Downloaded wrong .exe & now I have ad virus - Page 2

boubal · 22-Mar-2008, 03:22 PM **#16**

Scan History Details
Start Date: 22/3/2008 8:33:21 μμ
End Date: 22/3/2008 8:59:42 μμ
Total Time: 26 Min 21 Sec
Detected security risks

KaZaA P2P Program more information...
Details: KaZaA is a peer-to-peer (P2P) application that allows its users to join together in a network via the Internet and share files from each other's hard drives.
Status: Ignored

Registry entries detected
HKEY_USERS\S-1-5-21-1801674531-688789844-839522115-1004\SOFTWARE\KAZAA
HKEY_USERS\S-1-5-21-1801674531-688789844-839522115-1004\SOFTWARE\KAZAA\LocalContent

Bifrost Backdoor more information...
Details: Bifrost is an advanced remote administration tool that allows users to remotely control computers that are behind firewalls and routers.
Status: Quarantined

Registry entries detected
HKEY_USERS\S-1-5-21-1801674531-688789844-839522115-1004\SOFTWARE\WGET

Trojan.Win32.Agent.qt Trojan more information...
Details: Trojan.Win32.Agent.qt is a trojan that steals information from the infected machine and sends the data to a remote website.
Status: Deleted

Files detected
C:\WINDOWS\system32\winbjt32.dll

Cookie: Tracking Cookies Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\documents and settings\user\cookies\user@2o7[2].txt
c:\documents and settings\user\cookies\user@a[1].txt
c:\documents and settings\user\cookies\user@ad.yieldmanager[2].txt
c:\documents and settings\user\cookies\user@amazon[2].txt
c:\documents and settings\user\cookies\user@cgi-bin[2].txt
c:\documents and settings\user\cookies\user@dealtime[1].txt
c:\documents and settings\user\cookies\user@engage.everyone[2].txt
c:\documents and settings\user\cookies\user@hitbox[1].txt
c:\documents and settings\user\cookies\user@list[1].txt
c:\documents and settings\user\cookies\user@pricegrabber[1].txt
c:\documents and settings\user\cookies\user@redeye.willhill[2].txt
c:\documents and settings\user\cookies\user@revsci[2].txt
c:\documents and settings\user\cookies\user@server.iad.liveperson[1].txt
c:\documents and settings\user\cookies\user@valueclick[2].txt
c:\documents and settings\user\cookies\user@www.regnow[2].txt
c:\documents and settings\user\cookies\user@www.windowsmarketplace[1].txt
c:\documents and settings\user\cookies\user@yandex[2].txt

thanx !!!!!!!

**dvk01** · 23-Mar-2008, 04:38 AM **#17**

there is still a big problem there

Delete any existing version of ComboFix you have sitting on your desktop and the existing cfscript.txt

Download ComboFix from Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
--------------------------------------------------------------------
1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

then use this set of instructions

download the attached CFScript.txt to your desktop

Close any open browsers and make sure you are disconnected from the net. Unplug the cable if need be before going any further

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Remember to reconnect to the net and enable any disabled antivirus etc BEFORE reconnecting

Note: these instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.

This will create a zip file named something like [38]-Submit_2008-01-17@17.50.zip

at the end it will pop up an alert & open your browser and ask you to send the zip file

please follow those instructions. We need to see the zip file before we can carry on with the fix

If there is no pop up alert or open browser then

please go to http://www.thespykiller.co.uk/index.php?board=1.0 and upload these files so I can examine them and if needed distribute them to antivirus companies.
Just press new topic, fill in the needed details and just give a link to your post here & then press the browse button and then navigate to & select the files on your computer, If there is more than 1 file then press the more attachments button for each extra file and browse and select etc and then when all the files are listed in the windows press send to upload the files ( do not post HJT logs there as they will not get dealt with)

Files to submit:
the zip file on desktop created by combofix named something like [38]-Submit_2008-01-17@17.50.zip

boubal · 23-Mar-2008, 05:17 AM **#18**

Goodmorning Derek!!!

i did as written above step by step, but again no zip file at my desktop .

ComboFix 08-03-22.3 - User 2008-03-23 11:08:44.7 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1253.1.1032.18.1455 [GMT 2:00]
Running from: C:\Documents and Settings\User\Επιφάνεια εργασίας\ComboFix.exe
Command switches used :: C:\Documents and Settings\User\Επιφάνεια εργασίας\CFScript.txt
* Created a new restore point

FILE ::
C:\Program Files\tmp10362437.exe
C:\Program Files\tmp114421.exe
C:\Program Files\tmp13941125.exe
C:\Program Files\tmp183437.exe
C:\Program Files\tmp183484.exe
C:\Program Files\tmp185578.exe
C:\Program Files\tmp186078.exe
C:\Program Files\tmp1917234.exe
C:\Program Files\tmp1926593.exe
C:\Program Files\tmp21163343.exe
C:\Program Files\tmp222250.exe
C:\Program Files\tmp228687.exe
C:\Program Files\tmp2985296.exe
C:\Program Files\tmp2986984.exe
C:\Program Files\tmp512453.exe
C:\Program Files\tmp514468.exe
C:\Program Files\udefender_setup.exe
C:\Program Files\xloader30029.exe
C:\WINDOWS\Irremote.ini
C:\WINDOWS\system32\cuylpddo.ini
C:\WINDOWS\system32\jcseynhq.ini
C:\WINDOWS\system32\mwvbmddr.ini
C:\WINDOWS\system32\qsqpqepg.ini
C:\WINDOWS\system32\tieqjeey.ini
C:\WINDOWS\system32\winbjt32.dll
C:\WINDOWS\system32\ysveahrh.ini
C:\WINDOWS\ujf635.bin
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\IE Extensions
C:\Program Files\IE Extensions\cj.v2.dll
C:\Program Files\tmp183437.exe
C:\Program Files\tmp183484.exe
C:\Program Files\tmp185578.exe
C:\Program Files\tmp21163343.exe
C:\Program Files\udefender_setup.exe
C:\WINDOWS\Irremote.ini
C:\WINDOWS\ujf635.bin

.
((((((((((((((((((((((((( Files Created from 2008-02-23 to 2008-03-23 )))))))))))))))))))))))))))))))
.

2008-03-23 11:08 . 2008-03-23 11:08 58,833 --a------ C:\Documents and Settings\User\catchme.zip
2008-03-22 23:27 . 2008-03-22 23:27 16,620 --a------ C:\Program Files\tmp22648875.exe
2008-03-22 23:27 . 2008-03-22 23:27 16,504 --a------ C:\Program Files\tmp22654156.exe
2008-03-22 20:33 . 2008-03-22 20:33 0 --a------ C:\WINDOWS\system32\SBRC.dat
2008-03-22 20:33 . 2008-03-22 20:33 0 --a------ C:\WINDOWS\system32\SBFC.dat
2008-03-22 19:40 . 2008-03-22 19:40 15,544 --a------ C:\WINDOWS\system32\drivers\sbhr.sys
2008-03-22 19:39 . 2008-03-22 19:39 <DIR> d-------- C:\Documents and Settings\User\Application Data\Sunbelt Software
2008-03-22 19:39 . 2008-03-22 19:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sunbelt Software
2008-03-22 19:38 . 2008-03-22 19:38 <DIR> d-------- C:\Program Files\Sunbelt Software
2008-03-19 21:12 . 2008-03-19 21:12 <DIR> d-------- C:\WINDOWS\Sun
2008-03-19 12:01 . 2008-03-19 12:01 <DIR> d-------- C:\Documents and Settings\User\Application Data\Malwarebytes
2008-03-19 12:00 . 2008-03-19 12:45 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-03-19 12:00 . 2008-03-19 12:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-18 08:58 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-03-18 08:57 . 2008-03-18 08:58 <DIR> d-------- C:\Program Files\Java
2008-03-18 08:51 . 2008-03-18 08:51 <DIR> d-------- C:\Program Files\Common Files\Java
2008-03-16 10:52 . 2008-03-16 10:52 <DIR> d-------- C:\Documents and Settings\User\Application Data\Talkback
2008-03-11 18:53 . 2006-04-10 14:03 38,400 --a------ C:\WINDOWS\system32\hpz3l054.dll
2008-03-11 18:39 . 2008-03-11 18:47 128,670 --a------ C:\WINDOWS\hpoins11.dat
2008-03-06 15:14 . 2008-03-06 15:14 <DIR> d-------- C:\Documents and Settings\User\Application Data\Nero
2008-03-06 15:00 . 2008-03-06 15:00 <DIR> d-------- C:\Program Files\Nero
2008-03-06 15:00 . 2008-03-20 23:44 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-03-06 15:00 . 2008-03-20 23:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-03-04 12:29 . 2008-03-04 14:50 13,030 --a------ C:\PDOXUSRS.NET
2008-03-04 12:27 . 2008-03-04 12:27 <DIR> d-------- C:\Program Files\Common Files\Borland Shared
2008-03-04 12:27 . 2008-03-04 12:28 <DIR> d-------- C:\MapGuide
2008-03-04 12:27 . 2008-03-04 12:27 <DIR> d-------- C:\Documents and Settings\User\WINDOWS
2008-03-04 12:27 . 1999-03-23 09:12 299,520 --a------ C:\WINDOWS\uninst.exe
2008-03-01 13:23 . 2008-03-01 13:27 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2008-03-01 13:22 . 2008-03-01 13:22 <DIR> d-------- C:\Program Files\Betfair
2008-03-01 13:22 . 2008-03-01 13:22 <DIR> d-------- C:\Documents and Settings\User\Application Data\Betfair
2008-02-29 18:48 . 2008-02-29 18:48 19,552 --a------ C:\Documents and Settings\User\Application Data\GDIPFONTCACHEV1.DAT
2008-02-27 11:05 . 2008-02-27 11:05 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-02-27 11:02 . 2008-02-27 11:02 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-02-27 11:02 . 2008-02-27 11:03 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-02-26 16:56 . 2008-02-26 17:21 <DIR> d-------- C:\Documents and Settings\User\Application Data\HP
2008-02-26 16:30 . 2005-10-12 04:20 77,824 -ra------ C:\WINDOWS\system32\hpzids01.dll
2008-02-26 16:30 . 2006-07-03 11:54 38,400 --a------ C:\WINDOWS\system32\hpz3l4sa.dll
2008-02-26 16:25 . 2008-02-26 16:57 139,975 --a------ C:\WINDOWS\hpwins10.dat
2008-02-26 16:25 . 2006-12-11 08:28 771 --------- C:\WINDOWS\hpwmdl10.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-22 12:49 --------- d-----w C:\Program Files\ScanPro
2008-03-20 19:11 --------- d-----w C:\Program Files\PKR
2008-03-07 06:02 --------- d-----w C:\Program Files\Panda Security
2008-02-26 14:48 --------- d-----w C:\Program Files\HP
2008-02-15 14:44 --------- d-----w C:\Program Files\GeoValues
2008-02-14 15:05 --------- d-----w C:\Documents and Settings\User\Application Data\Saxo Bank
2008-02-14 14:58 --------- d-----w C:\Program Files\Saxo Bank
2008-02-14 06:22 --------- d-----w C:\Program Files\MSXML 4.0
2008-02-13 22:00 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-13 21:39 --------- d-----w C:\Documents and Settings\User\Application Data\InterTrust
2008-02-13 19:49 249,856 ------w C:\WINDOWS\Setup1.exe
2008-02-13 19:48 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-02-13 12:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2008-02-13 12:11 --------- d-----w C:\Program Files\Common Files\HP
2008-02-13 12:08 --------- d-----w C:\Program Files\Hewlett-Packard
2008-02-13 12:06 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard
2008-02-13 08:40 --------- d-----w C:\Program Files\Google
2008-02-12 19:02 --------- d-----w C:\Program Files\Common Files\Panda Software
2008-02-12 18:57 38,968 ----a-w C:\WINDOWS\system32\drivers\ShlDrv51.sys
2008-02-12 18:57 178,872 ----a-w C:\WINDOWS\system32\drivers\PavProc.sys
2008-02-12 16:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\sentinel
2008-02-12 16:23 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-12 16:17 --------- d-----w C:\Program Files\CONEXANT
2008-02-12 16:14 --------- d-----w C:\Program Files\Realtek
2008-02-12 16:14 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-12 16:04 --------- d-----w C:\Program Files\Intel
2008-02-12 15:55 --------- d-----w C:\Program Files\microsoft frontpage
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\Program Files\PKR ----

2008-03-22 08:29 782030243 --a------ C:\Program Files\PKR\cache\data.arc
2008-03-22 08:29 35 --a------ C:\Program Files\PKR\cache\data.arc.dat
2008-03-22 08:29 1822 --a------ C:\Program Files\PKR\preferences.xml
2008-03-22 08:29 126675 --a------ C:\Program Files\PKR\client_gamelog.txt
2008-03-22 08:29 1171456 --ahs---- C:\Program Files\PKR\cache\radial.cdb
2008-03-22 08:28 7552 --a------ C:\Program Files\PKR\pkr_log.log
2008-03-22 08:28 745 --a------ C:\Program Files\PKR\client_logfile.txt
2008-03-22 08:28 189 --a------ C:\Program Files\PKR\pkrpal_startup.xml
2008-03-22 08:28 1386 --a------ C:\Program Files\PKR\d3dcaps.txt
2008-03-22 08:28 0 --a------ C:\Program Files\PKR\webservercomms_logfile.txt
2008-03-22 08:28 0 --a------ C:\Program Files\PKR\profile_logfile.txt
2008-03-20 22:23 25309 --a------ C:\Program Files\PKR\handhistory\boubal\20080320\Tournament #4793458 Table #2.txt
2008-03-20 22:03 19960 --a------ C:\Program Files\PKR\handhistory\boubal\20080320\Tournament #4793458 Table #1.txt
2008-03-20 21:11 4944488 --a------ C:\Program Files\PKR\pokerapp.exe
2008-03-20 21:11 262144 --a------ C:\Program Files\PKR\crashreport.exe
2008-03-20 21:10 464 --a------ C:\Program Files\PKR\system-hashes.cache
2008-03-20 21:06 610 --a------ C:\Program Files\PKR\cache\deltacache\deltas.info
2008-03-20 21:06 2273896 --a------ C:\Program Files\PKR\pkrpal.exe
2008-03-20 21:05 2478696 --a------ C:\Program Files\PKR\pkr.exe
2008-03-15 20:51 37140 --a------ C:\Program Files\PKR\handhistory\boubal\20080315\Tournament #4710117 Table #9.txt
2008-03-15 20:04 22647 --a------ C:\Program Files\PKR\handhistory\boubal\20080315\STT #4734459.txt
2008-03-04 00:18 14449 --a------ C:\Program Files\PKR\handhistory\boubal\20080304\Kangaroo Island.txt
2008-03-04 00:00 92754 --a------ C:\Program Files\PKR\handhistory\boubal\20080303\Kangaroo Island.txt
2008-03-03 19:46 90271 --a------ C:\Program Files\PKR\handhistory\boubal\20080303\Tournament #4578141 Table #4.txt
2008-03-03 17:14 60729 --a------ C:\Program Files\PKR\handhistory\boubal\20080303\Cloud of Love 1.txt
2008-03-02 23:24 4028 --a------ C:\Program Files\PKR\handhistory\boubal\20080302\Crouching Tiger 2.txt
2008-03-02 23:16 37829 --a------ C:\Program Files\PKR\handhistory\boubal\20080302\Heroes & Villians 2.txt
2008-03-02 22:30 9620 --a------ C:\Program Files\PKR\handhistory\boubal\20080302\Tournament #4569521 Table #7.txt
2008-03-02 22:21 39900 --a------ C:\Program Files\PKR\handhistory\boubal\20080302\Tournament #4569521 Table #12.txt
2008-03-02 20:00 15874 --a------ C:\Program Files\PKR\handhistory\boubal\20080302\Rochelle.txt
2008-03-02 14:32 61412 --a------ C:\Program Files\PKR\pokerapp.zip.0001
2008-03-02 14:32 61412 --a------ C:\Program Files\PKR\pokerapp.zip
2008-03-02 14:32 299155 --a------ C:\Program Files\PKR\dxdiag.txt
2008-03-02 14:31 62432 --a------ C:\Program Files\PKR\CRASH.DMP
2008-03-02 14:31 43852 --a------ C:\Program Files\PKR\ERRORLOG.TXT
2008-03-02 14:31 27464 --a------ C:\Program Files\PKR\handhistory\boubal\20080302\Tournament #4575548 Table #2.txt
2008-03-02 14:31 177 --a------ C:\Program Files\PKR\REGISTRY.TXT
2008-03-01 11:20 43646 --a------ C:\Program Files\PKR\handhistory\boubal\20080301\Tournament #4560242 Table #2.txt
2008-03-01 10:45 15085 --a------ C:\Program Files\PKR\handhistory\boubal\20080301\Tournament #4560242 Table #4.txt
2008-02-28 23:04 8871 --a------ C:\Program Files\PKR\handhistory\boubal\20080228\STT #4547729.txt
2008-02-27 22:26 70166 --a------ C:\Program Files\PKR\handhistory\boubal\20080227\Tournament #4535806 Table #2.txt
2008-02-27 21:46 3638 --a------ C:\Program Files\PKR\handhistory\boubal\20080227\Tournament #4535806 Table #1.txt
2008-02-27 16:39 27884 --a------ C:\Program Files\PKR\handhistory\boubal\20080227\STT #4532695.txt
2008-02-25 23:15 26319 --a------ C:\Program Files\PKR\handhistory\boubal\20080225\Tournament #4515934 Table #2.txt
2008-02-25 12:38 38857 --a------ C:\Program Files\PKR\handhistory\boubal\20080225\St. Eustatius.txt
2008-02-25 12:03 31131 --a------ C:\Program Files\PKR\handhistory\boubal\20080225\STT #4509646.txt
2008-02-25 00:37 2851 --a------ C:\Program Files\PKR\handhistory\boubal\20080225\Tournament #4494392 Table #14.txt
2008-02-25 00:34 25252 --a------ C:\Program Files\PKR\handhistory\boubal\20080225\Tournament #4494392 Table #11.txt
2008-02-23 23:08 18570 --a------ C:\Program Files\PKR\handhistory\boubal\20080223\STT #4493318.txt
2008-02-23 01:12 11362 --a------ C:\Program Files\PKR\handhistory\boubal\20080223\Airlie Beach 1.txt
2008-02-23 00:48 13248 --a------ C:\Program Files\PKR\handhistory\boubal\20080223\Tournament #4482667 Table #2.txt
2008-02-23 00:00 3656 --a------ C:\Program Files\PKR\handhistory\boubal\20080222\Tournament #4482667 Table #2.txt
2008-02-22 23:38 16135 --a------ C:\Program Files\PKR\handhistory\boubal\20080222\Airlie Beach 1.txt
2008-02-22 23:19 54383 --a------ C:\Program Files\PKR\handhistory\boubal\20080222\STT #4481671.txt
2008-02-18 22:34 12864 --a------ C:\Program Files\PKR\handhistory\boubal\20080218\STT #4437756.txt
2008-02-18 21:43 15545 --a------ C:\Program Files\PKR\handhistory\boubal\20080218\STT #4437277.txt
2008-02-18 21:26 72614 --a------ C:\Program Files\PKR\handhistory\boubal\20080218\STT #4436386.txt
2008-02-18 14:55 29691 --a------ C:\Program Files\PKR\handhistory\boubal\20080218\Airlie Beach 2.txt
2008-02-18 12:45 28012 --a------ C:\Program Files\PKR\handhistory\boubal\20080218\STT #4432264.txt
2008-02-18 12:13 33591 --a------ C:\Program Files\PKR\handhistory\boubal\20080218\STT #4431885.txt
2008-02-18 11:28 9656 --a------ C:\Program Files\PKR\handhistory\boubal\20080218\Dokos.txt
2008-02-18 00:13 21751 --a------ C:\Program Files\PKR\handhistory\boubal\20080218\Tournament #4427443 Table #2.txt
2008-02-18 00:00 26746 --a------ C:\Program Files\PKR\handhistory\boubal\20080217\Tournament #4427443 Table #2.txt
2008-02-17 23:34 50691 --a------ C:\Program Files\PKR\handhistory\boubal\20080217\Tournament #4427443 Table #1.txt
2008-02-17 21:47 49985 --a------ C:\Program Files\PKR\handhistory\boubal\20080217\STT #4426103.txt
2008-02-17 20:31 8837 --a------ C:\Program Files\PKR\handhistory\boubal\20080217\Hapuna Beach.txt
2008-02-17 10:10 21994 --a------ C:\Program Files\PKR\handhistory\boubal\20080217\STT #4419933.txt
2008-02-16 23:03 6350 --a------ C:\Program Files\PKR\handhistory\boubal\20080216\Tournament #4415203 Table #4.txt
2008-02-16 22:57 17932 --a------ C:\Program Files\PKR\handhistory\boubal\20080216\Tournament #4415203 Table #1.txt
2008-02-16 22:07 39506 --a------ C:\Program Files\PKR\handhistory\boubal\20080216\Arctic Barrel.txt
2008-02-16 22:00 7609 --a------ C:\Program Files\PKR\handhistory\boubal\20080216\Tournament #4406354 Table #1.txt
2008-02-16 01:39 35271 --a------ C:\Program Files\PKR\handhistory\boubal\20080216\Tournament #4404910 Table #6.txt
2008-02-15 23:44 40300 --a------ C:\Program Files\PKR\handhistory\boubal\20080215\Tournament #4403251 Table #2.txt
2008-02-15 23:05 6021 --a------ C:\Program Files\PKR\handhistory\boubal\20080215\Tournament #4403083 Table #5.txt
2008-02-15 22:58 1617 --a------ C:\Program Files\PKR\handhistory\boubal\20080215\STT #4403487.txt
2008-02-14 20:12 25155 --a------ C:\Program Files\PKR\handhistory\boubal\20080214\STT #4390429.txt
2008-02-14 10:31 21226 --a------ C:\Program Files\PKR\handhistory\boubal\20080214\STT #4386395.txt
2008-02-13 03:44 79360 --a------ C:\Program Files\PKR\miles\msssoft.m3d
2008-02-13 03:44 72704 --a------ C:\Program Files\PKR\miles\mssa3d.m3d
2008-02-13 03:44 65536 --a------ C:\Program Files\PKR\miles\mssdx7.m3d
2008-02-13 03:44 596480 --a------ C:\Program Files\PKR\granny2.dll
2008-02-13 03:44 56320 --a------ C:\Program Files\PKR\miles\mssds3d.m3d
2008-02-13 03:44 388096 --a------ C:\Program Files\PKR\mss32.dll
2008-02-13 03:44 372224 --a------ C:\Program Files\PKR\miles\mssrsx.m3d
2008-02-13 03:44 2297552 --a------ C:\Program Files\PKR\d3dx9_26.dll
2008-02-13 03:44 215040 --a------ C:\Program Files\PKR\miles\mssvoice.asi
2008-02-13 03:44 200704 --a------ C:\Program Files\PKR\ssleay32.dll
2008-02-13 03:44 150016 --a------ C:\Program Files\PKR\miles\mssmp3.asi
2008-02-13 03:44 143872 --a------ C:\Program Files\PKR\miles\msseax.m3d
2008-02-13 03:44 108544 --a------ C:\Program Files\PKR\miles\mssdsp.flt
2008-02-13 03:44 1069056 --a------ C:\Program Files\PKR\libeay32.dll
2008-02-13 03:05 205 --a------ C:\Program Files\PKR\pkrpal.xml
2008-02-13 02:35 81606 --a------ C:\Program Files\PKR\uninstall-pkr.exe
2007-12-20 13:21 22486 --a------ C:\Program Files\PKR\PKR.ico

---- Directory of C:\Program Files\ScanPro ----

2008-03-21 09:59 62492672 --a------ C:\Program Files\ScanPro\Archive_tn.mdb
2008-03-21 09:59 432447488 --a------ C:\Program Files\ScanPro\Archive_xe.mdb
2008-03-17 19:03 184664064 --a------ C:\Program Files\ScanPro\Archive_ka.mdb
2008-02-13 21:49 6853 --a------ C:\Program Files\ScanPro\ST6UNST.LOG
2007-05-22 10:25 860160 --a------ C:\Program Files\ScanPro\ScanPro.exe

((((((((((((((((((((((((((((( snapshot@2008-03-19_22.02.18.14 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-03-22 17:39:11 19,230 ----a-r C:\WINDOWS\Installer\{7136FE70-D1A9-42A5-9BBD-87C440701D9F}\ARPPRODUCTICON.exe
+ 2006-12-28 14:13:52 516,832 ----a-w C:\WINDOWS\system32\capicom.dll
+ 2006-10-30 08:30:30 10,032 ----a-w C:\WINDOWS\system32\drivers\SBTEDrv.sys
+ 2005-11-02 08:39:14 131,072 ----a-w C:\WINDOWS\system32\MD5.dll
+ 2005-11-02 08:39:16 24,924 ----a-w C:\WINDOWS\system32\openports.dll
+ 2003-02-21 05:16:08 49,152 ----a-w C:\WINDOWS\system32\REGTLIB.EXE
+ 2007-08-27 08:26:10 27,120 ----a-w C:\WINDOWS\system32\SBBD.exe
+ 2005-11-02 08:39:16 40,960 ----a-w C:\WINDOWS\system32\SDelete.dll
+ 2006-06-22 12:40:28 493,400 ----a-w C:\WINDOWS\system32\XceedZip.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-02-13 10:40 171448]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2006-03-02 14:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"RTHDCPL"="RTHDCPL.EXE" [2006-02-10 12:25 15969280 C:\WINDOWS\RTHDCPL.exe]
"CIR"="C:\WINDOWS\system32\drivers\CIR.exe" [2006-03-08 10:53 36864]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"SBCSTray"="C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe" [2007-12-21 15:30 698864]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360]

C:\Documents and Settings\All Users\Start Menu\¨¦š¨α££˜«˜\„΅΅ε¤ž©ž\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22 288472]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 12:01:04 83360]
‚¨γš¦¨ž œ΅΅ε¤ž©ž HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 19:50:52 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 2007-02-15 20:02 50736 C:\WINDOWS\system32\avldr.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 O2MDRDR;O2MDRDR;C:\WINDOWS\system32\DRIVERS\o2media.sys [2005-08-05 04:51]
R0 SBHR;SBHR;C:\WINDOWS\system32\drivers\sbhr.sys [2008-03-22 19:40]
R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\DRIVERS\ShlDrv51.sys [2008-02-12 20:57]
R2 MTC0301_CIR;CIR Device;C:\WINDOWS\system32\drivers\CIR.sys [2004-11-26 08:41]
R2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys [2008-02-12 20:57]
R3 SBAPIFS;SBAPIFS;C:\WINDOWS\system32\drivers\sbapifs.sys []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

*Newly Created Service* - CATCHME
*Newly Created Service* - SBAPIFS
.
Contents of the 'Scheduled Tasks' folder
"2008-12-23 05:50:32 C:\WINDOWS\Tasks\User_Feed_Synchronization-{1DE4FEF4-9E98-4668-A106-B689A4205B2D}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-23 11:10:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-23 11:10:38
ComboFix-quarantined-files.txt 2008-03-23 09:10:30
ComboFix2.txt 2008-03-23 00:03:29
ComboFix3.txt 2008-03-21 21:47:47
ComboFix4.txt 2008-03-21 21:28:38
ComboFix5.txt 2008-03-20 17:35:42
.
2008-03-12 01:02:09 --- E O F ---

boubal · 23-Mar-2008, 05:23 AM **#19**

yesterday night i rerun counterspy and i have some virus-programs on quarantine!

Scan History Details
Start Date: 23/3/2008 2:06:58 πμ
End Date: 23/3/2008 2:38:25 πμ
Total Time: 31 Min 27 Sec
Detected security risks

KaZaA P2P Program more information...
Details: KaZaA is a peer-to-peer (P2P) application that allows its users to join together in a network via the Internet and share files from each other's hard drives.
Status: Ignored

Registry entries detected
HKEY_USERS\S-1-5-21-1801674531-688789844-839522115-1004\SOFTWARE\KAZAA
HKEY_USERS\S-1-5-21-1801674531-688789844-839522115-1004\SOFTWARE\KAZAA\LocalContent

Bifrost Backdoor more information...
Details: Bifrost is an advanced remote administration tool that allows users to remotely control computers that are behind firewalls and routers.
Status: Quarantined

Registry entries detected
HKEY_USERS\S-1-5-21-1801674531-688789844-839522115-1004\SOFTWARE\WGET

Cookie: Tracking Cookies Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\documents and settings\user\cookies\user@amazon[2].txt
c:\documents and settings\user\cookies\user@dealtime[1].txt

Trojan-Dropper.Gen Trojan Downloader more information...
Status: Quarantined

Files detected
C:\Program Files\tmp10362437.exe
C:\Program Files\tmp114421.exe
C:\Program Files\tmp122500.exe
C:\Program Files\tmp13941125.exe
C:\Program Files\tmp1917234.exe
C:\Program Files\tmp1926593.exe
C:\Program Files\tmp222250.exe
C:\Program Files\tmp228687.exe
C:\Program Files\tmp2985296.exe
C:\Program Files\tmp2986984.exe
C:\Program Files\tmp512453.exe
C:\Program Files\tmp514468.exe
C:\Program Files\tmp9188625.exe

Ultimate SecuritySuite Rogue Security Program more information...
Status: Quarantined

Files detected
C:\PROGRAM FILES\SYSCLEANER

Trojan.Adloader.JC Trojan Downloader more information...
Status: Quarantined

Files detected
C:\QooBox\Quarantine\C\Program Files\ucleaner_setup.exe.vir

**dvk01** · 23-Mar-2008, 07:04 AM **#20**

lets see if we can get copies this way

Download suspicious file packer from http://www.safer-networking.org/en/tools/index.html (direct download http://www.safer-networking.org/files/sfp.zip )

Unzip it to desktop, open it & paste in the list of files below, press next & it will create an archive (zip/cab file) on desktop

please upload that to http://www.thespykiller.co.uk/index.php?board=1.0 so we can examine the files

Just press new topic, fill in the needed details and just give a link to your post here & then press the browse button and then navigate to & select the files on your computer, When the file is listed in the windows press send to upload the file

C:\WINDOWS\system32\drivers\CIR.exe
C:\WINDOWS\system32\drivers\CIR.sys
C:\WINDOWS\Installer\{6a1a232c-a016-4822-b02b-130a777623af}\CDSetup.dll
C:\WINDOWS\Installer\{1389a805-9969-4f6b-a689-405e18f8c01b}\DrvKernel.dll

boubal · 23-Mar-2008, 11:53 AM **#21**

Thank you again Derek!!! worked fine now!

I just uploaded the zip file at spykiller!

**dvk01** · 23-Mar-2008, 03:02 PM **#22**

I am getting the files examined to see what they a re & whether connected or not

boubal · 04:53 AM

Ok I wait for any further instructions!!!

**dvk01** · 27-Mar-2008, 03:56 PM **#24**

the cir files have come back as OK

how are thungs now

* Run Kaspersky online virus scan Kaspersky Online Scanner.

After the updates have downloaded, click on the "Scan Settings" button.
Choose the "Extended database" for the scan.
Under "Please select a target to scan", click "My Computer".
When the scan is finished, Save the results from the scan!

Note: You have to use Internet Explorer to do the online scan.

Post a new HiJackThis log along with the results from Kaspersky scan

Note: Kavscan is a scanner only & won't fix anything but will normally find the most infected files so it's report gives us a good place to work from

You must use IE for the scan to work

boubal · 01-Apr-2008, 04:49 AM **#25**

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, April 01, 2008 11:45:35 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 1/04/2008
Kaspersky Anti-Virus database records: 675408
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 58829
Number of viruses found: 7
Number of infected objects: 109
Number of suspicious objects: 0
Duration of the scan process: 00:51:40

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Nero\Nero8\Nero BackItUp\Cache\NeroBackItUpScheduler3.log Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\User\catchme.zip/DrvKernel.dll Infected: Trojan.Win32.Agent.feh skipped
C:\Documents and Settings\User\catchme.zip/CDSetup.dll Infected: Trojan.Win32.Agent.feh skipped
C:\Documents and Settings\User\catchme.zip/tmp114421.exe.vir Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Documents and Settings\User\catchme.zip ZIP: infected - 3 skipped
C:\Documents and Settings\User\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\User\Local Settings\Application Data\Ahead\Nero Home\bl.db Object is locked skipped
C:\Documents and Settings\User\Local Settings\Application Data\Ahead\Nero Home\is2.db Object is locked skipped
C:\Documents and Settings\User\Local Settings\Application Data\ApplicationHistory\hpqgalry.exe.cf8dd223.ini.inuse Object is locked skipped
C:\Documents and Settings\User\Local Settings\Application Data\HP\Digital Imaging\db\administrativeInfo.dbf Object is locked skipped
C:\Documents and Settings\User\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.cdx Object is locked skipped
C:\Documents and Settings\User\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.dbf Object is locked skipped
C:\Documents and Settings\User\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.cdx Object is locked skipped
C:\Documents and Settings\User\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.dbf Object is locked skipped
C:\Documents and Settings\User\Local Settings\Application Data\HP\Digital Imaging\db\CB_Server_Errors.txt Object is locked skipped
C:\Documents and Settings\User\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.cdx Object is locked skipped
C:\Documents and Settings\User\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.dbf Object is locked skipped
C:\Documents and Settings\User\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.cdx Object is locked skipped
C:\Documents and Settings\User\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.dbf Object is locked skipped
C:\Documents and Settings\User\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.fpt Object is locked skipped
C:\Documents and Settings\User\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.cdx Object is locked skipped
C:\Documents and Settings\User\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.dbf Object is locked skipped
C:\Documents and Settings\User\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.cdx Object is locked skipped
C:\Documents and Settings\User\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.dbf Object is locked skipped
C:\Documents and Settings\User\Local Settings\Application Data\HP\Digital Imaging\db\managedFolderTable.dbf Object is locked skipped
C:\Documents and Settings\User\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.cdx Object is locked skipped
C:\Documents and Settings\User\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.dbf Object is locked skipped
C:\Documents and Settings\User\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.cdx Object is locked skipped
C:\Documents and Settings\User\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.dbf Object is locked skipped
C:\Documents and Settings\User\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.cdx Object is locked skipped
C:\Documents and Settings\User\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.dbf Object is locked skipped
C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\User\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\User\Local Settings\History\History.IE5\MSHist012008033020080331\index.dat Object is locked skipped
C:\Documents and Settings\User\Local Settings\History\History.IE5\MSHist012008033120080401\index.dat Object is locked skipped
C:\Documents and Settings\User\Local Settings\History\History.IE5\MSHist012008040120080402\index.dat Object is locked skipped
C:\Documents and Settings\User\Local Settings\Temp\hpodvd09.log Object is locked skipped
C:\Documents and Settings\User\Local Settings\Temp\~DF2EFD.tmp Object is locked skipped
C:\Documents and Settings\User\Local Settings\Temporary Internet files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\User\Local Settings\Temporary Internet files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\User\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\User\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\WindowsLiveInstaller\Logs\2008-03-31_20-49_10fc.log Object is locked skipped
C:\Program Files\Nero\Nero8\Nero BackItUp\BIU1.txt Object is locked skipped
C:\Program Files\Panda Security\Panda Antivirus 2008\cace2423dfb97c58fe7dd9f120557063PSK_NAMES Object is locked skipped
C:\Program Files\Panda Security\Panda Antivirus 2008\cace2423dfb97c58fe7dd9f120557063PSK_NAMES2 Object is locked skipped
C:\Program Files\tmp22648875.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\Program Files\tmp22654156.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\QooBox\Quarantine\C\Program Files\tmp183437.exe.vir Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\QooBox\Quarantine\C\Program Files\tmp183484.exe.vir Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\QooBox\Quarantine\C\Program Files\tmp185578.exe.vir Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\QooBox\Quarantine\C\Program Files\tmp21163343.exe.vir Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\adpnldpu.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ajwsxeth.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\dnefijmd.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\fglibnrh.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\fkgxttyf.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ibklpejf.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\lernbwrl.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\medmfxgi.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\mmfkrhue.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\penuhmje.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\pluadxqg.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ppswftba.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\qedfgbyi.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\qujtcnor.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\sppfrhec.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\txycwgat.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\txyliden.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\uwshovca.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\xjpgyxhv.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ywdocydo.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{8802BBEB-56D1-4D1F-99C0-8FDEDEA9E916}\RP40\A0012781.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{8802BBEB-56D1-4D1F-99C0-8FDEDEA9E916}\RP40\A0012782.exe/Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
C:\System Volume Information\_restore{8802BBEB-56D1-4D1F-99C0-8FDEDEA9E916}\RP40\A0012782.exe 7-Zip: infected - 1 skipped
C:\System Volume Information\_restore{8802BBEB-56D1-4D1F-99C0-8FDEDEA9E916}\RP41\A0014718.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{8802BBEB-56D1-4D1F-99C0-8FDEDEA9E916}\RP43\A0014753.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{8802BBEB-56D1-4D1F-99C0-8FDEDEA9E916}\RP43\A0014754.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{8802BBEB-56D1-4D1F-99C0-8FDEDEA9E916}\RP44\A0015769.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{8802BBEB-56D1-4D1F-99C0-8FDEDEA9E916}\RP46\A0016833.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{8802BBEB-56D1-4D1F-99C0-8FDEDEA9E916}\RP47\A0016898.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{8802BBEB-56D1-4D1F-99C0-8FDEDEA9E916}\RP47\A0016909.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{8802BBEB-56D1-4D1F-99C0-8FDEDEA9E916}\RP48\A0017960.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{8802BBEB-56D1-4D1F-99C0-8FDEDEA9E916}\RP49\A0019075.exe Infected: not-a-virus

ownloader.Win32.UltimateFix.h skipped
C:\System Volume Information\_restore{8802BBEB-56D1-4D1F-99C0-8FDEDEA9E916}\RP49\A0019080.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{8802BBEB-56D1-4D1F-99C0-8FDEDEA9E916}\RP51\A0020122.exe Infected: not-a-virus

ownloader.Win32.UltimateFix.h skipped
C:\System Volume Information\_restore{8802BBEB-56D1-4D1F-99C0-8FDEDEA9E916}\RP52\A0021163.exe Infected: not-a-virus

ownloader.Win32.UltimateFix.h skipped
C:\System Volume Information\_restore{8802BBEB-56D1-4D1F-99C0-8FDEDEA9E916}\RP53\A0021263.exe Infected: not-a-virus

ownloader.Win32.UltimateFix.h skipped
C:\System Volume Information\_restore{8802BBEB-56D1-4D1F-99C0-8FDEDEA9E916}\RP53\A0022245.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{8802BBEB-56D1-4D1F-99C0-8FDEDEA9E916}\RP54\A0023335.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{8802BBEB-56D1-4D1F-99C0-8FDEDEA9E916}\RP54\A0023336.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{8802BBEB-56D1-4D1F-99C0-8FDEDEA9E916}\RP54\A0023337.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{8802BBEB-56D1-4D1F-99C0-8FDEDEA9E916}\RP55\A0023389.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{8802BBEB-56D1-4D1F-99C0-8FDEDEA9E916}\RP55\A0023390.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{8802BBEB-56D1-4D1F-99C0-8FDEDEA9E916}\RP55\A0023392.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{8802BBEB-56D1-4D1F-99C0-8FDEDEA9E916}\RP55\A0023393.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{8802BBEB-56D1-4D1F-99C0-8FDEDEA9E916}\RP55\A0023394.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{8802BBEB-56D1-4D1F-99C0-8FDEDEA9E916}\RP55\A0023396.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{8802BBEB-56D1-4D1F-99C0-8FDEDEA9E916}\RP55\A0023399.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{8802BBEB-56D1-4D1F-99C0-8FDEDEA9E916}\RP55\A0023400.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{8802BBEB-56D1-4D1F-99C0-8FDEDEA9E916}\RP55\A0023401.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{8802BBEB-56D1-4D1F-99C0-8FDEDEA9E916}\RP55\A0023402.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{8802BBEB-56D1-4D1F-99C0-8FDEDEA9E916}\RP55\A0023403.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{8802BBEB-56D1-4D1F-99C0-8FDEDEA9E916}\RP55\A0023404.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{8802BBEB-56D1-4D1F-99C0-8FDEDEA9E916}\RP55\A0023405.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{8802BBEB-56D1-4D1F-99C0-8FDEDEA9E916}\RP55\A0023406.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{8802BBEB-56D1-4D1F-99C0-8FDEDEA9E916}\RP55\A0023407.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{8802BBEB-56D1-4D1F-99C0-8FDEDEA9E916}\RP55\A0023408.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{8802BBEB-56D1-4D1F-99C0-8FDEDEA9E916}\RP55\A0023409.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{8802BBEB-56D1-4D1F-99C0-8FDEDEA9E916}\RP55\A0023410.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{8802BBEB-56D1-4D1F-99C0-8FDEDEA9E916}\RP55\A0023413.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{8802BBEB-56D1-4D1F-99C0-8FDEDEA9E916}\RP55\A0023414.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{8802BBEB-56D1-4D1F-99C0-8FDEDEA9E916}\RP55\A0023435.dll Infected: Trojan-Clicker.Win32.Agent.xs skipped
C:\System Volume Information\_restore{8802BBEB-56D1-4D1F-99C0-8FDEDEA9E916}\RP55\A0024425.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{8802BBEB-56D1-4D1F-99C0-8FDEDEA9E916}\RP55\A0024426.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{8802BBEB-56D1-4D1F-99C0-8FDEDEA9E916}\RP55\A0024427.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{8802BBEB-56D1-4D1F-99C0-8FDEDEA9E916}\RP55\A0024428.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{8802BBEB-56D1-4D1F-99C0-8FDEDEA9E916}\RP55\A0024429.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{8802BBEB-56D1-4D1F-99C0-8FDEDEA9E916}\RP57\A0024545.dll Infected: Trojan-Clicker.Win32.Agent.xs skipped
C:\System Volume Information\_restore{8802BBEB-56D1-4D1F-99C0-8FDEDEA9E916}\RP58\A0024881.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{8802BBEB-56D1-4D1F-99C0-8FDEDEA9E916}\RP58\A0024882.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{8802BBEB-56D1-4D1F-99C0-8FDEDEA9E916}\RP58\A0024883.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{8802BBEB-56D1-4D1F-99C0-8FDEDEA9E916}\RP58\A0025064.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{8802BBEB-56D1-4D1F-99C0-8FDEDEA9E916}\RP58\A0025065.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{8802BBEB-56D1-4D1F-99C0-8FDEDEA9E916}\RP59\A0026126.exe Infected: not-a-virus

ownloader.Win32.UltimateFix.h skipped
C:\System Volume Information\_restore{8802BBEB-56D1-4D1F-99C0-8FDEDEA9E916}\RP60\A0027109.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{8802BBEB-56D1-4D1F-99C0-8FDEDEA9E916}\RP60\A0027121.dll Infected: Trojan-Clicker.Win32.Agent.xs skipped
C:\System Volume Information\_restore{8802BBEB-56D1-4D1F-99C0-8FDEDEA9E916}\RP60\A0027125.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{8802BBEB-56D1-4D1F-99C0-8FDEDEA9E916}\RP60\A0027126.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{8802BBEB-56D1-4D1F-99C0-8FDEDEA9E916}\RP60\A0027127.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{8802BBEB-56D1-4D1F-99C0-8FDEDEA9E916}\RP60\A0027141.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{8802BBEB-56D1-4D1F-99C0-8FDEDEA9E916}\RP63\A0027202.dll Infected: Trojan.Win32.Agent.feh skipped
C:\System Volume Information\_restore{8802BBEB-56D1-4D1F-99C0-8FDEDEA9E916}\RP63\A0027203.dll Infected: Trojan.Win32.Agent.feh skipped
C:\System Volume Information\_restore{8802BBEB-56D1-4D1F-99C0-8FDEDEA9E916}\RP64\A0027249.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{8802BBEB-56D1-4D1F-99C0-8FDEDEA9E916}\RP64\A0027250.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{8802BBEB-56D1-4D1F-99C0-8FDEDEA9E916}\RP64\A0027251.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{8802BBEB-56D1-4D1F-99C0-8FDEDEA9E916}\RP64\A0027252.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{8802BBEB-56D1-4D1F-99C0-8FDEDEA9E916}\RP64\A0027253.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{8802BBEB-56D1-4D1F-99C0-8FDEDEA9E916}\RP64\A0027254.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{8802BBEB-56D1-4D1F-99C0-8FDEDEA9E916}\RP64\A0027255.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{8802BBEB-56D1-4D1F-99C0-8FDEDEA9E916}\RP64\A0027256.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{8802BBEB-56D1-4D1F-99C0-8FDEDEA9E916}\RP64\A0027257.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{8802BBEB-56D1-4D1F-99C0-8FDEDEA9E916}\RP64\A0027258.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{8802BBEB-56D1-4D1F-99C0-8FDEDEA9E916}\RP64\A0027259.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{8802BBEB-56D1-4D1F-99C0-8FDEDEA9E916}\RP64\A0027260.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{8802BBEB-56D1-4D1F-99C0-8FDEDEA9E916}\RP64\A0027261.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{8802BBEB-56D1-4D1F-99C0-8FDEDEA9E916}\RP65\A0027276.dll Infected: Trojan-Clicker.Win32.Agent.xs skipped
C:\System Volume Information\_restore{8802BBEB-56D1-4D1F-99C0-8FDEDEA9E916}\RP65\A0027277.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{8802BBEB-56D1-4D1F-99C0-8FDEDEA9E916}\RP65\A0027278.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{8802BBEB-56D1-4D1F-99C0-8FDEDEA9E916}\RP65\A0027279.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{8802BBEB-56D1-4D1F-99C0-8FDEDEA9E916}\RP65\A0027280.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{8802BBEB-56D1-4D1F-99C0-8FDEDEA9E916}\RP75\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
------------------------------------------------------------------

boubal · 01-Apr-2008, 04:50 AM **#26**

Logfile of HijackThis v1.99.1
Scan saved at 11:46:30 πμ, on 1/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\drivers\CIR.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\ApvxdWin.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\WebProxy.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
C:\Program Files\Windows Live\installer\WLSetupSvc.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
C:\Documents and Settings\User\Επιφάνεια εργασίας\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Συνδέσεις
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Βοηθός εισόδου του Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [CIR] C:\WINDOWS\system32\drivers\CIR.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Γρήγορη εκκίνηση HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: Ε&ξαγωγή στο Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Προσθήκη στο ιστολόγιο - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Προσθήκη στο ιστολόγιο στο Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00000005-0007-0000-0000-100011000004} - http://c.imputati.com/l/f2969f018f0f...af1bc43_35.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/cabs/ascstubie.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe