ini
C:\WINDOWS\system32\xxwHNXbc.ini2

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2008-05-08 to 2008-06-08 )))))))))))))))))))))))))))))))
.

2008-06-06 23:47 . 2008-06-06 23:47 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-06 23:47 . 2008-06-06 23:47 <DIR> d-------- C:\Documents and Settings\gido\Application Data\Malwarebytes
2008-06-06 23:47 . 2008-06-06 23:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-06 23:47 . 2008-06-05 16:04 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-06 23:47 . 2008-06-05 16:04 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-06 23:34 . 2008-06-06 23:34 <DIR> d-------- C:\Program Files\tools
2008-06-06 22:44 . 2008-06-06 22:44 <DIR> d-------- C:\Deckard
2008-06-06 17:42 . 2008-06-06 17:42 325 --a------ C:\WINDOWS\system32\mbcufwvs.exe
2008-06-06 17:04 . 2007-12-10 12:45 <DIR> d-------- C:\Documents and Settings\Administrator\’˜ βšš¨˜*α £¦¬
2008-06-06 17:04 . 2007-12-10 12:45 <DIR> d-------- C:\Documents and Settings\Administrator\„§ *α¤œ ˜ œ¨š˜©ε˜
2008-06-06 17:04 . 2008-06-06 17:04 <DIR> d-------- C:\Documents and Settings\Administrator
2008-06-06 01:25 . 2008-06-06 01:25 <DIR> d-------- C:\Program Files\Real
2008-06-05 20:51 . 2008-06-05 20:51 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-05 16:12 . 2008-06-05 16:12 325 --a------ C:\WINDOWS\system32\sboqakfn.exe
2008-06-04 01:47 . 2008-06-04 01:47 325 --a------ C:\WINDOWS\system32\kucixgft.exe
2008-06-03 23:10 . 2008-06-03 23:10 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-06-03 23:10 . 2008-06-03 23:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-06-03 01:40 . 2008-06-03 01:40 325 --a------ C:\WINDOWS\system32\klwhylxd.exe
2008-06-02 23:42 . 2008-06-02 23:42 325 --a------ C:\WINDOWS\system32\jnmoyvvy.exe
2008-06-02 20:51 . 2008-06-02 20:51 325 --a------ C:\WINDOWS\system32\gcfiderm.exe
2008-06-01 20:47 . 2008-06-01 20:47 325 --a------ C:\WINDOWS\system32\dtyltpeg.exe
2008-06-01 11:19 . 2008-06-01 11:19 325 --a------ C:\WINDOWS\system32\sdgusoih.exe
2008-05-30 08:28 . 2008-05-30 08:28 325 --a------ C:\WINDOWS\system32\modblgnm.exe
2008-05-29 02:19 . 2008-05-29 02:19 325 --a------ C:\WINDOWS\system32\xjapdrvj.exe
2008-05-28 17:10 . 2008-05-28 17:10 <DIR> d-------- C:\WINDOWS\Supermarket Mania
2008-05-28 02:19 . 2008-05-28 02:19 325 --a------ C:\WINDOWS\system32\qnvhqjjs.exe
2008-05-25 13:38 . 2008-05-25 13:39 <DIR> d-------- C:\Documents and Settings\gido\Application Data\Media Player Classic
2008-05-24 23:14 . 2008-06-06 17:31 1,892 --a------ C:\WINDOWS\wininit.ini
2008-05-24 22:21 . 2008-05-24 22:21 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-05-24 22:21 . 2008-01-10 13:15 755,027 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-05-24 22:21 . 2007-12-04 02:33 682,496 --a------ C:\WINDOWS\system32\divx.dll
2008-05-24 22:21 . 2006-09-24 16:11 389,120 --a------ C:\WINDOWS\system32\lameACM.acm
2008-05-24 22:21 . 2004-01-25 17:18 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll
2008-05-24 22:21 . 2008-01-10 13:16 159,839 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-05-24 22:21 . 2007-09-21 01:52 118,784 --a------ C:\WINDOWS\system32\ac3acm.acm
2008-05-24 22:21 . 2007-12-24 13:49 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-05-24 22:21 . 2007-07-10 17:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-05-24 22:21 . 2007-10-03 16:03 414 --a------ C:\WINDOWS\system32\lame_acm.xml
2008-05-24 01:34 . 2008-05-24 01:34 28 --a------ C:\WINDOWS\SIERRA.INI
2008-05-24 01:29 . 2008-05-24 01:29 <DIR> d--h----- C:\WINDOWS\PIF
2008-05-24 00:16 . 2008-05-24 00:16 <DIR> d-------- C:\Program Files\Common Files\PC Tools
2008-05-23 23:59 . 2008-05-23 23:59 <DIR> d-------- C:\WINDOWS\CD95F661A5C444F5A6AAECDD91C240B6.TMP
2008-05-22 21:22 . 2008-05-24 14:59 <DIR> d-------- C:\Program Files\Download Direct
2008-05-22 21:12 . 2008-05-22 21:12 77 --a------ C:\WINDOWS\gvcasinos.ini
2008-05-20 19:50 . 2008-05-21 19:09 3,038 --ahs---- C:\WINDOWS\system32\pryxdrrf.ini
2008-05-19 19:44 . 2008-05-20 19:45 2,858 --ahs---- C:\WINDOWS\system32\gxuusyxu.ini
2008-05-18 19:44 . 2008-05-18 19:44 237 --a------ C:\WINDOWS\system32\itcjqkpc.exe
2008-05-18 19:42 . 2008-05-19 19:42 2,506 --ahs---- C:\WINDOWS\system32\qvarnqvg.ini
2008-05-18 00:36 . 2008-05-18 00:36 <DIR> d-------- C:\Program Files\Gabest
2008-05-18 00:36 . 2008-05-18 00:36 196,608 --a------ C:\WINDOWS\system32\avisynth.dll
2008-05-18 00:35 . 2008-05-18 00:36 <DIR> d-------- C:\Program Files\GordianKnot
2008-05-18 00:35 . 2008-05-18 00:35 414,272 --a------ C:\WINDOWS\system32\DivXc32f.dll
2008-05-18 00:35 . 2008-05-18 00:35 414,272 --a------ C:\WINDOWS\system32\DivXc32.dll
2008-05-18 00:35 . 2008-05-18 00:35 291,408 --a------ C:\WINDOWS\system32\DivXa32.acm
2008-05-18 00:35 . 2008-05-18 00:35 240,400 --a------ C:\WINDOWS\system32\DivX_c32.ax
2008-05-18 00:35 . 2008-05-18 00:35 33,280 --a------ C:\WINDOWS\system32\HUFFYUV.DLL
2008-05-17 20:38 . 2008-05-21 23:39 <DIR> d-------- C:\Documents and Settings\gido\Application Data\LimeWire
2008-05-17 19:48 . 2008-05-17 19:48 237 --a------ C:\WINDOWS\system32\ddkdsrfa.exe
2008-05-17 19:42 . 2008-05-18 18:15 2,326 --ahs---- C:\WINDOWS\system32\vkuhxswm.ini
2008-05-16 22:48 . 2008-06-08 01:31 8,627 --a------ C:\WINDOWS\system32\PAV_FOG.OPC
2008-05-16 22:43 . 2008-06-08 14:52 266,888 --a------ C:\WINDOWS\system32\drivers\APPFCONT.DAT.bck
2008-05-16 22:43 . 2008-06-08 15:01 1,204 --a------ C:\WINDOWS\system32\drivers\APPFLTR.CFG.bck
2008-05-16 22:41 . 2008-05-16 22:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\sentinel
2008-05-16 22:36 . 2007-09-28 13:24 83,896 --a------ C:\WINDOWS\system32\drivers\pavdrv51.sys
2008-05-16 22:36 . 2008-05-16 22:36 261 --a------ C:\WINDOWS\system32\PavCPL.dat
2008-05-16 22:35 . 2008-05-16 22:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Backup
2008-05-16 22:34 . 2008-05-16 22:34 <DIR> d-------- C:\WINDOWS\system32\PAV
2008-05-16 22:34 . 2007-10-25 17:27 292,144 --a------ C:\WINDOWS\system32\PavSHook.dll
2008-05-16 22:34 . 2007-10-16 15:37 161,072 --a------ C:\WINDOWS\system32\TpUtil.dll
2008-05-16 22:34 . 2007-11-19 13:01 143,160 --a------ C:\WINDOWS\system32\drivers\netimflt.sys
2008-05-16 22:34 . 2007-02-08 10:53 107,568 --a------ C:\WINDOWS\system32\SYSTOOLS.DLL
2008-05-16 22:34 . 2007-02-28 17:04 63,024 --a------ C:\WINDOWS\system32\pavipc.dll
2008-05-16 22:34 . 2007-02-15 19:02 50,736 --a------ C:\WINDOWS\system32\avldr.dll
2008-05-16 22:34 . 2007-06-08 07:44 24,760 --a------ C:\WINDOWS\system32\drivers\cpoint.sys
2008-05-16 22:34 . 2007-11-19 12:51 2,048 --a------ C:\WINDOWS\system32\drivers\net_m32.inf
2008-05-16 22:32 . 2008-05-16 22:34 <DIR> d-------- C:\Program Files\Panda Security
2008-05-16 22:21 . 2008-05-16 22:21 <DIR> d-------- C:\Program Files\Common Files\Panda Software
2008-05-16 22:21 . 2007-07-12 13:49 178,872 --a------ C:\WINDOWS\system32\drivers\PavProc.sys
2008-05-16 22:21 . 2007-05-23 15:40 38,968 --a------ C:\WINDOWS\system32\drivers\ShlDrv51.sys
2008-05-16 18:05 . 2008-05-17 19:40 2,026 --ahs---- C:\WINDOWS\system32\gspoknsh.ini
2008-05-15 18:02 . 2008-05-16 18:03 1,786 --ahs---- C:\WINDOWS\system32\mebeyukc.ini
2008-05-14 19:36 . 2008-05-14 19:36 <DIR> d-------- C:\Program Files\SiSoftware
2008-05-14 17:43 . 2008-05-15 18:00 1,606 --ahs---- C:\WINDOWS\system32\eejykwrt.ini
2008-05-13 16:58 . 2008-05-13 16:58 335 --a------ C:\WINDOWS\mozregistry.dat
2008-05-12 21:28 . 2008-05-12 21:28 <DIR> d-------- C:\Program Files\CleanMyPC
2008-05-12 17:23 . 2008-06-08 12:46 <DIR> d-------- C:\Documents and Settings\gido\Application Data\Roxio
2008-05-12 17:19 . 2003-01-14 09:14 135,168 --a------ C:\WINDOWS\system32\l3codecx.acm
2008-05-12 17:10 . 2008-05-12 17:10 <DIR> d-------- C:\Program Files\Roxio
2008-05-12 16:47 . 2008-05-12 16:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
2008-05-11 15:47 . 2008-05-11 15:47 <DIR> d-------- C:\Program Files\SCREENSAVERS
2008-05-11 15:47 . 2005-10-05 13:47 2,226,176 --a------ C:\WINDOWS\system32\3D Solar System.scr
2008-05-11 15:47 . 2006-07-09 12:54 291,776 --a------ C:\WINDOWS\system32\DealioKit97-stub-0.exe
2008-05-11 15:47 . 2008-05-11 22:53 1 --a------ C:\WINDOWS\system32\sav80231.sys
2008-05-10 22:55 . 2008-05-10 22:55 319 --a------ C:\WINDOWS\game.ini
2008-05-10 22:50 . 2008-05-10 22:50 <DIR> d-------- C:\Program Files\Activision
2008-05-10 22:03 . 2008-05-10 22:03 <DIR> d-------- C:\Program Files\Subtitle Workshop
2008-05-10 22:02 . 2008-05-10 22:02 <DIR> d-------- C:\Program Files\ApophysisScreenSaver
2008-05-10 22:02 . 2004-08-16 01:12 231,936 --a------ C:\WINDOWS\ApophysisScreenSaver.scr
2008-05-10 22:02 . 2008-05-10 22:02 60 --a------ C:\WINDOWS\ApophysisScreenSaver.ini
2008-05-09 01:30 . 2008-05-12 16:47 48 ---hs---- C:\WINDOWS\S3EED914A.tmp
2008-05-08 23:12 . 2008-05-08 23:12 <DIR> d-------- C:\WINDOWS\OPTIONS
2008-05-08 23:12 . 2008-01-03 22:10 105,856 --a------ C:\WINDOWS\system32\drivers\Rtenicxp.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-08 12:01 1,204 ----a-w C:\WINDOWS\system32\drivers\APPFLTR.CFG
2008-06-08 12:01 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-08 11:52 266,888 ----a-w C:\WINDOWS\system32\drivers\APPFCONT.DAT
2008-06-06 22:59 --------- d-----w C:\Documents and Settings\gido\Application Data\uTorrent
2008-06-06 22:29 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-06 13:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-06 13:33 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-06-05 22:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-05 22:24 --------- d-----w C:\Program Files\GAMES
2008-05-24 19:20 --------- d-----w C:\Program Files\DivX
2008-05-23 21:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2008-05-21 20:08 --------- d-----w C:\Program Files\uTorrent
2008-05-17 21:42 --------- d-----w C:\Program Files\CDex_170b2
2008-05-15 19:36 --------- d-----w C:\Program Files\tv
2008-05-13 14:27 --------- d-----w C:\Program Files\Yahoo!
2008-05-13 13:05 1,036,800 ----a-w C:\WINDOWS\explorer.exe
2008-05-12 14:13 --------- d-----w C:\Program Files\Common Files\Roxio Shared
2008-05-11 13:52 --------- d-----w C:\Program Files\EA GAMES
2008-05-11 12:58 --------- d-----w C:\Program Files\nero6
2008-05-10 19:01 --------- d-----w C:\Program Files\UTILITIES
2008-05-08 22:29 --------- d-----w C:\Program Files\Elaborate Bytes
2008-05-08 20:12 --------- d-----w C:\Program Files\Realtek
2008-05-06 17:15 --------- d-----w C:\Program Files\Stardock
2008-05-06 16:11 --------- d-----w C:\Program Files\dream aquarium
2008-05-05 17:59 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-04 20:11 --------- d-----w C:\Program Files\Common Files\EasyInfo
2008-05-03 08:49 --------- d-----w C:\Documents and Settings\gido\Application Data\Talkback
2008-05-03 01:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-05-03 00:44 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-05-03 00:07 --------- d-----w C:\Documents and Settings\gido\Application Data\Yahoo!
2008-05-02 19:49 --------- d-----w C:\Program Files\Common Files\ACD Systems
2008-05-02 14:42 --------- d-----w C:\Documents and Settings\gido\Application Data\DivX
2008-05-01 23:11 --------- d-----w C:\Program Files\AnvSoft
2008-05-01 22:41 --------- d-----w C:\Program Files\VirtualDJ
2008-04-30 23:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\JollyBear
2008-04-30 23:44 --------- d-----w C:\Program Files\Mahjong Escape - Ancient Japan
2008-04-30 23:44 --------- d-----w C:\Documents and Settings\gido\Application Data\SpinTop
2008-04-30 22:20 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-04-30 21:53 15,600 ----a-w C:\WINDOWS\gdrv.sys
2008-04-30 21:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\TVU Networks
2008-04-30 19:27 --------- d-----w C:\Program Files\Java
2008-04-30 19:26 --------- d-----w C:\Program Files\Common Files\Java
2008-04-30 16:17 --------- d-----w C:\Documents and Settings\gido\Application Data\.BitTornado
2008-04-28 12:02 --------- d-----w C:\Documents and Settings\gido\Application Data\TVU Networks
2008-04-27 21:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-27 21:00 --------- d-----w C:\Program Files\kaspersky
2008-04-27 19:39 --------- d-----w C:\Program Files\CyberDefender
2008-04-27 19:14 --------- d-----w C:\Program Files\BitTornado
2008-04-27 16:17 --------- d-----w C:\Documents and Settings\gido\Application Data\AVG7
2008-04-25 16:29 --------- d-----w C:\Program Files\GammonEmpire
2008-04-23 20:40 --------- d-----w C:\Program Files\Plus!
2008-04-23 20:24 --------- d-----w C:\Program Files\Acez.com Wallpaper
2008-04-23 20:14 --------- d-----w C:\Program Files\UselessCreations
2008-04-23 13:36 --------- d-----w C:\Program Files\obj
2008-04-22 18:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\GameTap
2008-04-22 18:21 --------- d-----w C:\Documents and Settings\gido\Application Data\InstallShield
2008-04-22 17:33 --------- d-----w C:\Program Files\HP
2008-04-19 22:38 21,848,170 ----a-w C:\WINDOWS\85500.exe
2006-02-28 09:42 94,208 ----a-w C:\Program Files\mdnsNSP.dll
1999-07-07 09:48 99,840 ----a-w C:\Program Files\Common Files\IRAABOUT.DLL
1998-12-08 23:53 70,144 ----a-w C:\Program Files\Common Files\IRAMDMTR.DLL
1998-12-08 23:53 48,640 ----a-w C:\Program Files\Common Files\IRALPTTR.DLL
1998-12-08 23:53 31,744 ----a-w C:\Program Files\Common Files\IRAWEBTR.DLL
1998-12-08 23:53 186,368 ----a-w C:\Program Files\Common Files\IRAREG.DLL
1998-12-08 23:53 17,920 ----a-w C:\Program Files\Common Files\IRASRIAL.DLL
.

Code:

<pre>
----a-w         7,019,335 2008-03-31 21:03:36  C:\Documents and Settings\gido\Τα έγγραφά μου\TORRENT\torrent rest\DAP Premium Version 8.6.1.4 + working 100%\DAP Premium .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C1C43F4B-9384-4DA6-9CC5-E1EB24C8546D}]
C:\WINDOWS\system32\nnnoNdET.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-04 06:45 15360]
"Registry Cleaner Scheduler"="C:\Program Files\CleanMyPC\Registry Cleaner\RCHelper.exe" [2008-03-02 22:18 913664]
"MSMSGS"="C:\Program Files\Messenger\MSMSGS.exe" [2003-04-14 19:30 1491216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-11-22 04:08 813912]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-02-06 02:52 849280]
"RemoteControl"="C:\WINDOWS\system32\rmctrl.exe" [2003-12-26 01:37 32768]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 16:08 16380416 C:\WINDOWS\RTHDCPL.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"RegistryMechanic"="" []
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-04 06:45 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 2007-02-15 19:02 50736 C:\WINDOWS\system32\avldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvVNGWQ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\dvacm.acm
"VIDC.HFYU"= huffyuv.dll
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm
"VIDC.YV12"= yv12vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Προγράμματα^Εκκίνηση^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Προγράμματα\Εκκίνηση\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Προγράμματα^Εκκίνηση^Γρήγορη εκκίνηση HP Image Zone.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Προγράμματα\Εκκίνηση\Γρήγορη εκκίνηση HP Image Zone.lnk
backup=C:\WINDOWS\pss\Γρήγορη εκκίνηση HP Image Zone.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\b41cca23]
C:\WINDOWS\system32\elvoulip.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bifmi]
c:\documents and settings\gido\local settings\application data\bifmi.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMb72ff9bf]
C:\WINDOWS\system32\kkrylsdr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDElbyCDFL]
--a------ 2002-11-02 09:33 45056 C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
--a------ 2002-12-02 17:17 73728 C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-05-12 00:12 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\messengerskinner]
C:\Program Files\MessengerSkinner\MessengerSkinner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Updates]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioAudioCentral]
--a------ 2003-01-09 09:21 253952 C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
--a------ 2003-01-13 10:19 757760 C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]
--a------ 2003-01-13 14:05 69632 C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Business XII.SP2\\RpcAgentSrv.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Business XII.SP2\\WNt500x86\\RpcSandraSrv.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 ElbyVCD;ElbyVCD;C:\WINDOWS\system32\DRIVERS\ElbyVCD.sys [2002-11-28 13:43]
R1 APPFLT;App Filter Plugin;C:\WINDOWS\system32\Drivers\APPFLT.SYS [2007-09-28 13:05]
R1 DSAFLT;DSA Filter Plugin;C:\WINDOWS\system32\Drivers\DSAFLT.SYS [2007-05-11 08:33]
R1 FNETMON;NetMon Filter Plugin;C:\WINDOWS\system32\Drivers\fnetmon.SYS [2007-11-14 17:48]
R1 IDSFLT;Ids Filter Plugin;C:\WINDOWS\system32\Drivers\IDSFLT.SYS [2007-07-11 10:39]
R1 NETFLTDI;Panda Net Driver [TDI Layer];C:\WINDOWS\system32\Drivers\NETFLTDI.SYS [2007-10-25 08:50]
R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\DRIVERS\ShlDrv51.sys [2007-05-23 15:40]
R1 SMSFLT;SMS Filter Plugin;C:\WINDOWS\system32\Drivers\SMSFLT.SYS [2007-05-11 08:33]
R1 WNMFLT;Wifi Monitor Filter Plugin;C:\WINDOWS\system32\Drivers\WNMFLT.SYS [2007-05-11 08:33]
R2 cpoint;Panda CPoint Driver;C:\WINDOWS\system32\Drivers\cpoint.sys [2007-06-08 07:44]
R2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys [2007-07-12 13:49]
R2 SandraAgentSrv;SiSoftware Deployment Agent Service;C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business XII.SP2\RpcAgentSrv.exe [2008-04-07 19:26]
R3 NETIMFLT01050097;PANDA NDIS IM Filter Miniport v1.5.0.97;C:\WINDOWS\system32\DRIVERS\netimflt.sys [2007-11-19 13:01]
R3 PavTPK.sys;PavTPK.sys;C:\WINDOWS\system32\PavTPK.sys []
S3 AvFlt;Antivirus Filter Driver;C:\WINDOWS\system32\drivers\av5flt.sys []
S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2008-05-01 00:53]
S3 hid7906;hid7906;C:\WINDOWS\system32\drivers\hid7906.sys [2006-07-04 18:17]
S3 PavSRK.sys;PavSRK.sys;C:\WINDOWS\system32\PavSRK.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fa718d5c-aad0-11dc-9245-fd3200b177df}]
\Shell\AutoRun\command - F:\LaunchU3.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-06-08 09:00:00 C:\WINDOWS\Tasks\HPpromotions journeysoftware.job"
- C:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-08 15:01:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Panda Security\Panda Internet Security 2008\TPSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\PsCtrlS.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\PAVFNSVR.EXE
C:\Program Files\Common Files\Panda Software\PavShld\PavPrSrv.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\PAVSRV51.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\FIREWALL\PSHost.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\PsImSvc.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\AVENGINE.EXE
C:\Program Files\Panda Security\Panda Internet Security 2008\apvxdwin.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\SrvLoad.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\WebProxy.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\PavBckPT.exe
.
**************************************************************************
.
Completion time: 2008-06-08 15:03:52 - machine was rebooted [gido]
ComboFix-quarantined-files.txt 2008-06-08 12:03:48

10 Κατάλογοι 89,761,333,248 διαθέσιμα byte
14 ‰˜«αΆ¦š¦ 89,665,110,016 › ˜Ÿβ© £˜ byte

379

[steamwiz]

Hi

About the other text file from Deckard's System Scanner ...

you'll find extra.txt here :- C:\Deckard\System Scanner\extra.txt ... please post it in your next reply.

Then...

Open notepad and copy/paste the text in the code box below into it:
NOTE* make sure to only highlight and copy what is inside the code box nothing out side of it.
Also ..

Pay particular attention to this :-

Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)

Code:

File::
C:\WINDOWS\system32\mbcufwvs.exe
C:\WINDOWS\system32\sboqakfn.exe
C:\WINDOWS\system32\kucixgft.exe
C:\WINDOWS\system32\klwhylxd.exe
C:\WINDOWS\system32\jnmoyvvy.exe
C:\WINDOWS\system32\gcfiderm.exe
C:\WINDOWS\system32\dtyltpeg.exe
C:\WINDOWS\system32\sdgusoih.exe
C:\WINDOWS\system32\modblgnm.exe
C:\WINDOWS\system32\xjapdrvj.exe
C:\WINDOWS\system32\qnvhqjjs.exe
C:\WINDOWS\system32\pryxdrrf.ini
C:\WINDOWS\system32\gxuusyxu.ini
C:\WINDOWS\system32\itcjqkpc.exe
C:\WINDOWS\system32\ddkdsrfa.exe
C:\WINDOWS\system32\vkuhxswm.ini
C:\WINDOWS\system32\gspoknsh.ini
C:\WINDOWS\system32\mebeyukc.ini
C:\WINDOWS\system32\eejykwrt.ini

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C1C43F4B-9384-4DA6-9CC5-E1EB24C8546D}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvVNGWQ]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\b41cca23]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bifmi]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMb72ff9bf]

Save this as "CFScript.txt"

Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.


This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Then run & post a new KASPERSKY ONLINE SCANNER REPORT

steam

[fatmama]

hi i found it
i post everything but kaspersky did 9 hours 19%. until then kaspersky found Net-Worm.Win32.Kolab.ws


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: Other (0408) - see http://preview.tinyurl.com/mhhp6

CPU 0: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz
CPU 1: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz
CPU 2: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz
CPU 3: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz
Percentage of Memory in Use: 30%
Physical Memory (total/avail): 2046.42 MiB / 1430.46 MiB
Pagefile Memory (total/avail): 3938.82 MiB / 3467.26 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1913.48 MiB

C: is Fixed (NTFS) - 232.88 GiB total, 83.97 GiB free.
D: is CDROM (Unformatted)
E: is Fixed (NTFS) - 76.32 GiB total, 60.15 GiB free.
F: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - Maxtor 6Y080P0 - 76.33 GiB - 1 partition
\PARTITION0 (bootable) - Σύστημα αρχείων προς εγκατάσταση - 76.32 GiB - E:

\\.\PHYSICALDRIVE1 - ST3250410AS - 232.88 GiB - 1 partition
\PARTITION0 (bootable) - Σύστημα αρχείων προς εγκατάσταση - 232.88 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: Panda Internet Security 2008 v12.01.00 (Panda Security) Disabled
AV: Panda Internet Security 2008 v12.01.00 (Panda Security) Disabled Outdated

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"="C:\\Program Files\\TVUPlayer\\TVUPlayer.exe:*:Enabled:TVUPlayer Component"
"C:\\Program Files\\tv\\SopCast\\adv\\SopAdver.exe"="C:\\Program Files\\tv\\SopCast\\adv\\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\\Program Files\\tv\\SopCast\\SopCast.exe"="C:\\Program Files\\tv\\SopCast\\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"="C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) "
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Business XII.SP2\\RpcAgentSrv.exe"="C:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Business XII.SP2\\RpcAgentSrv.exe:*:Enabled:SiSoftware Deployment Agent Service"
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Business XII.SP2\\WNt500x86\\RpcSandraSrv.exe"="C:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Business XII.SP2\\WNt500x86\\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Disabled:Bonjour"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\gido\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=HOME
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\gido
LOGONSERVER=\\HOME
NUMBER_OF_PROCESSORS=4
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\PROGRA~1\COMMON~1\ULEADS~1\Mpeg;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\Panda Security\Panda Internet Security 2008\;C:\Program Files\Common Files\Ulead Systems\MPEG
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 11, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0b
ProgramFiles=C:\Program Files
PROMPT=$P$G
PS5ROOT=C:\Program Files\Roxio\Easy CD Creator 6\PhotoSuite\
SAN_DIR=C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business XII.SP2
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\gido\LOCALS~1\Temp
TMP=C:\DOCUME~1\gido\LOCALS~1\Temp
USERDOMAIN=HOME
USERNAME=gido
USERPROFILE=C:\Documents and Settings\gido
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

gido (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
3D Arctic Bear v1.4 --> "C:\Program Files\UTILITIES\screensavers\3D Arctic Bear\unins000.exe"
3D Flying Easter Eggs Saver 2.4 --> C:\PROGRA~1\UTILIT~1\SCREEN~1\3DFLYI~1.4\UNWISE.EXE C:\PROGRA~1\UTILIT~1\SCREEN~1\3DFLYI~1.4\INSTALL.LOG
3D Solar System Screensaver --> "C:\Program Files\SCREENSAVERS\3Deep Space\3D Solar System Screensaver\unins000.exe"
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x9
Adobe Photoshop CS3 --> C:\Program Files\Common Files\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exe
Adobe Photoshop CS3 --> MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Setup --> MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
An Eggstremely 3D Easter Screensaver v1.21 Trial Version --> "C:\Program Files\UselessCreations\Easter3D\uninst.exe"
ApophysisScreenSaver --> C:\Program Files\ApophysisScreenSaver\uninstall.exe
ApoScreensaver2 --> C:\Program Files\UTILITIES\SereneScreen\uninstall.exe
Aquarium Desktop --> C:\PROGRA~1\Stardock\DESKTO~1\AQUARI~1\UNWISE.EXE C:\PROGRA~1\Stardock\DESKTO~1\AQUARI~1\INSTALL.LOG
Arkanoid 4000 --> c:\Program Files\games\Alawar\Arkanoid 4000\uninstal.exe
Austin Powers Pinball --> "C:\Program Files\games\Austin Powers Pinball\unins000.exe"
Basic Arkanoid 1.1.0 --> "C:\Program Files\games\Novel Games\Basic Arkanoid\unins000.exe"
BitTornado 0.3.17 --> C:\Program Files\BitTornado\uninst.exe
Business Card Designer Plus 7.5.5.0 --> "C:\Program Files\UTILITIES\CAM Development\Business Card Designer Plus 7\Uninstall\unins000.exe"
Call of Duty(R) 4 - Modern Warfare(TM) --> C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch --> C:\Program Files\InstallShield Installation Information\{3BD633E0-4BF8-4499-9149-88F0767D449C}\setup.exe -runfromtemp -l0x0409
CDex extraction audio --> "C:\Program Files\CDex_170b2\uninstall.exe"
CEP - Color Enable Package --> "C:\PROGRA~1\EAGAME~1\zCEP_Uninstaller\unins001.exe"
CleanMyPC - Registry Cleaner --> "C:\Program Files\CleanMyPC\Registry Cleaner\unins000.exe"
CloneCD --> "C:\Program Files\Elaborate Bytes\CloneCD\ccd-uninst.exe" /D="C:\Program Files\Elaborate Bytes\CloneCD"
CloneDVD2 --> "C:\Program Files\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe" /D="C:\Program Files\Elaborate Bytes\CloneDVD2"
Daredevil Pinball --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D3C98AAE-B403-11D5-B743-00D0B74C4519}\Setup.exe"
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Dream Aquarium --> "C:\Program Files\Dream Aquarium\UnInstall.exe"
Dream Pinball 3D --> C:\PROGRA~1\GAMES\DREAMP~1\Unwise.exe /U C:\PROGRA~1\GAMES\DREAMP~1\install.log
Dreamfall --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D751B34C-058F-42EF-BE95-14EBB0D2C585}\setup.exe" -l0x9 -removeonly
DVDFab Decrypter 3.0.4.0 --> "C:\Program Files\DVDFab Decrypter 3\unins000.exe"
Easter Artwork Screen Saver --> C:\Program Files\UTILITIES\screensavers\Uninstall.exe
Easy CD & DVD Creator 6 --> MsiExec.exe /I{644F9DBE-CEDB-45AF-ACB8-E26692B74F62}
Favorit --> "c:\documents and settings\gido\local settings\application data\aaacwet.exe" -uninstall
Favorit --> "c:\documents and settings\gido\local settings\application data\fyrfw.exe" -uninstall
Flash Slideshow Maker 2.40 --> C:\Program Files\AnvSoft\Flash Slide Show Maker\uninst.exe
Free Mahjong Planet --> "C:\Program Files\games\FreeGamesWay.com\Free Mahjong Planet\unins000.exe"
GameTap --> C:\Program Files\InstallShield Installation Information\{67E158AF-8856-4337-B483-EA21930786AF}\setup.exe -runfromtemp -l0x0009 -removeonly
GammonEmpire --> C:\Program Files\GammonEmpire\GammonEmpire.exe /uninstall
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Document Viewer 5.3 --> C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat
HP Extended Capabilities 5.3 --> C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Image Zone 5.3 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Imaging Device Functions 5.3 --> C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Essential --> MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}
HP Print Diagnostic Utility --> MsiExec.exe /I{5E06C076-E4E7-4239-A886-B3D8AC84C166}
HP PSC & OfficeJet 5.3.A --> "C:\Program Files\HP\Digital Imaging\{3E386744-10FA-44b2-98C9-DF7A270DECB3}\setup\hpzscr01.exe" -datfile hposcr06.dat
HP Software Update --> MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
HP Solution Center & Imaging Support Tools 5.3 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
K-Lite Codec Pack 3.8.0 Full --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Macro Vibration Joystick --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{36177F72-8181-45D7-95D1-EA5B008A4DC9}\setup.exe" -l0x9
Mahjong Escape - Ancient Japan --> C:\Program Files\Mahjong Escape - Ancient Japan\uninstall.exe
Microsoft Office 2000 Professional --> MsiExec.exe /I{00010408-78E1-11D2-B60F-006097C998E7}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Drivers --> C:\WINDOWS\system32\nvuninst.exe UninstallGUI
Panda Internet Security 2008 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EEBA9416-3207-47E0-9022-116440599DBC}\SETUP.exe" -l0x8 -removeonly
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
Pure Sudoku Deluxe 1.03 --> "C:\Program Files\games\Pure Sudoku Deluxe\unins000.exe"
REALTEK GbE & FE Ethernet PCI-E NIC Driver --> C:\Program Files\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\Setup.exe -runfromtemp -l0x0008 -removeonly
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x8 -removeonly
Requital --> "C:\Program Files\GAMES\Akella Games\Requital\Setup.exe"
SiSoftware Sandra Professional Business XII.SP2 --> "C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business XII.SP2\unins000.exe"
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Subtitle Workshop 2.51 --> "C:\Program Files\Subtitle Workshop\uninstall.exe"
Supermarket Mania --> "C:\WINDOWS\Supermarket Mania\uninstall.exe" "/U:C:\Program Files\games\Supermarket Mania\Uninstall\uninstall.xml"
The Sims 2 --> C:\Program Files\EA GAMES\The Sims 2\EAUninstall.exe
The Sims 2 Family Fun Stuff --> C:\Program Files\GAMES\The Sims 2 Family Fun Stuff\EAUninstall.exe
The Sims 2 Glamour Life Stuff --> C:\Program Files\EA GAMES\The Sims 2 Glamour Life Stuff\EAUninstall.exe
The Sims 2 Open For Business --> C:\Program Files\EA GAMES\The Sims 2 Open For Business\EAUninstall.exe
The Sims™ 2 Bon Voyage --> C:\Program Files\EA GAMES\The Sims 2 Bon Voyage\EAUninstall.exe
The Sims™ 2 Celebration! Stuff --> C:\Program Files\GAMES\The Sims 2 Celebration! Stuff\EAUninstall.exe
The Sims™ 2 H&M® Fashion Stuff --> C:\Program Files\EA GAMES\The Sims 2 H&M® Fashion Stuff\EAUninstall.exe
The Sims™ 2 Kitchen & Bath Interior Design Stuff --> C:\Program Files\GAMES\The Sims 2 Kitchen & Bath Interior Design Stuff\EAUninstall.exe
The Sims™ 2 Seasons --> C:\Program Files\EA GAMES\The Sims 2 Seasons\EAUninstall.exe
The Sims™ 2 Teen Style Stuff --> C:\Program Files\GAMES\The Sims 2 Teen Style Stuff\EAUninstall.exe
Ulead DVD MovieFactory Trial --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85F49DC5-81F1-11D5-B626-0010B5557563}\Setup.exe"
Ulead DVD PictureShow --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F4CC121F-9F45-47E8-A6CF-AF445372FE4A}\Setup.exe"
VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Virtual DJ - Atomix Productions --> C:\PROGRA~1\VIRTUA~1\UNWISE.EXE C:\PROGRA~1\VIRTUA~1\INSTALL.LOG
VobSub v2.05 (Remove Only) --> "C:\Program Files\Gabest\VobSub\uninstall.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip 11.2 --> MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B6}


-- Application Event Log -------------------------------------------------------

Event Record #/Type2523 / Error
Event Submitted/Written: 06/06/2008 10:43:32 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Κρεμασμένη εφαρμογή IEXPLORE.EXE, έκδοση 6.0.2900.2180, στοιχείο ελέγχου κρεμάσματος hungapp, έκδοση 0.0.0.0, διεύθυνση κρεμάσματος 0x00000000.

Event Record #/Type2522 / Error
Event Submitted/Written: 06/06/2008 05:40:01 PM
Event ID/Source: 1000 / Application Error
Event Description:
Ελαττωματική εφαρμογή firefox.exe, έκδοση 1.8.20080.40413, ελαττωματική λειτουργική μονάδα unknown, έκδοση 0.0.0.0, ελαττωματική διεύθυνση 0x040917f7.
Επεξεργασία συμβάντος μέσου για [firefox.exe!ws!]

Event Record #/Type2509 / Warning
Event Submitted/Written: 06/06/2008 01:41:22 AM
Event ID/Source: 1524 / Userenv
Event Description:
Δεν είναι δυνατή η κατάργηση φόρτωσης του αρχείου μητρώου κλάσεων από τα Windows - χρησιμοποιείται ακόμα από άλλες εφαρμογές ή υπηρεσίες. Η κατάργηση της φόρτωσης του αρχείου θα γίνει, όταν δεν θα χρησιμοποιείται πλέον.

Event Record #/Type2492 / Warning
Event Submitted/Written: 06/04/2008 02:39:19 AM
Event ID/Source: 1524 / Userenv
Event Description:
Δεν είναι δυνατή η κατάργηση φόρτωσης του αρχείου μητρώου κλάσεων από τα Windows - χρησιμοποιείται ακόμα από άλλες εφαρμογές ή υπηρεσίες. Η κατάργηση της φόρτωσης του αρχείου θα γίνει, όταν δεν θα χρησιμοποιείται πλέον.

Event Record #/Type2489 / Error
Event Submitted/Written: 06/03/2008 06:31:30 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Κρεμασμένη εφαρμογή uTorrent.exe, έκδοση 0.0.0.0, στοιχείο ελέγχου κρεμάσματος hungapp, έκδοση 0.0.0.0, διεύθυνση κρεμάσματος 0x00000000.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type44985 / Error
Event Submitted/Written: 06/06/2008 05:33:40 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
Δεν ήταν δυνατή η εκκίνηση της υπηρεσίας ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## εξαιτίας του ακόλουθου σφάλματος:
%%3

Event Record #/Type44981 / Error
Event Submitted/Written: 06/06/2008 05:32:09 PM
Event ID/Source: 10005 / DCOM
Event Description:
Παρουσιάστηκε σφάλμα "%%1084" στο διακομιστή DCOM κατά την προσπάθεια εκκίνησης της υπηρεσίας EventSystem με ορίσματα ""
ώστε να λειτουργήσει ο διακομιστής:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Event Record #/Type44980 / Error
Event Submitted/Written: 06/06/2008 05:11:20 PM
Event ID/Source: 10005 / DCOM
Event Description:
Παρουσιάστηκε σφάλμα "%%1084" στο διακομιστή DCOM κατά την προσπάθεια εκκίνησης της υπηρεσίας StiSvc με ορίσματα ""
ώστε να λειτουργήσει ο διακομιστής:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Event Record #/Type44979 / Error
Event Submitted/Written: 06/06/2008 05:11:20 PM
Event ID/Source: 10005 / DCOM
Event Description:
Παρουσιάστηκε σφάλμα "%%1084" στο διακομιστή DCOM κατά την προσπάθεια εκκίνησης της υπηρεσίας StiSvc με ορίσματα ""
ώστε να λειτουργήσει ο διακομιστής:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Event Record #/Type44978 / Error
Event Submitted/Written: 06/06/2008 05:10:52 PM
Event ID/Source: 10005 / DCOM
Event Description:
Παρουσιάστηκε σφάλμα "%%1084" στο διακομιστή DCOM κατά την προσπάθεια εκκίνησης της υπηρεσίας StiSvc με ορίσματα ""
ώστε να λειτουργήσει ο διακομιστής:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}



-- End of Deckard's System Scanner: finished at 2008-06-06 22:47:15 ------------

[fatmama]

ComboFix 08-06-07.3 - gido 2008-06-09 20:27:05.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1253.1.1032.18.1586 [GMT 3:00]
Running from: C:\Documents and Settings\gido\Επιφάνεια εργασίας\ComboFix.exe
Command switches used :: C:\Documents and Settings\gido\Επιφάνεια εργασίας\CFScript.txt
* Created a new restore point

FILE ::
C:\WINDOWS\system32\ddkdsrfa.exe
C:\WINDOWS\system32\dtyltpeg.exe
C:\WINDOWS\system32\eejykwrt.ini
C:\WINDOWS\system32\gcfiderm.exe
C:\WINDOWS\system32\gspoknsh.ini
C:\WINDOWS\system32\gxuusyxu.ini
C:\WINDOWS\system32\itcjqkpc.exe
C:\WINDOWS\system32\jnmoyvvy.exe
C:\WINDOWS\system32\klwhylxd.exe
C:\WINDOWS\system32\kucixgft.exe
C:\WINDOWS\system32\mbcufwvs.exe
C:\WINDOWS\system32\mebeyukc.ini
C:\WINDOWS\system32\modblgnm.exe
C:\WINDOWS\system32\pryxdrrf.ini
C:\WINDOWS\system32\qnvhqjjs.exe
C:\WINDOWS\system32\sboqakfn.exe
C:\WINDOWS\system32\sdgusoih.exe
C:\WINDOWS\system32\vkuhxswm.ini
C:\WINDOWS\system32\xjapdrvj.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\gido\Local Settings\Application Data\aaacwet.dat
C:\Documents and Settings\gido\Local Settings\Application Data\aaacwet.exe
C:\Documents and Settings\gido\Local Settings\Application Data\aaacwet_nav.dat
C:\Documents and Settings\gido\Local Settings\Application Data\aaacwet_navps.dat
C:\Documents and Settings\gido\Local Settings\Application Data\fyrfw.dat
C:\Documents and Settings\gido\Local Settings\Application Data\fyrfw.exe
C:\Documents and Settings\gido\Local Settings\Application Data\fyrfw_nav.dat
C:\Documents and Settings\gido\Local Settings\Application Data\fyrfw_navps.dat
C:\WINDOWS\system32\ddkdsrfa.exe
C:\WINDOWS\system32\dtyltpeg.exe
C:\WINDOWS\system32\eejykwrt.ini
C:\WINDOWS\system32\gcfiderm.exe
C:\WINDOWS\system32\gspoknsh.ini
C:\WINDOWS\system32\gxuusyxu.ini
C:\WINDOWS\system32\itcjqkpc.exe
C:\WINDOWS\system32\jnmoyvvy.exe
C:\WINDOWS\system32\klwhylxd.exe
C:\WINDOWS\system32\kucixgft.exe
C:\WINDOWS\system32\mbcufwvs.exe
C:\WINDOWS\system32\mebeyukc.ini
C:\WINDOWS\system32\modblgnm.exe
C:\WINDOWS\system32\pryxdrrf.ini
C:\WINDOWS\system32\qnvhqjjs.exe
C:\WINDOWS\system32\sboqakfn.exe
C:\WINDOWS\system32\sdgusoih.exe
C:\WINDOWS\system32\vkuhxswm.ini
C:\WINDOWS\system32\xjapdrvj.exe

.
((((((((((((((((((((((((( Files Created from 2008-05-09 to 2008-06-09 )))))))))))))))))))))))))))))))
.

2008-06-06 23:47 . 2008-06-06 23:47 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-06 23:47 . 2008-06-06 23:47 <DIR> d-------- C:\Documents and Settings\gido\Application Data\Malwarebytes
2008-06-06 23:47 . 2008-06-06 23:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-06 23:47 . 2008-06-05 16:04 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-06 23:47 . 2008-06-05 16:04 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-06 23:34 . 2008-06-06 23:34 <DIR> d-------- C:\Program Files\tools
2008-06-06 22:44 . 2008-06-06 22:44 <DIR> d-------- C:\Deckard
2008-06-06 17:04 . 2007-12-10 12:45 <DIR> d-------- C:\Documents and Settings\Administrator\Επιφάνεια εργασίας
2008-06-06 17:04 . 2007-12-10 12:45 <DIR> d-------- C:\Documents and Settings\Administrator\Τα έγγραφά μου
2008-06-06 17:04 . 2008-06-06 17:04 <DIR> d-------- C:\Documents and Settings\Administrator
2008-06-06 01:25 . 2008-06-06 01:25 <DIR> d-------- C:\Program Files\Real
2008-06-05 20:51 . 2008-06-05 20:51 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-03 23:10 . 2008-06-03 23:10 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-06-03 23:10 . 2008-06-03 23:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-28 17:10 . 2008-05-28 17:10 <DIR> d-------- C:\WINDOWS\Supermarket Mania
2008-05-25 13:38 . 2008-05-25 13:39 <DIR> d-------- C:\Documents and Settings\gido\Application Data\Media Player Classic
2008-05-24 23:14 . 2008-06-06 17:31 1,892 --a------ C:\WINDOWS\wininit.ini
2008-05-24 22:21 . 2008-05-24 22:21 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-05-24 22:21 . 2008-01-10 13:15 755,027 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-05-24 22:21 . 2007-12-04 02:33 682,496 --a------ C:\WINDOWS\system32\divx.dll
2008-05-24 22:21 . 2006-09-24 16:11 389,120 --a------ C:\WINDOWS\system32\lameACM.acm
2008-05-24 22:21 . 2004-01-25 17:18 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll
2008-05-24 22:21 . 2008-01-10 13:16 159,839 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-05-24 22:21 . 2007-09-21 01:52 118,784 --a------ C:\WINDOWS\system32\ac3acm.acm
2008-05-24 22:21 . 2007-12-24 13:49 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-05-24 22:21 . 2007-07-10 17:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-05-24 22:21 . 2007-10-03 16:03 414 --a------ C:\WINDOWS\system32\lame_acm.xml
2008-05-24 01:34 . 2008-05-24 01:34 28 --a------ C:\WINDOWS\SIERRA.INI
2008-05-24 01:29 . 2008-05-24 01:29 <DIR> d--h----- C:\WINDOWS\PIF
2008-05-24 00:16 . 2008-05-24 00:16 <DIR> d-------- C:\Program Files\Common Files\PC Tools
2008-05-23 23:59 . 2008-05-23 23:59 <DIR> d-------- C:\WINDOWS\CD95F661A5C444F5A6AAECDD91C240B6.TMP
2008-05-22 21:22 . 2008-05-24 14:59 <DIR> d-------- C:\Program Files\Download Direct
2008-05-22 21:12 . 2008-05-22 21:12 77 --a------ C:\WINDOWS\gvcasinos.ini
2008-05-18 19:42 . 2008-05-19 19:42 2,506 --ahs---- C:\WINDOWS\system32\qvarnqvg.ini
2008-05-18 00:36 . 2008-05-18 00:36 <DIR> d-------- C:\Program Files\Gabest
2008-05-18 00:36 . 2008-05-18 00:36 196,608 --a------ C:\WINDOWS\system32\avisynth.dll
2008-05-18 00:35 . 2008-05-18 00:36 <DIR> d-------- C:\Program Files\GordianKnot
2008-05-18 00:35 . 2008-05-18 00:35 414,272 --a------ C:\WINDOWS\system32\DivXc32f.dll
2008-05-18 00:35 . 2008-05-18 00:35 414,272 --a------ C:\WINDOWS\system32\DivXc32.dll
2008-05-18 00:35 . 2008-05-18 00:35 291,408 --a------ C:\WINDOWS\system32\DivXa32.acm
2008-05-18 00:35 . 2008-05-18 00:35 240,400 --a------ C:\WINDOWS\system32\DivX_c32.ax
2008-05-18 00:35 . 2008-05-18 00:35 33,280 --a------ C:\WINDOWS\system32\HUFFYUV.DLL
2008-05-17 20:38 . 2008-05-21 23:39 <DIR> d-------- C:\Documents and Settings\gido\Application Data\LimeWire
2008-05-16 22:48 . 2008-06-08 16:54 8,627 --a------ C:\WINDOWS\system32\PAV_FOG.OPC
2008-05-16 22:43 . 2008-06-08 15:09 266,888 --a------ C:\WINDOWS\system32\drivers\APPFCONT.DAT.bck
2008-05-16 22:43 . 2008-06-09 20:22 1,204 --a------ C:\WINDOWS\system32\drivers\APPFLTR.CFG.bck
2008-05-16 22:41 . 2008-05-16 22:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\sentinel
2008-05-16 22:36 . 2007-09-28 13:24 83,896 --a------ C:\WINDOWS\system32\drivers\pavdrv51.sys
2008-05-16 22:36 . 2008-05-16 22:36 261 --a------ C:\WINDOWS\system32\PavCPL.dat
2008-05-16 22:35 . 2008-05-16 22:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Backup
2008-05-16 22:34 . 2008-05-16 22:34 <DIR> d-------- C:\WINDOWS\system32\PAV
2008-05-16 22:34 . 2007-10-25 17:27 292,144 --a------ C:\WINDOWS\system32\PavSHook.dll
2008-05-16 22:34 . 2007-10-16 15:37 161,072 --a------ C:\WINDOWS\system32\TpUtil.dll
2008-05-16 22:34 . 2007-11-19 13:01 143,160 --a------ C:\WINDOWS\system32\drivers\netimflt.sys
2008-05-16 22:34 . 2007-02-08 10:53 107,568 --a------ C:\WINDOWS\system32\SYSTOOLS.DLL
2008-05-16 22:34 . 2007-02-28 17:04 63,024 --a------ C:\WINDOWS\system32\pavipc.dll
2008-05-16 22:34 . 2007-02-15 19:02 50,736 --a------ C:\WINDOWS\system32\avldr.dll
2008-05-16 22:34 . 2007-06-08 07:44 24,760 --a------ C:\WINDOWS\system32\drivers\cpoint.sys
2008-05-16 22:34 . 2007-11-19 12:51 2,048 --a------ C:\WINDOWS\system32\drivers\net_m32.inf
2008-05-16 22:32 . 2008-05-16 22:34 <DIR> d-------- C:\Program Files\Panda Security
2008-05-16 22:21 . 2008-05-16 22:21 <DIR> d-------- C:\Program Files\Common Files\Panda Software
2008-05-16 22:21 . 2007-07-12 13:49 178,872 --a------ C:\WINDOWS\system32\drivers\PavProc.sys
2008-05-16 22:21 . 2007-05-23 15:40 38,968 --a------ C:\WINDOWS\system32\drivers\ShlDrv51.sys
2008-05-14 19:36 . 2008-05-14 19:36 <DIR> d-------- C:\Program Files\SiSoftware
2008-05-13 16:58 . 2008-05-13 16:58 335 --a------ C:\WINDOWS\mozregistry.dat
2008-05-12 21:28 . 2008-05-12 21:28 <DIR> d-------- C:\Program Files\CleanMyPC
2008-05-12 17:23 . 2008-06-08 12:46 <DIR> d-------- C:\Documents and Settings\gido\Application Data\Roxio
2008-05-12 17:19 . 2003-01-14 09:14 135,168 --a------ C:\WINDOWS\system32\l3codecx.acm
2008-05-12 17:10 . 2008-05-12 17:10 <DIR> d-------- C:\Program Files\Roxio
2008-05-12 16:47 . 2008-05-12 16:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
2008-05-11 15:47 . 2008-05-11 15:47 <DIR> d-------- C:\Program Files\SCREENSAVERS
2008-05-11 15:47 . 2005-10-05 13:47 2,226,176 --a------ C:\WINDOWS\system32\3D Solar System.scr
2008-05-11 15:47 . 2006-07-09 12:54 291,776 --a------ C:\WINDOWS\system32\DealioKit97-stub-0.exe
2008-05-11 15:47 . 2008-05-11 22:53 1 --a------ C:\WINDOWS\system32\sav80231.sys
2008-05-10 22:55 . 2008-05-10 22:55 319 --a------ C:\WINDOWS\game.ini
2008-05-10 22:50 . 2008-05-10 22:50 <DIR> d-------- C:\Program Files\Activision
2008-05-10 22:03 . 2008-05-10 22:03 <DIR> d-------- C:\Program Files\Subtitle Workshop
2008-05-10 22:02 . 2008-05-10 22:02 <DIR> d-------- C:\Program Files\ApophysisScreenSaver
2008-05-10 22:02 . 2004-08-16 01:12 231,936 --a------ C:\WINDOWS\ApophysisScreenSaver.scr
2008-05-10 22:02 . 2008-05-10 22:02 60 --a------ C:\WINDOWS\ApophysisScreenSaver.ini
2008-05-09 01:30 . 2008-05-12 16:47 48 ---hs---- C:\WINDOWS\S3EED914A.tmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-09 17:23 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-09 17:22 1,204 ----a-w C:\WINDOWS\system32\drivers\APPFLTR.CFG
2008-06-08 18:02 --------- d-----w C:\Documents and Settings\gido\Application Data\uTorrent
2008-06-08 12:09 266,888 ----a-w C:\WINDOWS\system32\drivers\APPFCONT.DAT
2008-06-06 22:29 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-06 13:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-06 13:33 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-06-05 22:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-05 22:24 --------- d-----w C:\Program Files\GAMES
2008-05-24 19:20 --------- d-----w C:\Program Files\DivX
2008-05-23 21:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2008-05-21 20:08 --------- d-----w C:\Program Files\uTorrent
2008-05-17 21:47 416,304 ----a-w C:\WINDOWS\system32\Mpg4c32.dll
2008-05-17 21:42 --------- d-----w C:\Program Files\CDex_170b2
2008-05-15 19:36 --------- d-----w C:\Program Files\tv
2008-05-13 14:27 --------- d-----w C:\Program Files\Yahoo!
2008-05-13 13:05 1,036,800 ----a-w C:\WINDOWS\explorer.exe
2008-05-12 14:13 --------- d-----w C:\Program Files\Common Files\Roxio Shared
2008-05-11 13:52 --------- d-----w C:\Program Files\EA GAMES
2008-05-11 12:58 --------- d-----w C:\Program Files\nero6
2008-05-10 19:01 --------- d-----w C:\Program Files\UTILITIES
2008-05-08 22:29 --------- d-----w C:\Program Files\Elaborate Bytes
2008-05-08 20:12 --------- d-----w C:\Program Files\Realtek
2008-05-06 17:15 --------- d-----w C:\Program Files\Stardock
2008-05-06 16:11 --------- d-----w C:\Program Files\dream aquarium
2008-05-05 17:59 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-04 20:11 --------- d-----w C:\Program Files\Common Files\EasyInfo
2008-05-03 08:49 --------- d-----w C:\Documents and Settings\gido\Application Data\Talkback
2008-05-03 01:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-05-03 00:44 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-05-03 00:07 --------- d-----w C:\Documents and Settings\gido\Application Data\Yahoo!
2008-05-02 19:49 --------- d-----w C:\Program Files\Common Files\ACD Systems
2008-05-02 14:42 --------- d-----w C:\Documents and Settings\gido\Application Data\DivX
2008-05-02 12:03 139,264 ----a-w C:\WINDOWS\system32\hpzjrd01.dll
2008-05-01 23:11 --------- d-----w C:\Program Files\AnvSoft
2008-05-01 22:41 --------- d-----w C:\Program Files\VirtualDJ
2008-04-30 23:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\JollyBear
2008-04-30 23:44 --------- d-----w C:\Program Files\Mahjong Escape - Ancient Japan
2008-04-30 23:44 --------- d-----w C:\Documents and Settings\gido\Application Data\SpinTop
2008-04-30 22:20 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-04-30 21:53 15,600 ----a-w C:\WINDOWS\gdrv.sys
2008-04-30 21:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\TVU Networks
2008-04-30 19:27 --------- d-----w C:\Program Files\Java
2008-04-30 19:26 --------- d-----w C:\Program Files\Common Files\Java
2008-04-30 16:17 --------- d-----w C:\Documents and Settings\gido\Application Data\.BitTornado
2008-04-28 12:02 --------- d-----w C:\Documents and Settings\gido\Application Data\TVU Networks
2008-04-27 21:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-27 21:00 --------- d-----w C:\Program Files\kaspersky
2008-04-27 19:39 --------- d-----w C:\Program Files\CyberDefender
2008-04-27 19:14 --------- d-----w C:\Program Files\BitTornado
2008-04-27 16:17 --------- d-----w C:\Documents and Settings\gido\Application Data\AVG7
2008-04-25 16:29 --------- d-----w C:\Program Files\GammonEmpire
2008-04-23 20:40 --------- d-----w C:\Program Files\Plus!
2008-04-23 20:24 --------- d-----w C:\Program Files\Acez.com Wallpaper
2008-04-23 20:18 9,728 ----a-w C:\WINDOWS\system32\UnInstall A Happy Easter.exe
2008-04-23 20:14 --------- d-----w C:\Program Files\UselessCreations
2008-04-23 13:36 --------- d-----w C:\Program Files\obj
2008-04-22 18:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\GameTap
2008-04-22 18:21 --------- d-----w C:\Documents and Settings\gido\Application Data\InstallShield
2008-04-22 17:33 --------- d-----w C:\Program Files\HP
2008-04-19 22:38 21,848,170 ----a-w C:\WINDOWS\85500.exe
2008-04-07 02:12 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-03-31 21:25 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-03-21 20:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-03-21 20:30 129,784 ----a-w C:\WINDOWS\system32\pxafs.dll
2008-03-21 20:30 120,056 ----a-w C:\WINDOWS\system32\pxcpyi64.exe
2008-03-21 20:30 118,520 ----a-w C:\WINDOWS\system32\pxinsi64.exe
2008-03-21 20:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-03-21 20:28 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-03-21 20:28 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-03-21 20:28 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-03-21 20:28 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-03-21 20:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-03-14 22:24 93,128 ----a-w C:\WINDOWS\system32\ElbyCDIO.dll
2006-02-28 09:42 94,208 ----a-w C:\Program Files\mdnsNSP.dll
1999-07-07 09:48 99,840 ----a-w C:\Program Files\Common Files\IRAABOUT.DLL
1998-12-08 23:53 70,144 ----a-w C:\Program Files\Common Files\IRAMDMTR.DLL
1998-12-08 23:53 48,640 ----a-w C:\Program Files\Common Files\IRALPTTR.DLL
1998-12-08 23:53 31,744 ----a-w C:\Program Files\Common Files\IRAWEBTR.DLL
1998-12-08 23:53 186,368 ----a-w C:\Program Files\Common Files\IRAREG.DLL
1998-12-08 23:53 17,920 ----a-w C:\Program Files\Common Files\IRASRIAL.DLL
.

Code:

<pre>
----a-w         7,019,335 2008-03-31 21:03:36  C:\Documents and Settings\gido\Τα έγγραφά μου\TORRENT\torrent rest\DAP Premium Version 8.6.1.4 + working 100%\DAP Premium .exe
</pre>

((((((((((((((((((((((((((((( snapshot@2008-06-08_15.03.38.14 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-08 12:00:23 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-09 17:22:03 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-04 06:45 15360]
"Registry Cleaner Scheduler"="C:\Program Files\CleanMyPC\Registry Cleaner\RCHelper.exe" [2008-03-02 22:18 913664]
"MSMSGS"="C:\Program Files\Messenger\MSMSGS.exe" [2003-04-14 19:30 1491216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-11-22 04:08 813912]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-02-06 02:52 849280]
"RemoteControl"="C:\WINDOWS\system32\rmctrl.exe" [2003-12-26 01:37 32768]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 16:08 16380416 C:\WINDOWS\RTHDCPL.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"RegistryMechanic"="" []
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-04 06:45 15360]

C:\Documents and Settings\All Users\Start Menu\�¨¦š¨α££˜«˜\„΅΅ε¤ž©ž\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-01-01 10:07:17 113664]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 20:05:56 65588]
‡η¨˜ Symantec Fax Starter Edition.lnk - C:\Program Files\Microsoft Office\Office\1032\OLFSNT40.EXE [1999-07-09 18:42:54 46080]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 2007-02-15 19:02 50736 C:\WINDOWS\system32\avldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\dvacm.acm
"VIDC.HFYU"= huffyuv.dll
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm
"VIDC.YV12"= yv12vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Προγράμματα^Εκκίνηση^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Προγράμματα\Εκκίνηση\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Προγράμματα^Εκκίνηση^Γρήγορη εκκίνηση HP Image Zone.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Προγράμματα\Εκκίνηση\Γρήγορη εκκίνηση HP Image Zone.lnk
backup=C:\WINDOWS\pss\Γρήγορη εκκίνηση HP Image Zone.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDElbyCDFL]
--a------ 2002-11-02 09:33 45056 C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
--a------ 2002-12-02 17:17 73728 C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-05-12 00:12 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\messengerskinner]
C:\Program Files\MessengerSkinner\MessengerSkinner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Updates]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioAudioCentral]
--a------ 2003-01-09 09:21 253952 C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
--a------ 2003-01-13 10:19 757760 C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]
--a------ 2003-01-13 14:05 69632 C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Business XII.SP2\\RpcAgentSrv.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Business XII.SP2\\WNt500x86\\RpcSandraSrv.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 ElbyVCD;ElbyVCD;C:\WINDOWS\system32\DRIVERS\ElbyVCD.sys [2002-11-28 13:43]
R1 APPFLT;App Filter Plugin;C:\WINDOWS\system32\Drivers\APPFLT.SYS [2007-09-28 13:05]
R1 DSAFLT;DSA Filter Plugin;C:\WINDOWS\system32\Drivers\DSAFLT.SYS [2007-05-11 08:33]
R1 FNETMON;NetMon Filter Plugin;C:\WINDOWS\system32\Drivers\fnetmon.SYS [2007-11-14 17:48]
R1 IDSFLT;Ids Filter Plugin;C:\WINDOWS\system32\Drivers\IDSFLT.SYS [2007-07-11 10:39]
R1 NETFLTDI;Panda Net Driver [TDI Layer];C:\WINDOWS\system32\Drivers\NETFLTDI.SYS [2007-10-25 08:50]
R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\DRIVERS\ShlDrv51.sys [2007-05-23 15:40]
R1 SMSFLT;SMS Filter Plugin;C:\WINDOWS\system32\Drivers\SMSFLT.SYS [2007-05-11 08:33]
R1 WNMFLT;Wifi Monitor Filter Plugin;C:\WINDOWS\system32\Drivers\WNMFLT.SYS [2007-05-11 08:33]
R2 cpoint;Panda CPoint Driver;C:\WINDOWS\system32\Drivers\cpoint.sys [2007-06-08 07:44]
R2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys [2007-07-12 13:49]
R2 SandraAgentSrv;SiSoftware Deployment Agent Service;C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business XII.SP2\RpcAgentSrv.exe [2008-04-07 19:26]
R3 NETIMFLT01050097;PANDA NDIS IM Filter Miniport v1.5.0.97;C:\WINDOWS\system32\DRIVERS\netimflt.sys [2007-11-19 13:01]
R3 PavTPK.sys;PavTPK.sys;C:\WINDOWS\system32\PavTPK.sys []
S3 AvFlt;Antivirus Filter Driver;C:\WINDOWS\system32\drivers\av5flt.sys []
S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2008-05-01 00:53]
S3 hid7906;hid7906;C:\WINDOWS\system32\drivers\hid7906.sys [2006-07-04 18:17]
S3 PavSRK.sys;PavSRK.sys;C:\WINDOWS\system32\PavSRK.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fa718d5c-aad0-11dc-9245-fd3200b177df}]
\Shell\AutoRun\command - F:\LaunchU3.exe

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-06-09 17:00:00 C:\WINDOWS\Tasks\HPpromotions journeysoftware.job"
- C:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-09 20:29:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-09 20:30:24
ComboFix-quarantined-files.txt 2008-06-09 17:30:14
ComboFix2.txt 2008-06-08 12:03:53

10 Κατάλογοι 89,586,475,008 διαθέσιμα byte
14 Κατάλογοι 89,575,419,904 διαθέσιμα byte

340





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:36:35 μμ, on 9/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\TPSrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\PsCtrls.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\pavsrv51.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe
c:\program files\panda security\panda internet security 2008\firewall\PSHOST.EXE
C:\Program Files\Panda Security\Panda Internet Security 2008\PsImSvc.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\AVENGINE.EXE
C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business XII.SP2\RpcAgentSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\rmctrl.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CleanMyPC\Registry Cleaner\RCHelper.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Συνδέσεις
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\system32\rmctrl.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Registry Cleaner Scheduler] "C:\Program Files\CleanMyPC\Registry Cleaner\RCHelper.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Θύρα Symantec Fax Starter Edition.lnk = C:\Program Files\Microsoft Office\Office\1032\OLFSNT40.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\pavsrv51.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe
O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda security\panda internet security 2008\firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\PsImSvc.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business XII.SP2\RpcAgentSrv.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\TPSrv.exe

--
End of file - 7522 bytes

[fatmama]

hi I'm still trying with kaspersky and found another one Trojan.Win32.Monder.gen but the scan in 6 and a half hours has done 17%.