Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Another Virtumonde


  • This topic is locked This topic is locked
16 replies to this topic

#1 Farokh

Farokh

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:52 AM

Posted 12 September 2008 - 05:32 AM

I tried everything but it keeps coming after i erase it with spybot.I think its downloading again and again and i have to close some suspicious processes that i have after restart
Anyway here's the Hijack log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:29:51, on 12/9/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
E:\Programs\DeskSpace v1.5.1\deskspace.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Βοηθός εισόδου του Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\System32\msconfig.exe" /auto
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunServices: [SystemTray Monitor] SysTraymon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DeskSpace] E:\Programs\DeskSpace v1.5.1\deskspace.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ApiDbWeb] C:\Windows\system32\nudijcna.exe
O4 - HKCU\..\Run: [dscwebsrv] C:\Windows\system32\hgzyzczu.exe
O4 - HKCU\..\Run: [SetAct] C:\Windows\system32\mtmfelur.exe
O4 - HKLM\..\Policies\Explorer\Run: [OcVC2PPMIY] C:\ProgramData\qrapelcj\erchmdmd.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: SDK Tray Menu.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra button: Προσθήκη στο ιστολόγιο - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Προσθήκη στο ιστολόγιο στο Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{76274589-3B85-4784-85B1-EC61697C02C9}: NameServer = 193.92.110.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O22 - SharedTaskScheduler: Deskscapes - {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\deskscapes.dll
O22 - SharedTaskScheduler: Stardock Vista ControlPanel Extension - {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\DesktopControlPanel.dll
O22 - SharedTaskScheduler: StardockDreamController - {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\DreamControl.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

--
End of file - 8611 bytes

Thanks in advance!

BC AdBot (Login to Remove)

 


#2 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:10:52 PM

Posted 18 September 2008 - 11:26 PM

Hello Farokh,

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish, so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Copy and Paste the entire Malwarebytes' Anti-Malware report in your next reply along with a fresh HijackThis log.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediatly.

If you encounter this message:"c:\program files\malwarebytes' Anti-Malware\mbamext.dll Unable to register the dll/ocx: RegSvr32 failed with exit code 0x5" Click on ignore mbamext.dll

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 Farokh

Farokh
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:52 AM

Posted 19 September 2008 - 08:42 AM

Thanks for helping me!

Malwarebytes' Anti-Malware 1.28
Database version: 1175
Windows 6.0.6000

19/9/2008 16:41:14
mbam-log-2008-09-19 (16-41-14).txt

Scan type: Quick Scan
Objects scanned: 47111
Time elapsed: 2 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 6
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 41

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\iTunesMusic (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\rdriv (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ocvc2ppmiy (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SystemCheck2 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\inrhc5tfj0eg8g (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Windows\System32\smp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

Files Infected:
C:\ProgramData\qrapelcj\erchmdmd.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\Windows\System32\smp\msrc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32\akttzn.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\anticipator.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\awtoolb.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\bsva-egihsg52.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\dpcproxy.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\hoproxy.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\hxiwlgpm.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\hxiwlgpm.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\msgp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\msnbho.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\msvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\mtr2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\mwin32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\netode.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\newsd32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\ps1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\psof1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\psoft1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\regc64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\regm64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\Rundl1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\sncntr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\ssurf022.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\ssvchost.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\ssvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\sysreq.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\taack.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\taack.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\temp#01.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\thun.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\thun32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\VBIEWER.OCX (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\vcatchpi.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\winlogonpc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\winsystem.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\WINWGPX.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\vbsys2.dll (Trojan.Clicker) -> Quarantined and deleted successfully.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:42:25, on 19/9/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
E:\Programs\DeskSpace v1.5.1\deskspace.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\conime.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Βοηθός εισόδου του Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunServices: [SystemTray Monitor] SysTraymon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DeskSpace] E:\Programs\DeskSpace v1.5.1\deskspace.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ApiDbWeb] C:\Windows\system32\nudijcna.exe
O4 - HKCU\..\Run: [dscwebsrv] C:\Windows\system32\hgzyzczu.exe
O4 - HKCU\..\Run: [SetAct] C:\Windows\system32\mtmfelur.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: SDK Tray Menu.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra button: Προσθήκη στο ιστολόγιο - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Προσθήκη στο ιστολόγιο στο Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{76274589-3B85-4784-85B1-EC61697C02C9}: NameServer = 193.92.110.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O22 - SharedTaskScheduler: Deskscapes - {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\deskscapes.dll
O22 - SharedTaskScheduler: Stardock Vista ControlPanel Extension - {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\DesktopControlPanel.dll
O22 - SharedTaskScheduler: StardockDreamController - {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\DreamControl.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

--
End of file - 8443 bytes

#4 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:10:52 PM

Posted 19 September 2008 - 11:50 AM

Hello Farokh,
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized). info.txt can also be found at c:\RSIT\info.txt

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 Farokh

Farokh
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:52 AM

Posted 19 September 2008 - 04:13 PM

Logfile of random's system information tool 1.02 (written by random/random)
Run by Fanis at 2008-09-20 00:11:13
Microsoft® Windows Vista™ Ultimate
System drive C: has 64 GB (40%) free of 160 GB
Total RAM: 3070 MB (54% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:11:15, on 20/9/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
E:\Programs\DeskSpace v1.5.1\deskspace.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\conime.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Fanis\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Fanis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Βοηθός εισόδου του Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunServices: [SystemTray Monitor] SysTraymon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DeskSpace] E:\Programs\DeskSpace v1.5.1\deskspace.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ApiDbWeb] C:\Windows\system32\nudijcna.exe
O4 - HKCU\..\Run: [dscwebsrv] C:\Windows\system32\hgzyzczu.exe
O4 - HKCU\..\Run: [SetAct] C:\Windows\system32\mtmfelur.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: SDK Tray Menu.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra button: Προσθήκη στο ιστολόγιο - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Προσθήκη στο ιστολόγιο στο Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{76274589-3B85-4784-85B1-EC61697C02C9}: NameServer = 193.92.110.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O22 - SharedTaskScheduler: Deskscapes - {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\deskscapes.dll
O22 - SharedTaskScheduler: Stardock Vista ControlPanel Extension - {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\DesktopControlPanel.dll
O22 - SharedTaskScheduler: StardockDreamController - {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\DreamControl.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

--
End of file - 8565 bytes

======Scheduled tasks folder======

C:\Windows\tasks\1-Click Maintenance.job
C:\Windows\tasks\User_Feed_Synchronization-{521BEB33-A14A-44E4-AD02-F8A2F49C7916}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-08-14 1562448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Βοηθός εισόδου του Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-07-19 78008]
"Windows Mobile-based device management"=C:\Windows\WindowsMobile\wmdSync.exe [2006-11-02 215552]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-05-16 13535776]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-05-16 92704]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-09-03 111936]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-09-10 289576]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
"DeskSpace"=E:\Programs\DeskSpace v1.5.1\deskspace.exe [2007-09-18 1066496]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2006-11-02 125440]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-01-17 486856]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-11-02 201728]
"ApiDbWeb"=C:\Windows\system32\nudijcna.exe []
"dscwebsrv"=C:\Windows\system32\hgzyzczu.exe []
"SetAct"=C:\Windows\system32\mtmfelur.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-06-27 152872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ComSysWin]
C:\Windows\system32\dkdupsdk.exe [2008-09-09 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
C:\Program Files\DAEMON Tools\daemon.exe -lang 1033 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gencfgutil]
C:\Windows\system32\vopyfahu.exe [2008-09-09 90112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2007-02-07 54832]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 12.0]
C:\Program Files\Norton Ghost\Agent\VProTray.exe [2007-03-28 2037352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
C:\Windows\system32\nvsvc.dll [2008-05-16 526880]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2007-02-07 71216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
C:\Program Files\Windows Sidebar\sidebar.exe [2006-11-02 1196032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [2007-09-25 132496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2006-11-02 1004136]

C:\Users\Fanis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
SDK Tray Menu.lnk - C:\Program Files\Java\jdk1.6.0_03\bin\javaw.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll [2007-10-27 122880]
Deskscapes - {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\deskscapes.dll [2007-03-21 104112]
Stardock Vista ControlPanel Extension - {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\DesktopControlPanel.dll [2007-03-23 91848]
StardockDreamController - {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\DreamControl.dll [2007-03-27 489160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0
"NoDispScrSavPage"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{432082da-90ff-11dc-ac2f-001d604b3220}]
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe countermeasure.sys.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b03d23ff-d35c-11dc-82cc-001d604b3220}]
shell\AutoRun\command - G:\autorun.exe -auto

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b03d2400-d35c-11dc-82cc-001d604b3220}]
shell\AutoRun\command - H:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b03d2401-d35c-11dc-82cc-001d604b3220}]
shell\AutoRun\command - I:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b03d2402-d35c-11dc-82cc-001d604b3220}]
shell\AutoRun\command - J:\Installer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bc16f94c-c27a-11dc-971b-001d604b3220}]
shell\AutoRun\command - K:\xo8wr9.exe
shell\explore\command - K:\xo8wr9.exe
shell\open\command - K:\xo8wr9.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c445a921-84ad-11dc-8fb4-001d604b3220}]
shell\AutoRun\command - I:\blank.exe


======List of files/folders created in the last 1 months======

2008-09-20 00:10:45 ----D---- C:\rsit
2008-09-19 16:34:50 ----D---- C:\Users\Fanis\AppData\Roaming\Malwarebytes
2008-09-19 16:34:47 ----D---- C:\ProgramData\Malwarebytes
2008-09-19 16:34:47 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-17 17:33:08 ----D---- C:\Program Files\World of Warcraft
2008-09-17 15:42:19 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2008-09-17 15:19:42 ----D---- C:\Program Files\Blitzkrieg 2 - Fall of the Reich
2008-09-16 19:30:02 ----D---- C:\Program Files\Blitzkrieg 2
2008-09-15 20:29:49 ----D---- C:\Program Files\New Folder
2008-09-15 14:22:52 ----A---- C:\Windows\system32\XAudio2_1.dll
2008-09-15 14:22:52 ----A---- C:\Windows\system32\XAPOFX1_0.dll
2008-09-15 14:22:52 ----A---- C:\Windows\system32\xactengine3_1.dll
2008-09-15 14:22:52 ----A---- C:\Windows\system32\X3DAudio1_4.dll
2008-09-15 14:22:51 ----A---- C:\Windows\system32\d3dx10_38.dll
2008-09-15 14:22:51 ----A---- C:\Windows\system32\D3DCompiler_38.dll
2008-09-15 14:22:50 ----A---- C:\Windows\system32\XAudio2_0.dll
2008-09-15 14:22:50 ----A---- C:\Windows\system32\xactengine3_0.dll
2008-09-15 14:22:50 ----A---- C:\Windows\system32\X3DAudio1_3.dll
2008-09-15 14:22:50 ----A---- C:\Windows\system32\D3DX9_38.dll
2008-09-15 14:22:49 ----A---- C:\Windows\system32\d3dx10_37.dll
2008-09-15 14:22:49 ----A---- C:\Windows\system32\D3DCompiler_37.dll
2008-09-15 14:22:48 ----A---- C:\Windows\system32\D3DX9_37.dll
2008-09-15 14:11:44 ----D---- C:\Program Files\GSC World Publishing
2008-09-12 13:29:41 ----D---- C:\Program Files\Trend Micro
2008-09-12 12:57:56 ----D---- C:\VundoFix Backups
2008-09-12 12:57:56 ----A---- C:\VundoFix.txt
2008-09-12 12:45:54 ----A---- C:\Windows\system32\GEARAspi.dll
2008-09-12 12:45:35 ----D---- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-12 12:45:35 ----D---- C:\Program Files\iTunes
2008-09-12 12:45:35 ----D---- C:\Program Files\iPod
2008-09-12 12:44:01 ----D---- C:\Program Files\Bonjour
2008-09-12 12:42:47 ----D---- C:\Program Files\QuickTime
2008-09-09 22:33:49 ----D---- C:\Program Files\The Adventure Company
2008-09-09 21:39:16 ----D---- C:\Program Files\HijackThis
2008-09-09 21:27:27 ----A---- C:\Windows\system32\dkdupsdk.exe
2008-09-09 15:55:42 ----A---- C:\Windows\system32\vopyfahu.exe
2008-09-09 11:06:23 ----A---- C:\Windows\system32\gjmfevyl.exe
2008-09-08 23:01:12 ----D---- C:\Windows\Gary Grigsby's World at War A World Divided
2008-09-08 23:01:12 ----D---- C:\Matrix Games
2008-09-08 22:59:56 ----A---- C:\Windows\Gary Grigsby's World at War A World Divided Setup Log.txt
2008-09-08 20:45:04 ----A---- C:\Windows\wininit.ini
2008-09-08 19:59:51 ----D---- C:\ProgramData\qrapelcj
2008-09-08 19:59:50 ----A---- C:\Windows\system32\sxixupod.exe
2008-09-07 22:26:09 ----D---- C:\Program Files\JoWood
2008-09-07 21:11:25 ----D---- C:\Program Files\GameSpy Arcade
2008-09-07 21:06:31 ----D---- C:\Program Files\Team17 Software Ltd
2008-09-07 15:30:36 ----D---- C:\Program Files\EA Games
2008-09-04 15:02:28 ----D---- C:\Users\Fanis\AppData\Roaming\SPORE
2008-09-03 12:27:45 ----D---- C:\Program Files\Kalypso
2008-09-03 12:24:27 ----HD---- C:\Windows\PIF
2008-08-29 10:18:58 ----A---- C:\Windows\system32\dns-sd.exe
2008-08-29 09:53:50 ----A---- C:\Windows\system32\dnssd.dll

======List of files/folders modified in the last 1 months======

2008-09-20 00:10:41 ----D---- C:\Windows\Prefetch
2008-09-19 23:18:01 ----D---- C:\Windows\Temp
2008-09-19 18:34:39 ----A---- C:\Windows\NeroDigital.ini
2008-09-19 16:41:14 ----D---- C:\Windows\System32
2008-09-19 16:38:24 ----A---- C:\Windows\ntbtlog.txt
2008-09-19 16:35:59 ----D---- C:\Windows\system32\drivers
2008-09-19 16:34:47 ----RD---- C:\Program Files
2008-09-19 16:34:47 ----HD---- C:\ProgramData
2008-09-19 15:57:04 ----SHD---- C:\System Volume Information
2008-09-19 15:33:16 ----D---- C:\Program Files\Mozilla Firefox
2008-09-18 18:15:05 ----D---- C:\Windows\inf
2008-09-18 18:15:05 ----A---- C:\Windows\system32\PerfStringBackup.INI
2008-09-17 16:49:30 ----RSD---- C:\Windows\assembly
2008-09-17 15:42:19 ----D---- C:\Program Files\Common Files
2008-09-15 14:21:41 ----D---- C:\Windows\Logs
2008-09-15 10:21:45 ----D---- C:\Program Files\Mozilla Sunbird
2008-09-12 13:05:36 ----SHD---- C:\Config.Msi
2008-09-12 12:46:21 ----SHD---- C:\Windows\Installer
2008-09-12 12:45:56 ----D---- C:\Windows\system32\catroot
2008-09-12 12:45:53 ----DC---- C:\Windows\system32\DRVSTORE
2008-09-12 12:45:35 ----D---- C:\ProgramData\Apple Computer
2008-09-12 12:42:52 ----D---- C:\Program Files\Common Files\Apple
2008-09-11 17:20:17 ----A---- C:\Windows\Lexicon.ini
2008-09-10 19:31:17 ----D---- C:\Windows\system32\catroot2
2008-09-10 11:29:37 ----D---- C:\temp
2008-09-09 15:04:57 ----D---- C:\Users\Fanis\AppData\Roaming\uTorrent
2008-09-09 11:46:42 ----D---- C:\Windows
2008-09-09 11:36:25 ----HD---- C:\Program Files\InstallShield Installation Information
2008-09-08 20:27:36 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-09-08 20:11:22 ----D---- C:\ProgramData\NVIDIA
2008-09-08 12:12:37 ----D---- C:\Windows\Minidump
2008-09-07 17:04:13 ----A---- C:\Windows\system32\CmdLineExt.dll
2008-09-07 15:02:40 ----D---- C:\HO
2008-09-04 14:39:44 ----D---- C:\Program Files\Electronic Arts
2008-09-02 18:20:10 ----D---- C:\Program Files\Free WMA to MP3 Converter
2008-09-02 16:25:36 ----D---- C:\Program Files\Lavasoft
2008-09-02 16:23:47 ----D---- C:\ProgramData\Lavasoft
2008-09-02 16:20:43 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-09-02 15:36:28 ----D---- C:\Program Files\Ubisoft
2008-09-02 15:34:35 ----D---- C:\Program Files\SEGA
2008-09-02 15:32:19 ----D---- C:\Program Files\Paradox Interactive
2008-08-30 17:30:32 ----SD---- C:\Windows\Downloaded Program Files

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2008-07-19 23152]
R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2008-07-19 42912]
R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys [2007-10-27 320000]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B}; \??\C:\Program Files\CyberLink\PowerDVD\000.fcl [2006-11-02 13560]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2008-02-04 278984]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2008-02-04 25416]
R2 v2imount;Symantec V2i Mount Driver; C:\Windows\system32\DRIVERS\v2imount.sys [2007-03-28 37864]
R2 vistatalk;vistatalk; \??\C:\Windows\system32\vistatalk.sys [2007-10-27 4096]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm60x32.sys [2006-11-02 429056]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-05-16 7465312]
R3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2006-11-02 35328]
S3 arh9lo34;arh9lo34; C:\Windows\system32\drivers\arh9lo34.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
S3 VProEventMonitor;Symantec Event Monitor Driver; C:\Windows\system32\DRIVERS\vproeventmonitor.sys [2007-03-28 14072]
S3 WimFltr;WimFltr; C:\Windows\system32\DRIVERS\wimfltr.sys [2007-03-28 128104]
S3 winusb;WinUSB Service; C:\Windows\system32\DRIVERS\winusb.sys [2006-11-02 31616]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2006-11-02 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-02 611664]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-09-10 116040]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-09-12 554352]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2006-11-02 22016]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 Norton Ghost;Norton Ghost; C:\Program Files\Norton Ghost\Agent\VProSvc.exe [2007-03-28 3290728]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-05-16 118784]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2006-11-02 22016]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-08-14 809296]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2006-11-02 22016]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2006-11-02 22016]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-07-23 348344]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-09-10 536872]
R3 usnjsvc;Υπηρεσία ανάγνωσης χρονικού USN κοινόχρηστων φακέλων του Messenger; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2006-11-02 22016]
S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe [2006-11-02 521216]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-09-12 2999664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2006-11-02 22016]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe [2006-11-02 562176]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S4 lxbk_device;lxbk_device; C:\Windows\system32\lxbkcoms.exe [2007-04-26 537520]
S4 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2008-05-30 66872]
S4 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo.exe [2007-02-07 173616]

-----------------EOF-----------------


info.txt logfile of random's system information tool 1.02 2008-09-20 00:10:52

======Uninstall list======

-->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->MsiExec /X{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}
ABBYY FineReader 8.0 Professional Edition-->MsiExec.exe /I{AAF80000-22B9-4CE9-98D6-2CCF359BAC07}
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player 9 ActiveX-->MsiExec.exe /X{786547F9-59BB-4FA3-B2D8-327FF1F14870}
Adobe Flash Player Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Shockwave Player-->C:\Windows\System32\Macromed\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Macromed\SHOCKW~1\Install.log
AGEIA PhysX v7.11.13-->MsiExec.exe /X{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}
Apple Mobile Device Support-->MsiExec.exe /I{AA9768AA-FF0B-4C66-A085-31E934F77841}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
AusLogics Disk Defrag-->"C:\Program Files\AusLogics Disk Defrag\unins000.exe"
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Blitzkrieg 2 - Fall of the Reich-->C:\Program Files\Blitzkrieg 2 - Fall of the Reich\Uninstall\uninstall.exe /C "/U:C:\Program Files\Blitzkrieg 2 - Fall of the Reich\Uninstall\uninstall.xml"
Blitzkrieg 2-->C:\Program Files\Blitzkrieg 2\Uninstall\uninstall.exe /C "/U:C:\Program Files\Blitzkrieg 2\Uninstall\uninstall.xml"
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Call of Duty® 4 - Modern Warfare™-->C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0409
Cool Edit Pro 2.0-->C:\Program Files\coolpro2\cep2unin.exe
dBpoweramp [Calculate Audio CRC] Codec-->"C:\Windows\system32\SpoonUninstall.exe" <uninstall>C:\Windows\system32\SpoonUninstall-dBpoweramp [Calculate Audio CRC] Codec.dat
dBpoweramp [Multi Encoder] Codec-->"C:\Windows\system32\SpoonUninstall.exe" <uninstall>C:\Windows\system32\SpoonUninstall-dBpoweramp [Multi Encoder] Codec.dat
dBpoweramp [ReplayGain] Codec-->"C:\Windows\system32\SpoonUninstall.exe" <uninstall>C:\Windows\system32\SpoonUninstall-dBpoweramp [ReplayGain] Codec.dat
dBpoweramp AAC Encoder-->"C:\Windows\system32\SpoonUninstall.exe" <uninstall>C:\Windows\system32\SpoonUninstall-dBpoweramp AAC Encoder.dat
dBpoweramp CLI Encoder-->"C:\Windows\system32\SpoonUninstall.exe" <uninstall>C:\Windows\system32\SpoonUninstall-dBpoweramp CLI Encoder.dat
dBpoweramp Dalet Codec-->"C:\Windows\system32\SpoonUninstall.exe" <uninstall>C:\Windows\system32\SpoonUninstall-dBpoweramp Dalet Codec.dat
dBpoweramp DSP Effects-->"C:\Windows\system32\SpoonUninstall.exe" <uninstall>C:\Windows\system32\SpoonUninstall-dBpoweramp DSP Effects.dat
dBpoweramp FLAC Codec-->"C:\Windows\system32\SpoonUninstall.exe" <uninstall>C:\Windows\system32\SpoonUninstall-dBpoweramp FLAC Codec.dat
dBpoweramp m4a Codec-->"C:\Windows\system32\SpoonUninstall.exe" <uninstall>C:\Windows\system32\SpoonUninstall-dBpoweramp m4a Codec.dat
dBpoweramp m4a Utilities-->"C:\Windows\system32\SpoonUninstall.exe" <uninstall>C:\Windows\system32\SpoonUninstall-dBpoweramp m4a Utilities.dat
dBpoweramp m4b Audio book Encoder-->"C:\Windows\system32\SpoonUninstall.exe" <uninstall>C:\Windows\system32\SpoonUninstall-dBpoweramp m4b Audio book Encoder.dat
dBpoweramp Monkeys Audio Codec-->"C:\Windows\system32\SpoonUninstall.exe" <uninstall>C:\Windows\system32\SpoonUninstall-dBpoweramp Monkeys Audio Codec.dat
dBpoweramp Mp2 and BwfMp2 codec-->"C:\Windows\system32\SpoonUninstall.exe" <uninstall>C:\Windows\system32\SpoonUninstall-dBpoweramp Mp2 and BwfMp2 codec.dat
dBpoweramp mp3 (Fraunhofer IIS) Codec-->"C:\Windows\system32\SpoonUninstall.exe" <uninstall>C:\Windows\system32\SpoonUninstall-dBpoweramp mp3 (Fraunhofer IIS) Codec.dat
dBpoweramp Music Converter-->"C:\Windows\system32\SpoonUninstall.exe" <uninstall>C:\Windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat
dBpoweramp Ogg Vorbis Codec-->"C:\Windows\system32\SpoonUninstall.exe" <uninstall>C:\Windows\system32\SpoonUninstall-dBpoweramp Ogg Vorbis Codec.dat
dBpoweramp Real Audio (Helix) Encoder-->"C:\Windows\system32\SpoonUninstall.exe" <uninstall>C:\Windows\system32\SpoonUninstall-dBpoweramp Real Audio (Helix) Encoder.dat
dBPoweramp tooLame MP2 codec-->"C:\Windows\system32\SpoonUninstall.exe" <uninstall>C:\Windows\system32\SpoonUninstall-dBPoweramp tooLame MP2 codec.dat
dBpoweramp Wave64 Codec-->"C:\Windows\system32\SpoonUninstall.exe" <uninstall>C:\Windows\system32\SpoonUninstall-dBpoweramp Wave64 Codec.dat
dBpoweramp WavPack Codec-->"C:\Windows\system32\SpoonUninstall.exe" <uninstall>C:\Windows\system32\SpoonUninstall-dBpoweramp WavPack Codec.dat
DeskScapes-->C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\UNWISE.EXE C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\INSTALL.LOG
Dev-C++ 4-->C:\Windows\uninst.exe -fC:\Dev-C++\DeIsL1.isu -cC:\Dev-C++\_ISREG32.DLL
DirectX 10 for XP-->"C:\Program Files\InstallShield Installation Information\{A6C9AFAB-D6CC-452B-A1FE-727252A13E14}\setup.exe" -runfromtemp -l0x0009 -removeonly
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Do It Again-->MsiExec.exe /I{85BF0E64-6ABB-4EA1-A026-A3DEA6554A60}
Football Manager 2008-->"C:\Program Files\Sports Interactive\Football Manager 2008\Uninstall_Football Manager 2008\Uninstall Football Manager 2008.exe"
Foxit Reader-->C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
Free WMA to MP3 Converter 1.08-->"C:\Program Files\Free WMA to MP3 Converter\unins000.exe"
GameSpy Arcade-->C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG
Gary Grigsby's World at War A World Divided-->"C:\Windows\Gary Grigsby's World at War A World Divided\uninstall.exe" "/U:C:\Matrix Games\Gary Grigsby's World at War A World Divided\Uninstall\uninstall.xml"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
iTunes-->MsiExec.exe /I{41B9E2CF-0B3F-442A-B5B3-592A4A355634}
Java DB 10.2.2.0-->MsiExec.exe /X{0ECB59D5-A3FC-4D61-AD3B-6CE679B3F852}
Java Platform, Enterprise Edition 5 SDK-->"C:\Sun\SDK\uninstall.exe" -javahome "C:\Program Files\Java\jdk1.6.0_03"
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java™ SE Development Kit 6 Update 3-->MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160030}
Java™ SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
K-Lite Mega Codec Pack 3.5.0-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Lexmark X1100 Series-->C:\Program Files\Lexmark X1100 Series\Install\x86\Uninst.exe
LiveUpdate 3.2 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Mass Effect-->C:\Program Files\Common Files\BioWare\Uninstall Mass Effect.exe
MEL-->C:\Windows\IsUninst.exe -f"C:\Program Files\Tegopoulos-Fytrakhs\mel\Uninst.isu"
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{D1B01DC9-CBAF-45F9-A387-7D00C11B630E}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual J# .NET Redistributable Package 1.1-->MsiExec.exe /X{1A655D51-1423-48A3-B748-8F5A0BE294C8}
mIRC-->C:\Program Files\mIRC\uninstall.exe _?=C:\Program Files\mIRC
MobileMe Control Panel-->MsiExec.exe /I{6DA9102E-199F-43A0-A36B-6EF48081A658}
Mozilla Firefox (3.0.1)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Sunbird (0.3.1)-->C:\Program Files\Mozilla Sunbird\uninstall\uninst.exe
Nero 7 Ultra Edition-->MsiExec.exe /X{CF097717-F174-4144-954A-FBC4BF301032}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Norton Ghost-->MsiExec.exe /I{B0255743-165B-4BD5-8DA8-37DFB9930012}
Notepad++-->C:\Program Files\Notepad++\uninstall.exe
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
On-screen Ruler-->MsiExec.exe /X{8B44193C-DA52-4299-A56D-9E275DCCBAEA}
OpenOffice.org Installer 1.0-->MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
PrimoPDF Redistribution Package-->MsiExec.exe /I{885744A4-1A01-44B0-858A-0AE6738CBCF7}
PrimoPDF-->"C:\Windows\PrimoPDF\uninstall.exe" "/U:C:\Program Files\activePDF\PrimoPDF\Uninstall\uninstall.xml"
Pro Evolution Soccer 2008-->C:\Program Files\InstallShield Installation Information\{2FDFD600-7338-4738-90D5-FC4ACA08DC36}\setup.exe -runfromtemp -l0x0409
PunkBuster Services-->C:\Windows\system32\pbsvc.exe -u
QuickSFV (Remove only)-->C:\Program Files\QuickSFV\QSFVUNST.EXE C:\Program Files\QuickSFV\
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
RegSupreme Pro-->"C:\Program Files\RegSupreme Pro\unins000.exe"
Safari-->MsiExec.exe /I{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}
SopCast 2.0.4-->C:\Program Files\SopCast\uninst.exe
SPORE™-->"C:\Program Files\InstallShield Installation Information\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}\SPORESetup.exe" -runfromtemp -l0x0008 -removeonly
Spybot - Search & Destroy 1.5.2.20-->"C:\Windows\unins000.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Stellarium 0.9.1-->"C:\Program Files\Stellarium\unins000.exe"
TextPad 5-->MsiExec.exe /X{B6EC7388-E277-4A5B-8C8F-71067A41BA64}
The Abbey-->C:\Program Files\The Adventure Company\The Abbey\Uninstall.exe
TuneUp Utilities 2007-->MsiExec.exe /I{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}
VideoLAN VLC media player 0.8.6c-->C:\Program Files\VideoLAN\VLC\uninstall.exe
VP Suite 3.0-->C:\Program Files\VP Suite 3.0\uninstall.exe
Windows Live installer-->MsiExec.exe /X{1A304004-5798-44EF-9A0D-5C27FC3C4FD4}
Windows Live Mail-->MsiExec.exe /I{BB759F14-E59B-4475-92D5-15EAEAC6826E}
Windows Live Messenger-->MsiExec.exe /X{7924F96E-93F9-49F5-905F-444D96DCFC91}
Windows Live Writer-->MsiExec.exe /X{4E4F5C5A-F9CF-4A25-87A0-ED512E8A7F29}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
Βοηθός εισόδου του Windows Live-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Συλλογή φωτογραφιών του Windows Live-->MsiExec.exe /X{80D63746-C37C-4767-82A9-CB90FE867362}

======Hosts File======

127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com
127.0.0.1 032439.com
127.0.0.1 www.032439.com

======Security center information======

AV: avast! antivirus 4.8.1229 [VPS 080919-0]
AS: Spybot - Search and Destroy (disabled)
AS: Windows Defender (disabled)
AS: avast! antivirus 4.8.1229 [VPS 080919-0]

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 67 Stepping 3, AuthenticAMD
"PROCESSOR_REVISION"=4303
"NUMBER_OF_PROCESSORS"=2
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------

#6 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:10:52 PM

Posted 19 September 2008 - 05:10 PM

Hello Farokh,

Be sure not to uninstall Java 6 Update 7 on you computer, as that is the latest version.

Click on start, then control panel, and then double-click on add/remove programs.
From within add/remove program uninstall the following by double-clicking on the following entries:

Java 6 Update 3
Java 6 Update 5
Java SE Runtime Environment 6


If you are NOT a Java developer then you can uninstall
Java SE Development Kit 6 Update 3

Spybot - Search & Destroy 1.5.2.20 is an old version, so you can uninstall it and download, install and run Spybot 1.6.0 at http://www.safer-networking.org/en/download/

*******************************

You have some suspicious files we need to check.

You will need to see hidden files, so follow these directions:
How to show hidden files in Windows Vista

Go to next site: http://www.virustotal.com/en/indexf.html
On top you'll find 'Browse'
Click the browse button and browse to next file:

C:\Windows\system32\sxixupod.exe

Click open.
Then click the 'Send' button next to it.
This will scan the file. Please be patient.
Save the results in notepad.

Perform the same for next files:

C:\Windows\system32\dkdupsdk.exe
C:\Windows\system32\vopyfahu.exe
C:\Windows\system32\gjmfevyl.exe


Once scanned, copy and paste the results also in your next reply.

NOTE: I usually enter my email address at virus total so they can send me the scan results. They usually only take a couple minutes to reply.
You can copy/paste the results of scan results here.

*******************************

Before running a new scan let's clean out the temporary folders.

Download ATF Cleaner to your Desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • Close ALL Internet browsers (very important).
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Now download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck

      File - Additional Folder Scans

  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. Make sure that the first line is code with brackets around it [] and that the last line is /code with brackets around it [].

If, after posting, the last line is not <End of Report> then the log is too big to fit into a single post.

If the file is too big to post, then you can upload it to me here. Let me know when you upload it. :thumbsup:

Edited by SifuMike, 19 September 2008 - 05:11 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 Farokh

Farokh
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:52 AM

Posted 20 September 2008 - 02:15 AM

File juhkdwhy.exe received on 09.11.2008 20:22:33 (CET)
Current status: finished
Result: 15/36 (41.67%)
Compact Compact
Print results Print results
Antivirus Version Last Update Result
AhnLab-V3 2008.9.12.0 2008.09.11 -
AntiVir 7.8.1.28 2008.09.11 TR/Obfuscated.GX.705
Authentium 5.1.0.4 2008.09.11 -
Avast 4.8.1195.0 2008.09.11 Win32:Trojan-gen {Other}
AVG 8.0.0.161 2008.09.11 Generic11.THS
BitDefender 7.2 2008.09.11 -
CAT-QuickHeal 9.50 2008.09.11 -
ClamAV 0.93.1 2008.09.11 -
DrWeb 4.44.0.09170 2008.09.11 -
eSafe 7.0.17.0 2008.09.11 -
eTrust-Vet 31.6.6084 2008.09.11 -
Ewido 4.0 2008.09.11 -
F-Prot 4.4.4.56 2008.09.10 -
F-Secure 8.0.14332.0 2008.09.11 Trojan.Win32.Obfuscated.gx
Fortinet 3.113.0.0 2008.09.11 W32/Obfuscated.GX!tr
GData 19 2008.09.11 Trojan.Win32.Obfuscated.gx
Ikarus T3.1.1.34.0 2008.09.11 -
K7AntiVirus 7.10.452 2008.09.11 -
Kaspersky 7.0.0.125 2008.09.11 Trojan.Win32.Obfuscated.gx
McAfee 5382 2008.09.11 Generic Downloader.x
Microsoft 1.3903 2008.09.11 TrojanDownloader:Win32/FakeAlert.C
NOD32v2 3435 2008.09.11 a variant of Win32/TrojanDownloader.FakeAlert.IQ
Norman 5.80.02 2008.09.11 W32/Busky.BHAQ
Panda 9.0.0.4 2008.09.10 -
PCTools 4.4.2.0 2008.09.11 -
Prevx1 V2 2008.09.11 Cloaked Malware
Rising 20.61.32.00 2008.09.11 -
Sophos 4.33.0 2008.09.11 Mal/EncPk-DG
Sunbelt 3.1.1628.1 2008.09.11 -
Symantec 10 2008.09.11 Trojan Horse
TheHacker 6.3.0.9.077 2008.09.10 -
TrendMicro 8.700.0.1004 2008.09.11 -
VBA32 3.12.8.5 2008.09.10 -
ViRobot 2008.9.11.1373 2008.09.11 -
VirusBuster 4.5.11.0 2008.09.11 -
Webwasher-Gateway 6.6.2 2008.09.11 Trojan.Obfuscated.GX.705
Additional information
File size: 81920 bytes
MD5...: cd31aab908e2e1ab175e71c967d19de3
SHA1..: 358a227ec6f9a6818d97a5da0ce95d097b277e79
SHA256: 1c4b38551b6444f749307001b28a6753c97f23a4734120695575d4ad58cc03b2
SHA512: 0616f511462b262f0bcb485cef5dd9631c8898e8ba3e9a9146336f3e839d0e24
21969279646ad27829c70858b9b8cc7330a8276a803954943b20790ed55f67f4
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x407556
timedatestamp.....: 0x48c53e6e (Mon Sep 08 15:02:06 2008)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.vpml 0x1000 0x10db0 0x11000 6.77 231c19a23e411a7e721458cf0785c461
.zxnkg 0x12000 0x71c 0x1000 3.00 8cc953b7782b6f5f34bdbd1fcd92dda4
.uvltlz 0x13000 0x5a20 0x1000 0.60 f5dd60045f5e0ae5c6ad2c5569b08f77

( 4 imports )
> KERNEL32.dll: CreateThread, GetCurrentThreadId, LoadLibraryA, FreeLibrary, GetModuleHandleW, GetProcAddress, GetFileAttributesExW, SetEndOfFile, GlobalDeleteAtom, InterlockedIncrement, DuplicateHandle, GetCurrentProcess, GetFileSize, lstrlenW, SetThreadPriority, FindClose, MultiByteToWideChar, CreateEventW, SetFilePointer, GlobalFree, WaitForSingleObject, SuspendThread, TerminateThread, FindNextChangeNotification, InterlockedDecrement, FileTimeToSystemTime, SetWaitableTimer, GlobalAddAtomW
> USER32.dll: LoadIconW, LoadBitmapW, GetSystemMetrics, GetSysColor, LoadImageW, EndDialog, UpdateWindow, OffsetRect, PostThreadMessageW, RegisterClassExW, CreateWindowExW, GetDlgItem, RedrawWindow, SetLayeredWindowAttributes, GetClassNameW, GetWindowTextW, InvalidateRect, AppendMenuW, LoadStringW, DestroyIcon, MessageBoxW, DrawTextW, SystemParametersInfoW, VkKeyScanW
> GDI32.dll: GetStockObject, GetMapMode, CreateFontIndirectW, DeleteDC, MoveToEx, BitBlt, GetDeviceCaps, GetClipBox
> ADVAPI32.dll: InitializeSecurityDescriptor, RegCreateKeyExW, RegOpenKeyExW, RegQueryValueExW

( 0 exports )
Prevx info: http://info.prevx.com/aboutprogramtext.asp...75C2E00F36EC2E2

File dkdupsdk.exe received on 09.09.2008 22:54:06 (CET)
Current status: finished
Result: 8/36 (22.22%)
Compact Compact
Print results Print results
Antivirus Version Last Update Result
AhnLab-V3 - - -
AntiVir - - -
Authentium - - -
Avast - - -
AVG - - -
BitDefender - - -
CAT-QuickHeal - - -
ClamAV - - -
DrWeb - - -
eSafe - - -
eTrust-Vet - - -
Ewido - - -
F-Prot - - -
F-Secure - - Trojan.Win32.Obfuscated.gx
Fortinet - - W32/PolySmall.BP!tr
GData - - Trojan.Win32.Obfuscated.gx
Ikarus - - -
K7AntiVirus - - -
Kaspersky - - Trojan.Win32.Obfuscated.gx
McAfee - - -
Microsoft - - TrojanDownloader:Win32/FakeAlert.C
NOD32v2 - - a variant of Win32/TrojanDownloader.FakeAlert.IQ
Norman - - -
Panda - - -
PCTools - - -
Prevx1 - - Cloaked Malware
Rising - - -
Sophos - - Mal/EncPk-DG
Sunbelt - - -
Symantec - - -
TheHacker - - -
TrendMicro - - -
VBA32 - - -
ViRobot - - -
VirusBuster - - -
Webwasher-Gateway - - -
Additional information
MD5: 1430ec1fb5a46e180c55413e5368722f
SHA1: 9a403e7bf1b6e1540ecd4dcc2e3acaef30829bdb
SHA256: bfbf2d1ee1e43471c84620af75a9e8c101f27fd1afe01fe36c21859fb9c6cc30
SHA512: d6bba20aac2c603ba321994479f46ff5cf1a0bfdc588b3aaa6ab87117e58aed218675060cd494d12950a8a5c12be4a14418c05a9ace7b54dadc11ce6bbb98228

ATENTION ATTENTION: VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.

File unknown received on 09.09.2008 22:01:55 (CET)
Current status: finished
Result: 9/35 (25.71%)
Compact Compact
Print results Print results
Antivirus Version Last Update Result
AhnLab-V3 - - -
AntiVir - - -
Authentium - - -
Avast - - -
AVG - - -
BitDefender - - -
CAT-QuickHeal - - -
ClamAV - - -
DrWeb - - -
eSafe - - -
eTrust-Vet - - -
Ewido - - -
F-Prot - - -
F-Secure - - Trojan.Win32.Obfuscated.gx
Fortinet - - W32/PolySmall.BP!tr
GData - - Trojan.Win32.Obfuscated.gx
Ikarus - - -
K7AntiVirus - - -
Kaspersky - - Trojan.Win32.Obfuscated.gx
McAfee - - -
Microsoft - - TrojanDownloader:Win32/FakeAlert.C
NOD32v2 - - a variant of Win32/TrojanDownloader.FakeAlert.IQ
Norman - - -
Panda - - -
PCTools - - -
Prevx1 - - Fraudulent Security Program
Rising - - -
Sophos - - Mal/EncPk-DG
Sunbelt - - -
TheHacker - - -
TrendMicro - - -
VBA32 - - -
ViRobot - - Trojan.Win32.Amvo.Gen
VirusBuster - - -
Webwasher-Gateway - - -
Additional information
MD5: 27768263413eb7c6d4d5701aeecff73c
SHA1: 00d41959a49b8e38985d2922aeb6c4e0e8abf30a
SHA256: f5875ea5db0118349c2b2e304f6e7c72ddf2ccabcc781355acea9e28cc54b771

ATENTION ATTENTION: VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.

File clavcdsz.exe received on 09.12.2008 13:49:10 (CET)
Current status: finished
Result: 15/36 (41.67%)
Compact Compact
Print results Print results
Antivirus Version Last Update Result
AhnLab-V3 2008.9.13.0 2008.09.12 -
AntiVir 7.8.1.28 2008.09.12 TR/Obfuscated.GX.869
Authentium 5.1.0.4 2008.09.12 -
Avast 4.8.1195.0 2008.09.11 Win32:Trojan-gen {Other}
AVG 8.0.0.161 2008.09.12 Generic11.UFG
BitDefender 7.2 2008.09.12 -
CAT-QuickHeal 9.50 2008.09.12 -
ClamAV 0.93.1 2008.09.12 -
DrWeb 4.44.0.09170 2008.09.12 -
eSafe 7.0.17.0 2008.09.11 Win32.Obfuscated.gx
eTrust-Vet 31.6.6086 2008.09.12 -
Ewido 4.0 2008.09.12 -
F-Prot 4.4.4.56 2008.09.12 -
F-Secure 8.0.14332.0 2008.09.12 Trojan.Win32.Obfuscated.gx
Fortinet 3.113.0.0 2008.09.12 W32/PolySmall.BP!tr
GData 19 2008.09.12 Trojan.Win32.Obfuscated.gx
Ikarus T3.1.1.34.0 2008.09.12 -
K7AntiVirus 7.10.452 2008.09.11 -
Kaspersky 7.0.0.125 2008.09.12 Trojan.Win32.Obfuscated.gx
McAfee 5382 2008.09.11 Generic Downloader.x
Microsoft 1.3903 2008.09.12 TrojanDownloader:Win32/FakeAlert.C
NOD32v2 3437 2008.09.12 a variant of Win32/TrojanDownloader.FakeAlert.IQ
Norman 5.80.02 2008.09.12 -
Panda 9.0.0.4 2008.09.11 -
PCTools 4.4.2.0 2008.09.11 -
Prevx1 V2 2008.09.12 Cloaked Malware
Rising 20.61.42.00 2008.09.12 -
Sophos 4.33.0 2008.09.12 Mal/EncPk-DG
Sunbelt 3.1.1628.1 2008.09.12 Trojan.Win32.Obfuscated.gx
Symantec 10 2008.09.12 -
TheHacker 6.3.0.9.077 2008.09.10 -
TrendMicro 8.700.0.1004 2008.09.12 -
VBA32 3.12.8.5 2008.09.10 -
ViRobot 2008.9.12.1375 2008.09.12 -
VirusBuster 4.5.11.0 2008.09.11 -
Webwasher-Gateway 6.6.2 2008.09.12 Trojan.Obfuscated.GX.869
Additional information
File size: 81920 bytes
MD5...: c40551c9ee2f2c06ae1e15ee8fa27c38
SHA1..: 1446e6ec538593c5459b71775aa35faf4a3fa35e
SHA256: 3a4332fd64d3f43fe28bb12cada06f230f3faf23bdf923d62112d1f6542f11ee
SHA512: 53f0b6ee9d3679a7a6bb92ddf5a2e3276c86b12bd34b84fadecb16f433fcd96d
01ec1883901b2515ca90c2a5cd46a38ba3550f20d6bcd546096a368a31ff956a
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x40609f
timedatestamp.....: 0x48c6115b (Tue Sep 09 06:02:03 2008)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.vjxfe 0x1000 0x10486 0x11000 6.64 0c2e2aadf92898a8c8ceb513a99127bf
.lwiemf 0x12000 0x600 0x1000 2.55 10e48b00fc4538ecc4d2f3be03ff3cc5
.yfrewb 0x13000 0x59f0 0x1000 0.55 6c6b467614894726a4b46b3fbcdfe6dc

( 4 imports )
> KERNEL32.dll: FileTimeToSystemTime, WriteFile, GlobalAlloc, GetFileSize, CreateThread, CreateFileW, CreateProcessW, GlobalUnlock, ReadProcessMemory, FreeLibrary, GetCurrentProcess, GetProcAddress, CreateWaitableTimerW, GetFileAttributesW, MulDiv, TerminateThread, VirtualAlloc, LoadLibraryA, lstrcpyW, DuplicateHandle, GetCurrentThread, DeleteFileW, SizeofResource, SetFilePointer, InterlockedDecrement, SetEvent, GetModuleFileNameW
> USER32.dll: DestroyIcon, GetSysColor, OffsetRect, GetWindowDC, LoadIconW, LoadCursorW, IsDlgButtonChecked, DispatchMessageW, GetClassNameW, GetWindowTextW, PostQuitMessage, RegisterHotKey, GetDlgItem, CreatePopupMenu, SystemParametersInfoW, AppendMenuW, GetMessageW
> GDI32.dll: Rectangle, CreatePen, BitBlt, CreateRoundRectRgn, GetObjectW, GetDeviceCaps, CreateBitmap, GetClipBox
> ADVAPI32.dll: RegQueryValueExW, RegSetValueExW, RegDeleteValueW

( 0 exports )
Prevx info: http://info.prevx.com/aboutprogramtext.asp...1F74E00B332B377

ATENTION ATTENTION: VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.

#8 Farokh

Farokh
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:52 AM

Posted 20 September 2008 - 02:21 AM

ok man i have sent you the report

#9 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:10:52 PM

Posted 20 September 2008 - 02:38 PM

Hello Farokh,


Step #1

Please download The Avenger by Swandog46 to your Desktop.
  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop
Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to delete:
%systemroot%\system32\dkdupsdk.exe
%systemroot%\system32\gjmfevyl.exe
%systemroot%\system32\sxixupod.exe
%systemroot%\system32\vopyfahu.exe
Folders to delete:
%systemdrive%\vundofix backups

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Now, start The Avenger program by clicking on its icon on your desktop.
  • Click in the window labeled Input Script Here and paste the text copied to the clipboard into it by pressing (Ctrl+V).
  • Click the Execute button
  • Answer "Yes" twice when prompted.
The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
Step #2

Start OTScanIt. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Registry - Non-Microsoft Only]
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> ApiDbWeb -> %SystemRoot%\system32\nudijcna.exe [C:\Windows\system32\nudijcna.exe]
YN -> dscwebsrv -> %SystemRoot%\system32\hgzyzczu.exe [C:\Windows\system32\hgzyzczu.exe]
YN -> SetAct -> %SystemRoot%\system32\mtmfelur.exe [C:\Windows\system32\mtmfelur.exe]
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {7E853D72-626A-48EC-A868-BA8D5E23E045} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
[Files/Folders - Created Within 30 days]
NY -> VundoFix Backups -> %SystemDrive%\VundoFix Backups
NY -> dkdupsdk.exe -> %SystemRoot%\System32\dkdupsdk.exe
NY -> gjmfevyl.exe -> %SystemRoot%\System32\gjmfevyl.exe
NY -> sxixupod.exe -> %SystemRoot%\System32\sxixupod.exe
NY -> vopyfahu.exe -> %SystemRoot%\System32\vopyfahu.exe
[Files/Folders - Modified Within 30 days]
NY -> dkdupsdk.exe -> %SystemRoot%\System32\dkdupsdk.exe
NY -> gjmfevyl.exe -> %SystemRoot%\System32\gjmfevyl.exe
NY -> sxixupod.exe -> %SystemRoot%\System32\sxixupod.exe
NY -> vopyfahu.exe -> %SystemRoot%\System32\vopyfahu.exe
[Empty Temp Folders]
[Start Explorer]
[Reboot]

The fix should only take a very short time. When the fix is completed a message box will popup either telling you that it is finished, or that a reboot is needed to complete the fix. If the fix is complete, click the Ok button and Notepad will open with a log of actions taken during the fix. Post that log back here in your next reply.

If a reboot is required, click the "Yes" button to reboot the machine. After the reboot, OTScanIt will finish moving any files that could not be moved during the fix and NotePad will open with the final results at that time. Post that log back here in your next reply.

Step #3

Run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!
  • Click on Online Services and then Online Scanner
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply.
Step #4

Run a new OTScanIt scan with the following options

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program.
  • Under Additional Scans click the checkboxes in front of the following items to select them:


    • File - Additional Folder Scans

  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Step #5

Post the following back here:
1. The Avenger report (c:\Avenger.txt). This will be a short report, so you can post it.

2. The latest OTScanIt fix log (look in the OTScanIt folder for the MovedFiles folder. In that folder will be a file with a name in the form of mmddyyyy_hhmmss.log for month, day, year, hours, minutes, and seconds that the scan was run. ) This will be a short report, so you can post it.

3. The new OTScanIt scan log This will be a short report, so you can post it.
If you cannot post it then upload it to me here.
I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#10 Farokh

Farokh
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:52 AM

Posted 20 September 2008 - 05:07 PM

Explorer killed successfully
[Registry - Non-Microsoft Only]
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ApiDbWeb deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\dscwebsrv deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SetAct deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
[Files/Folders - Created Within 30 days]
File C:\VundoFix Backups not found!
File C:\Windows\System32\dkdupsdk.exe not found!
File C:\Windows\System32\gjmfevyl.exe not found!
File C:\Windows\System32\sxixupod.exe not found!
File C:\Windows\System32\vopyfahu.exe not found!
[Files/Folders - Modified Within 30 days]
File C:\Windows\System32\dkdupsdk.exe not found!
File C:\Windows\System32\gjmfevyl.exe not found!
File C:\Windows\System32\sxixupod.exe not found!
File C:\Windows\System32\vopyfahu.exe not found!
[Empty Temp Folders]
File delete failed. C:\Users\Fanis\AppData\Local\Temp\etilqs_BHHhJT8qJvIXgZZjxrHP scheduled to be deleted on reboot.
File delete failed. C:\Users\Fanis\AppData\Local\Temp\~DF2C60.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Fanis\AppData\Local\Temp\~DFC0B.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Fanis\AppData\Local\Temp\~DFF3D4.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\Windows\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
Windows Temp folder emptied.
File delete failed. C:\Users\Fanis\AppData\Local\Mozilla\Firefox\Profiles\vd9xc7s2.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Fanis\AppData\Local\Mozilla\Firefox\Profiles\vd9xc7s2.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Fanis\AppData\Local\Mozilla\Firefox\Profiles\vd9xc7s2.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Fanis\AppData\Local\Mozilla\Firefox\Profiles\vd9xc7s2.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Fanis\AppData\Local\Mozilla\Firefox\Profiles\vd9xc7s2.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
FireFox cache emptied.
RecycleBin -> emptied.
Explorer started successfully
< End of fix log >
OTScanIt by OldTimer - Version 1.0.19.0 fix logfile created on 09212008_004100

Files moved on Reboot...
File C:\Users\Fanis\AppData\Local\Temp\etilqs_BHHhJT8qJvIXgZZjxrHP not found!
C:\Users\Fanis\AppData\Local\Temp\~DF2C60.tmp moved successfully.
File C:\Users\Fanis\AppData\Local\Temp\~DFC0B.tmp not found!
File C:\Users\Fanis\AppData\Local\Temp\~DFF3D4.tmp not found!
File move failed. C:\Windows\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
C:\Users\Fanis\AppData\Local\Mozilla\Firefox\Profiles\vd9xc7s2.default\Cache\_CACHE_001_ moved successfully.
C:\Users\Fanis\AppData\Local\Mozilla\Firefox\Profiles\vd9xc7s2.default\Cache\_CACHE_002_ moved successfully.
C:\Users\Fanis\AppData\Local\Mozilla\Firefox\Profiles\vd9xc7s2.default\Cache\_CACHE_003_ moved successfully.
C:\Users\Fanis\AppData\Local\Mozilla\Firefox\Profiles\vd9xc7s2.default\Cache\_CACHE_MAP_ moved successfully.
C:\Users\Fanis\AppData\Local\Mozilla\Firefox\Profiles\vd9xc7s2.default\urlclassifier3.sqlite moved successfully.


I did everything until step 3.I don't use internet explorer and when i open it it says that addons are disabled.I tried everything to enable them but it was impossible ,so i couldn't do step 3.
Any directions?
(Thank you man once again for helping me)

#11 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:10:52 PM

Posted 20 September 2008 - 05:47 PM

I can see you have a hard time following directions.

You did not post the Avenger log (Step 1). :thumbsup: The Avenger report can be found at(c:\Avenger.txt).

You did not post the new OTScanit log (step 4). Please follow the directions and post it.


I did everything until step 3. I don't use internet explorer and when i open it it says that addons are disabled.

To re-enable an add-on
http://windowshelp.microsoft.com/Windows/e...df9b7e1033.mspx

Edited by SifuMike, 20 September 2008 - 09:15 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#12 Farokh

Farokh
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:52 AM

Posted 21 September 2008 - 04:09 AM

i have uploaded for you the avenger.txt and i am downloading all vista updates to download the internet explorer 8 because i have only the internet explorer 7(no addons) version.later i will do everything as u asked

#13 Farokh

Farokh
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:52 AM

Posted 21 September 2008 - 06:49 AM

i managed to make it work so here are those that i didn't post before (I will put the avenger on attachment in case you didn't take it.I can't read it.It is NULL everywhere)

Scanning Report
Sunday, September 21, 2008 13:57:42 - 14:46:30

Computer name: FANIS-PC1
Scanning type: Scan system for malware, rootkits
Target: C:\ D:\ E:\
Result: 7 malware found
Client-IRC.Win32.mIRC (spyware)

* System

TrackingCookie.2o7 (spyware)

* System

TrackingCookie.Advertising (spyware)

* System

TrackingCookie.Atdmt (spyware)

* System

TrackingCookie.Specificclick (spyware)

* System

TrackingCookie.Webtrends (spyware)

* System

TrackingCookie.Zanox (spyware)

* System

Statistics
Scanned:

* Files: 47157
* System: 4886
* Not scanned: 21

Actions:

* Disinfected: 0
* Renamed: 0
* Deleted: 0
* None: 7
* Submitted: 0

Files not scanned:

* C:\HIBERFIL.SYS
* C:\PAGEFILE.SYS
* C:\WINDOWS\SYSTEM32\DRIVERS\SPTD.SYS
* C:\WINDOWS\SYSTEM32\CONFIG\COMPONENTS
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\SYSTEM32\CONFIG\SAM
* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
* C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
* C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\COMPONENTS
* C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\DEFAULT
* C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SAM
* C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SECURITY
* C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SOFTWARE
* C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SYSTEM
* C:\WINDOWS\SYSTEM32\CATROOT2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATDB
* C:\WINDOWS\SYSTEM32\CATROOT2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\CATDB
* C:\WINDOWS\SOFTWAREDISTRIBUTION\EVENTCACHE\{E9AD5EAD-0B2D-4CEF-BCDD-60362BB96395}.BIN
* C:\WINDOWS\CSC\V2.0.6\PQ
* C:\USERS\FANIS\APPDATA\LOCAL\TEMP\ETILQS_TRHGIQDJVU2BJT6LKGWX
* D:\BOOT\BCD

Options
Scanning engines:

* F-Secure USS: 2.30.0
* F-Secure Hydra: 2.8.8110, 2008-09-21
* F-Secure AVP: 7.0.171, 2008-09-21
* F-Secure Pegasus: 1.20.0, 2008-08-09

Scanning options:

* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JPG LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
* Use Advanced heuristics

Copyright © 1998-2007 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.


OTScanIt logfile created on: 21/9/2008 14:48:12
OTScanIt by OldTimer - Version 1.0.19.0	 Folder = C:\Users\Fanis\Desktop\OTScanIt
Windows Vista   (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16711)
Locale: 00000408 | Country: Ελλάδα | Language: ELL | Date Format: d/M/yyyy
 
2,00 Gb Total Physical Memory | 1,64 Gb Available Physical Memory | 82,16% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free
Paging file location(s): ?:\pagefile.sys;
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 156,25 Gb Total Space | 58,03 Gb Free Space | 37,14% Space Free | Partition Type: NTFS
Drive D: | 152,67 Gb Total Space | 121,20 Gb Free Space | 79,39% Space Free | Partition Type: NTFS
Drive E: | 309,51 Gb Total Space | 171,75 Gb Free Space | 55,49% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
Drive G: | 7,23 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive H: | 3,90 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive I: | 1,79 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive J: | 2,05 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: FANIS-PC1
Current User Name: Fanis
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On

[Processes - Non-Microsoft Only]
aswupdsv.exe -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 8, 1227, 0 | Size = 16056 bytes | Modified Date = 19/7/2008 17:25:06 | Attr =	]
ashserv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 8, 1227, 0 | Size = 147640 bytes | Modified Date = 19/7/2008 17:38:28 | Attr =	]
sdwinsec.exe -> %ProgramFiles%\Spybot - Search & Destroy\SDWinSec.exe -> Safer Networking Ltd. [Ver = 1, 0, 0, 12 | Size = 809296 bytes | Modified Date = 14/8/2008 13:39:56 | Attr =	]
ashmaisv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 8, 1227, 0 | Size = 250040 bytes | Modified Date = 19/7/2008 17:38:04 | Attr =	]
ashwebsv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 8, 1229, 0 | Size = 348344 bytes | Modified Date = 23/7/2008 17:25:45 | Attr =	]
ashdisp.exe -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 8, 1227, 0 | Size = 78008 bytes | Modified Date = 19/7/2008 17:38:34 | Attr =	]
deskspace.exe -> E:\Programs\DeskSpace v1.5.1\deskspace.exe -> OtakuSoftware [Ver = 1.5.1.0 | Size = 1066496 bytes | Modified Date = 18/9/2007 06:15:12 | Attr =	]
firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.9.0.1 | Size = 307712 bytes | Modified Date = 18/7/2008 07:59:49 | Attr =	]

[Win32 Services - Non-Microsoft Only]
(aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 8, 1227, 0 | Size = 16056 bytes | Modified Date = 19/7/2008 17:25:06 | Attr =	]
(avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 8, 1227, 0 | Size = 147640 bytes | Modified Date = 19/7/2008 17:38:28 | Attr =	]
(avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 8, 1227, 0 | Size = 250040 bytes | Modified Date = 19/7/2008 17:38:04 | Attr =	]
(avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 8, 1229, 0 | Size = 348344 bytes | Modified Date = 23/7/2008 17:25:45 | Attr =	]
(CertPropSvc) Certificate Propagation [Win32_Shared | Unknown | Stopped] -> %SystemRoot%\system32\svchost.exe -> File not found
(DcomLaunch) DCOM Server Process Launcher [Win32_Shared | Unknown | Running] -> %SystemRoot%\system32\svchost.exe -> File not found
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> %systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -> File not found
(lxbk_device) lxbk_device [Win32_Own | Disabled | Stopped] -> %SystemRoot%\System32\lxbkcoms.exe ->   [Ver = 99.99.99.99 | Size = 537520 bytes | Modified Date = 26/4/2007 13:01:46 | Attr =	]
(MSDTC) Distributed Transaction Coordinator [Win32_Own | Unknown | Stopped] -> %SystemRoot%\System32\msdtc.exe -> File not found
(PnkBstrA) PnkBstrA [Win32_Own | Disabled | Stopped] -> %SystemRoot%\System32\PnkBstrA.exe ->  [Ver =  | Size = 66872 bytes | Modified Date = 30/5/2008 18:43:14 | Attr =	]
(RichVideo) Cyberlink RichVideo Service(CRVS) [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\CyberLink\Shared files\RichVideo.exe ->  [Ver = 1.1.0808   | Size = 173616 bytes | Modified Date = 7/2/2007 16:29:50 | Attr =	]
(SBSDWSCService) SBSD Security Center Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Spybot - Search & Destroy\SDWinSec.exe -> Safer Networking Ltd. [Ver = 1, 0, 0, 12 | Size = 809296 bytes | Modified Date = 14/8/2008 13:39:56 | Attr =	]
(Schedule) Task Scheduler [Win32_Shared | Unknown | Running] -> %systemroot%\system32\svchost.exe -> File not found
(SCPolicySvc) Smart Card Removal Policy [Win32_Shared | Unknown | Stopped] -> %SystemRoot%\system32\svchost.exe -> File not found
(TrustedInstaller) Windows Modules Installer [Win32_Own | Unknown | Stopped] -> %SystemRoot%\servicing\TrustedInstaller.exe -> File not found
(WdiServiceHost) Diagnostic Service Host [Win32_Shared | Unknown | Stopped] -> %SystemRoot%\System32\svchost.exe -> File not found
(WdiSystemHost) Diagnostic System Host [Win32_Shared | Unknown | Running] -> %SystemRoot%\System32\svchost.exe -> File not found

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
AppleSyncNotifier -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe] -> Apple Inc. [Ver = 1, 1, 0, 0 | Size = 111936 bytes | Modified Date = 3/9/2008 20:12:50 | Attr =	]
avast! -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe [C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe] -> ALWIL Software [Ver = 4, 8, 1227, 0 | Size = 78008 bytes | Modified Date = 19/7/2008 17:38:34 | Attr =	]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe ["C:\Program Files\iTunes\iTunesHelper.exe"] -> Apple Inc. [Ver = 8.0.0.35 | Size = 289576 bytes | Modified Date = 10/9/2008 17:40:06 | Attr =	]
NvCplDaemon -> %SystemRoot%\System32\nvcpl.dll [RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 7.15.11.7519 | Size = 13535776 bytes | Modified Date = 16/5/2008 14:01:00 | Attr =	]
NvMediaCenter -> %SystemRoot%\System32\nvmctray.dll [RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit] -> NVIDIA Corporation [Ver = 7.15.11.7519 | Size = 92704 bytes | Modified Date = 16/5/2008 14:01:00 | Attr =	]
QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\QTTask.exe" -atboottime] -> Apple Inc. [Ver = 7.5.5 (990.7) | Size = 413696 bytes | Modified Date = 6/9/2008 15:09:14 | Attr =	]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_07\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 144784 bytes | Modified Date = 10/6/2008 04:27:04 | Attr =	]
< RunServices [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices -> 
SystemTray Monitor ->  [SysTraymon.exe] -> File not found
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
DAEMON Tools Lite -> %ProgramFiles%\DAEMON Tools Lite\daemon.exe ["C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun] -> DT Soft Ltd [Ver = 4.12.0.0 | Size = 486856 bytes | Modified Date = 17/1/2008 19:51:02 | Attr =	]
DeskSpace -> E:\Programs\DeskSpace v1.5.1\deskspace.exe [E:\Programs\DeskSpace v1.5.1\deskspace.exe] -> OtakuSoftware [Ver = 1.5.1.0 | Size = 1066496 bytes | Modified Date = 18/9/2007 06:15:12 | Attr =	]
< SharedTaskScheduler [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler -> 
{EC654325-1273-C2A9-2B7C-45D29BCE68FB} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Stardock\Object Desktop\DeskScapes\deskscapes.dll [Deskscapes] -> Stardock Corporation [Ver = 1.0 | Size = 104112 bytes | Modified Date = 21/3/2007 18:02:32 | Attr =	]
{EC654325-1273-C2A9-2B7C-45D29BCE68FD} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Stardock\Object Desktop\DeskScapes\DesktopControlPanel.dll [Stardock Vista ControlPanel Extension] -> Stardock [Ver = 1, 0, 1, 104 | Size = 91848 bytes | Modified Date = 23/3/2007 14:09:22 | Attr =	]
{EC654325-1273-C2A9-2B7C-45D29BCE68FF} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Stardock\Object Desktop\DeskScapes\DreamControl.dll [StardockDreamController] -> Stardock [Ver = 1, 0, 1, 105 | Size = 489160 bytes | Modified Date = 27/3/2007 14:47:00 | Attr =	]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 2923520 bytes | Modified Date = 21/9/2008 13:38:03 | Attr =	]
*MultiFile Done* -> -> 
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
C:\Windows\system32\userinit.exe -> %SystemRoot%\System32\userinit.exe -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 24576 bytes | Modified Date = 2/11/2006 12:45:50 | Attr =	]
*MultiFile Done* -> -> 
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 
rundll32 shell32 -> %SystemRoot%\System32\shell32.dll -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 11315712 bytes | Modified Date = 21/9/2008 12:51:00 | Attr =	]
Control_RunDLL "sysdm.cpl" -> %SystemRoot%\System32\sysdm.cpl -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 238080 bytes | Modified Date = 2/11/2006 12:44:42 | Attr =	]
*MultiFile Done* -> -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin -> 2 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableInstallerDetection -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableSecureUIAPaths -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableVirtualization -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ValidateAdminCodeSignatures -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\scforceoption -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\undockwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\FilterAdministratorToken -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_TEXT -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_BITMAP -> 2 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_OEMTEXT -> 7 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_DIB -> 8 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_PALETTE -> 9 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_UNICODETEXT -> 13 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_DIBV5 -> 17 -> 
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispBackgroundPage -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispScrSavPage -> 0 -> 
< CDROM Autorun Setting > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> 
*AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> 
TORiSAN CD-ROM CDR_C36 ->  -> File not found
NEC	 MBR-7	->  -> File not found
NEC	 MBR-7.4  ->  -> File not found
PIONEER CHANGR DRM-1804X ->  -> File not found
PIONEER CD-ROM DRM-6324X ->  -> File not found
PIONEER CD-ROM DRM-624X  ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\System32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 67072 bytes | Modified Date = 2/11/2006 11:51:44 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 3 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> 
< Drives with AutoRun files > ->  -> 
autoexec.bat [REM Dummy file for NTVDM | ] -> %SystemDrive%\autoexec.bat [ NTFS ] ->  [Ver =  | Size = 24 bytes | Modified Date = 19/9/2006 00:43:36 | Attr =	]
AutoHotkey.ahk [; IMPORTANT INFO ABOUT GETTING STARTED: Lines that start with a |; semicolon, such as this one, are comments.  They are not executed. |  |; This script has a special filename and path because it is automatically |; launched when you run the program directly.  Also, any text file whose |; name ends in .ahk is associated with the program, which means that it |; can be launched simply by double-clicking it.  You can have as many .ahk |; files as you want, located in any folder.  You can also run more than |; one ahk file simultaneously and each will get its own tray icon. |  |; SAMPLE HOTKEYS: Below are two sample hotkeys.  The first is Win+Z and it |; launches a web site in the default browser.  The second is Control+Alt+N |; and it launches a new Notepad window (or activates an existing one).  To |; try out these hotkeys, run AutoHotkey again, which will load this file. |  | #z::Run www.autohotkey.com |  | ^!n:: | IfWinExist Untitled - Notepad | 	WinActivate | else | 	Run Notepad | return |  |  |; Note: From now on whenever you run AutoHotkey directly, this script |; will be loaded.  So feel free to customize it to suit your needs. |  |; Please read the QUICK-START TUTORIAL near the top of the help file. |; It explains how to perform common automation tasks such as sending |; keystrokes and mouse clicks.  It also explains more about hotkeys. |  | ] -> E:\AutoHotkey.ahk [ NTFS ] ->  [Ver =  | Size = 1352 bytes | Modified Date = 4/4/2008 00:13:32 | Attr =	]
autorun.exe [MZ | ] -> G:\autorun.exe [ CDFS ] -> BioWare [Ver = 1.1.0.3 | Size = 726248 bytes | Modified Date = 1/5/2008 20:36:21 | Attr = R  ]
autorun.inf [[autorun] | OPEN=autorun.exe -auto | ICON=data\MassPC.ico | ] -> G:\autorun.inf [ CDFS ] ->  [Ver =  | Size = 57 bytes | Modified Date = 16/11/2007 01:48:02 | Attr = R  ]
Autorun.exe [MZ | ] -> H:\Autorun.exe [ UDF ] -> Electronic Arts Inc. [Ver = 1.0 | Size = 398600 bytes | Modified Date = 5/8/2008 20:02:19 | Attr = R  ]
Autorun.inf [[autorun] | open=autorun.exe | icon=spore.ico | ] -> H:\Autorun.inf [ UDF ] ->  [Ver =  | Size = 43 bytes | Modified Date = 5/8/2008 19:23:19 | Attr = R  ]
autorun [] -> H:\autorun.exe [ UDF ] -> Electronic Arts Inc. [Ver = 1.0 | Size = 398600 bytes | Modified Date = 5/8/2008 20:02:19 | Attr = R  ]
AutoRun.exe [MZ | ] -> I:\AutoRun.exe [ CDFS ] ->  [Ver =  | Size = 28672 bytes | Modified Date = 25/7/2005 17:28:58 | Attr = R  ]
Autorun.inf [[autorun] | open=AutoRun.exe | icon=Game.ico | ] -> I:\Autorun.inf [ CDFS ] ->  [Ver =  | Size = 42 bytes | Modified Date = 14/7/2005 12:05:34 | Attr = R  ]
Autorun.inf [[autorun]  | open=Installer.exe | icon=Installer.ico | ] -> J:\Autorun.inf [ CDFS ] ->  [Ver =  | Size = 52 bytes | Modified Date = 29/9/2003 11:55:44 | Attr = R  ]
< HOSTS File > (206667 bytes and 7315 lines) -> C:\Windows\System32\drivers\etc\Hosts -> 
First 25 entries...
127.0.0.1	   localhost
::1			 localhost
127.0.0.1	007guard.com
127.0.0.1	www.007guard.com
127.0.0.1	008i.com
127.0.0.1	008k.com
127.0.0.1	www.008k.com
127.0.0.1	00hq.com
127.0.0.1	www.00hq.com
127.0.0.1	010402.com
127.0.0.1	032439.com
127.0.0.1	www.032439.com
127.0.0.1	1001-search.info
127.0.0.1	www.1001-search.info
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	100sexlinks.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	10sek.com
127.0.0.1	www.10sek.com
127.0.0.1	123topsearch.com
127.0.0.1	www.123topsearch.com
127.0.0.1	132.com
127.0.0.1	www.132.com
127.0.0.1	136136.net
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Local Page -> C:\Windows\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.daemon-search.com/startpage -> 
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
HKEY_CURRENT_USER\: ProxyOverride -> *.local -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 3894 domain(s) found. -> 
30 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 3901 domain(s) found. -> 
30 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 6, 0, 12 | Size = 1562448 bytes | Modified Date = 14/8/2008 13:39:52 | Attr =	]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 509328 bytes | Modified Date = 10/6/2008 04:27:02 | Attr =	]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 132496 bytes | Modified Date = 10/6/2008 04:27:02 | Attr =	]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 509328 bytes | Modified Date = 10/6/2008 04:27:02 | Attr =	]
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 6, 0, 12 | Size = 1562448 bytes | Modified Date = 14/8/2008 13:39:52 | Attr =	]
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{76274589-3B85-4784-85B1-EC61697C02C9} -> 193.92.110.1   (NVIDIA nForce Networking Controller) -> 
< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> 
NameSpace_Catalog5\Catalog_Entries\000000000007 [mdnsNSP] -> %ProgramFiles%\Bonjour\mdnsNSP.dll -> Apple Inc. [Ver = 1,0,5,11 | Size = 147456 bytes | Modified Date = 29/8/2008 09:53:50 | Attr =	]
< Default Protocols [HKEY_LOCAL_MACHINE\] - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> 
ldap -> 4 = Restricted sites (Not a Default Protocol) -> 
news -> 4 = Restricted sites (Not a Default Protocol) -> 
nntp -> 4 = Restricted sites (Not a Default Protocol) -> 
oecmd -> 4 = Restricted sites (Not a Default Protocol) -> 
snews -> 4 = Restricted sites (Not a Default Protocol) -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> 
{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876}[HKEY_LOCAL_MACHINE] -> http://support.f-secure.com/ols/fscax.cab[F-Secure Online Scanner 3.3] -> 
{C3F79A2B-B9B4-4A66-B012-3EE46475B072}[HKEY_LOCAL_MACHINE] -> http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab[MessengerStatsClient Class] -> 
{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab[Reg Error: Key does not exist or could not be opened.] -> 
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> 
{F5A7706B-B9C0-4C89-A715-7A0C6B05DD48}[HKEY_LOCAL_MACHINE] -> http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab[Minesweeper Flags Class] -> 
< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/auc_lib.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/auc_lib.dll\\.Owner -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/auc_lib.dll\\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/ca.pub\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/ca.pub\\.Owner -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/ca.pub\\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/daas_s.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/daas_s.dll\\.Owner -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/daas_s.dll\\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/fscax.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/fscax.dll\\.Owner -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/fscax.dll\\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/gatelauncher.exe\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/gatelauncher.exe\\.Owner -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/gatelauncher.exe\\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/MessengerStatsPAClient.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/MessengerStatsPAClient.dll\\.Owner -> {C3F79A2B-B9B4-4A66-B012-3EE46475B072} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/MessengerStatsPAClient.dll\\{C3F79A2B-B9B4-4A66-B012-3EE46475B072} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/MineSweeper.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/MineSweeper.dll\\.Owner -> {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/MineSweeper.dll\\{F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} ->  -> 



[Files/Folders - Created Within 30 days]
Avenger -> %SystemDrive%\Avenger ->  [Folder | Created Date = 21/9/2008 00:37:58 | Attr =	]
fsaua.data -> %SystemDrive%\fsaua.data ->  [Folder | Created Date = 21/9/2008 13:52:25 | Attr =	]
Matrix Games -> %SystemDrive%\Matrix Games ->  [Folder | Created Date = 8/9/2008 23:01:12 | Attr =	]
rsit -> %SystemDrive%\rsit ->  [Folder | Created Date = 20/9/2008 00:10:45 | Attr =	]
_OTScanIt -> %SystemDrive%\_OTScanIt ->  [Folder | Created Date = 21/9/2008 00:41:01 | Attr =	]
nvphy.bin -> %SystemRoot%\System32\drivers\nvphy.bin ->  [Ver =  | Size = 3636 bytes | Created Date = 21/9/2008 13:31:38 | Attr =	]
GameUXLegacyGDFs.dll -> %SystemRoot%\System32\GameUXLegacyGDFs.dll -> Microsoft [Ver = 1.0.0.1 | Size = 4247552 bytes | Created Date = 21/9/2008 13:38:22 | Attr =	]
nvapps.xml -> %SystemRoot%\System32\nvapps.xml ->  [Ver =  | Size = 188960 bytes | Created Date = 8/9/2008 13:53:04 | Attr =	]
wlan.tmf -> %SystemRoot%\System32\wlan.tmf ->  [Ver =  | Size = 1655289 bytes | Created Date = 21/9/2008 13:38:03 | Attr =	]
Gary Grigsby's World at War A World Divided -> %SystemRoot%\Gary Grigsby's World at War A World Divided ->  [Folder | Created Date = 8/9/2008 23:01:12 | Attr =	]
MEMORY.DMP -> %SystemRoot%\MEMORY.DMP ->  [Ver =  | Size = 258374238 bytes | Created Date = 6/9/2008 18:55:18 | Attr =	]
PIF -> %SystemRoot%\PIF ->  [Folder | Created Date = 3/9/2008 12:24:27 | Attr =  H ]
wininit.ini -> %SystemRoot%\wininit.ini ->  [Ver =  | Size = 217 bytes | Created Date = 8/9/2008 20:45:04 | Attr =	]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
Malwarebytes -> %AllUsersProfile%\Malwarebytes ->  [Folder | Created Date = 19/9/2008 16:34:47 | Attr =	]
qrapelcj -> %AllUsersProfile%\qrapelcj ->  [Folder | Created Date = 8/9/2008 19:59:51 | Attr =	]
{3276BE95_AF08_429F_A64F_CA64CB79BCF6} -> %AllUsersProfile%\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} ->  [Folder | Created Date = 12/9/2008 12:45:35 | Attr =	]
Malwarebytes -> %AppData%\Malwarebytes ->  [Folder | Created Date = 19/9/2008 16:34:50 | Attr =	]
SPORE -> %AppData%\SPORE ->  [Folder | Created Date = 4/9/2008 15:02:28 | Attr =	]
Apple Computer -> %UserProfile%\AppData\Local\Apple Computer ->  [Folder | Created Date = 20/9/2008 16:13:13 | Attr =	]
Blizzard Entertainment -> %SystemDrive%\Users\Public\Documents\Blizzard Entertainment ->  [Folder | Created Date = 17/9/2008 18:57:01 | Attr =	]
STALKER-STCS -> %SystemDrive%\Users\Public\Documents\STALKER-STCS ->  [Folder | Created Date = 15/9/2008 14:20:36 | Attr =	]
Οι Σποροδημιουργίες μου -> E:\Οι Σποροδημιουργίες μου ->  [Folder | Created Date = 4/9/2008 15:02:44 | Attr =	]
Malwarebytes' Anti-Malware.lnk -> %SystemDrive%\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk ->  [Ver =  | Size = 826 bytes | Created Date = 19/9/2008 16:34:49 | Attr =	]
World of Warcraft.lnk -> %SystemDrive%\Users\Public\Desktop\World of Warcraft.lnk ->  [Ver =  | Size = 892 bytes | Created Date = 17/9/2008 17:46:54 | Attr =	]
avenger.zip -> %UserProfile%\Desktop\avenger.zip ->  [Ver =  | Size = 724952 bytes | Created Date = 21/9/2008 00:35:37 | Attr =	]
Blitzkrieg 2 - Fall of the Reich.lnk -> %UserProfile%\Desktop\Blitzkrieg 2 - Fall of the Reich.lnk ->  [Ver =  | Size = 2108 bytes | Created Date = 17/9/2008 16:48:40 | Attr =	]
HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk ->  [Ver =  | Size = 1882 bytes | Created Date = 12/9/2008 13:29:42 | Attr =	]
OTScanIt -> %UserProfile%\Desktop\OTScanIt ->  [Folder | Created Date = 20/9/2008 10:13:17 | Attr =	]
OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe ->  [Ver =  | Size = 576581 bytes | Created Date = 20/9/2008 10:12:21 | Attr =	]
Programma.pdf -> %UserProfile%\Desktop\Programma.pdf ->  [Ver =  | Size = 134361 bytes | Created Date = 12/9/2008 20:16:48 | Attr =	]
RSIT.exe -> %UserProfile%\Desktop\RSIT.exe ->  [Ver = 3, 2, 12, 1 | Size = 305323 bytes | Created Date = 20/9/2008 00:10:18 | Attr =	]
World at War a World Divided (Game Menu).lnk -> %UserProfile%\Desktop\World at War a World Divided (Game Menu).lnk ->  [Ver =  | Size = 1883 bytes | Created Date = 8/9/2008 23:08:22 | Attr =	]
Αντιμετώπιση προβλημάτων του Internet Explorer.url -> %UserProfile%\Desktop\Αντιμετώπιση προβλημάτων του Internet Explorer.url ->  [Ver =  | Size = 134 bytes | Created Date = 21/9/2008 00:57:27 | Attr =	]
Blizzard Entertainment -> %CommonProgramFiles%\Blizzard Entertainment ->  [Folder | Created Date = 17/9/2008 15:42:19 | Attr =	]
Blitzkrieg 2 -> %ProgramFiles%\Blitzkrieg 2 ->  [Folder | Created Date = 16/9/2008 19:30:02 | Attr =	]
Blitzkrieg 2 - Fall of the Reich -> %ProgramFiles%\Blitzkrieg 2 - Fall of the Reich ->  [Folder | Created Date = 17/9/2008 15:19:42 | Attr =	]
Bonjour -> %ProgramFiles%\Bonjour ->  [Folder | Created Date = 12/9/2008 12:44:01 | Attr =	]
EA Games -> %ProgramFiles%\EA Games ->  [Folder | Created Date = 7/9/2008 15:30:36 | Attr =	]
GameSpy Arcade -> %ProgramFiles%\GameSpy Arcade ->  [Folder | Created Date = 7/9/2008 21:11:25 | Attr =	]
GSC World Publishing -> %ProgramFiles%\GSC World Publishing ->  [Folder | Created Date = 15/9/2008 14:11:44 | Attr =	]
HijackThis -> %ProgramFiles%\HijackThis ->  [Folder | Created Date = 9/9/2008 21:39:16 | Attr =	]
iPod -> %ProgramFiles%\iPod ->  [Folder | Created Date = 12/9/2008 12:45:35 | Attr =	]
iTunes -> %ProgramFiles%\iTunes ->  [Folder | Created Date = 12/9/2008 12:45:35 | Attr =	]
JoWood -> %ProgramFiles%\JoWood ->  [Folder | Created Date = 7/9/2008 22:26:09 | Attr =	]
Kalypso -> %ProgramFiles%\Kalypso ->  [Folder | Created Date = 3/9/2008 12:27:45 | Attr =	]
Malwarebytes' Anti-Malware -> %ProgramFiles%\Malwarebytes' Anti-Malware ->  [Folder | Created Date = 19/9/2008 16:34:47 | Attr =	]
MSXML 4.0 -> %ProgramFiles%\MSXML 4.0 ->  [Folder | Created Date = 21/9/2008 12:31:35 | Attr =	]
New Folder -> %ProgramFiles%\New Folder ->  [Folder | Created Date = 15/9/2008 20:29:49 | Attr =	]
QuickTime -> %ProgramFiles%\QuickTime ->  [Folder | Created Date = 12/9/2008 12:42:47 | Attr =	]
Team17 Software Ltd -> %ProgramFiles%\Team17 Software Ltd ->  [Folder | Created Date = 7/9/2008 21:06:31 | Attr =	]
The Adventure Company -> %ProgramFiles%\The Adventure Company ->  [Folder | Created Date = 9/9/2008 22:33:49 | Attr =	]
Trend Micro -> %ProgramFiles%\Trend Micro ->  [Folder | Created Date = 12/9/2008 13:29:41 | Attr =	]
World of Warcraft -> %ProgramFiles%\World of Warcraft ->  [Folder | Created Date = 17/9/2008 17:33:08 | Attr =	]

[Files/Folders - Modified Within 30 days]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 3219644416 bytes | Modified Date = 21/9/2008 13:42:43 | Attr =  HS]
7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> %SystemRoot%\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 ->  [Ver =  | Size = 3552 bytes | Modified Date = 21/9/2008 13:43:51 | Attr =  H ]
7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> %SystemRoot%\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 ->  [Ver =  | Size = 3552 bytes | Modified Date = 21/9/2008 13:43:51 | Attr =  H ]
CmdLineExt.dll -> %SystemRoot%\System32\CmdLineExt.dll -> Sony DADC Austria AG. [Ver = 1,1,225,0 | Size = 107888 bytes | Modified Date = 7/9/2008 17:04:13 | Attr =	]
FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT ->  [Ver =  | Size = 371840 bytes | Modified Date = 21/9/2008 12:58:57 | Attr =	]
GameUXLegacyGDFs.dll -> %SystemRoot%\System32\GameUXLegacyGDFs.dll -> Microsoft [Ver = 1.0.0.1 | Size = 4247552 bytes | Modified Date = 21/9/2008 13:38:22 | Attr =	]
perfc009.dat -> %SystemRoot%\System32\perfc009.dat ->  [Ver =  | Size = 108260 bytes | Modified Date = 21/9/2008 13:46:40 | Attr =	]
perfh009.dat -> %SystemRoot%\System32\perfh009.dat ->  [Ver =  | Size = 621176 bytes | Modified Date = 21/9/2008 13:46:41 | Attr =	]
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI ->  [Ver =  | Size = 733440 bytes | Modified Date = 21/9/2008 13:46:40 | Attr =	]
wlan.tmf -> %SystemRoot%\System32\wlan.tmf ->  [Ver =  | Size = 1655289 bytes | Modified Date = 21/9/2008 13:38:03 | Attr =	]
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 67584 bytes | Modified Date = 21/9/2008 13:42:58 | Attr =   S]
Lexicon.ini -> %SystemRoot%\Lexicon.ini ->  [Ver =  | Size = 207 bytes | Modified Date = 11/9/2008 17:20:17 | Attr =	]
MEMORY.DMP -> %SystemRoot%\MEMORY.DMP ->  [Ver =  | Size = 258374238 bytes | Modified Date = 8/9/2008 12:12:35 | Attr =	]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini ->  [Ver =  | Size = 69 bytes | Modified Date = 21/9/2008 00:13:12 | Attr =	]
win.ini -> %SystemRoot%\win.ini ->  [Ver =  | Size = 248 bytes | Modified Date = 21/9/2008 12:38:47 | Attr =	]
WindowsShell.Manifest -> %SystemRoot%\WindowsShell.Manifest ->  [Ver =  | Size = 749 bytes | Modified Date = 21/9/2008 13:00:22 | Attr = RH ]
wininit.ini -> %SystemRoot%\wininit.ini ->  [Ver =  | Size = 217 bytes | Modified Date = 8/9/2008 20:45:10 | Attr =	]
1-Click Maintenance.job -> %SystemRoot%\tasks\1-Click Maintenance.job ->  [Ver =  | Size = 390 bytes | Modified Date = 19/9/2008 17:16:11 | Attr =	]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 21/9/2008 13:43:05 | Attr =  H ]
User_Feed_Synchronization-{521BEB33-A14A-44E4-AD02-F8A2F49C7916}.job -> %SystemRoot%\tasks\User_Feed_Synchronization-{521BEB33-A14A-44E4-AD02-F8A2F49C7916}.job ->  [Ver =  | Size = 422 bytes | Modified Date = 20/9/2008 16:16:10 | Attr =  H ]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ -> C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys ->  [Folder | Modified Date = 21/9/2008 13:50:41 | Attr =	]
capilock.dat -> C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\capilock.dat ->  [Ver =  | Size = 8 bytes | Modified Date = 21/9/2008 13:30:45 | Attr =	]
C:\ProgramData\Microsoft\Network\Downloader\ -> C:\ProgramData\Microsoft\Network\Downloader ->  [Folder | Modified Date = 2/11/2006 16:02:36 | Attr =	]
qmgr0.dat -> C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 6916 bytes | Modified Date = 21/9/2008 13:27:53 | Attr =	]
qmgr1.dat -> C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 4232 bytes | Modified Date = 21/9/2008 13:27:54 | Attr =	]
C:\ProgramData\Microsoft\OFFICE\DATA\ -> C:\ProgramData\Microsoft\OFFICE\DATA ->  [Folder | Modified Date = 27/10/2007 17:55:19 | Attr =	]
opa12.dat -> C:\ProgramData\Microsoft\OFFICE\DATA\opa12.dat ->  [Ver =  | Size = 8206 bytes | Modified Date = 27/10/2007 17:55:19 | Attr =	]
C:\ProgramData\Microsoft\RAC\PublishedData\ -> C:\ProgramData\Microsoft\RAC\PublishedData ->  [Folder | Modified Date = 29/10/2007 01:29:51 | Attr =	]
PublishedRacMonAFLTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonAFLTable.DAT ->  [Ver =  | Size = 103776 bytes | Modified Date = 21/9/2008 00:58:20 | Attr =	]
PublishedRacMonCLKTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonCLKTable.DAT ->  [Ver =  | Size = 0 bytes | Modified Date = 21/9/2008 00:58:20 | Attr =	]
PublishedRacMonHFLTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonHFLTable.DAT ->  [Ver =  | Size = 0 bytes | Modified Date = 21/9/2008 00:58:20 | Attr =	]
PublishedRacMonIndex.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonIndex.DAT ->  [Ver =  | Size = 7896 bytes | Modified Date = 21/9/2008 00:58:20 | Attr =	]
PublishedRacMonOSFTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonOSFTable.DAT ->  [Ver =  | Size = 7176 bytes | Modified Date = 21/9/2008 00:58:20 | Attr =	]
PublishedRacMonSWITable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonSWITable.DAT ->  [Ver =  | Size = 58220 bytes | Modified Date = 21/9/2008 00:58:20 | Attr =	]
C:\ProgramData\Microsoft\User Account Pictures\ -> C:\ProgramData\Microsoft\User Account Pictures ->  [Folder | Modified Date = 27/10/2007 14:14:08 | Attr =	]
Fanis.dat -> C:\ProgramData\Microsoft\User Account Pictures\Fanis.dat ->  [Ver =  | Size = 0 bytes | Modified Date = 27/10/2007 14:14:08 | Attr =	]
C:\Users\Fanis\AppData\Local\Temp\ -> C:\Users\Fanis\AppData\Local\Temp ->  [Folder | Modified Date = 21/9/2008 14:47:19 | Attr =	]
fsgk32.exe -> C:\Users\Fanis\AppData\Local\Temp\fsgk32.exe -> F-Secure Corp. [Ver = 7.60.14020.0 | Size = 413696 bytes | Modified Date = 21/9/2008 13:57:22 | Attr =	]
fssm32.exe -> C:\Users\Fanis\AppData\Local\Temp\fssm32.exe -> F-Secure Corp. [Ver = 7.60.14020.0 | Size = 494592 bytes | Modified Date = 21/9/2008 13:57:22 | Attr =	]
9 C:\Users\Fanis\AppData\Local\Temp\*.tmp files -> C:\Users\Fanis\AppData\Local\Temp\*.tmp -> 
C:\Users\Fanis\AppData\Local\Temp\OnlineScanner\Anti-Virus\ -> C:\Users\Fanis\AppData\Local\Temp\OnlineScanner\Anti-Virus ->  [Folder | Modified Date = 21/9/2008 13:57:44 | Attr =	]
fsgk32.exe -> C:\Users\Fanis\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsgk32.exe -> F-Secure Corp. [Ver = 7.60.14020.0 | Size = 413696 bytes | Modified Date = 21/9/2008 13:57:22 | Attr =	]
fssm32.exe -> C:\Users\Fanis\AppData\Local\Temp\OnlineScanner\Anti-Virus\fssm32.exe -> F-Secure Corp. [Ver = 7.60.14020.0 | Size = 494592 bytes | Modified Date = 21/9/2008 13:57:22 | Attr =	]
C:\Users\Fanis\AppData\Local\Temp\OnlineScanner\updates\fsav_beta\ -> C:\Users\Fanis\AppData\Local\Temp\OnlineScanner\updates\fsav_beta ->  [Folder | Modified Date = 21/9/2008 13:57:22 | Attr =	]
fsgk32.exe -> C:\Users\Fanis\AppData\Local\Temp\OnlineScanner\updates\fsav_beta\fsgk32.exe -> F-Secure Corp. [Ver = 7.60.14020.0 | Size = 413696 bytes | Modified Date = 21/9/2008 13:57:22 | Attr =	]
fssm32.exe -> C:\Users\Fanis\AppData\Local\Temp\OnlineScanner\updates\fsav_beta\fssm32.exe -> F-Secure Corp. [Ver = 7.60.14020.0 | Size = 494592 bytes | Modified Date = 21/9/2008 13:57:22 | Attr =	]
C:\Users\Fanis\AppData\Local\Temp\WLXPL_DX\ -> C:\Users\Fanis\AppData\Local\Temp\WLXPL_DX ->  [Folder | Modified Date = 21/9/2008 12:40:55 | Attr =	]
dxsetup.exe -> C:\Users\Fanis\AppData\Local\Temp\WLXPL_DX\dxsetup.exe -> Microsoft Corporation [Ver = 4.9.0.0904 | Size = 484632 bytes | Modified Date = 21/12/2007 14:46:58 | Attr =	]
C:\Users\Fanis\AppData\Local\Temp\ -> C:\Users\Fanis\AppData\Local\Temp ->  [Folder | Modified Date = 21/9/2008 14:47:19 | Attr =	]
daas_s.dll -> C:\Users\Fanis\AppData\Local\Temp\daas_s.dll -> F-Secure Corporation [Ver = 6.00.14023 | Size = 495616 bytes | Modified Date = 21/9/2008 13:57:42 | Attr =	]
fm4av.dll -> C:\Users\Fanis\AppData\Local\Temp\fm4av.dll ->  [Ver =  | Size = 514048 bytes | Modified Date = 21/9/2008 13:57:22 | Attr =	]
9 C:\Users\Fanis\AppData\Local\Temp\*.tmp files -> C:\Users\Fanis\AppData\Local\Temp\*.tmp -> 
C:\Users\Fanis\AppData\Local\Temp\OnlineScanner\Anti-Virus\ -> C:\Users\Fanis\AppData\Local\Temp\OnlineScanner\Anti-Virus ->  [Folder | Modified Date = 21/9/2008 13:57:44 | Attr =	]
AVPFPI0.dll -> C:\Users\Fanis\AppData\Local\Temp\OnlineScanner\Anti-Virus\AVPFPI0.dll -> Kaspersky Lab [Ver = 7.0.171.8410 | Size = 147538 bytes | Modified Date = 21/9/2008 13:57:22 | Attr =	]
avpproxy.dll -> C:\Users\Fanis\AppData\Local\Temp\OnlineScanner\Anti-Virus\avpproxy.dll -> F-Secure Corporation [Ver = 1.2.12160 | Size = 77910 bytes | Modified Date = 21/9/2008 13:57:22 | Attr =	]
daas_s.dll -> C:\Users\Fanis\AppData\Local\Temp\OnlineScanner\Anti-Virus\daas_s.dll -> F-Secure Corporation [Ver = 6.00.14023 | Size = 495616 bytes | Modified Date = 27/2/2008 15:59:28 | Attr =	]
fm4av.dll -> C:\Users\Fanis\AppData\Local\Temp\OnlineScanner\Anti-Virus\fm4av.dll ->  [Ver =  | Size = 514048 bytes | Modified Date = 21/9/2008 13:57:22 | Attr =	]
fpinor.dll -> C:\Users\Fanis\AppData\Local\Temp\OnlineScanner\Anti-Virus\fpinor.dll -> F-Secure Corporation [Ver = 1.20.13330 | Size = 113664 bytes | Modified Date = 21/9/2008 13:57:22 | Attr =	]
fsbl.dll -> C:\Users\Fanis\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsbl.dll -> F-Secure Corporation [Ver = 1, 0, 0, 1 | Size = 49152 bytes | Modified Date = 21/9/2008 13:57:22 | Attr =	]
fsblu.dll -> C:\Users\Fanis\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsblu.dll -> F-Secure Corporation [Ver = BlackLight 2.2.1092 | Size = 731776 bytes | Modified Date = 21/9/2008 13:56:41 | Attr =	]
fsecr32.dll -> C:\Users\Fanis\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsecr32.dll -> F-Secure Corporation [Ver = 2.08.8110 | Size = 262144 bytes | Modified Date = 21/9/2008 13:57:15 | Attr =	]
fsgkiapi.dll -> C:\Users\Fanis\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsgkiapi.dll -> F-Secure Corp. [Ver = 7.60.13372.8144 | Size = 82432 bytes | Modified Date = 21/9/2008 13:57:22 | Attr =	]
fsmart.dll -> C:\Users\Fanis\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsmart.dll -> F-Secure Corporation [Ver = 1, 0, 0, 29 | Size = 147456 bytes | Modified Date = 21/9/2008 13:57:19 | Attr =	]
fspe32.dll -> C:\Users\Fanis\AppData\Local\Temp\OnlineScanner\Anti-Virus\fspe32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 385024 bytes | Modified Date = 21/9/2008 13:57:15 | Attr =	]
fssubmit.dll -> C:\Users\Fanis\AppData\Local\Temp\OnlineScanner\Anti-Virus\fssubmit.dll -> F-Secure Corporation [Ver = 1.0.11 | Size = 651264 bytes | Modified Date = 21/9/2008 13:56:57 | Attr =	]
fsup32.dll -> C:\Users\Fanis\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsup32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 577536 bytes | Modified Date = 21/9/2008 13:57:15 | Attr =	]
fsupcx32.dll -> C:\Users\Fanis\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsupcx32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 73728 bytes | Modified Date = 21/9/2008 13:57:15 | Attr =	]
fsupfg32.dll -> C:\Users\Fanis\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsupfg32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 98304 bytes | Modified Date = 21/9/2008 13:57:15 | Attr =	]
fsupmw32.dll -> C:\Users\Fanis\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsupmw32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 86016 bytes | Modified Date = 21/9/2008 13:57:15 | Attr =	]
fsupnp32.dll -> C:\Users\Fanis\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsupnp32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 98304 bytes | Modified Date = 21/9/2008 13:57:15 | Attr =	]
fsupux32.dll -> C:\Users\Fanis\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsupux32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 90112 bytes | Modified Date = 21/9/2008 13:57:15 | Attr =	]
fsupwu32.dll -> C:\Users\Fanis\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsupwu32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 90112 bytes | Modified Date = 21/9/2008 13:57:15 | Attr =	]
fsusscr.dll -> C:\Users\Fanis\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsusscr.dll -> F-Secure Corporation [Ver = 2.30.14271 | Size = 888832 bytes | Modified Date = 21/9/2008 13:57:19 | Attr =	]
Nse_w32.dll -> C:\Users\Fanis\AppData\Local\Temp\OnlineScanner\Anti-Virus\Nse_w32.dll -> Norman ASA [Ver = 5,93,01 | Size = 588856 bytes | Modified Date = 21/9/2008 13:56:50 | Attr =	]
C:\Users\Fanis\AppData\Local\Temp\OnlineScanner\updates\fsav_beta\ -> C:\Users\Fanis\AppData\Local\Temp\OnlineScanner\updates\fsav_beta ->  [Folder | Modified Date = 21/9/2008 13:57:22 | Attr =	]
AVPFPI0.dll -> C:\Users\Fanis\AppData\Local\Temp\OnlineScanner\updates\fsav_beta\AVPFPI0.dll -> Kaspersky Lab [Ver = 7.0.171.8410 | Size = 147538 bytes | Modified Date = 21/9/2008 13:57:22 | Attr =	]
avpproxy.dll -> C:\Users\Fanis\AppData\Local\Temp\OnlineScanner\updates\fsav_beta\avpproxy.dll -> F-Secure Corporation [Ver = 1.2.12160 | Size = 77910 bytes | Modified Date = 21/9/2008 13:57:22 | Attr =	]
fm4av.dll -> C:\Users\Fanis\AppData\Local\Temp\OnlineScanner\updates\fsav_beta\fm4av.dll ->  [Ver =  | Size = 514048 bytes | Modified Date = 21/9/2008 13:57:22 | Attr =	]
fpinor.dll -> C:\Users\Fanis\AppData\Local\Temp\OnlineScanner\updates\fsav_beta\fpinor.dll -> F-Secure Corporation [Ver = 1.20.13330 | Size = 113664 bytes | Modified Date = 21/9/2008 13:57:22 | Attr =	]
fsbl.dll -> C:\Users\Fanis\AppData\Local\Temp\OnlineScanner\updates\fsav_beta\fsbl.dll -> F-Secure Corporation [Ver = 1, 0, 0, 1 | Size = 49152 bytes | Modified Date = 21/9/2008 13:57:22 | Attr =	]
fsgkiapi.dll -> C:\Users\Fanis\AppData\Local\Temp\OnlineScanner\updates\fsav_beta\fsgkiapi.dll -> F-Secure Corp. [Ver = 7.60.13372.8144 | Size = 82432 bytes | Modified Date = 21/9/2008 13:57:22 | Attr =	]
C:\Users\Fanis\AppData\Local\Temp\OnlineScanner\updates\hydrawin\ -> C:\Users\Fanis\AppData\Local\Temp\OnlineScanner\updates\hydrawin ->  [Folder | Modified Date = 21/9/2008 13:57:15 | Attr =	]
fsecr32.dll -> C:\Users\Fanis\AppData\Local\Temp\OnlineScanner\updates\hydrawin\fsecr32.dll -> F-Secure Corporation [Ver = 2.08.8110 | Size = 262144 bytes | Modified Date = 21/9/2008 13:57:15 | Attr =	]
fspe32.dll -> C:\Users\Fanis\AppData\Local\Temp\OnlineScanner\updates\hydrawin\fspe32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 385024 bytes | Modified Date = 21/9/2008 13:57:15 | Attr =	]
fsup32.dll -> C:\Users\Fanis\AppData\Local\Temp\OnlineScanner\updates\hydrawin\fsup32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 577536 bytes | Modified Date = 21/9/2008 13:57:15 | Attr =	]
fsupcx32.dll -> C:\Users\Fanis\AppData\Local\Temp\OnlineScanner\updates\hydrawin\fsupcx32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 73728 bytes | Modified Date = 21/9/2008 13:57:15 | Attr =	]
fsupfg32.dll -> C:\Users\Fanis\AppData\Local\Temp\OnlineScanner\updates\hydrawin\fsupfg32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 98304 bytes | Modified Date = 21/9/2008 13:57:15 | Attr =	]
fsupmw32.dll -> C:\Users\Fanis\AppData\Local\Temp\OnlineScanner\updates\hydrawin\fsupmw32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 86016 bytes | Modified Date = 21/9/2008 13:57:15 | Attr =	]
fsupnp32.dll -> C:\Users\Fanis\AppData\Local\Temp\OnlineScanner\updates\hydrawin\fsupnp32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 98304 bytes | Modified Date = 21/9/2008 13:57:15 | Attr =	]
fsupux32.dll -> C:\Users\Fanis\AppData\Local\Temp\OnlineScanner\updates\hydrawin\fsupux32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 90112 bytes | Modified Date = 21/9/2008 13:57:15 | Attr =	]
fsupwu32.dll -> C:\Users\Fanis\AppData\Local\Temp\OnlineScanner\updates\hydrawin\fsupwu32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 90112 bytes | Modified Date = 21/9/2008 13:57:15 | Attr =	]
C:\Users\Fanis\AppData\Local\Temp\OnlineScanner\updates\mlcwin\ -> C:\Users\Fanis\AppData\Local\Temp\OnlineScanner\updates\mlcwin ->  [Folder | Modified Date = 21/9/2008 13:57:19 | Attr =	]
fsmart.dll -> C:\Users\Fanis\AppData\Local\Temp\OnlineScanner\updates\mlcwin\fsmart.dll -> F-Secure Corporation [Ver = 1, 0, 0, 29 | Size = 147456 bytes | Modified Date = 21/9/2008 13:57:19 | Attr =	]
fsusscr.dll -> C:\Users\Fanis\AppData\Local\Temp\OnlineScanner\updates\mlcwin\fsusscr.dll -> F-Secure Corporation [Ver = 2.30.14271 | Size = 888832 bytes | Modified Date = 21/9/2008 13:57:19 | Attr =	]
C:\Users\Fanis\AppData\Local\Temp\OnlineScanner\updates\ols_30_pegdb\ -> C:\Users\Fanis\AppData\Local\Temp\OnlineScanner\updates\ols_30_pegdb ->  [Folder | Modified Date = 21/9/2008 13:56:50 | Attr =	]
Nse_w32.dll -> C:\Users\Fanis\AppData\Local\Temp\OnlineScanner\updates\ols_30_pegdb\Nse_w32.dll -> Norman ASA [Ver = 5,93,01 | Size = 588856 bytes | Modified Date = 21/9/2008 13:56:50 | Attr =	]
C:\Users\Fanis\AppData\Local\Temp\OnlineScanner\updates\ols_33_bin\ -> C:\Users\Fanis\AppData\Local\Temp\OnlineScanner\updates\ols_33_bin ->  [Folder | Modified Date = 21/9/2008 13:56:57 | Attr =	]
fssubmit.dll -> C:\Users\Fanis\AppData\Local\Temp\OnlineScanner\updates\ols_33_bin\fssubmit.dll -> F-Secure Corporation [Ver = 1.0.11 | Size = 651264 bytes | Modified Date = 21/9/2008 13:56:57 | Attr =	]
C:\Users\Fanis\AppData\Local\Temp\OnlineScanner\updates\ols_bl\ -> C:\Users\Fanis\AppData\Local\Temp\OnlineScanner\updates\ols_bl ->  [Folder | Modified Date = 21/9/2008 13:56:41 | Attr =	]
fsblu.dll -> C:\Users\Fanis\AppData\Local\Temp\OnlineScanner\updates\ols_bl\fsblu.dll -> F-Secure Corporation [Ver = BlackLight 2.2.1092 | Size = 731776 bytes | Modified Date = 21/9/2008 13:56:41 | Attr =	]
C:\Users\Fanis\AppData\Local\Temp\WLXPL_DX\ -> C:\Users\Fanis\AppData\Local\Temp\WLXPL_DX ->  [Folder | Modified Date = 21/9/2008 12:40:55 | Attr =	]
DSETUP.dll -> C:\Users\Fanis\AppData\Local\Temp\WLXPL_DX\DSETUP.dll -> Microsoft Corporation [Ver = 4.9.0.0904 | Size = 74520 bytes | Modified Date = 21/12/2007 14:46:58 | Attr =	]
dsetup32.dll -> C:\Users\Fanis\AppData\Local\Temp\WLXPL_DX\dsetup32.dll -> Microsoft Corporation [Ver = 4.9.0.0904 | Size = 1670936 bytes | Modified Date = 21/12/2007 14:46:58 | Attr =	]
C:\Users\Fanis\AppData\Local\Temp\OnlineScanner\Anti-Virus\ -> C:\Users\Fanis\AppData\Local\Temp\OnlineScanner\Anti-Virus ->  [Folder | Modified Date = 21/9/2008 13:57:44 | Attr =	]
ext.dat -> C:\Users\Fanis\AppData\Local\Temp\OnlineScanner\Anti-Virus\ext.dat ->  [Ver =  | Size = 444 bytes | Modified Date = 21/9/2008 13:56:40 | Attr =	]
fsedb.dat -> C:\Users\Fanis\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsedb.dat ->  [Ver =  | Size = 1517274 bytes | Modified Date = 21/9/2008 13:57:15 | Attr =	]
fsupdllb.dat -> C:\Users\Fanis\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsupdllb.dat ->  [Ver =  | Size = 422594 bytes | Modified Date = 21/9/2008 13:57:15 | Attr =	]
fsupplgn.dat -> C:\Users\Fanis\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsupplgn.dat ->  [Ver =  | Size = 226 bytes | Modified Date = 21/9/2008 13:57:15 | Attr =	]
fsuptmpl.dat -> C:\Users\Fanis\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsuptmpl.dat ->  [Ver =  | Size = 5828 bytes | Modified Date = 21/9/2008 13:57:15 | Attr =	]
perf.dat -> C:\Users\Fanis\AppData\Local\Temp\OnlineScanner\Anti-Virus\perf.dat ->  [Ver =  | Size = 128 bytes | Modified Date = 21/9/2008 14:47:13 | Attr =	]
sae.dat -> C:\Users\Fanis\AppData\Local\Temp\OnlineScanner\Anti-Virus\sae.dat ->  [Ver =  | Size = 243 bytes | Modified Date = 21/9/2008 13:56:40 | Attr =	]
sai.dat -> C:\Users\Fanis\AppData\Local\Temp\OnlineScanner\Anti-Virus\sai.dat ->  [Ver =  | Size = 1348 bytes | Modified Date = 21/9/2008 13:56:40 | Attr =	]
C:\Users\Fanis\AppData\Local\Temp\OnlineScanner\updates\avmisc\ -> C:\Users\Fanis\AppData\Local\Temp\OnlineScanner\updates\avmisc ->  [Folder | Modified Date = 21/9/2008 13:56:40 | Attr =	]
ext.dat -> C:\Users\Fanis\AppData\Local\Temp\OnlineScanner\updates\avmisc\ext.dat ->  [Ver =  | Size = 444 bytes | Modified Date = 21/9/2008 13:56:40 | Attr =	]
sae.dat -> C:\Users\Fanis\AppData\Local\Temp\OnlineScanner\updates\avmisc\sae.dat ->  [Ver =  | Size = 243 bytes | Modified Date = 21/9/2008 13:56:40 | Attr =	]
sai.dat -> C:\Users\Fanis\AppData\Local\Temp\OnlineScanner\updates\avmisc\sai.dat ->  [Ver =  | Size = 1348 bytes | Modified Date = 21/9/2008 13:56:40 | Attr =	]
C:\Users\Fanis\AppData\Local\Temp\OnlineScanner\updates\hydrawin\ -> C:\Users\Fanis\AppData\Local\Temp\OnlineScanner\updates\hydrawin ->  [Folder | Modified Date = 21/9/2008 13:57:15 | Attr =	]
fsedb.dat -> C:\Users\Fanis\AppData\Local\Temp\OnlineScanner\updates\hydrawin\fsedb.dat ->  [Ver =  | Size = 1517274 bytes | Modified Date = 21/9/2008 13:57:15 | Attr =	]
fsupdllb.dat -> C:\Users\Fanis\AppData\Local\Temp\OnlineScanner\updates\hydrawin\fsupdllb.dat ->  [Ver =  | Size = 422594 bytes | Modified Date = 21/9/2008 13:57:15 | Attr =	]
fsupplgn.dat -> C:\Users\Fanis\AppData\Local\Temp\OnlineScanner\updates\hydrawin\fsupplgn.dat ->  [Ver =  | Size = 226 bytes | Modified Date = 21/9/2008 13:57:15 | Attr =	]
fsuptmpl.dat -> C:\Users\Fanis\AppData\Local\Temp\OnlineScanner\updates\hydrawin\fsuptmpl.dat ->  [Ver =  | Size = 5828 bytes | Modified Date = 21/9/2008 13:57:15 | Attr =	]
C:\Users\Fanis\AppData\Local\Temp\OnlineScanner\Anti-Virus\ -> C:\Users\Fanis\AppData\Local\Temp\OnlineScanner\Anti-Virus ->  [Folder | Modified Date = 21/9/2008 13:57:44 | Attr =	]
FS@av.ini -> C:\Users\Fanis\AppData\Local\Temp\OnlineScanner\Anti-Virus\FS@av.ini ->  [Ver =  | Size = 203 bytes | Modified Date = 21/9/2008 13:56:40 | Attr =	]
FS@avpe.ini -> C:\Users\Fanis\AppData\Local\Temp\OnlineScanner\Anti-Virus\FS@avpe.ini ->  [Ver =  | Size = 205 bytes | Modified Date = 21/9/2008 13:56:37 | Attr =	]
FS@bleng.ini -> C:\Users\Fanis\AppData\Local\Temp\OnlineScanner\Anti-Virus\FS@bleng.ini ->  [Ver =  | Size = 252 bytes | Modified Date = 21/9/2008 13:56:41 | Attr =	]
FS@corp.ini -> C:\Users\Fanis\AppData\Local\Temp\OnlineScanner\Anti-Virus\FS@corp.ini ->  [Ver =  | Size = 176 bytes | Modified Date = 21/9/2008 13:57:22 | Attr =	]
FS@hydra.ini -> C:\Users\Fanis\AppData\Local\Temp\OnlineScanner\Anti-Virus\FS@hydra.ini ->  [Ver =  | Size = 250 bytes | Modified Date = 21/9/2008 13:57:15 | Attr =	]
FS@mlc.ini -> C:\Users\Fanis\AppData\Local\Temp\OnlineScanner\Anti-Virus\FS@mlc.ini ->  [Ver =  | Size = 204 bytes | Modified Date = 21/9/2008 13:57:19 | Attr =	]
FS@ols.ini -> C:\Users\Fanis\AppData\Local\Temp\OnlineScanner\Anti-Virus\FS@ols.ini ->  [Ver =  | Size = 168 bytes | Modified Date = 21/9/2008 13:56:57 | Attr =	]
FS@peg.ini -> C:\Users\Fanis\AppData\Local\Temp\OnlineScanner\Anti-Virus\FS@peg.ini ->  [Ver =  | Size = 204 bytes | Modified Date = 21/9/2008 13:56:50 | Attr =	]
verdicts.ini -> C:\Users\Fanis\AppData\Local\Temp\OnlineScanner\Anti-Virus\verdicts.ini ->  [Ver =  | Size = 4181 bytes | Modified Date = 21/9/2008 13:56:38 | Attr =	]
C:\Users\Fanis\AppData\Local\Temp\OnlineScanner\updates\avmisc\ -> C:\Users\Fanis\AppData\Local\Temp\OnlineScanner\updates\avmisc ->  [Folder | Modified Date = 21/9/2008 13:56:40 | Attr =	]
FS@av.ini -> C:\Users\Fanis\AppData\Local\Temp\OnlineScanner\updates\avmisc\FS@av.ini ->  [Ver =  | Size = 203 bytes | Modified Date = 21/9/2008 13:56:40 | Attr =	]
C:\Users\Fanis\AppData\Local\Temp\OnlineScanner\updates\avpe\ -> C:\Users\Fanis\AppData\Local\Temp\OnlineScanner\updates\avpe ->  [Folder | Modified Date = 21/9/2008 13:56:39 | Attr =	]
FS@avpe.ini -> C:\Users\Fanis\AppData\Local\Temp\OnlineScanner\updates\avpe\FS@avpe.ini ->  [Ver =  | Size = 205 bytes | Modified Date = 21/9/2008 13:56:37 | Attr =	]
verdicts.ini -> C:\Users\Fanis\AppData\Local\Temp\OnlineScanner\updates\avpe\verdicts.ini ->  [Ver =  | Size = 4181 bytes | Modified Date = 21/9/2008 13:56:38 | Attr =	]
C:\Users\Fanis\AppData\Local\Temp\OnlineScanner\updates\fsav_beta\ -> C:\Users\Fanis\AppData\Local\Temp\OnlineScanner\updates\fsav_beta ->  [Folder | Modified Date = 21/9/2008 13:57:22 | Attr =	]
FS@corp.ini -> C:\Users\Fanis\AppData\Local\Temp\OnlineScanner\updates\fsav_beta\FS@corp.ini ->  [Ver =  | Size = 176 bytes | Modified Date = 21/9/2008 13:57:22 | Attr =	]
C:\Users\Fanis\AppData\Local\Temp\OnlineScanner\updates\hydrawin\ -> C:\Users\Fanis\AppData\Local\Temp\OnlineScanner\updates\hydrawin ->  [Folder | Modified Date = 21/9/2008 13:57:15 | Attr =	]
FS@hydra.ini -> C:\Users\Fanis\AppData\Local\Temp\OnlineScanner\updates\hydrawin\FS@hydra.ini ->  [Ver =  | Size = 250 bytes | Modified Date = 21/9/2008 13:57:15 | Attr =	]
C:\Users\Fanis\AppData\Local\Temp\OnlineScanner\updates\mlcwin\ -> C:\Users\Fanis\AppData\Local\Temp\OnlineScanner\updates\mlcwin ->  [Folder | Modified Date = 21/9/2008 13:57:19 | Attr =	]
FS@mlc.ini -> C:\Users\Fanis\AppData\Local\Temp\OnlineScanner\updates\mlcwin\FS@mlc.ini ->  [Ver =  | Size = 204 bytes | Modified Date = 21/9/2008 13:57:19 | Attr =	]
C:\Users\Fanis\AppData\Local\Temp\OnlineScanner\updates\ols_30_pegdb\ -> C:\Users\Fanis\AppData\Local\Temp\OnlineScanner\updates\ols_30_pegdb ->  [Folder | Modified Date = 21/9/2008 13:56:50 | Attr =	]
FS@peg.ini -> C:\Users\Fanis\AppData\Local\Temp\OnlineScanner\updates\ols_30_pegdb\FS@peg.ini ->  [Ver =  | Size = 204 bytes | Modified Date = 21/9/2008 13:56:50 | Attr =	]
C:\Users\Fanis\AppData\Local\Temp\OnlineScanner\updates\ols_33_bin\ -> C:\Users\Fanis\AppData\Local\Temp\OnlineScanner\updates\ols_33_bin ->  [Folder | Modified Date = 21/9/2008 13:56:57 | Attr =	]
FS@ols.ini -> C:\Users\Fanis\AppData\Local\Temp\OnlineScanner\updates\ols_33_bin\FS@ols.ini ->  [Ver =  | Size = 168 bytes | Modified Date = 21/9/2008 13:56:57 | Attr =	]
C:\Users\Fanis\AppData\Local\Temp\OnlineScanner\updates\ols_bl\ -> C:\Users\Fanis\AppData\Local\Temp\OnlineScanner\updates\ols_bl ->  [Folder | Modified Date = 21/9/2008 13:56:41 | Attr =	]
FS@bleng.ini -> C:\Users\Fanis\AppData\Local\Temp\OnlineScanner\updates\ols_bl\FS@bleng.ini ->  [Ver =  | Size = 252 bytes | Modified Date = 21/9/2008 13:56:41 | Attr =	]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ->  [Ver =  | Size = 182272 bytes | Modified Date = 20/9/2008 22:09:09 | Attr =	]
IconCache.db -> %UserProfile%\AppData\Local\IconCache.db ->  [Ver =  | Size = 4703402 bytes | Modified Date = 21/9/2008 13:39:12 | Attr =  H ]
desktop.ini -> %SystemDrive%\Users\Public\Documents\desktop.ini ->  [Ver =  | Size = 280 bytes | Modified Date = 21/9/2008 13:00:22 | Attr =  HS]
desktop.ini -> E:\desktop.ini ->  [Ver =  | Size = 592 bytes | Modified Date = 15/9/2008 19:56:50 | Attr =  HS]
Οι κοινόχρηστοι φάκελοί μου.lnk -> E:\Οι κοινόχρηστοι φάκελοί μου.lnk ->  [Ver =  | Size = 361 bytes | Modified Date = 21/9/2008 13:45:36 | Attr =	]
desktop.ini -> %SystemDrive%\Users\Public\Desktop\desktop.ini ->  [Ver =  | Size = 174 bytes | Modified Date = 21/9/2008 13:00:22 | Attr =  HS]
Malwarebytes' Anti-Malware.lnk -> %SystemDrive%\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk ->  [Ver =  | Size = 826 bytes | Modified Date = 19/9/2008 16:34:49 | Attr =	]
World of Warcraft.lnk -> %SystemDrive%\Users\Public\Desktop\World of Warcraft.lnk ->  [Ver =  | Size = 892 bytes | Modified Date = 17/9/2008 19:13:56 | Attr =	]
avenger.zip -> %UserProfile%\Desktop\avenger.zip ->  [Ver =  | Size = 724952 bytes | Modified Date = 21/9/2008 00:35:41 | Attr =	]
Blitzkrieg 2 - Fall of the Reich.lnk -> %UserProfile%\Desktop\Blitzkrieg 2 - Fall of the Reich.lnk ->  [Ver =  | Size = 2108 bytes | Modified Date = 17/9/2008 16:48:40 | Attr =	]
HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk ->  [Ver =  | Size = 1882 bytes | Modified Date = 12/9/2008 13:29:42 | Attr =	]
OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe ->  [Ver =  | Size = 576581 bytes | Modified Date = 20/9/2008 10:12:21 | Attr =	]
Programma.pdf -> %UserProfile%\Desktop\Programma.pdf ->  [Ver =  | Size = 134361 bytes | Modified Date = 13/9/2008 14:39:07 | Attr =	]
RSIT.exe -> %UserProfile%\Desktop\RSIT.exe ->  [Ver = 3, 2, 12, 1 | Size = 305323 bytes | Modified Date = 20/9/2008 00:10:18 | Attr =	]
World at War a World Divided (Game Menu).lnk -> %UserProfile%\Desktop\World at War a World Divided (Game Menu).lnk ->  [Ver =  | Size = 1883 bytes | Modified Date = 8/9/2008 23:08:22 | Attr =	]
Αντιμετώπιση προβλημάτων του Internet Explorer.url -> %UserProfile%\Desktop\Αντιμετώπιση προβλημάτων του Internet Explorer.url ->  [Ver =  | Size = 134 bytes | Modified Date = 21/9/2008 13:45:46 | Attr =	]
desktop.ini -> %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini ->  [Ver =  | Size = 174 bytes | Modified Date = 21/9/2008 13:00:22 | Attr =  HS]

< End of report >

Attached Files



#14 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:10:52 PM

Posted 21 September 2008 - 01:10 PM

That logs looks fine. :thumbsup:

If there aren't any other issues then go ahead and run the system normally for a day and then get back with me and let me know if there are any continuing issues.

If everything is Ok at that time, then we have some final cleanup to do and you'll be good to go.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#15 Farokh

Farokh
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:52 AM

Posted 23 September 2008 - 09:37 AM

Thank you everything is ok!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users