spybot search & destroy doesn't run,various infections detected at an online scan

[in_the_woods]

Hi,

First of all I can't run spybot - search & destroy. Every time I try , the pc will either freeze or shut down and restart by itself. I tried to run it in safe mode but had the same results. The pc had a symantec antivirus in the past but does not have an antivirus now , so I tried to do an online scan at kaspersky's website but the scan failed twice. I do not remember if the pc freezed or if it shut down. I managed to do a scan at panda's website and it found various infections.


The pc is very very slow and it will frequently shut down and restart. I was using internet explorer 7 and it to was very slow. I updated to IE8 but it performed like IE7. When I switched to mozilla , right after installation I noticed that mozilla would load instantly and so did the webpages , but after a while it was performing like IE , perhaps slightly better.

I found some days ago a file named "jkos-admin" which I deleted but I kept it in the recycle bin just in case it could give you some informations , I could not find it after a system restore was performed. Perhaps I emptied the recycle bin by mistake. I think it was here : documents and settings/admin/local settings/temp, but it is not there now.

Some weeks ago and with the pc performing as bad as it does now , I cleaned the registry with CCleaner. It didn't seem to affect the pc in some way.



1) There is a "P2P Networking" icon in the control's panel and a P2PNetworking.eng in my hard drive. Should I just delete this?

2)Do you want me to paste the log of the panda scan?


3)I have an older version of spybot. I installed the new version without updating through the old one , so now I have two installed. Should I uninstall the older version?. It has some items quarantined. What must I do with these?

I would very much appreciate any help and advise you could give. Thank you very much. :thanks:

P.S. I don't speak English very well and I do not know much about computers so I apologise if something I wrought does not make much sence.





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:45:04 μμ, on 9/8/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\admin\Επιφάνεια εργασίας\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mech.ntua.gr/gr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Συνδέσεις
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Βοηθός εισόδου του Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: RX Toolbar - {25D8BACF-3DE2-4B48-AE22-D659B8D835B0} - C:\Program Files\RXToolBar\RXToolBar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: PartMetBackup.lnk.disabled
O4 - Startup: PowerReg Scheduler V3.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Ε&ξαγωγή στο Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {A0CC33E0-9DF0-4361-A94D-E55C4008788F} (BiosAgentPlus ActiveX Control) - http://biosagentplus.com/files/biosagentplus.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{63D0C496-2805-4133-96DE-A217E53D116A}: NameServer = 194.219.227.2,193.92.150.3
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe

--
End of file - 5600 bytes

 

[Shaba]

Hi in_the_woods

Yes please post panda scan log next

 

[in_the_woods]

Hi Shaba :greeting:


;***********************************************************************************************************************************************************************************
ANALYSIS: 2009-08-05 10:25:05
PROTECTIONS: 0
MALWARE: 18
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00029258 application/altnet HackTools No 0 Yes No hkey_local_machine\software\classes\appid\altnet signing module.exe
00029258 application/altnet HackTools No 0 Yes No hkey_classes_root\appid\{99a8e2b2-3405-4c0d-9110-131c14caaf62}
00029258 application/altnet HackTools No 0 Yes No HKEY_CLASSES_ROOT\TypeLib\{5830698F-7FC0-40CD-A453-9A0CAFDF3A64}
00029258 application/altnet HackTools No 0 Yes No HKEY_CLASSES_ROOT\AppID\{8B0FEF15-54DC-49F5-8377-8172DE975F75}
00029258 application/altnet HackTools No 0 Yes No HKEY_CLASSES_ROOT\Interface\{E79DADC6-18D0-4A2A-831F-D196D41F8438}
00029258 application/altnet HackTools No 0 Yes No hkey_local_machine\software\classes\appid\{99a8e2b2-3405-4c0d-9110-131c14caaf62}
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\admin\Cookies\admin@doubleclick[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\admin\Cookies\admin@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\admin\Cookies\admin@atdmt[1].txt
00141436 Application/P2PNetworking HackTools No 0 Yes No C:\WINDOWS\system32\P2P Networking v1263.cpl
00141437 Application/P2PNetworking HackTools No 0 Yes No C:\WINDOWS\Downloaded Program Files\WebP2PInstaller3.dll
00145869 Cookie/SpyLog TrackingCookie No 0 Yes No C:\Documents and Settings\admin\Cookies\admin@spylog[1].txt
00151738 W32/Lovgate.BU.worm Virus/Worm No 0 Yes No C:\fsc.tmp\driver\chipset\sis_chipset_ide_v2_04a_w2k_wxp\setupdir\0804\Mafia Trainer!!!.exe
00167014 adware/rxtoolbar Adware No 1 Yes No hkey_classes_root\rxtoolbar.tbinfo.1
00167014 adware/rxtoolbar Adware No 1 Yes No hkey_current_user\software\rx toolbar
00167014 adware/rxtoolbar Adware No 1 Yes No c:\program files\rxtoolbar
00167014 adware/rxtoolbar Adware No 1 Yes No hkey_local_machine\software\rxresults
00167014 adware/rxtoolbar Adware No 1 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{59879FA4-4790-461c-A1CC-4EC4DE4CA483}
00167014 adware/rxtoolbar Adware No 1 Yes No HKEY_LOCAL_MACHINE\software\classes\protocols\filter\text/html\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}
00167014 adware/rxtoolbar Adware No 1 Yes No HKEY_CLASSES_ROOT\TypeLib\{66B20295-DC57-42B6-ACDF-52D916E86464}
00167014 adware/rxtoolbar Adware No 1 Yes No HKEY_CLASSES_ROOT\Interface\{FB590D02-0A82-4F44-9FAD-517948DCF4F3}
00167014 adware/rxtoolbar Adware No 1 Yes No HKEY_LOCAL_MACHINE\software\classes\CLSID\{25D8BACF-3DE2-4B48-AE22-D659B8D835B0}
00167014 adware/rxtoolbar Adware No 1 Yes No hkey_classes_root\clsid\{25d8bacf-3de2-4b48-ae22-d659b8d835b0}
00167014 adware/rxtoolbar Adware No 1 Yes No hkey_local_machine\software\classes\rxtoolbar.tbinfo.1
00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Documents and Settings\admin\Cookies\admin@yadro[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\admin\Cookies\admin@ad.yieldmanager[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\admin\Cookies\admin@advertising[1].txt
00169752 application/need2find HackTools No 0 Yes No hkey_current_user\software\need2find
00169752 application/need2find HackTools No 0 Yes No hkey_local_machine\software\need2find
00169752 application/need2find HackTools No 0 Yes No c:\program files\need2find
00169752 Application/Need2Find HackTools No 0 Yes No C:\Program Files\Mozilla Firefox\plugins\NPNd2fn.dll
00169752 Application/Need2Find HackTools No 0 Yes No C:\System Volume Information\_restore{6A7D3704-4820-4689-BD42-CB6D54847B88}\RP786\A0911225.DLL
00169753 Application/Need2Find HackTools No 0 Yes No C:\System Volume Information\_restore{6A7D3704-4820-4689-BD42-CB6D54847B88}\RP786\A0911224.DLL
00180282 Application/Need2Find HackTools No 0 Yes No C:\System Volume Information\_restore{6A7D3704-4820-4689-BD42-CB6D54847B88}\RP786\A0911231.DLL
00180282 Application/Need2Find HackTools No 0 Yes No C:\System Volume Information\_restore{6A7D3704-4820-4689-BD42-CB6D54847B88}\RP786\A0912229.dll
00211158 application/bestoffer HackTools No 0 Yes No c:\windows\smdat32m.sys
00349071 Adware/RXToolbar Adware No 1 Yes No C:\Program Files\RXToolBar\RXToolBar.dll
00527204 Application/PRScheduler HackTools Yes 0 Yes No C:\Documents and Settings\admin\Start Menu\Προγράμματα\Εκκίνηση\PowerReg Scheduler V3.exe
01907169 Trj/Zlob.LH Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{6A7D3704-4820-4689-BD42-CB6D54847B88}\RP797\A0952637.exe
;===================================================================================================================================================================================
SUSPECTS
Sent Location ^
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description ^
;===================================================================================================================================================================================
;===================================================================================================================================================================================

 

[Shaba]

Download at your desktop DDS from one of the links below:

Link 1
Link 2

• Double click the tool to run it.
• A black Screen will open, just read the contents and do nothing.
• When the tool finish it will open 2 reports.
• Copy/paste both reports back here and remove DDS from your desktop.

 

[in_the_woods]

DDS (Ver_09-07-30.01) - NTFSx86
Run by admin at 17:55:38,67 on ƒœ¬ 10/08/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.3.1253.30.1032.18.511.278 [GMT 3:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\admin\Επιφάνεια εργασίας\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.mech.ntua.gr/gr
uInternet Connection Wizard,ShellNext = iexplore
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Βοηθός εισόδου του Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: RX Toolbar: {25d8bacf-3de2-4b48-ae22-d659b8d835b0} - c:\program files\rxtoolbar\RXToolBar.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: {92A40B0A-740A-4A11-9DDB-70460C6DA383} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [P2P Networking] c:\windows\system32\p2p networking\P2P Networking.exe /AUTOSTART
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\documents and settings\admin\start menu\προγράμματα\εκκίνηση\PartMetBackup.lnk.disabled
StartupFolder: c:\documents and settings\admin\start menu\προγράμματα\εκκίνηση\PowerReg Scheduler V3.exe
IE: &eBay Search - c:\program files\ebay\ebay toolbar2\eBayTb.dll/RCSearch.html
IE: Ε&ξαγωγή στο Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {32505657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {A0CC33E0-9DF0-4361-A94D-E55C4008788F} - hxxp://biosagentplus.com/files/biosagentplus.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: {63D0C496-2805-4133-96DE-A217E53D116A} = 194.219.227.2,193.92.150.3
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admin\applic~1\mozilla\firefox\profiles\if238me7.default\
FF - prefs.js: browser.startup.homepage - hxxp://forums.spybot.info/showthread.php?t=50650
FF - plugin: c:\program files\mozilla firefox\plugins\NPNd2fn.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

S1 HWiNFO32;HWiNFO32 Kernel Driver;\??\c:\docume~1\admin\locals~1\temp\hwinfo32.sys --> c:\docume~1\admin\locals~1\temp\HWiNFO32.SYS [?]
S3 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2009-8-9 12672]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2008-9-23 13352]
S3 SE2Fbus;Sony Ericsson Device 047 Driver driver (WDM);c:\windows\system32\drivers\SE2Fbus.sys [2007-2-25 61600]
S3 SE2Fmdfl;Sony Ericsson Device 047 USB WMC Modem Filter;c:\windows\system32\drivers\SE2Fmdfl.sys [2007-2-25 9360]
S3 SE2Fmdm;Sony Ericsson Device 047 USB WMC Modem Driver;c:\windows\system32\drivers\SE2Fmdm.sys [2007-2-25 97184]
S3 SE2Fmgmt;Sony Ericsson Device 047 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\SE2Fmgmt.sys [2007-2-25 88688]
S3 se2Fnd5;Sony Ericsson Device 047 USB Ethernet Emulation SEMC47 (NDIS);c:\windows\system32\drivers\se2Fnd5.sys [2007-2-25 18704]
S3 SE2Fobex;Sony Ericsson Device 047 USB WMC OBEX Interface;c:\windows\system32\drivers\SE2Fobex.sys [2007-2-25 86560]
S3 se2Funic;Sony Ericsson Device 047 USB Ethernet Emulation SEMC47 (WDM);c:\windows\system32\drivers\se2Funic.sys [2007-2-25 90800]

=============== Created Last 30 ================

2009-08-09 21:27 12,672 a------- c:\windows\system32\drivers\cpuz132_x32.sys
2009-08-09 21:27 <DIR> --d----- c:\program files\CPUID
2009-08-09 14:10 <DIR> --d----- C:\katevasmata
2009-08-08 20:46 <DIR> --d----- c:\program files\DVD Identifier
2009-08-08 14:37 <DIR> --d----- c:\docume~1\admin\applic~1\Ashampoo
2009-08-08 14:37 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ashampoo
2009-08-08 14:37 <DIR> --d----- c:\program files\Ashampoo
2009-08-06 18:06 <DIR> --d----- c:\windows\system32\wbem\Repository
2009-08-06 18:04 <DIR> --d----- c:\program files\Incoming
2009-08-06 18:01 <DIR> --d----- c:\windows\cdmxtras
2009-07-21 13:03 <DIR> --d----- c:\docume~1\admin\applic~1\uTorrent
2009-07-19 16:04 <DIR> --d----- c:\program files\Panda Security
2009-07-19 15:55 <DIR> --d----- c:\program files\Safer Networking
2009-07-19 15:31 <DIR> --d----- c:\windows\ie8updates
2009-07-18 12:13 <DIR> --d----- c:\program files\nandub
2009-07-17 20:02 <DIR> --d----- c:\docume~1\admin\applic~1\Sony Ericsson
2009-07-17 20:02 <DIR> --d----- c:\docume~1\admin\applic~1\QA International
2009-07-17 20:01 <DIR> --d----- c:\program files\CosmoSoftware
2009-07-17 19:44 <DIR> --d----- c:\documents and settings\admin\IECompatCache
2009-07-17 19:43 <DIR> --d----- c:\documents and settings\admin\PrivacIE
2009-07-17 19:38 <DIR> --d----- c:\documents and settings\admin\IETldCache
2009-07-17 19:30 <DIR> -cd----- c:\windows\ie8
2009-07-15 11:26 <DIR> --d----- c:\program files\nandub-binary-1.0rc1
2009-07-14 13:41 <DIR> --d----- c:\program files\common files\ODBC
2009-07-13 10:21 <DIR> --d----- c:\docume~1\admin\applic~1\Any Video Converter
2009-07-13 10:21 <DIR> --d----- c:\program files\Any Video Converter

==================== Find3M ====================

2009-07-21 10:24 513,760 a------- c:\windows\system32\perfh008.dat
2009-07-21 10:24 88,668 a------- c:\windows\system32\perfc008.dat
2009-07-11 17:23 23,600 a------- c:\windows\system32\drivers\TVICHW32.SYS
2009-06-29 18:58 827,392 a------- c:\windows\system32\wininet.dll
2009-06-29 18:58 78,336 a------- c:\windows\system32\ieencode.dll
2009-06-29 18:58 17,408 a------- c:\windows\system32\corpol.dll
2009-06-16 17:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 17:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-03 22:10 1,299,456 a------- c:\windows\system32\quartz.dll
2009-05-16 14:34 34,376 a------- c:\docume~1\admin\applic~1\GDIPFONTCACHEV1.DAT
2009-05-13 08:04 915,456 a------- c:\windows\system32\wininet(4)(2).dll
2009-05-13 08:04 915,456 a------- c:\windows\system32\wininet(2).dll
2009-02-28 07:57 5,517,160 a------- c:\program files\bitcomet_setup.exe
2009-01-13 14:14 3,338,372 a------- c:\program files\cosmo_win95nt_eng.exe
2009-01-13 14:06 1,492,727 a------- c:\program files\SurfX3D.zip
2008-06-16 07:54 411,766 a------- c:\program files\tetris_gy.exe
2008-04-25 18:48 1,233,466 a------- c:\program files\wrar371el.exe
2007-11-03 13:50 348 a------- c:\program files\downloads.txt
2007-11-03 13:49 348 a------- c:\program files\downloads.bak
2007-09-07 16:57 136,704 a------- c:\program files\EModelZoomin.dll
2007-09-07 16:56 91,648 a------- c:\program files\EModelViewer.exe
2007-09-07 16:56 26,624 a------- c:\program files\edrwthumbnailprovider.dll
2007-09-07 16:55 594,944 a------- c:\program files\eDrawingOfficeAutomator.exe
2007-09-07 16:55 95,744 a------- c:\program files\EModelEx
2007-09-07 16:55 133,120 a------- c:\program files\EModelExport.dll
2007-09-07 16:55 6,802,944 a------- c:\program files\EModelXlator.dll
2007-09-07 16:54 733,184 a------- c:\program files\EModelSWDisplayLists.dll
2007-09-07 16:54 814,592 a------- c:\program files\EModelReviewer.dll
2007-09-07 16:52 135,168 a------- c:\program files\EModelMDReader.dll
2007-09-07 16:52 71,680 a------- c:\program files\EModelEventLog.dll
2007-09-07 16:51 2,186,240 a------- c:\program files\EModelView.dll
2007-09-07 16:48 57,344 a------- c:\program files\EModelUtilsVista.dll
2007-09-07 16:47 249,344 a------- c:\program files\EModelUtils.dll
2007-09-07 16:47 2,814,976 a------- c:\program files\HoopsManager.dll
2007-09-07 16:43 2,680,297 a------- c:\program files\EModelAddIn.dll
2007-09-07 15:53 7,168 a------- c:\program files\eulaedrawing.txt
2007-09-07 15:52 161,412 a------- c:\program files\GTOL.SYM
2007-09-07 15:51 509,472 a------- c:\program files\swlicservinst.exe
2007-09-07 15:51 299,552 a------- c:\program files\solidworkslicenseservice.dll
2007-09-07 15:50 17,920 a------- c:\program files\IMPLODE.DLL
2006-05-20 12:24 447,088 a------- c:\program files\AluriaLiteScannerInstall.exe
2006-03-10 22:55 300 a------- c:\program files\acadcd.mid
2006-02-01 11:00 1,400,248 a------- c:\program files\spybotsd_includes.exe
2006-02-01 10:46 789,515 a------- c:\program files\spybotsd14.exe
2006-01-24 23:26 429 a------- c:\program files\MediaBrowser.ini
2005-12-16 00:30 53,248 a------- c:\program files\Setup.exe
2005-08-09 12:57 1,211,083 a------- c:\program files\abcexcel.zip
2004-10-21 20:38 126,976 a------- c:\program files\MediaBrowser.exe
2002-02-22 12:35 43 a------- c:\program files\autorun.inf
2009-02-04 11:41 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009020420090205\index.dat

============= FINISH: 17:56:20,65 ===============














UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 8/9/2004 9:51:02 πμ
System Uptime: 8/10/2009 5:12:29 μμ (-1416 hours ago)

Motherboard: FUJITSU SIEMENS | | D1675
Processor: Intel(R) Pentium(R) 4 CPU 3.20GHz | CPU | 3200/800mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 75 GiB total, 27,227 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP773: 16/6/2009 9:51:19 μμ - Σημείο ελέγχου συστήματος
RP774: 24/6/2009 9:56:09 πμ - Σημείο ελέγχου συστήματος
RP775: 25/6/2009 10:24:05 πμ - Software Distribution Service 3.0
RP776: 27/6/2009 2:38:10 μμ - Σημείο ελέγχου συστήματος
RP777: 30/6/2009 8:14:29 πμ - Installed Windows Media Format Runtime
RP778: 1/7/2009 9:42:12 πμ - Software Distribution Service 3.0
RP779: 1/7/2009 6:12:22 μμ - Removed Fine Woodworking Archive
RP780: 1/7/2009 10:58:29 μμ - Software Distribution Service 3.0
RP781: 8/7/2009 9:54:24 πμ - Σημείο ελέγχου συστήματος
RP782: 9/7/2009 10:30:17 πμ - Σημείο ελέγχου συστήματος
RP783: 10/7/2009 2:13:56 μμ - Removed Kazaa 3.2.7
RP784: 10/7/2009 2:15:10 μμ - Removed Sony Ericsson PC Suite
RP785: 10/7/2009 2:36:31 μμ - Configured QuickTime
RP786: 10/7/2009 2:41:05 μμ - Removed Adobe® Photoshop® Album Starter Edition 3.0
RP787: 11/7/2009 12:40:41 μμ - Installed Diskeeper Lite
RP788: 11/7/2009 1:18:13 μμ - Removed Diskeeper Lite
RP789: 11/7/2009 1:39:14 μμ - Installed Diskeeper Lite
RP790: 11/7/2009 1:41:32 μμ - Removed Diskeeper Lite
RP791: 13/7/2009 9:10:40 πμ - Σημείο ελέγχου συστήματος
RP792: 14/7/2009 9:39:40 μμ - Σημείο ελέγχου συστήματος
RP793: 15/7/2009 6:48:32 μμ - Software Distribution Service 3.0
RP794: 17/7/2009 1:11:55 μμ - Software Distribution Service 3.0
RP795: 17/7/2009 7:25:08 μμ - Software Distribution Service 3.0
RP796: 17/7/2009 7:59:42 μμ - Λειτουργία επαναφοράς
RP797: 17/7/2009 9:11:49 μμ - Software Distribution Service 3.0
RP798: 19/7/2009 12:37:10 πμ - Σημείο ελέγχου συστήματος
RP799: 19/7/2009 3:24:23 μμ - Installed Windows Internet Explorer 8.
RP800: 19/7/2009 3:28:00 μμ - Software Distribution Service 3.0
RP801: 20/7/2009 6:03:50 μμ - Σημείο ελέγχου συστήματος
RP802: 21/7/2009 1:47:15 μμ - Removed Kazaa 3.2.7
RP803: 29/7/2009 11:34:05 μμ - Software Distribution Service 3.0
RP804: 4/8/2009 7:36:13 μμ - Σημείο ελέγχου συστήματος
RP805: 6/8/2009 5:12:59 μμ - Λειτουργία επαναφοράς
RP806: 6/8/2009 5:37:52 μμ - Λειτουργία επαναφοράς
RP807: 6/8/2009 5:50:52 μμ - Λειτουργία επαναφοράς
RP808: 7/8/2009 12:00:56 πμ - Software Distribution Service 3.0

==== Installed Programs ======================


Βοηθός εισόδου του Windows Live
Εργαλείο αποστολής του Windows Live
Ε9 Δήλωση στοιχείων Ακινήτων 2008 v1
Ενημέρωση ασφαλείας για Windows Internet Explorer 7 (KB938127)
Ενημέρωση ασφαλείας για Windows Internet Explorer 7 (KB950759)
Ενημέρωση ασφαλείας για Windows Internet Explorer 7 (KB958215)
Ενημέρωση ασφαλείας για Windows Internet Explorer 7 (KB960714)
Ενημέρωση ασφαλείας για Windows Internet Explorer 7 (KB961260)
Ενημέρωση ασφαλείας για Windows Internet Explorer 7 (KB963027)
Ενημέρωση ασφαλείας για Windows Internet Explorer 7 (KB969897)
Ενημέρωση ασφαλείας για Windows Internet Explorer 7 (KB972260)
Ενημέρωση ασφαλείας για Windows XP (KB923561)
Ενημέρωση ασφαλείας για Windows XP (KB938464-v2)
Ενημέρωση ασφαλείας για Windows XP (KB938464)
Ενημέρωση ασφαλείας για Windows XP (KB946648)
Ενημέρωση ασφαλείας για Windows XP (KB950760)
Ενημέρωση ασφαλείας για Windows XP (KB950762)
Ενημέρωση ασφαλείας για Windows XP (KB950974)
Ενημέρωση ασφαλείας για Windows XP (KB951066)
Ενημέρωση ασφαλείας για Windows XP (KB951376-v2)
Ενημέρωση ασφαλείας για Windows XP (KB951376)
Ενημέρωση ασφαλείας για Windows XP (KB951698)
Ενημέρωση ασφαλείας για Windows XP (KB951748)
Ενημέρωση ασφαλείας για Windows XP (KB952004)
Ενημέρωση ασφαλείας για Windows XP (KB952954)
Ενημέρωση ασφαλείας για Windows XP (KB953839)
Ενημέρωση ασφαλείας για Windows XP (KB954211)
Ενημέρωση ασφαλείας για Windows XP (KB954459)
Ενημέρωση ασφαλείας για Windows XP (KB954600)
Ενημέρωση ασφαλείας για Windows XP (KB955069)
Ενημέρωση ασφαλείας για Windows XP (KB956391)
Ενημέρωση ασφαλείας για Windows XP (KB956572)
Ενημέρωση ασφαλείας για Windows XP (KB956802)
Ενημέρωση ασφαλείας για Windows XP (KB956803)
Ενημέρωση ασφαλείας για Windows XP (KB956841)
Ενημέρωση ασφαλείας για Windows XP (KB957097)
Ενημέρωση ασφαλείας για Windows XP (KB958644)
Ενημέρωση ασφαλείας για Windows XP (KB958687)
Ενημέρωση ασφαλείας για Windows XP (KB958690)
Ενημέρωση ασφαλείας για Windows XP (KB959426)
Ενημέρωση ασφαλείας για Windows XP (KB960225)
Ενημέρωση ασφαλείας για Windows XP (KB960715)
Ενημέρωση ασφαλείας για Windows XP (KB960803)
Ενημέρωση ασφαλείας για Windows XP (KB961371)
Ενημέρωση ασφαλείας για Windows XP (KB961373)
Ενημέρωση ασφαλείας για Windows XP (KB961501)
Ενημέρωση ασφαλείας για Windows XP (KB968537)
Ενημέρωση ασφαλείας για Windows XP (KB969898)
Ενημέρωση ασφαλείας για Windows XP (KB970238)
Ενημέρωση ασφαλείας για Windows XP (KB971633)
Ενημέρωση ασφαλείας για Windows XP (KB973346)
Ενημέρωση για Windows XP (KB951072-v2)
Ενημέρωση για Windows XP (KB951978)
Ενημέρωση για Windows XP (KB955839)
Ενημέρωση για Windows XP (KB961503)
Ενημέρωση για Windows XP (KB967715)
Ενημερωμένη έκδοση ασφαλείας για Windows XP (KB923689)
Ενημερωμένη έκδοση ασφαλείας για Windows XP (KB941569)
Ενημερωμένη έκδοση ασφαλείας για το Windows Media Player (KB911564)
Ενημερωμένη έκδοση ασφαλείας για το Windows Media Player (KB952069)
Ενημερωμένη έκδοση ασφαλείας για το Windows Media Player 6.4 (KB925398)
Ενημερωμένη έκδοση ασφαλείας για το Windows Media Player 9 (KB911565)
Ενημερωμένη έκδοση ασφαλείας για το Windows Media Player 9 (KB917734)
Ενημερωμένη έκδοση ασφαλείας για το Windows Media Player 9 (KB936782)
Επείγουσα επιδιόρθωση για Windows XP (KB952287)
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0
Any Video Converter 2.7.5
AoA Audio Extractor 1.0
AOpen Multimedia Utilities
Ashampoo Burning Studio 6 FREE
Audiovisual
Autodesk DWF Viewer
C-Major Audio
CCleaner (remove only)
Choice Guard
CometBird (3.0.10)
CPUID CPU-Z 1.52.1
Defraggler (remove only)
DVD Decrypter (Remove Only)
DVD Identifier
eDrawings 2008
ERUNT 1.1j
HijackThis 2.0.2
ImgBurn
InPorte Home
Java(TM) 6 Update 13
K-Lite Codec Pack 4.7.0 (Full)
Kazaa 3.2.7
Lexmark 510 Series
Macromedia Flash Player 8
MetFileRegenerator v3.0.16
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Application Error Reporting
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional με FrontPage
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
mIRC
Mozilla Firefox (3.5.2)
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MyDVD
NVIDIA Display Driver
PowerDVD
Radar Sync Bar
Runtime 8.0 Libraries
Security Update for CAPICOM (KB931906)
Segoe UI
Smart Defrag 1.20
Sonic DLA
Sonic RecordNow DX
Sonic Simple Backup
Sonic Update Manager
Space Invaders '96 : The Year We Make Contact
Spybot - Search & Destroy
Spybot - Search & Destroy 1.3
VideoLAN VLC media player 0.8.6
WebFldrs XP
Winamp
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Media Format Runtime
Windows XP Service Pack 3
WinRAR 3.70 – Εφαρμογή Διαχείρισης Συμπιεσμένων Αρχείων

==== End Of File ===========================




I think that I have uninstalled Kazaa 3.2.7 and that it appeared again in the add/remove programms list after a system restore I performed. When I try now to remove it , I get a message saying that "InstallShield Setup Launcher encountered a problem"

 

[Shaba]

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

uTorrent


I'd like you to read the this thread.

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

Please run a new DDS log scan when finished and post the logs back here.

 

[in_the_woods]

Hi Shaba :greeting: and :thanks: for helping me :cleaning: my p.c. :bighug:

Before seeking help here and having read the thread you gave me , I unistalled the first of 2 P2P (Peer to Peer) File Sharing Programs that I had , but I could not find the second one (utorrent) in the Control Panel > Add/Remove Programs. If it matters , I searched for it in the Add/Remove Programs list after performing a system restore to a restore point that was created before the installation of this program. Anyway I found and deleted (before seeking help here) a utorrent.exe which I believe was what I downloaded in order to install the program. Even now it is not precent in the Add/Remove Programs list.





DDS (Ver_09-07-30.01) - NTFSx86
Run by admin at 22:15:45,68 on ƒœ¬ 10/08/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.3.1253.30.1032.18.511.247 [GMT 3:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\admin\Επιφάνεια εργασίας\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.mech.ntua.gr/gr
uInternet Connection Wizard,ShellNext = iexplore
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Βοηθός εισόδου του Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: RX Toolbar: {25d8bacf-3de2-4b48-ae22-d659b8d835b0} - c:\program files\rxtoolbar\RXToolBar.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: {92A40B0A-740A-4A11-9DDB-70460C6DA383} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [P2P Networking] c:\windows\system32\p2p networking\P2P Networking.exe /AUTOSTART
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\documents and settings\admin\start menu\προγράμματα\εκκίνηση\PartMetBackup.lnk.disabled
StartupFolder: c:\documents and settings\admin\start menu\προγράμματα\εκκίνηση\PowerReg Scheduler V3.exe
IE: &eBay Search - c:\program files\ebay\ebay toolbar2\eBayTb.dll/RCSearch.html
IE: Ε&ξαγωγή στο Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {32505657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {A0CC33E0-9DF0-4361-A94D-E55C4008788F} - hxxp://biosagentplus.com/files/biosagentplus.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: {63D0C496-2805-4133-96DE-A217E53D116A} = 194.219.227.2,193.92.150.3
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admin\applic~1\mozilla\firefox\profiles\if238me7.default\
FF - prefs.js: browser.startup.homepage - hxxp://forums.spybot.info/showthread.php?t=50650
FF - plugin: c:\program files\mozilla firefox\plugins\NPNd2fn.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

S1 HWiNFO32;HWiNFO32 Kernel Driver;\??\c:\docume~1\admin\locals~1\temp\hwinfo32.sys --> c:\docume~1\admin\locals~1\temp\HWiNFO32.SYS [?]
S3 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2009-8-9 12672]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2008-9-23 13352]
S3 SE2Fbus;Sony Ericsson Device 047 Driver driver (WDM);c:\windows\system32\drivers\SE2Fbus.sys [2007-2-25 61600]
S3 SE2Fmdfl;Sony Ericsson Device 047 USB WMC Modem Filter;c:\windows\system32\drivers\SE2Fmdfl.sys [2007-2-25 9360]
S3 SE2Fmdm;Sony Ericsson Device 047 USB WMC Modem Driver;c:\windows\system32\drivers\SE2Fmdm.sys [2007-2-25 97184]
S3 SE2Fmgmt;Sony Ericsson Device 047 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\SE2Fmgmt.sys [2007-2-25 88688]
S3 se2Fnd5;Sony Ericsson Device 047 USB Ethernet Emulation SEMC47 (NDIS);c:\windows\system32\drivers\se2Fnd5.sys [2007-2-25 18704]
S3 SE2Fobex;Sony Ericsson Device 047 USB WMC OBEX Interface;c:\windows\system32\drivers\SE2Fobex.sys [2007-2-25 86560]
S3 se2Funic;Sony Ericsson Device 047 USB Ethernet Emulation SEMC47 (WDM);c:\windows\system32\drivers\se2Funic.sys [2007-2-25 90800]

=============== Created Last 30 ================

2009-08-09 21:27 12,672 a------- c:\windows\system32\drivers\cpuz132_x32.sys
2009-08-09 21:27 <DIR> --d----- c:\program files\CPUID
2009-08-09 14:10 <DIR> --d----- C:\katevasmata
2009-08-08 20:46 <DIR> --d----- c:\program files\DVD Identifier
2009-08-08 14:37 <DIR> --d----- c:\docume~1\admin\applic~1\Ashampoo
2009-08-08 14:37 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ashampoo
2009-08-08 14:37 <DIR> --d----- c:\program files\Ashampoo
2009-08-06 18:06 <DIR> --d----- c:\windows\system32\wbem\Repository
2009-08-06 18:04 <DIR> --d----- c:\program files\Incoming
2009-08-06 18:01 <DIR> --d----- c:\windows\cdmxtras
2009-07-21 13:03 <DIR> --d----- c:\docume~1\admin\applic~1\uTorrent
2009-07-19 16:04 <DIR> --d----- c:\program files\Panda Security
2009-07-19 15:55 <DIR> --d----- c:\program files\Safer Networking
2009-07-19 15:31 <DIR> --d----- c:\windows\ie8updates
2009-07-18 12:13 <DIR> --d----- c:\program files\nandub
2009-07-17 20:02 <DIR> --d----- c:\docume~1\admin\applic~1\Sony Ericsson
2009-07-17 20:02 <DIR> --d----- c:\docume~1\admin\applic~1\QA International
2009-07-17 20:01 <DIR> --d----- c:\program files\CosmoSoftware
2009-07-17 19:44 <DIR> --d----- c:\documents and settings\admin\IECompatCache
2009-07-17 19:43 <DIR> --d----- c:\documents and settings\admin\PrivacIE
2009-07-17 19:38 <DIR> --d----- c:\documents and settings\admin\IETldCache
2009-07-17 19:30 <DIR> -cd----- c:\windows\ie8
2009-07-15 11:26 <DIR> --d----- c:\program files\nandub-binary-1.0rc1
2009-07-14 13:41 <DIR> --d----- c:\program files\common files\ODBC
2009-07-13 10:21 <DIR> --d----- c:\docume~1\admin\applic~1\Any Video Converter
2009-07-13 10:21 <DIR> --d----- c:\program files\Any Video Converter

==================== Find3M ====================

2009-07-21 10:24 513,760 a------- c:\windows\system32\perfh008.dat
2009-07-21 10:24 88,668 a------- c:\windows\system32\perfc008.dat
2009-07-11 17:23 23,600 a------- c:\windows\system32\drivers\TVICHW32.SYS
2009-06-29 18:58 827,392 a------- c:\windows\system32\wininet.dll
2009-06-29 18:58 78,336 a------- c:\windows\system32\ieencode.dll
2009-06-29 18:58 17,408 a------- c:\windows\system32\corpol.dll
2009-06-16 17:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 17:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-03 22:10 1,299,456 a------- c:\windows\system32\quartz.dll
2009-05-16 14:34 34,376 a------- c:\docume~1\admin\applic~1\GDIPFONTCACHEV1.DAT
2009-05-13 08:04 915,456 a------- c:\windows\system32\wininet(4)(2).dll
2009-05-13 08:04 915,456 a------- c:\windows\system32\wininet(2).dll
2009-02-28 07:57 5,517,160 a------- c:\program files\bitcomet_setup.exe
2009-01-13 14:14 3,338,372 a------- c:\program files\cosmo_win95nt_eng.exe
2009-01-13 14:06 1,492,727 a------- c:\program files\SurfX3D.zip
2008-06-16 07:54 411,766 a------- c:\program files\tetris_gy.exe
2008-04-25 18:48 1,233,466 a------- c:\program files\wrar371el.exe
2007-11-03 13:50 348 a------- c:\program files\downloads.txt
2007-11-03 13:49 348 a------- c:\program files\downloads.bak
2007-09-07 16:57 136,704 a------- c:\program files\EModelZoomin.dll
2007-09-07 16:56 91,648 a------- c:\program files\EModelViewer.exe
2007-09-07 16:56 26,624 a------- c:\program files\edrwthumbnailprovider.dll
2007-09-07 16:55 594,944 a------- c:\program files\eDrawingOfficeAutomator.exe
2007-09-07 16:55 95,744 a------- c:\program files\EModelEx
2007-09-07 16:55 133,120 a------- c:\program files\EModelExport.dll
2007-09-07 16:55 6,802,944 a------- c:\program files\EModelXlator.dll
2007-09-07 16:54 733,184 a------- c:\program files\EModelSWDisplayLists.dll
2007-09-07 16:54 814,592 a------- c:\program files\EModelReviewer.dll
2007-09-07 16:52 135,168 a------- c:\program files\EModelMDReader.dll
2007-09-07 16:52 71,680 a------- c:\program files\EModelEventLog.dll
2007-09-07 16:51 2,186,240 a------- c:\program files\EModelView.dll
2007-09-07 16:48 57,344 a------- c:\program files\EModelUtilsVista.dll
2007-09-07 16:47 249,344 a------- c:\program files\EModelUtils.dll
2007-09-07 16:47 2,814,976 a------- c:\program files\HoopsManager.dll
2007-09-07 16:43 2,680,297 a------- c:\program files\EModelAddIn.dll
2007-09-07 15:53 7,168 a------- c:\program files\eulaedrawing.txt
2007-09-07 15:52 161,412 a------- c:\program files\GTOL.SYM
2007-09-07 15:51 509,472 a------- c:\program files\swlicservinst.exe
2007-09-07 15:51 299,552 a------- c:\program files\solidworkslicenseservice.dll
2007-09-07 15:50 17,920 a------- c:\program files\IMPLODE.DLL
2006-05-20 12:24 447,088 a------- c:\program files\AluriaLiteScannerInstall.exe
2006-03-10 22:55 300 a------- c:\program files\acadcd.mid
2006-02-01 11:00 1,400,248 a------- c:\program files\spybotsd_includes.exe
2006-02-01 10:46 789,515 a------- c:\program files\spybotsd14.exe
2006-01-24 23:26 429 a------- c:\program files\MediaBrowser.ini
2005-12-16 00:30 53,248 a------- c:\program files\Setup.exe
2005-08-09 12:57 1,211,083 a------- c:\program files\abcexcel.zip
2004-10-21 20:38 126,976 a------- c:\program files\MediaBrowser.exe
2002-02-22 12:35 43 a------- c:\program files\autorun.inf
2009-02-04 11:41 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009020420090205\index.dat

============= FINISH: 22:15:57,54 ===============














UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 8/9/2004 9:51:02 πμ
System Uptime: 8/10/2009 7:53:44 μμ (-1413 hours ago)

Motherboard: FUJITSU SIEMENS | | D1675
Processor: Intel(R) Pentium(R) 4 CPU 3.20GHz | CPU | 3200/800mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 75 GiB total, 27,224 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP773: 16/6/2009 9:51:19 μμ - Σημείο ελέγχου συστήματος
RP774: 24/6/2009 9:56:09 πμ - Σημείο ελέγχου συστήματος
RP775: 25/6/2009 10:24:05 πμ - Software Distribution Service 3.0
RP776: 27/6/2009 2:38:10 μμ - Σημείο ελέγχου συστήματος
RP777: 30/6/2009 8:14:29 πμ - Installed Windows Media Format Runtime
RP778: 1/7/2009 9:42:12 πμ - Software Distribution Service 3.0
RP779: 1/7/2009 6:12:22 μμ - Removed Fine Woodworking Archive
RP780: 1/7/2009 10:58:29 μμ - Software Distribution Service 3.0
RP781: 8/7/2009 9:54:24 πμ - Σημείο ελέγχου συστήματος
RP782: 9/7/2009 10:30:17 πμ - Σημείο ελέγχου συστήματος
RP783: 10/7/2009 2:13:56 μμ - Removed Kazaa 3.2.7
RP784: 10/7/2009 2:15:10 μμ - Removed Sony Ericsson PC Suite
RP785: 10/7/2009 2:36:31 μμ - Configured QuickTime
RP786: 10/7/2009 2:41:05 μμ - Removed Adobe® Photoshop® Album Starter Edition 3.0
RP787: 11/7/2009 12:40:41 μμ - Installed Diskeeper Lite
RP788: 11/7/2009 1:18:13 μμ - Removed Diskeeper Lite
RP789: 11/7/2009 1:39:14 μμ - Installed Diskeeper Lite
RP790: 11/7/2009 1:41:32 μμ - Removed Diskeeper Lite
RP791: 13/7/2009 9:10:40 πμ - Σημείο ελέγχου συστήματος
RP792: 14/7/2009 9:39:40 μμ - Σημείο ελέγχου συστήματος
RP793: 15/7/2009 6:48:32 μμ - Software Distribution Service 3.0
RP794: 17/7/2009 1:11:55 μμ - Software Distribution Service 3.0
RP795: 17/7/2009 7:25:08 μμ - Software Distribution Service 3.0
RP796: 17/7/2009 7:59:42 μμ - Λειτουργία επαναφοράς
RP797: 17/7/2009 9:11:49 μμ - Software Distribution Service 3.0
RP798: 19/7/2009 12:37:10 πμ - Σημείο ελέγχου συστήματος
RP799: 19/7/2009 3:24:23 μμ - Installed Windows Internet Explorer 8.
RP800: 19/7/2009 3:28:00 μμ - Software Distribution Service 3.0
RP801: 20/7/2009 6:03:50 μμ - Σημείο ελέγχου συστήματος
RP802: 21/7/2009 1:47:15 μμ - Removed Kazaa 3.2.7
RP803: 29/7/2009 11:34:05 μμ - Software Distribution Service 3.0
RP804: 4/8/2009 7:36:13 μμ - Σημείο ελέγχου συστήματος
RP805: 6/8/2009 5:12:59 μμ - Λειτουργία επαναφοράς
RP806: 6/8/2009 5:37:52 μμ - Λειτουργία επαναφοράς
RP807: 6/8/2009 5:50:52 μμ - Λειτουργία επαναφοράς
RP808: 7/8/2009 12:00:56 πμ - Software Distribution Service 3.0

==== Installed Programs ======================


Βοηθός εισόδου του Windows Live
Εργαλείο αποστολής του Windows Live
Ε9 Δήλωση στοιχείων Ακινήτων 2008 v1
Ενημέρωση ασφαλείας για Windows Internet Explorer 7 (KB938127)
Ενημέρωση ασφαλείας για Windows Internet Explorer 7 (KB950759)
Ενημέρωση ασφαλείας για Windows Internet Explorer 7 (KB958215)
Ενημέρωση ασφαλείας για Windows Internet Explorer 7 (KB960714)
Ενημέρωση ασφαλείας για Windows Internet Explorer 7 (KB961260)
Ενημέρωση ασφαλείας για Windows Internet Explorer 7 (KB963027)
Ενημέρωση ασφαλείας για Windows Internet Explorer 7 (KB969897)
Ενημέρωση ασφαλείας για Windows Internet Explorer 7 (KB972260)
Ενημέρωση ασφαλείας για Windows XP (KB923561)
Ενημέρωση ασφαλείας για Windows XP (KB938464-v2)
Ενημέρωση ασφαλείας για Windows XP (KB938464)
Ενημέρωση ασφαλείας για Windows XP (KB946648)
Ενημέρωση ασφαλείας για Windows XP (KB950760)
Ενημέρωση ασφαλείας για Windows XP (KB950762)
Ενημέρωση ασφαλείας για Windows XP (KB950974)
Ενημέρωση ασφαλείας για Windows XP (KB951066)
Ενημέρωση ασφαλείας για Windows XP (KB951376-v2)
Ενημέρωση ασφαλείας για Windows XP (KB951376)
Ενημέρωση ασφαλείας για Windows XP (KB951698)
Ενημέρωση ασφαλείας για Windows XP (KB951748)
Ενημέρωση ασφαλείας για Windows XP (KB952004)
Ενημέρωση ασφαλείας για Windows XP (KB952954)
Ενημέρωση ασφαλείας για Windows XP (KB953839)
Ενημέρωση ασφαλείας για Windows XP (KB954211)
Ενημέρωση ασφαλείας για Windows XP (KB954459)
Ενημέρωση ασφαλείας για Windows XP (KB954600)
Ενημέρωση ασφαλείας για Windows XP (KB955069)
Ενημέρωση ασφαλείας για Windows XP (KB956391)
Ενημέρωση ασφαλείας για Windows XP (KB956572)
Ενημέρωση ασφαλείας για Windows XP (KB956802)
Ενημέρωση ασφαλείας για Windows XP (KB956803)
Ενημέρωση ασφαλείας για Windows XP (KB956841)
Ενημέρωση ασφαλείας για Windows XP (KB957097)
Ενημέρωση ασφαλείας για Windows XP (KB958644)
Ενημέρωση ασφαλείας για Windows XP (KB958687)
Ενημέρωση ασφαλείας για Windows XP (KB958690)
Ενημέρωση ασφαλείας για Windows XP (KB959426)
Ενημέρωση ασφαλείας για Windows XP (KB960225)
Ενημέρωση ασφαλείας για Windows XP (KB960715)
Ενημέρωση ασφαλείας για Windows XP (KB960803)
Ενημέρωση ασφαλείας για Windows XP (KB961371)
Ενημέρωση ασφαλείας για Windows XP (KB961373)
Ενημέρωση ασφαλείας για Windows XP (KB961501)
Ενημέρωση ασφαλείας για Windows XP (KB968537)
Ενημέρωση ασφαλείας για Windows XP (KB969898)
Ενημέρωση ασφαλείας για Windows XP (KB970238)
Ενημέρωση ασφαλείας για Windows XP (KB971633)
Ενημέρωση ασφαλείας για Windows XP (KB973346)
Ενημέρωση για Windows XP (KB951072-v2)
Ενημέρωση για Windows XP (KB951978)
Ενημέρωση για Windows XP (KB955839)
Ενημέρωση για Windows XP (KB961503)
Ενημέρωση για Windows XP (KB967715)
Ενημερωμένη έκδοση ασφαλείας για Windows XP (KB923689)
Ενημερωμένη έκδοση ασφαλείας για Windows XP (KB941569)
Ενημερωμένη έκδοση ασφαλείας για το Windows Media Player (KB911564)
Ενημερωμένη έκδοση ασφαλείας για το Windows Media Player (KB952069)
Ενημερωμένη έκδοση ασφαλείας για το Windows Media Player 6.4 (KB925398)
Ενημερωμένη έκδοση ασφαλείας για το Windows Media Player 9 (KB911565)
Ενημερωμένη έκδοση ασφαλείας για το Windows Media Player 9 (KB917734)
Ενημερωμένη έκδοση ασφαλείας για το Windows Media Player 9 (KB936782)
Επείγουσα επιδιόρθωση για Windows XP (KB952287)
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0
Any Video Converter 2.7.5
AoA Audio Extractor 1.0
AOpen Multimedia Utilities
Ashampoo Burning Studio 6 FREE
Audiovisual
Autodesk DWF Viewer
C-Major Audio
CCleaner (remove only)
Choice Guard
CometBird (3.0.10)
CPUID CPU-Z 1.52.1
Defraggler (remove only)
DVD Decrypter (Remove Only)
DVD Identifier
eDrawings 2008
ERUNT 1.1j
HijackThis 2.0.2
ImgBurn
InPorte Home
Java(TM) 6 Update 13
K-Lite Codec Pack 4.7.0 (Full)
Kazaa 3.2.7
Lexmark 510 Series
Macromedia Flash Player 8
MetFileRegenerator v3.0.16
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Application Error Reporting
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional με FrontPage
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
mIRC
Mozilla Firefox (3.5.2)
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MyDVD
NVIDIA Display Driver
PowerDVD
Radar Sync Bar
Runtime 8.0 Libraries
Security Update for CAPICOM (KB931906)
Segoe UI
Smart Defrag 1.20
Sonic DLA
Sonic RecordNow DX
Sonic Simple Backup
Sonic Update Manager
Space Invaders '96 : The Year We Make Contact
Spybot - Search & Destroy
Spybot - Search & Destroy 1.3
VideoLAN VLC media player 0.8.6
WebFldrs XP
Winamp
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Media Format Runtime
Windows XP Service Pack 3
WinRAR 3.70 – Εφαρμογή Διαχείρισης Συμπιεσμένων Αρχείων

==== End Of File ===========================

 

[Shaba]

Download gmer.zip and save to your desktop.
alternate download site

• Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.
• When you have done this, disconnect from the Internet and close all running programs.
  There is a small chance this application may crash your computer so save any work you have open.
• Double-click on Gmer.exe to start the program.
• Allow the gmer.sys driver to load if asked.
• If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
• Click on the Rootkit tab.
• Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
• Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
• Click on the "Scan" and wait for the scan to finish.
  Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
• When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
• Note: If you have any problems, try running GMER in SAFE MODE"

Important! Please do not select the "Show all" checkbox during the scan..

 

[in_the_woods]

Hi Shaba,

I am disappointed as the computer crashes over an over again before the scan is completed. Sometimes in the first two minutes , sometimes after 15-16 minutes of scanning , in both modes , safe and normal.

 

[Shaba]

Might be driver/heat/hardware problem, hard to say.

We will continue with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
If you need help to disable your protection programs see here.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.

 

[in_the_woods]

Earlier in the morning I assumed that perhaps insufficient heat dissipation is causing these crashes. I tried this "insane" approach : removed the sides of the case , placed the pc under an air conditioner , set the air conditioner to its lowest temperature and highest speed , placed a desktop fan close to the cpu in order to " push" the air flow from the air conditioner to the cpu (am I loosing my mind Sheba? :scratch: ). It didn't change anything allthough the heat sink was constantly cold.
ComboFix did not attemp to install the Microsoft Windows Recovery Consol so I manually installed it afterwards. The computer once again shut down and restarted after ComboFix had finished running. I remember the screen stating that it is preparing the log report , I moved away from the pc for a few seconds and saw the pc restarting again when I returned. I searched for the combofix.txt and found it in the combofix folder. I then performed a HijackThis scan and started preparing my reply but when I searched again for the combofix.txt it had mysteriously disappeared :scratch: I then decided to run combofix once again. While it was running I realised that what I was doing was a mistake and that I should report back here and wait for further instructions but it was to late , so a I left combofix finish its job. This time it did finish and produce a combofix.txt
Sheba , I am including in this reply: the first HJT log (the one produced after the first incomplete run of combofix) the combofix log (the only one I have , produced after the second successful run of combofix) and the second HJT log (produced after the second successful run of combofix) Before loosing that first combofix log I opened it and remember seeing under ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) pretty much the same items that the second combofix log has under "Other Deletion". I don't think that it had anything else then ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).





first HJT log



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:15:51 μμ, on 11/8/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\admin\Επιφάνεια εργασίας\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mech.ntua.gr/gr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Συνδέσεις
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Βοηθός εισόδου του Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: PartMetBackup.lnk.disabled
O4 - Startup: PowerReg Scheduler V3.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Ε&ξαγωγή στο Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {A0CC33E0-9DF0-4361-A94D-E55C4008788F} (BiosAgentPlus ActiveX Control) - http://biosagentplus.com/files/biosagentplus.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{63D0C496-2805-4133-96DE-A217E53D116A}: NameServer = 194.219.227.2,193.92.150.3
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe

--
End of file - 5131 bytes





combofix log




ComboFix 09-08-10.06 - admin 11/08/2009 19:36:48.2.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1253.30.1032.18.511.143 [GMT 3:00]
Running from: C:\Documents and Settings\admin\Επιφάνεια εργασίας\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Program Files\\setup.exe
C:\Program Files\autorun.inf
C:\Program Files\Mozilla Firefox\plugins\NPNd2fn.dll
C:\Program Files\Need2Find\bar\History\search
C:\Program Files\RXToolBar\Cache\CTwww_qklinkserver_com_activity_in_asp_bid=6900NC
C:\Program Files\RXToolBar\CacheCatalog.rx
C:\Program Files\RXToolBar\graphics\additional.gif
C:\Program Files\RXToolBar\graphics\additional_active.gif
C:\Program Files\RXToolBar\graphics\background.jpg
C:\Program Files\RXToolBar\graphics\blue_hr_horz.GIF
C:\Program Files\RXToolBar\graphics\gray_hr_horz.GIF
C:\Program Files\RXToolBar\graphics\Thumbs.db
C:\Program Files\RXToolBar\graphics\thumbtack.gif
C:\Program Files\RXToolBar\graphics\thumbtack_active.gif
C:\Program Files\RXToolBar\graphics\thumbtack_click.gif
C:\Program Files\RXToolBar\HTML\content.htm
C:\Program Files\RXToolBar\HTML\main.htm
C:\Program Files\RXToolBar\rx.xml
C:\Program Files\RXToolBar\rxtoolbar.cfg
C:\Program Files\RXToolBar\RXToolBar.dll
C:\Program Files\RXToolBar\rxwebsearches.xsl
C:\Program Files\RXToolBar\sfcont.bin
C:\Program Files\RXToolBar\yahoo.xsl
C:\WINDOWS\Ινδιάνος .bmp
C:\WINDOWS\a3kebook.ini
C:\WINDOWS\akebook.ini
C:\WINDOWS\ANS2000.INI
C:\WINDOWS\cdmxtras\uninst.exe
C:\WINDOWS\Fonts\acrsec.fon
C:\WINDOWS\Fonts\acrsecB.fon
C:\WINDOWS\Fonts\acrsecI.fon
C:\WINDOWS\Installer\3bfdd9.msp
C:\WINDOWS\Installer\6fdd59.msp
C:\WINDOWS\Installer\6fdd5a.msp
C:\WINDOWS\Installer\6fdd5b.msp
C:\WINDOWS\Installer\6fdd5c.msp
C:\WINDOWS\Installer\6fdd5d.msp
C:\WINDOWS\Installer\6fdd5e.msp
C:\WINDOWS\Installer\6fdd5f.msp
C:\WINDOWS\Installer\6fdd60.msp
C:\WINDOWS\Installer\6fdd61.msp
C:\WINDOWS\Installer\821701.msi
C:\WINDOWS\smdat32m.sys



.
((((((((((((((((((((((((( Files Created from 2009-07-11 to 2009-08-11 )))))))))))))))))))))))))))))))
.

2009-08-09 18:27:58 . 2009-08-09 18:27:58 0 d-----w- C:\Program Files\CPUID
2009-08-09 18:27:58 . 2009-03-26 22:16:28 12672 ----a-w- C:\WINDOWS\system32\drivers\cpuz132_x32.sys
2009-08-09 12:25:48 . 2009-08-09 12:33:36 0 d-----w- C:\Program Files\ERUNT
2009-08-09 11:10:50 . 2009-08-09 11:11:53 0 d-----w- C:\katevasmata
2009-08-08 17:46:16 . 2009-08-08 17:46:17 0 d-----w- C:\Program Files\DVD Identifier
2009-08-08 11:37:50 . 2009-08-08 11:37:50 0 d-----w- C:\Documents and Settings\admin\Application Data\Ashampoo
2009-08-08 11:37:42 . 2009-08-08 11:37:42 0 d-----w- C:\Documents and Settings\All Users\Application Data\ashampoo
2009-08-08 11:37:42 . 2009-08-08 11:37:42 0 d-----w- C:\Documents and Settings\admin\Local Settings\Application Data\ashampoo
2009-08-08 11:37:33 . 2009-08-08 11:37:33 0 d-----w- C:\Program Files\Ashampoo
2009-08-06 15:06:32 . 2009-08-06 15:06:32 0 d-----w- C:\WINDOWS\system32\wbem\Repository
2009-08-06 15:04:18 . 2009-08-06 15:04:18 0 d-----w- C:\Program Files\Incoming
2009-07-21 10:03:40 . 2009-08-06 15:01:17 0 d-----w- C:\Documents and Settings\admin\Application Data\uTorrent
2009-07-19 15:00:45 . 2009-07-19 15:00:45 0 d-----w- C:\Documents and Settings\Administrator.JESUS-CHRIST.001\IETldCache
2009-07-19 13:07:09 . 2009-07-19 13:07:09 0 d-----w- C:\Documents and Settings\LocalService\IETldCache
2009-07-19 13:04:45 . 2009-07-19 13:04:45 0 d-----w- C:\Program Files\Panda Security
2009-07-19 12:55:36 . 2009-07-19 12:55:36 0 d-----w- C:\Program Files\Safer Networking
2009-07-19 12:31:10 . 2009-07-19 12:33:30 0 d-----w- C:\WINDOWS\ie8updates
2009-07-18 09:13:21 . 2009-08-06 15:04:22 0 d-----w- C:\Program Files\nandub
2009-07-17 18:42:26 . 2009-07-17 18:42:26 0 d-----w- C:\Documents and Settings\Administrator.JESUS-CHRIST.001\Local Settings\Application Data\Mozilla
2009-07-17 18:41:45 . 2009-08-06 15:05:02 0 d-----w- C:\Documents and Settings\Administrator.JESUS-CHRIST.001\Local Settings\Application Data\Microsoft
2009-07-17 18:41:42 . 2009-08-06 15:05:04 0 d-s---w- C:\Documents and Settings\Administrator.JESUS-CHRIST.001
2009-07-17 17:02:33 . 2009-07-17 17:02:33 0 d-----w- C:\Documents and Settings\admin\Application Data\Sony Ericsson
2009-07-17 17:02:33 . 2009-07-17 17:02:33 0 d-----w- C:\Documents and Settings\admin\Application Data\QA International
2009-07-17 17:01:19 . 2009-07-17 17:01:19 0 d-----w- C:\Program Files\CosmoSoftware
2009-07-17 16:58:32 . 2009-07-17 16:58:32 0 d-----w- C:\Documents and Settings\Administrator.JESUS-CHRIST.000\IETldCache
2009-07-17 16:58:11 . 2009-07-17 17:00:06 0 d-----w- C:\Documents and Settings\Administrator.JESUS-CHRIST.000\Local Settings\Application Data\Microsoft
2009-07-17 16:58:08 . 2009-07-17 17:00:11 0 d-s---w- C:\Documents and Settings\Administrator.JESUS-CHRIST.000
2009-07-17 16:44:25 . 2009-07-17 16:44:25 0 d-----w- C:\Documents and Settings\admin\IECompatCache
2009-07-17 16:43:37 . 2009-07-17 16:43:37 0 d-----w- C:\Documents and Settings\admin\PrivacIE
2009-07-17 16:38:06 . 2009-07-17 16:38:06 0 d-----w- C:\Documents and Settings\admin\IETldCache
2009-07-17 16:30:17 . 2009-08-06 15:03:56 0 dc----w- C:\WINDOWS\ie8
2009-07-17 12:50:01 . 2009-07-17 17:01:10 0 d-s---w- C:\Documents and Settings\γιώργος
2009-07-15 18:48:40 . 2009-07-17 17:02:36 0 d-----w- C:\Documents and Settings\Administrator.JESUS-CHRIST\Local Settings\Application Data\Microsoft
2009-07-15 18:48:37 . 2009-07-17 17:02:38 0 d-s---w- C:\Documents and Settings\Administrator.JESUS-CHRIST
2009-07-15 08:26:15 . 2009-07-15 08:30:17 0 d-----w- C:\Program Files\nandub-binary-1.0rc1
2009-07-14 08:47:53 . 2009-08-06 15:04:14 0 d-----w- C:\Documents and Settings\admin\Application Data\ImgBurn
2009-07-14 08:26:45 . 2009-07-14 08:27:10 0 d-----w- C:\Program Files\ImgBurn
2009-07-13 07:21:58 . 2009-07-18 08:54:16 0 d-----w- C:\Documents and Settings\admin\Application Data\Any Video Converter
2009-07-13 07:21:52 . 2009-07-13 07:22:26 0 d-----w- C:\Program Files\Any Video Converter

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-11 14:47:49 . 2004-12-16 14:26:06 0 d-----w- C:\Program Files\Spybot - Search & Destroy
2009-08-09 11:17:19 . 2006-12-23 20:24:55 0 d-----w- C:\Program Files\BitComet
2009-08-09 11:14:12 . 2004-12-16 14:26:07 0 d-----w- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-08 11:37:03 . 2009-04-29 13:34:44 0 d-----w- C:\Documents and Settings\admin\Application Data\mIRC
2009-08-08 11:19:37 . 2009-04-29 13:34:44 0 d-----w- C:\Program Files\mIRC
2009-08-06 15:12:01 . 2008-10-08 12:55:16 0 d-----w- C:\Program Files\Winamp
2009-08-06 15:04:14 . 2008-12-28 19:33:49 0 d-----w- C:\Documents and Settings\admin\Application Data\dvdcss
2009-07-21 10:47:49 . 2004-09-08 08:15:54 0 d-----w- C:\Program Files\Common Files\InstallShield
2009-07-21 07:24:27 . 2003-04-17 12:00:00 88668 ----a-w- C:\WINDOWS\system32\perfc008.dat
2009-07-21 07:24:27 . 2003-04-17 12:00:00 513760 ----a-w- C:\WINDOWS\system32\perfh008.dat
2009-07-16 08:36:49 . 2009-04-18 09:16:11 0 d-----w- C:\Program Files\CometBird
2009-07-11 14:23:53 . 2009-07-11 14:23:56 23600 ----a-w- C:\WINDOWS\system32\drivers\TVICHW32.SYS
2009-07-11 14:04:50 . 2009-07-11 14:04:50 0 d-----w- C:\Program Files\hw32_301_326
2009-07-11 10:42:40 . 2009-07-11 10:37:55 0 d-----w- C:\Program Files\Absolute Uninstaller
2009-07-11 10:38:06 . 2009-07-11 10:38:06 0 d-----w- C:\Documents and Settings\admin\Application Data\GlarySoft
2009-07-11 10:07:43 . 2009-07-11 10:07:42 0 d-----w- C:\Program Files\Defraggler
2009-07-11 08:13:16 . 2009-07-07 11:34:35 0 d---a-w- C:\Documents and Settings\All Users\Application Data\TEMP
2009-07-10 20:31:07 . 2009-07-10 20:31:07 0 d-----w- C:\Program Files\IObit
2009-07-10 20:29:56 . 2009-07-10 20:29:56 0 d-----w- C:\Documents and Settings\admin\Application Data\IObit
2009-07-10 20:04:48 . 2009-07-10 20:04:44 0 d-----w- C:\Program Files\CCleaner
2009-07-10 13:45:54 . 2009-03-01 20:02:20 0 d-----w- C:\Program Files\MetFileRegenerator
2009-07-10 12:02:47 . 2008-04-25 16:11:59 0 d-----w- C:\Program Files\MediaBrowser
2009-07-10 11:39:15 . 2004-09-08 08:15:57 0 d--h--w- C:\Program Files\InstallShield Installation Information
2009-07-10 11:28:36 . 2007-02-25 17:25:09 0 d-----w- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2009-07-07 11:36:59 . 2009-07-07 11:34:24 0 d-----w- C:\Program Files\AoA Audio Extractor
2009-06-29 15:58:52 . 2004-08-23 18:35:30 827392 ----a-w- C:\WINDOWS\system32\wininet.dll
2009-06-29 15:58:49 . 2004-09-04 13:45:03 78336 ----a-w- C:\WINDOWS\system32\ieencode.dll
2009-06-29 15:58:48 . 2003-04-17 12:00:00 17408 ----a-w- C:\WINDOWS\system32\corpol.dll
2009-06-18 13:08:22 . 2008-09-20 19:49:35 0 d-----w- C:\Program Files\E9App2008
2009-06-16 14:36:17 . 2003-04-17 12:00:00 119808 ----a-w- C:\WINDOWS\system32\t2embed.dll
2009-06-16 14:36:16 . 2003-04-17 12:00:00 81920 ----a-w- C:\WINDOWS\system32\fontsub.dll
2009-06-03 19:10:30 . 2004-09-08 08:26:19 1299456 ----a-w- C:\WINDOWS\system32\quartz.dll
2009-02-28 04:57:19 . 2009-02-28 04:57:19 5517160 ----a-w- C:\Program Files\bitcomet_setup.exe
2009-01-13 11:14:18 . 2009-01-13 11:14:15 3338372 ----a-w- C:\Program Files\cosmo_win95nt_eng.exe
2009-01-13 11:06:44 . 2009-01-13 11:06:43 1492727 ----a-w- C:\Program Files\SurfX3D.zip
2008-06-16 04:54:31 . 2008-06-16 04:52:37 411766 ----a-w- C:\Program Files\tetris_gy.exe
2008-04-25 15:48:03 . 2008-04-25 15:35:56 1233466 ----a-w- C:\Program Files\wrar371el.exe
2007-11-03 10:50:41 . 2007-11-03 09:04:01 348 ----a-w- C:\Program Files\downloads.txt
2007-11-03 10:49:45 . 2007-11-03 09:04:01 348 ----a-w- C:\Program Files\downloads.bak
2007-09-07 13:57:56 . 2007-09-07 13:57:56 136704 ----a-w- C:\Program Files\EModelZoomin.dll
2007-09-07 13:56:36 . 2007-09-07 13:56:36 91648 ----a-w- C:\Program Files\EModelViewer.exe
2007-09-07 13:56:16 . 2007-09-07 13:56:16 26624 ----a-w- C:\Program Files\edrwthumbnailprovider.dll
2007-09-07 13:55:44 . 2007-09-07 13:55:44 594944 ----a-w- C:\Program Files\eDrawingOfficeAutomator.exe
2007-09-07 13:55:38 . 2007-09-07 13:55:38 95744 ----a-w- C:\Program Files\EModelEx
2007-09-07 13:55:36 . 2007-09-07 13:55:36 133120 ----a-w- C:\Program Files\EModelExport.dll
2007-09-07 13:55:24 . 2007-09-07 13:55:24 6802944 ----a-w- C:\Program Files\EModelXlator.dll
2007-09-07 13:54:52 . 2007-09-07 13:54:52 733184 ----a-w- C:\Program Files\EModelSWDisplayLists.dll
2007-09-07 13:54:22 . 2007-09-07 13:54:22 814592 ----a-w- C:\Program Files\EModelReviewer.dll
2007-09-07 13:52:40 . 2007-09-07 13:52:40 135168 ----a-w- C:\Program Files\EModelMDReader.dll
2007-09-07 13:52:28 . 2007-09-07 13:52:28 71680 ----a-w- C:\Program Files\EModelEventLog.dll
2007-09-07 13:51:52 . 2007-09-07 13:51:52 2186240 ----a-w- C:\Program Files\EModelView.dll
2007-09-07 13:48:00 . 2007-09-07 13:48:00 57344 ----a-w- C:\Program Files\EModelUtilsVista.dll
2007-09-07 13:47:54 . 2007-09-07 13:47:54 249344 ----a-w- C:\Program Files\EModelUtils.dll
2007-09-07 13:47:32 . 2007-09-07 13:47:32 2814976 ----a-w- C:\Program Files\HoopsManager.dll
2007-09-07 13:43:46 . 2007-09-07 13:43:46 2680297 ----a-w- C:\Program Files\EModelAddIn.dll
2007-09-07 12:53:22 . 2007-09-07 12:53:22 7168 ----a-w- C:\Program Files\eulaedrawing.txt
2007-09-07 12:52:52 . 2007-09-07 12:52:52 161412 ----a-w- C:\Program Files\GTOL.SYM
2007-09-07 12:51:12 . 2007-09-07 12:51:12 509472 ----a-w- C:\Program Files\swlicservinst.exe
2007-09-07 12:51:12 . 2007-09-07 12:51:12 299552 ----a-w- C:\Program Files\solidworkslicenseservice.dll
2007-09-07 12:50:20 . 2007-09-07 12:50:20 17920 ----a-w- C:\Program Files\IMPLODE.DLL
2006-05-20 09:24:59 . 2006-05-20 09:24:59 447088 ----a-w- C:\Program Files\AluriaLiteScannerInstall.exe
2006-03-10 19:55:59 . 2008-04-25 16:11:59 300 ----a-w- C:\Program Files\acadcd.mid
2006-02-01 08:00:00 . 2006-02-01 07:57:27 1400248 ----a-w- C:\Program Files\spybotsd_includes.exe
2006-02-01 07:46:48 . 2006-02-01 07:46:27 789515 ----a-w- C:\Program Files\spybotsd14.exe
2006-01-24 20:26:20 . 2008-04-25 16:11:59 429 ----a-w- C:\Program Files\MediaBrowser.ini
2005-08-09 09:57:42 . 2005-08-09 09:57:38 1211083 ----a-w- C:\Program Files\abcexcel.zip
2004-10-21 17:38:02 . 2008-04-25 16:11:59 126976 ----a-w- C:\Program Files\MediaBrowser.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-11-17 02:33:00 3022848]
"nwiz"="nwiz.exe" - C:\WINDOWS\system32\nwiz.exe [2003-11-17 02:33:00 753664]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 16:30:27 15360]

C:\Documents and Settings\admin\Start Menu\¨¦š¨α££˜«˜\„΅΅ε¤ž©ž\
PartMetBackup.lnk.disabled [2009-3-1 1922]
PowerReg Scheduler V3.exe [2004-10-4 225280]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Προγράμματα^Εκκίνηση^Adobe Reader Speed Launch.lnk.disabled]
path=C:\Documents and Settings\All Users\Start Menu\Προγράμματα\Εκκίνηση\Adobe Reader Speed Launch.lnk.disabled
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnk.disabledCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Προγράμματα^Εκκίνηση^Microsoft Office.lnk.disabled]
path=C:\Documents and Settings\All Users\Start Menu\Προγράμματα\Εκκίνηση\Microsoft Office.lnk.disabled
backup=C:\WINDOWS\pss\Microsoft Office.lnk.disabledCommon Startup

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background
"Copernic Desktop Search"="C:\Program Files\Copernic Desktop Search\CopernicDesktopSearch.exe" /tray

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"P2P Networking"=C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe
"AGRSMMSG"=AGRSMMSG.exe
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\LEXPPS.EXE"=
"C:\\Program Files\\AOpen\\Multimedia Utilities\\LIVEUPD.EXE"=
"C:\\WINDOWS\\system32\\fxsclnt.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\BitComet\\plugin_emule\\plugin_eMule.exe"=
"C:\\Program Files\\M_I_R_C_\\mirc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*isabledxpsp2res.dll,-22009
"20720:TCP"= 20720:TCP:BitComet 20720 TCP
"20720:UDP"= 20720:UDP:BitComet 20720 UDP
"60006:TCP"= 60006:TCP:BitComet 60006 TCP(ED2K)
"60006:UDP"= 60006:UDP:BitComet 60006 UDP(ED2K)

S1 HWiNFO32;HWiNFO32 Kernel Driver;\??\C:\DOCUME~1\admin\LOCALS~1\Temp\HWiNFO32.SYS --> C:\DOCUME~1\admin\LOCALS~1\Temp\HWiNFO32.SYS [?]
S3 cpuz132;cpuz132;C:\WINDOWS\system32\drivers\cpuz132_x32.sys [9/8/2009 9:27:58 μμ 12672]
S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\drivers\ggflt.sys [23/9/2008 9:20:35 μμ 13352]
S3 SE2Fbus;Sony Ericsson Device 047 Driver driver (WDM);C:\WINDOWS\system32\drivers\SE2Fbus.sys [25/2/2007 8:44:51 μμ 61600]
S3 SE2Fmdfl;Sony Ericsson Device 047 USB WMC Modem Filter;C:\WINDOWS\system32\drivers\SE2Fmdfl.sys [25/2/2007 8:45:01 μμ 9360]
S3 SE2Fmdm;Sony Ericsson Device 047 USB WMC Modem Driver;C:\WINDOWS\system32\drivers\SE2Fmdm.sys [25/2/2007 8:45:00 μμ 97184]
S3 SE2Fmgmt;Sony Ericsson Device 047 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\drivers\SE2Fmgmt.sys [25/2/2007 8:45:59 μμ 88688]
S3 se2Fnd5;Sony Ericsson Device 047 USB Ethernet Emulation SEMC47 (NDIS);C:\WINDOWS\system32\drivers\se2Fnd5.sys [25/2/2007 8:46:10 μμ 18704]
S3 SE2Fobex;Sony Ericsson Device 047 USB WMC OBEX Interface;C:\WINDOWS\system32\drivers\SE2Fobex.sys [25/2/2007 8:45:48 μμ 86560]
S3 se2Funic;Sony Ericsson Device 047 USB Ethernet Emulation SEMC47 (WDM);C:\WINDOWS\system32\drivers\se2Funic.sys [25/2/2007 8:46:06 μμ 90800]
.
Contents of the 'Scheduled Tasks' folder

2009-07-10 C:\WINDOWS\Tasks\SmartDefrag.job
- C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-07-10 20:31:08 . 2009-07-02 06:22:24]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-P2P Networking - C:\WINDOWS\system32\P2P Networking\P2P Networking.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.mech.ntua.gr/gr
uInternet Connection Wizard,ShellNext = iexplore
IE: &eBay Search - C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
IE: Ε&ξαγωγή στο Microsoft Excel - C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: {63D0C496-2805-4133-96DE-A217E53D116A} = 194.219.227.2,193.92.150.3
DPF: {A0CC33E0-9DF0-4361-A94D-E55C4008788F} - hxxp://biosagentplus.com/files/biosagentplus.cab
FF - ProfilePath - C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\if238me7.default\
FF - prefs.js: browser.startup.homepage - hxxp://forums.spybot.info/showthread.php?t=50650

---- FIREFOX POLICIES ----
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.



second HJT log



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:15:51 μμ, on 11/8/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\admin\Επιφάνεια εργασίας\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mech.ntua.gr/gr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Συνδέσεις
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Βοηθός εισόδου του Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: PartMetBackup.lnk.disabled
O4 - Startup: PowerReg Scheduler V3.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Ε&ξαγωγή στο Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {A0CC33E0-9DF0-4361-A94D-E55C4008788F} (BiosAgentPlus ActiveX Control) - http://biosagentplus.com/files/biosagentplus.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{63D0C496-2805-4133-96DE-A217E53D116A}: NameServer = 194.219.227.2,193.92.150.3
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe

--
End of file - 5131 bytes

 

[in_the_woods]

i just realised that when running HJT for the second time it replaced the first HJT log with the fresh one , so I have posted 2 times the second HJT log. I am sorry Sheba.

here is a even fresher HJT log


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:14:03 μμ, on 11/8/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\admin\Επιφάνεια εργασίας\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mech.ntua.gr/gr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Συνδέσεις
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Βοηθός εισόδου του Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: PartMetBackup.lnk.disabled
O4 - Startup: PowerReg Scheduler V3.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Ε&ξαγωγή στο Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {A0CC33E0-9DF0-4361-A94D-E55C4008788F} (BiosAgentPlus ActiveX Control) - http://biosagentplus.com/files/biosagentplus.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{63D0C496-2805-4133-96DE-A217E53D116A}: NameServer = 194.219.227.2,193.92.150.3
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe

--
End of file - 5131 bytes

 

[Shaba]

Before we continue, I have to ask that is this Desktop?

Επιφάνεια εργασίας

 

[in_the_woods]

Yes , it is the desktop.

Microsoft Windows Recovery Console is installed , but the black screen that offers the option to boot into recovery console mode lasts so little that in case we need it , I don't think that I will able το select it.

 

[Shaba]

Then please move HijackThis in own folder in Desktop.

After that:

Looking over your log, it seems you don't have any evidence of an anti-virus software.

Anti-virus software are programs that detect, cleanse, and erase harmful virus files on a computer, Web server, or network. Unchecked, virus files can unintentionally be forwarded to others, including trading partners and thereby spreading infection. Because new viruses regularly emerge, anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories. Please download a free anti-virus software from one these excellent vendors NOW:

1) Antivir PersonalEdition Classic - Free anti-virus software for Windows. Free support.
2) avast! 4 Home Edition - Anti-virus program for Windows. The home edition is freeware for noncommercial users.
3) AVG Anti-Virus Free Edition - Free edition of the AVG anti-virus program for Windows.

You should run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and results in program conflicts and false virus alerts.

Post back a fresh HijackThis log afterwards, please.

 

[in_the_woods]

Goodmorning Shaba ,

I created a folder at the desktop and moved HiJachThis.exe into this new folder.

I downloaded avast! 4.8 antivirus and scaned my pc with it. It found various infections and when it asked me , I decided to quarantine them because I wanted to consult you first. I am posting a fresh HJT log and the avast log.


P.S In the avast log , "einai molysmeno apo" means "is infected by" , "Metakinithike sto Kibotio" means "was moved to the box". These are greek words written with english characters.





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:56:23 πμ, on 12/8/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\admin\Επιφάνεια εργασίας\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mech.ntua.gr/gr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Συνδέσεις
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Βοηθός εισόδου του Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: PartMetBackup.lnk.disabled
O4 - Startup: PowerReg Scheduler V3.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Ε&ξαγωγή στο Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {A0CC33E0-9DF0-4361-A94D-E55C4008788F} (BiosAgentPlus ActiveX Control) - http://biosagentplus.com/files/biosagentplus.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{63D0C496-2805-4133-96DE-A217E53D116A}: NameServer = 194.219.227.2,193.92.150.3
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe

--
End of file - 5902 bytes









12/08/2009 08:52
Sarosi olon ton topikon odigon

Arxeio C:\katevasmata\streamviewer.45019.exe einai molysmeno apo Win32:FakeAV-KI [Trj], Metakinithike sto Kibotio
Arxeio C:\Qoobox\Quarantine\C\Program Files\Mozilla Firefox\plugins\NPNd2fn.dll.vir einai molysmeno apo Win32:Adware-gen [Adw], Metakinithike sto Kibotio
Arxeio C:\Qoobox\Quarantine\C\Program Files\RXToolBar\RXToolBar.dll.vir einai molysmeno apo Win32:Adware-gen [Adw], Metakinithike sto Kibotio
Arxeio C:\System Volume Information\_restore{6A7D3704-4820-4689-BD42-CB6D54847B88}\RP786\A0911224.DLL einai molysmeno apo Win32:Spyware-gen [Trj], Metakinithike sto Kibotio
Arxeio C:\System Volume Information\_restore{6A7D3704-4820-4689-BD42-CB6D54847B88}\RP786\A0911225.DLL einai molysmeno apo Win32:Adware-gen [Adw], Metakinithike sto Kibotio
Arxeio C:\System Volume Information\_restore{6A7D3704-4820-4689-BD42-CB6D54847B88}\RP786\A0911231.DLL einai molysmeno apo Win32:Findbar [Adw], Metakinithike sto Kibotio
Arxeio C:\System Volume Information\_restore{6A7D3704-4820-4689-BD42-CB6D54847B88}\RP786\A0912229.dll einai molysmeno apo Win32:Findbar [Adw], Metakinithike sto Kibotio
Arxeio C:\System Volume Information\_restore{6A7D3704-4820-4689-BD42-CB6D54847B88}\RP797\A0952637.exe einai molysmeno apo Win32:FakeAV-KI [Trj], Metakinithike sto Kibotio
Arxeio C:\System Volume Information\_restore{6A7D3704-4820-4689-BD42-CB6D54847B88}\RP809\A1011313.dll einai molysmeno apo Win32:Adware-gen [Adw], Metakinithike sto Kibotio
Arxeio C:\System Volume Information\_restore{6A7D3704-4820-4689-BD42-CB6D54847B88}\RP809\A1011315.dll einai molysmeno apo Win32:Adware-gen [Adw], Metakinithike sto Kibotio
Arxeio C:\System Volume Information\_restore{6A7D3704-4820-4689-BD42-CB6D54847B88}\RP812\A1013534.exe einai molysmeno apo Win32:FakeAV-KI [Trj], Metakinithike sto Kibotio
Arxeio C:\WINDOWS\Downloaded Program Files\WebP2PInstaller3.dll einai molysmeno apo Win32:Adware-gen [Adw], Metakinithike sto Kibotio
Arxeio C:\WINDOWS\system32\P2P Networking v1263.cpl einai molysmeno apo Win32:Lineage-197 [Trj], Metakinithike sto Kibotio
Arithmos arithmimenon arxeion: 5122
Arithmos elegmenon arxeion: 70786
Arithmos molysmenon arxeion: 13

 

[Shaba]

Open HijackThis, click do a system scan only and checkmark these:

O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART

Close all windows including browser and press fix checked.

Reboot.

Note: You can use Internet Explorer or Moxilla FireFox for this scan!
If using Mozilla Firefox you will need to download "esetsmartinstaller_enu.exe" when prompted ... double click it, to install.
Please temporarily disable your Anti-virus real-time protection. If active, it could impact the online scan.
Please go to ESET Online Scanner - © ESET All Rights Reserved... to run an online scan.
** Make sure you are using an account that has Administrative privileges **

1. Press the "ESET Online Scanner" button.
2. Check the box next to "YES, I accept the Terms of Use."... then click "Start".
3. Click Yes... at the run ActiveX prompt. Click Install... at the install ActiveX prompt.
   Once installed, the scanner will be initialized.
4. Click "Start". Make sure that the options:
   • Remove found threats is UNCHECKED
   • Leave the "default" settings under Advanced as they are, if not set , place a check for:
     • Scan for potentially unwanted applications
     • Scan for potentially unsafe applications
     • Enable Anti-Stealth Technology
5. Click "Start"... ESET scanner will begin to download the virus signatures database. (This takes a while)
   When the signatures have been downloaded, the scan will start automatically.
6. Wait for the scan to finish... it will take a while... please be patient. When the scan is finished...
7. Use Notepad to open the log file located at C:\Program Files\EsetOnlineScanner\log.txt
8. Copy and paste the contents of log.txt in your next reply.

Remember to enable your Anti-virus protection... before continuing!

 

[in_the_woods]

ESETSmartInstaller@High as downloader log:
all ok
# version=6
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6048
# api_version=3.0.2
# EOSSerial=41cf1039463a8d40955d46972f53363c
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2009-08-12 01:30:51
# local_time=2009-08-12 04:30:51 )
# country="Greece"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=769 37 100 100 23555781250
# scanned=50887
# found=0
# cleaned=0
# scan_time=1801

 

[in_the_woods]

The archives files box was unchecked so I left it that way.

 

[Shaba]

That is fine. Please post also a fresh HijackThis log.