Solved Mozilla's homepage: http://www.search.starburnsoftware.com/#

Status
Not open for further replies.
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.05.12

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
lili :: LILIA [administrator]

10/06/2012 7:08:15 AM
mbam-log-2012-10-06 (07-08-15). txt

Scan type: Quick Scan
Scanning options enabled: Memory | Startup | Registry | File System | Heuristic method / Extra | Heuristic method / Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 185629
Time elapsed: 3 minute (s), 7 second (s)

Memory Processes detected: 0
(No malicious items detected)

Evidence was found in memory: 0
(No malicious items detected)

Found keys in the registry: 0
(No malicious items detected)

Identified Registry Values​​: 0
(No malicious items detected)

Identified Registry Data Items: 0
(No malicious items detected)

Identified Folders: 0
(No malicious items detected)

Files found: 0
(No malicious items detected)

(end)
 
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-10-06 11:51:04
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T1L0-10 WDC_WD2500KS-00MJB0 rev.02.01C03
Running: kenvh40b.exe; Driver: C:\DOCUME~1\lili\LOCALS~1\Temp\uxtdapod.sys


---- System - GMER 1.0.15 ----

SSDT 85557C90 ZwAssignProcessToJobObject
SSDT 85558200 ZwDebugActiveProcess
SSDT 855582F0 ZwDuplicateObject
SSDT 85557590 ZwOpenProcess
SSDT 85557800 ZwOpenThread
SSDT 85557FD0 ZwProtectVirtualMemory
SSDT 855580E0 ZwQueueApcThread
SSDT 85557EC0 ZwSetContextThread
SSDT 85557D90 ZwSetInformationThread
SSDT 85554DA0 ZwSetSecurityObject
SSDT 85557B90 ZwSuspendProcess
SSDT 85557A80 ZwSuspendThread
SSDT 855576E0 ZwTerminateProcess
SSDT 85557A50 ZwTerminateThread
SSDT 855586D0 ZwWriteVirtualMemory

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[2044] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 00]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\xa0\3Α\3Ώ\3Γ\3\xb1\3Α\3Ό\3Ώ\3\xb3\3\xad\3\xb1\3Β\3 \0\x384\3Ή\3Ί\3Δ\3Ν\3Ώ\3Ε\3 \0001\0003\09\0004 1?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\x2018\3Γ\3Ν\3\xb3\3Η\3Α\3Ώ\3\xbd\3Ώ\3Β\3 \0ΐ\3Α\3Ώ\3Γ\3\xb1\3Α\3Ό\3Ώ\3\xb3\3\xad\3\xb1\3Β\3 \0R\0A\0S 1?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\x2018\3ΐ\3µ\3Ε\3Έ\3µ\3\x2015\3\xb1\3Β\3 \0ΐ\3\xb1\3Α\3\xac\3\xbb\3\xbb\3\xb7\3\xbb\3\xb7\3 1?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\xa0\3\xb1\3Ί\3\xad\3Δ\3Ώ\3 \0Η\3Α\3Ώ\3\xbd\3Ώ\3\x384\3Ή\3\xb1\3\xb3\3Α\3\xac\3Ό\3Ό\3\xb1\3Δ\3Ώ\3Β\3 \0M\0i\0n\0i\0p\0o\0r\0t 1?2?
Reg HKLM\SYSTEM\ControlSet003\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\xa0\3Α\3Ώ\3Γ\3\xb1\3Α\3Ό\3Ώ\3\xb3\3\xad\3\xb1\3Β\3 \0\x384\3Ή\3Ί\3Δ\3Ν\3Ώ\3Ε\3 \0001\0003\09\0004 1?
Reg HKLM\SYSTEM\ControlSet003\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\x2018\3Γ\3Ν\3\xb3\3Η\3Α\3Ώ\3\xbd\3Ώ\3Β\3 \0ΐ\3Α\3Ώ\3Γ\3\xb1\3Α\3Ό\3Ώ\3\xb3\3\xad\3\xb1\3Β\3 \0R\0A\0S 1?
Reg HKLM\SYSTEM\ControlSet003\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\x2018\3ΐ\3µ\3Ε\3Έ\3µ\3\x2015\3\xb1\3Β\3 \0ΐ\3\xb1\3Α\3\xac\3\xbb\3\xbb\3\xb7\3\xbb\3\xb7\3 1?
Reg HKLM\SYSTEM\ControlSet003\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\xa0\3\xb1\3Ί\3\xad\3Δ\3Ώ\3 \0Η\3Α\3Ώ\3\xbd\3Ώ\3\x384\3Ή\3\xb1\3\xb3\3Α\3\xac\3Ό\3Ό\3\xb1\3Δ\3Ώ\3Β\3 \0M\0i\0n\0i\0p\0o\0r\0t 1?2?
Reg HKLM\SOFTWARE\Classes\CLSID\{1b41de48-c606-4a9d-a1c5-94423f4ddb5a}@Model 221
Reg HKLM\SOFTWARE\Classes\CLSID\{1b41de48-c606-4a9d-a1c5-94423f4ddb5a}@Therad 30
Reg HKLM\SOFTWARE\Classes\CLSID\{1b41de48-c606-4a9d-a1c5-94423f4ddb5a}@MData 0x2B 0x8F 0x78 0x29 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}@scansk 0x71 0xDE 0x50 0xE5 ...

---- EOF - GMER 1.0.15 ----
 
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_35
Run by lili at 11:52:53 on 2012-10-06
Microsoft Windows XP Home Edition 5.1.2600.3.1253.30.1032.18.988.554 [GMT 3:00]
.
AV: ESET Smart Security 4.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *Disabled*
FW: AVG Firewall *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\YoutubeDownloader.org\YoutubeDownloader\YoutubeDownloader Updater.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.smartwebsearch.net/index.php?from=3
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED
uRun: [NTServiceManager] c:\program files\youtubedownloader.org\youtubedownloader\YoutubeDownloader Updater.exe
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AlcWzrd] ALCWZRD.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: Free YouTube to Mp3 Converter - c:\documents and settings\lili\application data\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1349489967296
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\lili\application data\mozilla\firefox\profiles\t20h67g7.default\
FF - prefs.js: browser.search.selectedEngine - GoogleFeed.net
FF - prefs.js: browser.startup.homepage - hxxp://www.smartwebsearch.net/index.php?from=3
FF - prefs.js: keyword.URL - hxxp://smartwebsearch.net/results.php?q=
FF - plugin: c:\documents and settings\lili\application data\mozilla\plugins\np-mswmp.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_265.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
============= SERVICES / DRIVERS ===============
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-2-9 218688]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-11-16 108792]
R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2009-11-16 735960]
R2 GEST Service;GEST Service for program management.;c:\program files\gigabyte\energysaver\GSvr.exe [2010-6-20 80392]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2012-8-13 3064000]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2010-6-20 108032]
S2 dvspr;Server Config;c:\windows\system32\svchost.exe -k netsvcs [2006-3-2 14336]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-28 136176]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-5-9 250288]
S3 esgiguard;esgiguard;\??\c:\program files\enigma software group\spyhunter\esgiguard.sys --> c:\program files\enigma software group\spyhunter\esgiguard.sys [?]
S3 gupdatem;Υπηρεσία Google Update (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-7-28 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-8-9 114144]
.
=============== Created Last 30 ================
.
2012-10-06 03:45:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-06 03:45:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-10-06 02:09:51 -------- d-sha-r- C:\cmdcons
2012-10-06 01:22:44 -------- d-----w- c:\documents and settings\lili\application data\Malwarebytes
2012-10-06 01:21:56 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-10-05 23:11:15 -------- d-----w- c:\program files\Trend Micro
2012-10-05 23:04:41 -------- d-----w- c:\documents and settings\lili\application data\LavasoftStatistics
2012-10-05 23:04:15 -------- d-----w- c:\documents and settings\lili\application data\Ad-Aware Antivirus
2012-10-05 22:42:16 -------- d-----w- c:\program files\Enigma Software Group
2012-10-05 22:41:56 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2012-09-09 08:02:27 73696 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll
.
==================== Find3M ====================
.
2012-10-06 04:01:29 16608 ----a-w- c:\windows\gdrv.sys
2012-09-21 19:23:19 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-21 19:23:19 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-28 17:24:56 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-08-28 17:24:53 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-28 15:39:23 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-08-28 15:04:59 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:04:57 43520 ------w- c:\windows\system32\licmgr10.dll
2012-08-28 15:04:57 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07:15 385024 ------w- c:\windows\system32\html.iec
2012-04-10 05:24:31 3993600 -c--a-w- c:\program files\GUT94.tmp
.
============= FINISH: 11:53:12,42 ===============
 
Hello, and welcome to TechSpot.


rulesx.png
Please see here for the board rules and other FAQ.

Please feel free to introduce yourself, after you follow the steps below to get started.

Information
  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • If you have already asked for help somewhere, please post the link to the topic you were helped.
  • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

Download AdwCleaner by Xplode onto your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.


Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

tdss_1.jpg


-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

tdss_2.jpg


------------------------

Click the Start Scan button.

tdss_3.jpg


-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue


tdss_4.jpg


----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


tdss_5.jpg



--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


avast! aswMBR

Please download aswMBR from here
  • Save aswMBR.exe to your Desktop
  • Double click aswMBR.exe to run it
  • Click the Scan button to start the scan as illustrated below
aswMBR_Scan.jpg

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives
  • Once the scan finishes click Save log to save the log to your Desktop
    aswMBR_SaveLog.png
  • Copy and paste the contents of aswMBR.txt back here for review
  • Please also find MBR.dat on your Desktop, and rename it to MBR.txt. Upload that as well. Do not copy and paste MBR.dat/txt, it needs to be uploaded.
 
Hello , Dragon Master Jay

Thanks for your lightning fast reply!
I followed all the above steps and only the TDSSKiller seemed to have found something, however it couldn'd be cured only quarantined-skip-delete so I skipped it.
I didn't get the bump reply quote?
Anyways, here are the logs:
 
# AdwCleaner v2.003 - Logfile created 10/06/2012 at 19:01:39
# Updated 23/09/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : lili - LILIA
# Boot Mode : Normal
# Running from : C:\Documents and Settings\lili\Επιφάνεια εργασίας\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Program Files\DAEMON Tools Toolbar

***** [Registry] *****

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Bandoo
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Found : HKLM\Software\Bandoo
Key Found : HKLM\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}
Key Found : HKLM\SOFTWARE\Classes\AppID\BandooCore.EXE
Key Found : HKLM\SOFTWARE\Classes\BandooCore.BandooCore
Key Found : HKLM\SOFTWARE\Classes\BandooCore.BandooCore.1
Key Found : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr
Key Found : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr.1
Key Found : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr
Key Found : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr.1
Key Found : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr
Key Found : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}
Key Found : HKU\S-1-5-21-1275210071-1035525444-839522115-1004\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}
Key Found : HKU\S-1-5-21-1275210071-1035525444-839522115-1004\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v15.0.1 (el)

Profile name : default
File : C:\Documents and Settings\lili\Application Data\Mozilla\Firefox\Profiles\t20h67g7.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [3475 octets] - [06/10/2012 19:01:39]

########## EOF - C:\AdwCleaner[R1].txt - [3535 octets] ##########

AFTER SCAN WAS PRESSED

# AdwCleaner v2.003 - Logfile created 10/06/2012 at 19:02:05
# Updated 23/09/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : lili - LILIA
# Boot Mode : Normal
# Running from : C:\Documents and Settings\lili\Επιφάνεια εργασίας\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Program Files\DAEMON Tools Toolbar

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Bandoo
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKLM\Software\Bandoo
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BandooCore.EXE
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.BandooCore
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.BandooCore.1
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr.1
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr.1
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v15.0.1 (el)

Profile name : default
File : C:\Documents and Settings\lili\Application Data\Mozilla\Firefox\Profiles\t20h67g7.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [3604 octets] - [06/10/2012 19:01:39]
AdwCleaner[S1].txt - [3626 octets] - [06/10/2012 19:02:05]

########## EOF - C:\AdwCleaner[S1].txt - [3686 octets] ##########
AFTER DELETE WAS PRESSED
 
19:07:25.0328 0896 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
19:07:25.0687 0896 ============================================================
19:07:25.0687 0896 Current date / time: 2012/10/06 19:07:25.0687
19:07:25.0687 0896 SystemInfo:
19:07:25.0687 0896
19:07:25.0687 0896 OS Version: 5.1.2600 ServicePack: 3.0
19:07:25.0687 0896 Product type: Workstation
19:07:25.0687 0896 ComputerName: LILIA
19:07:25.0687 0896 UserName: lili
19:07:25.0687 0896 Windows directory: C:\WINDOWS
19:07:25.0687 0896 System windows directory: C:\WINDOWS
19:07:25.0687 0896 Processor architecture: Intel x86
19:07:25.0687 0896 Number of processors: 2
19:07:25.0687 0896 Page size: 0x1000
19:07:25.0687 0896 Boot type: Normal boot
19:07:25.0687 0896 ============================================================
19:07:27.0015 0896 Drive \Device\Harddisk0\DR0 - Size: 0x3A38A25E00 (232.88 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:07:27.0015 0896 ============================================================
19:07:27.0015 0896 \Device\Harddisk0\DR0:
19:07:27.0015 0896 MBR partitions:
19:07:27.0015 0896 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C0681
19:07:27.0015 0896 ============================================================
19:07:27.0046 0896 C: <-> \Device\Harddisk0\DR0\Partition1
19:07:27.0062 0896 ============================================================
19:07:27.0062 0896 Initialize success
19:07:27.0062 0896 ============================================================
19:08:42.0796 2892 ============================================================
19:08:42.0796 2892 Scan started
19:08:42.0796 2892 Mode: Manual; SigCheck; TDLFS;
19:08:42.0796 2892 ============================================================
19:08:43.0140 2892 ================ Scan system memory ========================
19:08:43.0140 2892 System memory - ok
19:08:43.0140 2892 ================ Scan services =============================
19:08:43.0203 2892 Abiosdsk - ok
19:08:43.0203 2892 abp480n5 - ok
19:08:43.0250 2892 [ 1C3C72C504F312C19426CC7CB9AD8E98 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:08:44.0593 2892 ACPI - ok
19:08:44.0625 2892 [ 99F9466C2611E379C88FBBFC8DF89B17 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
19:08:44.0734 2892 ACPIEC - ok
19:08:44.0812 2892 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:08:44.0828 2892 AdobeFlashPlayerUpdateSvc - ok
19:08:44.0843 2892 adpu160m - ok
19:08:44.0890 2892 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
19:08:45.0000 2892 aec - ok
19:08:45.0046 2892 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
19:08:45.0109 2892 AFD - ok
19:08:45.0109 2892 Aha154x - ok
19:08:45.0109 2892 aic78u2 - ok
19:08:45.0109 2892 aic78xx - ok
19:08:45.0140 2892 [ 2D60F4A987FB1D39281EFD8C4FD0A298 ] Alerter C:\WINDOWS\system32\alrsvc.dll
19:08:45.0234 2892 Alerter - ok
19:08:45.0250 2892 [ 9E2814734BE84F8395FB45C16DB6F17B ] ALG C:\WINDOWS\System32\alg.exe
19:08:45.0343 2892 ALG - ok
19:08:45.0343 2892 AliIde - ok
19:08:45.0343 2892 amsint - ok
19:08:45.0343 2892 AppMgmt - ok
19:08:45.0359 2892 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
19:08:45.0453 2892 Arp1394 - ok
19:08:45.0453 2892 asc - ok
19:08:45.0453 2892 asc3350p - ok
19:08:45.0468 2892 asc3550 - ok
19:08:45.0515 2892 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
19:08:45.0531 2892 aspnet_state - ok
19:08:45.0562 2892 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:08:45.0671 2892 AsyncMac - ok
19:08:45.0687 2892 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
19:08:45.0781 2892 atapi - ok
19:08:45.0781 2892 Atdisk - ok
19:08:45.0796 2892 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:08:45.0906 2892 Atmarpc - ok
19:08:45.0953 2892 [ BE097D45F15D94690E94C9A2AF1C5730 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
19:08:46.0046 2892 AudioSrv - ok
19:08:46.0078 2892 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
19:08:46.0171 2892 audstub - ok
19:08:46.0218 2892 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
19:08:46.0312 2892 Beep - ok
19:08:46.0375 2892 [ ABDC5CF759C736DFBFEB031FDC01E303 ] BITS C:\WINDOWS\system32\qmgr.dll
19:08:46.0468 2892 BITS - ok
19:08:46.0500 2892 [ F4B7EC34FAD0BE626977EF3E85499FC1 ] Browser C:\WINDOWS\System32\browser.dll
19:08:46.0531 2892 Browser - ok
19:08:46.0578 2892 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
19:08:46.0671 2892 cbidf2k - ok
19:08:46.0687 2892 cd20xrnt - ok
19:08:46.0687 2892 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
19:08:46.0796 2892 Cdaudio - ok
19:08:46.0812 2892 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
19:08:46.0921 2892 Cdfs - ok
19:08:46.0937 2892 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:08:47.0046 2892 Cdrom - ok
19:08:47.0046 2892 Changer - ok
19:08:47.0078 2892 [ BE6F88236BA32F780CD93BBCAF54AE32 ] CiSvc C:\WINDOWS\system32\cisvc.exe
19:08:47.0187 2892 CiSvc - ok
19:08:47.0218 2892 [ BC6C0DBFB19D610D9B1E996F4452B161 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
19:08:47.0312 2892 ClipSrv - ok
19:08:47.0328 2892 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:08:47.0343 2892 clr_optimization_v2.0.50727_32 - ok
19:08:47.0359 2892 CmdIde - ok
19:08:47.0359 2892 COMSysApp - ok
19:08:47.0359 2892 Cpqarray - ok
19:08:47.0390 2892 [ F50F73977012F0F5CF807451B79B6736 ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
19:08:47.0500 2892 CryptSvc - ok
19:08:47.0500 2892 dac2w2k - ok
19:08:47.0500 2892 dac960nt - ok
19:08:47.0546 2892 [ B5F06957525D494D2C261B5739367524 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
19:08:47.0609 2892 DcomLaunch - ok
19:08:47.0656 2892 [ 94C7EE99425BC8342D2991A915D8A8A9 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
19:08:47.0750 2892 Dhcp - ok
19:08:47.0750 2892 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
19:08:47.0859 2892 Disk - ok
19:08:47.0875 2892 dmadmin - ok
19:08:47.0906 2892 [ FD983F66EEB5245EF9B28EA3444B2E20 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
19:08:48.0062 2892 dmboot - ok
19:08:48.0062 2892 [ A732FC0D3B930E2539018EB8EC9314C2 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
19:08:48.0187 2892 dmio - ok
19:08:48.0203 2892 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
19:08:48.0328 2892 dmload - ok
19:08:48.0375 2892 [ F78D2A217BE961A73BBCBA8C502746F6 ] dmserver C:\WINDOWS\System32\dmserver.dll
19:08:48.0453 2892 dmserver - ok
19:08:48.0484 2892 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
19:08:48.0562 2892 DMusic - ok
19:08:48.0593 2892 [ F99BE5941B69DC781C1C5A5D71280469 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
19:08:48.0687 2892 Dnscache - ok
19:08:48.0734 2892 [ AEF153DBE79177F71B03AA013FA237A2 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
19:08:48.0828 2892 Dot3svc - ok
19:08:48.0843 2892 dpti2o - ok
19:08:48.0843 2892 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
19:08:48.0937 2892 drmkaud - ok
19:08:48.0984 2892 [ 555E54AC2F601A8821CEF58961653991 ] dtsoftbus01 C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys
19:08:49.0015 2892 dtsoftbus01 - ok
19:08:49.0031 2892 dvspr - ok
19:08:49.0078 2892 [ AF82DC664E3D8E2CBA3B95E68F6448A7 ] eamon C:\WINDOWS\system32\DRIVERS\eamon.sys
19:08:49.0109 2892 eamon - ok
19:08:49.0125 2892 [ DFD142289BBE62FE420B018A33CE6104 ] EapHost C:\WINDOWS\System32\eapsvc.dll
19:08:49.0234 2892 EapHost - ok
19:08:49.0250 2892 [ 686A799C1BF1B18941994DAF9F45DB06 ] ehdrv C:\WINDOWS\system32\DRIVERS\ehdrv.sys
19:08:49.0281 2892 ehdrv - ok
19:08:49.0390 2892 [ 9329BA45C8B97485926A171E34C2ABB8 ] EhttpSrv C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
19:08:49.0406 2892 EhttpSrv - ok
19:08:49.0453 2892 [ 3543C6195D5ED4EDA0316D3E1BA0E6EE ] ekrn C:\Program Files\ESET\ESET Smart Security\ekrn.exe
19:08:49.0500 2892 ekrn - ok
19:08:49.0546 2892 [ 39F48A0784BE8465CD1AC80B36D61613 ] epfw C:\WINDOWS\system32\DRIVERS\epfw.sys
19:08:49.0578 2892 epfw - ok
19:08:49.0578 2892 [ 3B47010B2425B69826004767E59045BA ] Epfwndis C:\WINDOWS\system32\DRIVERS\Epfwndis.sys
19:08:49.0625 2892 Epfwndis - ok
19:08:49.0640 2892 [ 763C43360A541C92EF6C97452B312F3B ] epfwtdi C:\WINDOWS\system32\DRIVERS\epfwtdi.sys
19:08:49.0656 2892 epfwtdi - ok
19:08:49.0671 2892 [ 94F58EC326A57BBE8E81636B9B583578 ] ERSvc C:\WINDOWS\System32\ersvc.dll
19:08:49.0765 2892 ERSvc - ok
19:08:49.0796 2892 esgiguard - ok
19:08:49.0828 2892 [ 2A0BB5C67281C423F8D7D6B7D79699AC ] Eventlog C:\WINDOWS\system32\services.exe
19:08:49.0875 2892 Eventlog - ok
19:08:49.0921 2892 [ C35DF6D336EBCB2F5E8D817A531BA666 ] EventSystem C:\WINDOWS\system32\es.dll
19:08:49.0953 2892 EventSystem - ok
19:08:49.0984 2892 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
19:08:50.0093 2892 Fastfat - ok
19:08:50.0125 2892 [ CAAE78D8D1009415AB67C11B03A0793F ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
19:08:50.0187 2892 FastUserSwitchingCompatibility - ok
19:08:50.0203 2892 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
19:08:50.0296 2892 Fdc - ok
19:08:50.0312 2892 [ 418D3078A9B107DE75C9BA9B56CBA035 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
19:08:50.0453 2892 Fips - ok
19:08:50.0484 2892 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
19:08:50.0593 2892 Flpydisk - ok
19:08:50.0609 2892 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
19:08:50.0718 2892 FltMgr - ok
19:08:50.0765 2892 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
19:08:50.0781 2892 FontCache3.0.0.0 - ok
19:08:50.0781 2892 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:08:50.0906 2892 Fs_Rec - ok
19:08:50.0906 2892 [ 9C798FDC0D53DFBA6F4C4059A11FBFE8 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:08:51.0046 2892 Ftdisk - ok
19:08:51.0078 2892 [ 5C230948DD6652228F88CA7AE6CB276C ] gdrv C:\WINDOWS\gdrv.sys
19:08:51.0750 2892 gdrv - ok
19:08:51.0796 2892 [ 7CE32949B965A4B6622ACCAB3ADB0144 ] GEST Service C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
19:08:51.0796 2892 GEST Service - ok
19:08:51.0828 2892 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:08:51.0921 2892 Gpc - ok
19:08:51.0968 2892 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
19:08:52.0000 2892 gupdate - ok
19:08:52.0015 2892 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
19:08:52.0015 2892 gupdatem - ok
19:08:52.0078 2892 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
19:08:52.0156 2892 HDAudBus - ok
19:08:52.0234 2892 [ A8555880AA97C410DCEA531B4799FA11 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
19:08:52.0328 2892 helpsvc - ok
19:08:52.0328 2892 HidServ - ok
19:08:52.0359 2892 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:08:52.0484 2892 hidusb - ok
19:08:52.0546 2892 [ 0C71805B04E14FD1AE2ED3938F4F2D05 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
19:08:52.0625 2892 hkmsvc - ok
19:08:52.0640 2892 hpn - ok
19:08:52.0656 2892 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
19:08:52.0687 2892 HTTP - ok
19:08:52.0703 2892 [ 4E71FDAC76E5E9ED1C88DC3FB16E301D ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
19:08:52.0781 2892 HTTPFilter - ok
19:08:52.0796 2892 i2omgmt - ok
19:08:52.0796 2892 i2omp - ok
19:08:52.0812 2892 [ F8D6633482E0BD81766C74441B134FDF ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:08:52.0937 2892 i8042prt - ok
19:08:53.0093 2892 [ B2768350BB50469AEB1AFE694372B613 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
19:08:53.0453 2892 ialm - ok
19:08:53.0531 2892 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:08:53.0578 2892 idsvc - ok
19:08:53.0609 2892 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
19:08:53.0718 2892 Imapi - ok
19:08:53.0750 2892 [ 2471854671044613A324486986236FFF ] ImapiService C:\WINDOWS\system32\imapi.exe
19:08:53.0843 2892 ImapiService - ok
19:08:53.0843 2892 ini910u - ok
19:08:54.0000 2892 [ 557E20484A095D949912883F5AB29E88 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
19:08:54.0359 2892 IntcAzAudAddService - ok
19:08:54.0375 2892 [ 331244286FA249F2456E6D78FDA4A93E ] IntcHdmiAddService C:\WINDOWS\system32\drivers\IntcHdmi.sys
19:08:54.0453 2892 IntcHdmiAddService - ok
19:08:54.0468 2892 IntelIde - ok
19:08:54.0500 2892 [ BB055E429E9F54AA3FBA2DD33BEB0935 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:08:54.0593 2892 intelppm - ok
19:08:54.0640 2892 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
19:08:54.0765 2892 Ip6Fw - ok
19:08:54.0781 2892 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:08:54.0921 2892 IpFilterDriver - ok
19:08:54.0937 2892 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:08:55.0031 2892 IpInIp - ok
19:08:55.0062 2892 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:08:55.0156 2892 IpNat - ok
19:08:55.0187 2892 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:08:55.0281 2892 IPSec - ok
19:08:55.0281 2892 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
19:08:55.0390 2892 IRENUM - ok
19:08:55.0406 2892 [ D3715A2DBA29215BE59DCFC11294D493 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:08:55.0515 2892 isapnp - ok
19:08:55.0625 2892 [ 0E410EDC8D0527801B899CF29E60597C ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
19:08:55.0640 2892 JavaQuickStarterService - ok
19:08:55.0640 2892 [ AF1FD8035B4A34EAF25F8BB1CD3C95FF ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:08:55.0750 2892 Kbdclass - ok
19:08:55.0765 2892 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
19:08:55.0843 2892 kmixer - ok
19:08:55.0875 2892 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
19:08:55.0953 2892 KSecDD - ok
19:08:55.0984 2892 [ 3BA436C67CDBD9B8D7A48E0B698CA937 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
19:08:56.0015 2892 lanmanserver - ok
19:08:56.0031 2892 [ 5709251CF3B95CCDE29E3E04C96C6DD6 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
19:08:56.0078 2892 lanmanworkstation - ok
19:08:56.0078 2892 lbrtfdc - ok
19:08:56.0109 2892 [ 429F8A7802C1E7D8254C1EE7B70499E3 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
19:08:56.0203 2892 LmHosts - ok
19:08:56.0218 2892 [ E5D6246619CDF5ABC631D3600AAF1DAD ] Messenger C:\WINDOWS\System32\msgsvc.dll
19:08:56.0296 2892 Messenger - ok
19:08:56.0343 2892 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
19:08:56.0437 2892 mnmdd - ok
19:08:56.0453 2892 [ DC6F63935B77436AC4EDEEF59025CDC9 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
19:08:56.0546 2892 mnmsrvc - ok
19:08:56.0562 2892 [ 4C84460A6BC9A5BF60555C04BE55792E ] Modem C:\WINDOWS\system32\drivers\Modem.sys
19:08:56.0656 2892 Modem - ok
19:08:56.0656 2892 [ 6BE02786A7C13CCEAE728298EFFA0730 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:08:56.0765 2892 Mouclass - ok
19:08:56.0796 2892 [ 89DDB41A54DDF8B3E5B7B9E92ED23A50 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:08:56.0921 2892 mouhid - ok
19:08:56.0921 2892 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
19:08:57.0031 2892 MountMgr - ok
19:08:57.0078 2892 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
19:08:57.0093 2892 MozillaMaintenance - ok
19:08:57.0093 2892 mraid35x - ok
19:08:57.0109 2892 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:08:57.0218 2892 MRxDAV - ok
19:08:57.0281 2892 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:08:57.0343 2892 MRxSmb - ok
19:08:57.0375 2892 [ 3D3535F73A38BEB3E4491E2C0459F77D ] MSDTC C:\WINDOWS\system32\msdtc.exe
19:08:57.0453 2892 MSDTC - ok
19:08:57.0484 2892 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
19:08:57.0593 2892 Msfs - ok
19:08:57.0593 2892 MSIServer - ok
19:08:57.0609 2892 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:08:57.0718 2892 MSKSSRV - ok
19:08:57.0718 2892 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:08:57.0812 2892 MSPCLOCK - ok
19:08:57.0812 2892 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
19:08:57.0921 2892 MSPQM - ok
19:08:57.0953 2892 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:08:58.0031 2892 mssmbios - ok
19:08:58.0046 2892 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
19:08:58.0109 2892 Mup - ok
19:08:58.0156 2892 [ 730BD15AF8C65C3BBD040D121576123D ] napagent C:\WINDOWS\System32\qagentrt.dll
19:08:58.0250 2892 napagent - ok
19:08:58.0375 2892 [ F46070DDADA5C396B1F2EBF1C46DBB08 ] NBService C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
19:08:58.0421 2892 NBService - ok
19:08:58.0453 2892 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
19:08:58.0546 2892 NDIS - ok
19:08:58.0562 2892 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:08:58.0593 2892 NdisTapi - ok
19:08:58.0609 2892 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:08:58.0703 2892 Ndisuio - ok
19:08:58.0734 2892 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:08:58.0828 2892 NdisWan - ok
19:08:58.0859 2892 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
19:08:58.0875 2892 NDProxy - ok
19:08:58.0875 2892 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
19:08:58.0968 2892 NetBIOS - ok
19:08:58.0984 2892 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
19:08:59.0093 2892 NetBT - ok
19:08:59.0109 2892 [ EAE9FB52F7552C0EA407BE6EFF69C094 ] NetDDE C:\WINDOWS\system32\netdde.exe
19:08:59.0203 2892 NetDDE - ok
19:08:59.0203 2892 [ EAE9FB52F7552C0EA407BE6EFF69C094 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
19:08:59.0281 2892 NetDDEdsdm - ok
19:08:59.0296 2892 [ 1806020B8905C2A400ECD23733B78B87 ] Netlogon C:\WINDOWS\system32\lsass.exe
19:08:59.0375 2892 Netlogon - ok
19:08:59.0406 2892 [ A443996504A45CDF60CBA800DCB14420 ] Netman C:\WINDOWS\System32\netman.dll
19:08:59.0500 2892 Netman - ok
19:08:59.0500 2892 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:08:59.0515 2892 NetTcpPortSharing - ok
19:08:59.0546 2892 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
19:08:59.0640 2892 NIC1394 - ok
19:08:59.0687 2892 [ C5E2A69E52BB7F3B0C698E2726D871EF ] Nla C:\WINDOWS\System32\mswsock.dll
19:08:59.0718 2892 Nla - ok
19:08:59.0796 2892 [ 433049770B810D7C83C5C94CDB3E09D2 ] NMIndexingService C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
19:08:59.0828 2892 NMIndexingService - ok
19:08:59.0828 2892 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
19:08:59.0921 2892 Npfs - ok
19:08:59.0953 2892 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
19:09:00.0062 2892 Ntfs - ok
19:09:00.0078 2892 [ 1806020B8905C2A400ECD23733B78B87 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
19:09:00.0156 2892 NtLmSsp - ok
19:09:00.0187 2892 [ 5AA7FCAAFB3A3F81641BFA9DAB55CE42 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
19:09:00.0281 2892 NtmsSvc - ok
19:09:00.0296 2892 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
19:09:00.0406 2892 Null - ok
19:09:00.0437 2892 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:09:00.0546 2892 NwlnkFlt - ok
19:09:00.0546 2892 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:09:00.0656 2892 NwlnkFwd - ok
19:09:00.0656 2892 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
19:09:00.0750 2892 ohci1394 - ok
19:09:00.0750 2892 [ 3D383486B2D3B97CD44334A406AE3418 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
19:09:00.0859 2892 Parport - ok
19:09:00.0875 2892 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
19:09:00.0968 2892 PartMgr - ok
19:09:01.0000 2892 [ CBC2A624A1DAC81BD1A2932985A8955F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
19:09:01.0109 2892 ParVdm - ok
19:09:01.0109 2892 [ DCB32B61125E35AF33CB8CD54A1E7737 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
19:09:01.0218 2892 PCI - ok
19:09:01.0218 2892 PCIDump - ok
19:09:01.0234 2892 [ D0F88F309E94460AE276C843192D9DE7 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
19:09:01.0359 2892 PCIIde - ok
19:09:01.0390 2892 [ 1E052D2D5A43C0D097FD96B1490D6083 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
19:09:01.0515 2892 Pcmcia - ok
19:09:01.0515 2892 PDCOMP - ok
19:09:01.0515 2892 PDFRAME - ok
19:09:01.0515 2892 PDRELI - ok
19:09:01.0531 2892 PDRFRAME - ok
19:09:01.0531 2892 perc2 - ok
19:09:01.0531 2892 perc2hib - ok
19:09:01.0562 2892 [ 2A0BB5C67281C423F8D7D6B7D79699AC ] PlugPlay C:\WINDOWS\system32\services.exe
19:09:01.0593 2892 PlugPlay - ok
19:09:01.0593 2892 [ 1806020B8905C2A400ECD23733B78B87 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
19:09:01.0671 2892 PolicyAgent - ok
19:09:01.0671 2892 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:09:01.0781 2892 PptpMiniport - ok
19:09:01.0781 2892 [ 1806020B8905C2A400ECD23733B78B87 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
19:09:01.0859 2892 ProtectedStorage - ok
19:09:01.0875 2892 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
19:09:02.0000 2892 PSched - ok
19:09:02.0031 2892 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:09:02.0125 2892 Ptilink - ok
19:09:02.0125 2892 ql1080 - ok
19:09:02.0140 2892 Ql10wnt - ok
19:09:02.0140 2892 ql12160 - ok
19:09:02.0140 2892 ql1240 - ok
19:09:02.0140 2892 ql1280 - ok
19:09:02.0171 2892 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:09:02.0281 2892 RasAcd - ok
19:09:02.0296 2892 [ A45F25BED4DEF4E941B7CCFB5391E782 ] RasAuto C:\WINDOWS\System32\rasauto.dll
19:09:02.0375 2892 RasAuto - ok
19:09:02.0390 2892 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:09:02.0484 2892 Rasl2tp - ok
19:09:02.0515 2892 [ A31E640E2CB33C8E029B4235E6F6681B ] RasMan C:\WINDOWS\System32\rasmans.dll
19:09:02.0609 2892 RasMan - ok
19:09:02.0609 2892 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:09:02.0703 2892 RasPppoe - ok
19:09:02.0718 2892 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
19:09:02.0812 2892 Raspti - ok
19:09:02.0828 2892 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:09:02.0984 2892 Rdbss - ok
19:09:03.0000 2892 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:09:03.0093 2892 RDPCDD - ok
19:09:03.0140 2892 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
19:09:03.0187 2892 RDPWD - ok
19:09:03.0218 2892 [ 279C3728D2AF16167EC544F495F39341 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
19:09:03.0312 2892 RDSessMgr - ok
19:09:03.0328 2892 [ EB83EDB7F55F1910E4DB8C823A86CEED ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
19:09:03.0437 2892 redbook - ok
19:09:03.0484 2892 [ A9BF621F4C5B89CEA6DD4FAE77281754 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
19:09:03.0578 2892 RemoteAccess - ok
19:09:03.0593 2892 [ 9651CCA84B86457879A69DB07FA98617 ] RpcLocator C:\WINDOWS\system32\locator.exe
19:09:03.0671 2892 RpcLocator - ok
19:09:03.0687 2892 [ B5F06957525D494D2C261B5739367524 ] RpcSs C:\WINDOWS\System32\rpcss.dll
19:09:03.0734 2892 RpcSs - ok
19:09:03.0765 2892 [ 0A4E041DBA5D0FB36863460DCBAE2623 ] RSVP C:\WINDOWS\system32\rsvp.exe
19:09:03.0875 2892 RSVP - ok
19:09:03.0906 2892 [ EEB84629064ABCB6198864D25BF15B1A ] RTLE8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
19:09:03.0984 2892 RTLE8023xp - ok
19:09:04.0000 2892 [ 1806020B8905C2A400ECD23733B78B87 ] SamSs C:\WINDOWS\system32\lsass.exe
19:09:04.0078 2892 SamSs - ok
19:09:04.0093 2892 [ 5DBE70E8932492DCFE78D21965652968 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
19:09:04.0171 2892 SCardSvr - ok
19:09:04.0218 2892 [ 9D48CFB98C9FD9159D00243FE665CF43 ] Schedule C:\WINDOWS\system32\schedsvc.dll
19:09:04.0312 2892 Schedule - ok
19:09:04.0359 2892 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:09:04.0453 2892 Secdrv - ok
19:09:04.0484 2892 [ 1B2629D2114A76ED82D33D028CB9E9A0 ] seclogon C:\WINDOWS\System32\seclogon.dll
19:09:04.0578 2892 seclogon - ok
19:09:04.0593 2892 [ 5FED33452FD871BDE528AF32F0D5063F ] SENS C:\WINDOWS\system32\sens.dll
19:09:04.0671 2892 SENS - ok
19:09:04.0687 2892 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
19:09:04.0796 2892 serenum - ok
19:09:04.0796 2892 [ AD994A88BBFA3C686397951B11A701A5 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
19:09:04.0906 2892 Serial - ok
19:09:04.0953 2892 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
19:09:05.0046 2892 Sfloppy - ok
19:09:05.0078 2892 [ 522873DF0FFD34FB1A8AF7D7E276727E ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
19:09:05.0171 2892 SharedAccess - ok
19:09:05.0187 2892 [ CAAE78D8D1009415AB67C11B03A0793F ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
19:09:05.0203 2892 ShellHWDetection - ok
19:09:05.0203 2892 Simbad - ok
19:09:05.0375 2892 [ 753D254205E0A62100A050BD8B458D06 ] Skype C2C Service C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
19:09:05.0531 2892 Skype C2C Service - ok
19:09:05.0562 2892 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
19:09:05.0578 2892 SkypeUpdate - ok
19:09:05.0578 2892 Sparrow - ok
19:09:05.0625 2892 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
19:09:05.0718 2892 splitter - ok
19:09:05.0734 2892 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
19:09:05.0765 2892 Spooler - ok
19:09:05.0781 2892 [ A41AC0D87DC3054DB716F1456C84391C ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
19:09:05.0875 2892 sr - ok
19:09:05.0921 2892 [ BB9B6E360FF1A701A7920AA798A335BF ] srservice C:\WINDOWS\system32\srsvc.dll
19:09:06.0000 2892 srservice - ok
19:09:06.0046 2892 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
19:09:06.0109 2892 Srv - ok
19:09:06.0156 2892 [ 0870FA719DCFC9C49044A4852CC0859E ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
19:09:06.0234 2892 SSDPSRV - ok
19:09:06.0265 2892 [ C93AAC10D3B6375E9C859AD8779B63BF ] stisvc C:\WINDOWS\system32\wiaservc.dll
19:09:06.0390 2892 stisvc - ok
19:09:06.0421 2892 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
19:09:06.0546 2892 swenum - ok
19:09:06.0562 2892 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
19:09:06.0671 2892 swmidi - ok
19:09:06.0687 2892 SwPrv - ok
19:09:06.0687 2892 symc810 - ok
19:09:06.0687 2892 symc8xx - ok
19:09:06.0687 2892 sym_hi - ok
19:09:06.0703 2892 sym_u3 - ok
19:09:06.0703 2892 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
19:09:06.0781 2892 sysaudio - ok
19:09:06.0828 2892 [ C4AAC8BA839951337C8029CCC1841D8B ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
19:09:06.0906 2892 SysmonLog - ok
19:09:06.0953 2892 [ 3AFFC05E23E4A809B324952E8BCE29C0 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
19:09:07.0046 2892 TapiSrv - ok
19:09:07.0093 2892 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:09:07.0125 2892 Tcpip - ok
19:09:07.0171 2892 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
19:09:07.0265 2892 TDPIPE - ok
19:09:07.0265 2892 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
19:09:07.0375 2892 TDTCP - ok
19:09:07.0390 2892 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
19:09:07.0531 2892 TermDD - ok
19:09:07.0578 2892 [ 949249FFEFBDF35AB5A3BB31800B7C20 ] TermService C:\WINDOWS\System32\termsrv.dll
19:09:07.0671 2892 TermService - ok
19:09:07.0687 2892 [ CAAE78D8D1009415AB67C11B03A0793F ] Themes C:\WINDOWS\System32\shsvcs.dll
19:09:07.0703 2892 Themes - ok
19:09:07.0703 2892 TosIde - ok
19:09:07.0734 2892 [ 3986C1B3E63E831288F4CE4AC5902886 ] TrkWks C:\WINDOWS\system32\trkwks.dll
19:09:07.0828 2892 TrkWks - ok
19:09:07.0843 2892 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
19:09:07.0937 2892 Udfs - ok
19:09:07.0937 2892 ultra - ok
19:09:07.0968 2892 [ C81B8635DEE0D3EF5F64B3DD643023A5 ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
19:09:08.0031 2892 UMWdf - ok
19:09:08.0062 2892 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
19:09:08.0187 2892 Update - ok
19:09:08.0203 2892 [ 0A0435BE61CE7BB2F43A529EAC811CB8 ] upnphost C:\WINDOWS\System32\upnphost.dll
19:09:08.0296 2892 upnphost - ok
19:09:08.0296 2892 [ A7F37334A19A15F41935C8EC9037007F ] UPS C:\WINDOWS\System32\ups.exe
19:09:08.0390 2892 UPS - ok
19:09:08.0421 2892 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:09:08.0531 2892 usbehci - ok
19:09:08.0609 2892 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:09:08.0750 2892 usbhub - ok
19:09:08.0781 2892 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:09:08.0875 2892 USBSTOR - ok
19:09:08.0921 2892 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:09:09.0062 2892 usbuhci - ok
19:09:09.0140 2892 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
19:09:09.0296 2892 VgaSave - ok
19:09:09.0296 2892 ViaIde - ok
19:09:09.0375 2892 [ 3CF5DC3FDF17AE17D488D4548AC33741 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
19:09:09.0546 2892 VolSnap - ok
19:09:09.0609 2892 [ 2B2B357B63ACBEE389BEA503B5CA89CE ] VSS C:\WINDOWS\System32\vssvc.exe
19:09:09.0703 2892 VSS - ok
19:09:09.0734 2892 [ B49EE293A184A0FFFF710CDD6713BD47 ] W32Time C:\WINDOWS\system32\w32time.dll
19:09:09.0828 2892 W32Time - ok
19:09:09.0875 2892 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:09:09.0968 2892 Wanarp - ok
19:09:09.0968 2892 WDICA - ok
19:09:09.0984 2892 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
19:09:10.0078 2892 wdmaud - ok
19:09:10.0109 2892 [ 7D28CEE58219B1ADE976C8438442BF41 ] WebClient C:\WINDOWS\System32\webclnt.dll
19:09:10.0203 2892 WebClient - ok
19:09:10.0281 2892 [ 075EC50CA60F1B4EE576886BEF72AB21 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
19:09:10.0375 2892 winmgmt - ok
19:09:10.0390 2892 [ A477391B7A8B0A0DAABADB17CF533A4B ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
19:09:10.0406 2892 WmdmPmSN - ok
19:09:10.0453 2892 [ DDED6630AFD8227395A714E3162A97D7 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
19:09:10.0531 2892 WmiApSrv - ok
19:09:10.0546 2892 [ C1B3D9D75C3FB735F5FA3A5806ADED57 ] WpdUsb C:\WINDOWS\system32\Drivers\wpdusb.sys
19:09:10.0578 2892 WpdUsb - ok
19:09:10.0593 2892 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
19:09:10.0718 2892 WS2IFSL - ok
19:09:10.0750 2892 [ 1A5DDC44B0AB7C40C13796DB7DB82989 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
19:09:10.0843 2892 wscsvc - ok
19:09:10.0875 2892 [ 6F55057EE883AC1675F31242B6DD6EF3 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
19:09:10.0968 2892 wuauserv - ok
19:09:11.0015 2892 [ 0AF6479664B3AAB3B46881143345AEAA ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
19:09:11.0109 2892 WZCSVC - ok
19:09:11.0140 2892 [ 34994678129C0BD63E4C29E5780F4D34 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
19:09:11.0218 2892 xmlprov - ok
19:09:11.0218 2892 ================ Scan global ===============================
19:09:11.0265 2892 [ E8944EEC78EC2FE5F3A613DDF201C815 ] C:\WINDOWS\system32\basesrv.dll
19:09:11.0312 2892 [ D516D93886E734EFBCF80AF943B9BE79 ] C:\WINDOWS\system32\winsrv.dll
19:09:11.0343 2892 [ D516D93886E734EFBCF80AF943B9BE79 ] C:\WINDOWS\system32\winsrv.dll
19:09:11.0375 2892 [ 2A0BB5C67281C423F8D7D6B7D79699AC ] C:\WINDOWS\system32\services.exe
19:09:11.0375 2892 [Global] - ok
19:09:11.0375 2892 ================ Scan MBR ==================================
19:09:11.0390 2892 [ 3C27C0429156ADC19E0F46AF77CD22D7 ] \Device\Harddisk0\DR0
19:09:11.0546 2892 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
19:09:11.0546 2892 \Device\Harddisk0\DR0 - detected TDSS File System (1)
19:09:11.0546 2892 ================ Scan VBR ==================================
19:09:11.0546 2892 [ EEF04C25F89BE61937F7A3686881120C ] \Device\Harddisk0\DR0\Partition1
19:09:11.0546 2892 \Device\Harddisk0\DR0\Partition1 - ok
19:09:11.0546 2892 ============================================================
19:09:11.0546 2892 Scan finished
19:09:11.0546 2892 ============================================================
19:09:11.0656 0232 Detected object count: 1
19:09:11.0656 0232 Actual detected object count: 1
19:11:27.0703 0232 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
19:11:27.0703 0232 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
19:11:42.0593 0848 Deinitialize success
 
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-06 19:13:41
-----------------------------
19:13:41.015 OS Version: Windows 5.1.2600 Service Pack 3
19:13:41.015 Number of processors: 2 586 0xF06
19:13:41.015 ComputerName: LILIA UserName: lili
19:13:41.468 Initialize success
19:15:29.265 AVAST engine defs: 12100600
19:16:05.656 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T1L0-10
19:16:05.656 Disk 0 Vendor: WDC_WD2500KS-00MJB0 02.01C03 Size: 238474MB BusType: 3
19:16:05.671 Disk 0 MBR read successfully
19:16:05.687 Disk 0 MBR scan
19:16:05.734 Disk 0 Windows XP default MBR code
19:16:05.734 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238464 MB offset 63
19:16:05.734 Disk 0 scanning sectors +488376000
19:16:05.812 Disk 0 scanning C:\WINDOWS\system32\drivers
19:16:16.328 Service scanning
19:16:33.390 Modules scanning
19:16:37.546 Disk 0 trace - called modules:
19:16:37.562 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
19:16:37.562 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x866fcab8]
19:16:37.562 3 CLASSPNP.SYS[f750cfd7] -> nt!IofCallDriver -> \Device\00000069[0x86775948]
19:16:37.562 5 ACPI.sys[f7382620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T1L0-10[0x86701d98]
19:16:38.093 AVAST engine scan C:\WINDOWS
19:16:51.343 AVAST engine scan C:\WINDOWS\system32
19:20:24.406 AVAST engine scan C:\WINDOWS\system32\drivers
19:20:41.218 AVAST engine scan C:\Documents and Settings\lili
19:22:14.125 AVAST engine scan C:\Documents and Settings\All Users
19:22:43.562 Scan finished successfully
19:24:55.359 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\lili\Επιφάνεια εργασίας\MBR.dat"
19:24:55.359 The log file has been saved successfully to "C:\Documents and Settings\lili\Επιφάνεια εργασίας\aswMBR.txt"
 
3ΐŽΠΌ |ϋPPόΎ|ΏPWΉεσ¤Λ½Ύ±8n | uƒΕβτΝ‹υƒΖIt8,tφ µ΄‹π¬< tό» ΄ΝλςˆNθF s*ώF€~ t €~ t ¶u€FƒFƒV
θ! s ¶뼁>ώ}Ut €~ tΘ ·λ©‹όW‹υΛΏ ŠV ΄Νr#ŠΑ$?˜ŠήŠόCχγ‹Ρ†Φ±ξBχβ9V
w#r9FsΈ» |‹N‹V ΝsQOtN2δŠV ΝλδŠV `»U΄AΝr6ϋUu0φΑt+a`j j v
vj h |jj΄B‹τΝaasOt 2δŠV ΝλΦaωΓ‹ž ⚡¬¨¦ §ε¤˜΅˜ › ˜£œ¨ ©£α«ΰ¤ ‘αΆ£˜ ΅˜«α «ž 樫ਫ਼ «¦¬ Άœ «¦¬¨š ΅¦η ©¬©«γ£˜«¦ Šœε§œ «¦ Άœ «¦¬¨š ΅ζ ©η©«ž£˜ ,MΐΠΐΠ € ώ?  U
 
The last being MBR.dat renamed to MBR.txt and opened with notepad.I also get this message when I open Mozilla:
ESET Smart Security
Address has been blocked.
URL address:
"fbfreegifts.com/img/text.png"
IP address:
93.170.104.62:80
 
ComboFix scan

Please download ComboFix
combofix.gif
by sUBs
From BleepingComputer.com

Please save the file to your Desktop.

Important information about ComboFix


After the download:
  • Close any open browsers.
  • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
  • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
Running ComboFix:
  • Double click on ComboFix.exe & follow the prompts.
  • When ComboFix finishes, it will produce a report for you.
  • Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.
Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
 
ComboFix 12-10-04.02 - lili 06/10/2012 20:21:31.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1253.30.1032.18.988.434 [GMT 3:00]
Running from: c:\documents and settings\lili\Επιφάνεια εργασίας\ComboFix.exe
AV: ESET Smart Security 4.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
FW: ESET Personal firewall *Disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
.
((((((((((((((((((((((((( Files Created from 2012-09-06 to 2012-10-06 )))))))))))))))))))))))))))))))
.
.
2012-10-06 03:45 . 2012-10-06 03:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-10-06 03:45 . 2012-09-07 14:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-06 01:22 . 2012-10-06 01:22 -------- d-----w- c:\documents and settings\lili\Application Data\Malwarebytes
2012-10-06 01:21 . 2012-10-06 01:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-10-05 23:11 . 2012-10-05 23:11 -------- d-----w- c:\program files\Trend Micro
2012-10-05 23:04 . 2012-10-05 23:04 -------- d-----w- c:\documents and settings\lili\Application Data\LavasoftStatistics
2012-10-05 23:04 . 2012-10-05 23:04 -------- d-----w- c:\documents and settings\lili\Application Data\Ad-Aware Antivirus
2012-10-05 22:42 . 2012-10-05 22:42 -------- d-----w- c:\program files\Enigma Software Group
2012-10-05 22:41 . 2012-10-05 22:41 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-09-09 08:02 . 2012-09-09 08:02 73696 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-06 16:03 . 2010-06-20 09:49 16608 ----a-w- c:\windows\gdrv.sys
2012-09-21 19:23 . 2012-05-09 11:51 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-21 19:23 . 2011-07-11 11:14 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-28 17:24 . 2012-08-10 03:39 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-08-28 17:24 . 2010-07-13 18:47 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-28 15:39 . 2012-08-10 03:39 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-08-28 15:04 . 2006-03-02 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:04 . 2006-03-02 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-08-28 15:04 . 2006-03-02 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2006-03-02 12:00 385024 ------w- c:\windows\system32\html.iec
2012-04-10 05:24 . 2012-04-10 05:24 3993600 -c--a-w- c:\program files\GUT94.tmp
2012-09-09 08:02 . 2011-08-16 20:53 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-06-03 880528]
"NTServiceManager"="c:\program files\YoutubeDownloader.org\YoutubeDownloader\YoutubeDownloader Updater.exe" [2011-07-01 436224]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-06-27 16875008]
"SoundMan"="SOUNDMAN.EXE" [2008-06-18 77824]
"AlcWzrd"="ALCWZRD.EXE" [2008-06-19 2808832]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-17 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-17 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-17 141848]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-11-16 2054360]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKLM\~\startupfolder\C:^Documents and Settings^lili^Start Menu^Προγράμματα^Εκκίνηση^OpenOffice.org 3.2.lnk]
path=c:\documents and settings\lili\Start Menu\Προγράμματα\Εκκίνηση\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GEST]
m’|\ό [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-03-12 10:49 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-01-20 09:20 1305408 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-09 15:53 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6162:TCP"= 6162:TCP:eek:xlkjlne
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [9/2/2011 7:29 μμ 218688]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [16/11/2009 9:03 πμ 108792]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [16/11/2009 9:04 πμ 735960]
R2 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\EnergySaver\GSvr.exe [20/6/2010 12:49 μμ 80392]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [20/6/2010 12:55 μμ 108032]
S2 dvspr;Server Config;c:\windows\system32\svchost.exe -k netsvcs [2/3/2006 3:00 μμ 14336]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [28/7/2010 5:42 μμ 136176]
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [13/8/2012 1:33 μμ 3064000]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [13/7/2012 1:28 μμ 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [9/5/2012 2:51 μμ 250288]
S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
S3 gupdatem;Υπηρεσία Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [28/7/2010 5:42 μμ 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [9/8/2012 8:45 μμ 114144]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 54569545
*NewlyCreated* - ASWMBR
*Deregistered* - 54569545
*Deregistered* - aswMBR
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
dvspr
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-09 19:23]
.
2012-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-28 14:42]
.
2012-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-28 14:42]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.smartwebsearch.net/index.php?from=3
IE: Free YouTube to Mp3 Converter - c:\documents and settings\lili\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\documents and settings\lili\Application Data\Mozilla\Firefox\Profiles\t20h67g7.default\
FF - prefs.js: browser.search.selectedEngine - GoogleFeed.net
FF - prefs.js: browser.startup.homepage - hxxp://www.smartwebsearch.net/index.php?from=3
FF - prefs.js: keyword.URL - hxxp://smartwebsearch.net/results.php?q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-06 20:24
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1b41de48-c606-4a9d-a1c5-94423f4ddb5a}]
@Denied: (Full) (Everyone)
"Model"=dword:000000dd
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,51,c4,5c,06,a5,56,2b,b8,be,d2,f0,e1,81,4a,6c,e4,83,e0,8b,c5,07,bb,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):71,de,50,e5,55,4e,2c,3c,25,43,f8,b2,2d,88,97,2f,dc,da,2f,20,7b,
7a,36,14,be,51,85,63,b4,d1,2a,89,da,3f,94,32,a2,cf,f6,75,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\ESET\ESET Security\CurrentVersion\Info]
@Denied: (2) (LocalSystem)
"AppDataDir"="c:\\Documents and Settings\\All Users\\Application Data\\ESET\\ESET Smart Security\\"
"DataDir"="ESET\\ESET Smart Security\\"
"EditionName"=" "
"InstallDir"="c:\\Program Files\\ESET\\ESET Smart Security\\"
"LanguageId"=dword:00000409
"PackageTag"=dword:6090e758
"ProductBase"=dword:00000001
"ProductCode"="{BE09FBC2-74BF-42A5-8FFF-12E784BAA42C}"
"ProductName"="ESET Smart Security"
"ProductType"="ess"
"ProductVersion"="4.0.474.0"
"UniqueId"="00085CCE4DA4B4C4"
"ScannerBuild"=dword:000017cd
"ScannerVersionId"=dword:00001214
"ScannerVersion"="Open window for status."
"FixId"=dword:00000009
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(560)
c:\windows\system32\webcheck.dll
c:\program files\Common Files\Ahead\Lib\NeroDigitalExt.dll
c:\program files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
.
Completion time: 2012-10-06 20:25:59
ComboFix-quarantined-files.txt 2012-10-06 17:25
.
Pre-Run: 7 Κατάλογοι 225.170.104.320 διαθέσιμα byte
Post-Run: 8 Κατάλογοι 225.293.983.744 διαθέσιμα byte
.
- - End Of File - - 81ADF3A1448ADCEAF78F3E12AE6F6502
 
Next scan:

Please download OTL to your Desktop. (If you already have it downloaded, then just follow the instructions below).
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Copy the code below in the quotebox, and then under the Custom Scans/Fixes box paste it in:

    DRIVES
    SHOWHIDDEN
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    CreateRestorePoint
    %AppData%\Roaming\Mozilla\Firefox\Profiles\*.default\extensions\ /s /md5
    %AppData%\Local\
    %systemroot%\system32\sysprep
    *.xpi /md5
    %systemroot%\Downloaded Program Files\
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\system32\drivers\*.sys /90
    %systemroot%\System32\config\*.sav
    %SYSTEMDRIVE%\*.exe /md5
    "%WinDir%\$NtUninstallKB*$." /30
    %systemdrive%\Program Files\Common Files\ComObjects\*.* /s
    %systemroot%\*. /mp /s
    %systemroot%\*. /rp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\Installer\ /s
    %systemroot%\system32\Cache\ /s
    %systemroot%\system32\config\systemprofile\Application Data /s
    %PROGRAMFILES%\*.
    %appdata%\*.*
    /md5start
    volsnap.sys
    services.exe
    userinit.exe
    afd.sys
    tcpip.sys
    netbt.sys
    ipsec.sys
    dnsrslvr.dll
    ipnathlp.dll
    netman.dll
    WMIsvc.dll
    srsvc.dll
    sr.sys
    wscsvc.dll
    wuauserv.dll
    qmgr.dll
    es.dll
    cryptsvc.dll
    svchost.exe
    rpcss.dll
    tdx.sys
    wininit.exe
    winlogon.exe
    atapi.sys
    explorer.exe
    /md5stop
    Click to expand...
  • Click the Run Scan button. The scan will not take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) and paste (Edit->Paste) the contents of these files, one at a time.

Note: in the event that OTL fails to run, please use alternate download links to try again:

http://oldtimer.geekstogo.com/OTL.com
http://oldtimer.geekstogo.com/OTL.scr
 
OTL logfile created on: 6/10/2012 8:58:34 μμ - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\lili\Επιφάνεια εργασίας
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000408 | Country: Ελλάδα | Language: ELL | Date Format: d/M/yyyy

988,42 Mb Total Physical Memory | 552,27 Mb Available Physical Memory | 55,87% Memory free
2,32 Gb Paging File | 2,03 Gb Available in Paging File | 87,68% Paging File free
Paging file location(s): C:\pagefile.sys 1476 2952 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 209,85 Gb Free Space | 90,11% Space Free | Partition Type: NTFS

Computer Name: LILIA | User Name: lili | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/06 20:56:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\lili\Επιφάνεια εργασίας\OTL.exe
PRC - [2011/07/01 15:45:16 | 000,436,224 | ---- | M] () -- C:\Program Files\YoutubeDownloader.org\YoutubeDownloader\YoutubeDownloader Updater.exe
PRC - [2009/11/16 09:04:30 | 000,735,960 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2009/11/16 09:03:32 | 002,054,360 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2008/07/11 19:00:06 | 000,080,392 | ---- | M] () -- C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
PRC - [2008/06/18 13:01:56 | 000,077,824 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SoundMan.exe
PRC - [2008/04/14 19:30:35 | 001,038,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011/07/01 15:45:16 | 000,436,224 | ---- | M] () -- C:\Program Files\YoutubeDownloader.org\YoutubeDownloader\YoutubeDownloader Updater.exe
MOD - [2008/07/11 19:00:06 | 000,080,392 | ---- | M] () -- C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
MOD - [2007/12/07 14:24:56 | 000,117,256 | ---- | M] () -- C:\Program Files\GIGABYTE\EnergySaver\ycc.dll


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\vczuxxt.dll -- (dvspr)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/09/21 22:23:19 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/09 11:02:26 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/08/13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Stopped] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2009/11/16 09:12:54 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/11/16 09:04:30 | 000,735,960 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2008/07/11 19:00:06 | 000,080,392 | ---- | M] () [Auto | Running] -- C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe -- (GEST Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\ComboFix\mbr.sys -- (mbr)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\lili\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\lili\LOCALS~1\Temp\aswMBR.sys -- (aswMBR)
DRV - [2012/10/06 19:03:17 | 000,016,608 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2011/02/09 19:35:46 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2009/11/16 09:06:48 | 000,055,768 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)
DRV - [2009/11/16 09:06:44 | 000,135,048 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)
DRV - [2009/11/16 09:03:36 | 000,108,792 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009/11/16 08:56:12 | 000,116,520 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2009/06/19 08:10:40 | 000,033,096 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2008/06/27 06:24:56 | 004,742,656 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2008/06/16 10:08:42 | 000,109,184 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/04/29 11:09:56 | 000,108,032 | R--- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.smartwebsearch.net/index.php?from=3
IE - HKCU\..\SearchScopes,DefaultScope = {AB79D3B4-AEDB-428a-B504-BAC00521A1C7}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{AB79D3B4-AEDB-428a-B504-BAC00521A1C7}: "URL" = http://www.smartwebsearch.net/index.php?from=4&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "google-feed.net"
FF - prefs.js..browser.search.selectedEngine: "GoogleFeed.net"
FF - prefs.js..browser.startup.homepage: "http://www.smartwebsearch.net/index.php?from=3"
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}:6.0.33
FF - prefs.js..keyword.URL: "http://smartwebsearch.net/results.php?q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/09 11:02:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/16 09:31:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2011/04/12 23:22:52 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Documents and Settings\lili\Application Data\IDM\idmmzcc3

[2011/08/16 20:20:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\lili\Application Data\Mozilla\Extensions
[2012/08/10 10:05:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\lili\Application Data\Mozilla\Firefox\Profiles\t20h67g7.default\extensions
[2012/10/06 19:03:20 | 000,002,126 | ---- | M] () -- C:\Documents and Settings\lili\Application Data\Mozilla\Firefox\Profiles\t20h67g7.default\searchplugins\GoogleFeed.xml
[2012/09/15 09:20:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/08/28 20:32:39 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/08/10 06:39:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/09/15 09:20:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/09/09 11:02:27 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/08/09 20:45:41 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/09/09 11:02:22 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/08/09 20:45:41 | 000,000,760 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/08/09 20:45:41 | 000,001,219 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-el.xml

O1 HOSTS File: ([2012/10/06 06:11:50 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\alcwzrd.exe (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SoundMan.exe (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [NTServiceManager] C:\Program Files\YoutubeDownloader.org\YoutubeDownloader\YoutubeDownloader Updater.exe ()
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\lili\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1349489967296 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9EAFC37D-68C1-4F75-B87A-109334EEC732}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Τρέχουσα αρχική σελίδα) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\lili\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\lili\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/06/20 12:41:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

MsConfig - StartUpFolder: C:^Documents and Settings^lili^Start Menu^Προγράμματα^Εκκίνηση^OpenOffice.org 3.2.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe - ()
MsConfig - StartUpReg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig - StartUpReg: GEST - hkey= - key= - File not found
MsConfig - StartUpReg: KernelFaultCheck - hkey= - key= - File not found
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /I:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Ενοποίηση δεδομένων για τη δυναμική HTML της Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Σύνταξη ιστοσελίδων για προχωρημένους
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - Κλάσεις DirectAnimation της Java
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5CA109D3-A084-47E8-A9CB-D497322E3F50} - BingBar 7.0
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6AA26B7C-7C26-33B4-88DD-431CB7C94742} - .NET Framework
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /I:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Χρονοδιάγραμμα εργασιών
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{21d337f6-7548-4c7c-a931-2eeaf254b69a} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.ffds - C:\Program Files\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: dvspr - C:\WINDOWS\system32\vczuxxt.dll File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/10/06 20:56:21 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\lili\Επιφάνεια εργασίας\OTL.exe
[2012/10/06 20:20:29 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/10/06 20:20:29 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/10/06 20:20:29 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/10/06 20:20:29 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/10/06 20:20:25 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/10/06 20:20:22 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/10/06 20:17:10 | 004,762,471 | R--- | C] (Swearware) -- C:\Documents and Settings\lili\Επιφάνεια εργασίας\ComboFix.exe
[2012/10/06 19:12:39 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\lili\Επιφάνεια εργασίας\aswMBR.exe
[2012/10/06 19:06:44 | 002,212,440 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\lili\Επιφάνεια εργασίας\tdsskiller.exe
[2012/10/06 07:11:09 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\lili\Επιφάνεια εργασίας\dds.com
[2012/10/06 07:08:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lili\Επιφάνεια εργασίας\LOGS
[2012/10/06 06:45:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Προγράμματα\Malwarebytes' Anti-Malware
[2012/10/06 06:45:26 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/10/06 06:45:26 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/10/06 06:32:37 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\lili\Επιφάνεια εργασίας\TFC.exe
[2012/10/06 05:09:51 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/10/06 05:03:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012/10/06 04:53:24 | 000,000,000 | R--D | C] -- C:\Documents and Settings\lili\Τα έγγραφά μου\Τα βίντεό μου
[2012/10/06 04:53:24 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\Τα βίντεό μου
[2012/10/06 04:22:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lili\Application Data\Malwarebytes
[2012/10/06 04:21:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/10/06 02:11:15 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/10/06 02:04:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lili\Application Data\LavasoftStatistics
[2012/10/06 02:04:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lili\Application Data\Ad-Aware Antivirus
[2012/10/06 01:42:16 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012/10/06 01:41:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2012/10/03 22:03:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lili\Επιφάνεια εργασίας\THE FLYING SWORDS OF DRAGON GATE (2011) 720P BLURAY X264 - ROVERS
[2012/09/15 09:20:58 | 000,157,680 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012/09/15 09:20:58 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012/09/15 09:20:58 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012/09/12 19:56:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lili\Τα έγγραφά μου\Game.of.Thrones.S02!!
[2012/09/12 18:30:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lili\Επιφάνεια εργασίας\ΠΛΟΙΟ
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[1 C:\Documents and Settings\lili\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\lili\Local Settings\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/06 20:58:00 | 000,001,168 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/06 20:58:00 | 000,001,164 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/06 20:56:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\lili\Επιφάνεια εργασίας\OTL.exe
[2012/10/06 20:17:31 | 004,762,471 | R--- | M] (Swearware) -- C:\Documents and Settings\lili\Επιφάνεια εργασίας\ComboFix.exe
[2012/10/06 20:12:34 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\lili\Επιφάνεια εργασίας\MBR.dat
[2012/10/06 20:04:45 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/10/06 20:04:43 | 000,070,144 | ---- | M] () -- C:\Documents and Settings\lili\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/10/06 19:48:06 | 000,051,855 | ---- | M] () -- C:\Documents and Settings\lili\Επιφάνεια εργασίας\MYPROBLEM.JPG
[2012/10/06 19:36:27 | 000,000,107 | ---- | M] () -- C:\Documents and Settings\lili\default.pls
[2012/10/06 19:23:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/10/06 19:12:52 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\lili\Επιφάνεια εργασίας\aswMBR.exe
[2012/10/06 19:06:57 | 002,212,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\lili\Επιφάνεια εργασίας\tdsskiller.exe
[2012/10/06 19:03:17 | 000,016,608 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\gdrv.sys
[2012/10/06 19:03:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/10/06 19:00:59 | 000,513,501 | ---- | M] () -- C:\Documents and Settings\lili\Επιφάνεια εργασίας\adwcleaner.exe
[2012/10/06 07:11:11 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\lili\Επιφάνεια εργασίας\dds.com
[2012/10/06 07:09:39 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\lili\Επιφάνεια εργασίας\kenvh40b.exe
[2012/10/06 06:45:28 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Επιφάνεια εργασίας\Malwarebytes Anti-Malware.lnk
[2012/10/06 06:40:58 | 000,118,952 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/10/06 06:33:00 | 000,540,598 | ---- | M] () -- C:\WINDOWS\System32\perfh008.dat
[2012/10/06 06:33:00 | 000,432,928 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/10/06 06:33:00 | 000,090,456 | ---- | M] () -- C:\WINDOWS\System32\perfc008.dat
[2012/10/06 06:33:00 | 000,067,884 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/10/06 06:32:41 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\lili\Επιφάνεια εργασίας\TFC.exe
[2012/10/06 06:17:03 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\lili\Επιφάνεια εργασίας\Συντόμευση για το Ιnternet.lnk
[2012/10/06 06:11:50 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/10/06 05:20:24 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/10/06 05:09:55 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/09/21 22:23:19 | 000,696,240 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/09/21 22:23:19 | 000,073,136 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/09/12 16:14:35 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[1 C:\Documents and Settings\lili\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\lili\Local Settings\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/06 20:20:29 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/10/06 20:20:29 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/10/06 20:20:29 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/10/06 20:20:29 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/10/06 20:20:29 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/10/06 20:12:34 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\lili\Επιφάνεια εργασίας\MBR.dat
[2012/10/06 19:36:27 | 000,000,107 | ---- | C] () -- C:\Documents and Settings\lili\default.pls
[2012/10/06 19:33:45 | 000,051,855 | ---- | C] () -- C:\Documents and Settings\lili\Επιφάνεια εργασίας\MYPROBLEM.JPG
[2012/10/06 19:00:58 | 000,513,501 | ---- | C] () -- C:\Documents and Settings\lili\Επιφάνεια εργασίας\adwcleaner.exe
[2012/10/06 07:09:37 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\lili\Επιφάνεια εργασίας\kenvh40b.exe
[2012/10/06 06:45:28 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Επιφάνεια εργασίας\Malwarebytes Anti-Malware.lnk
[2012/10/06 06:17:03 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\lili\Επιφάνεια εργασίας\Συντόμευση για το Ιnternet.lnk
[2012/10/06 05:09:52 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/03/08 14:37:33 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/07/29 23:27:46 | 000,032,250 | ---- | C] () -- C:\WINDOWS\System32\epfwdata.bin
[2011/02/09 19:39:00 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2010/07/12 14:57:14 | 000,070,144 | ---- | C] () -- C:\Documents and Settings\lili\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/08 21:55:34 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\lili\Local Settings\Application Data\prvlcl.dat

========== ZeroAccess Check ==========

[2010/10/24 22:43:45 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2012/04/20 22:29:45 | 001,510,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 13:52:33 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 19:30:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

========== Drive Information ==========
 
Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed\thard disk media
Interface type: IDE
Media Type: Fixed\thard disk media
Model: WDC WD2500KS-00MJB0
Partitions: 1
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 233,00GB
Starting Offset: 32256
Hidden sectors: 0

[2010/06/20 12:55:15 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information

< %AppData%\Roaming\Mozilla\Firefox\Profiles\*.default\extensions\ /s /md5 >

< %AppData%\Local\ >

< %systemroot%\system32\sysprep >

< *.xpi /md5 >

< %systemroot%\Downloaded Program Files\ >

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile >
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/09/09 11:02:21 | 000,885,824 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/09/09 11:02:21 | 000,885,824 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/09/09 11:02:21 | 000,885,824 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/09/09 11:02:27 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/09/09 11:02:27 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/09/09 11:02:27 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/08/28 15:07:34 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/08/28 15:07:34 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/08/28 15:07:34 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/09/09 11:02:21 | 000,885,824 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/09/09 11:02:21 | 000,885,824 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/09/09 11:02:21 | 000,885,824 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/09/09 11:02:27 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/09/09 11:02:27 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/09/09 11:02:27 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/08/28 15:07:34 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/08/28 15:07:34 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/08/28 15:07:34 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\drivers\*.sys /90 >
[2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys

< %systemroot%\System32\config\*.sav >
[2010/06/20 15:25:04 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2010/06/20 15:25:04 | 000,643,072 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2010/06/20 15:25:04 | 000,446,464 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %SYSTEMDRIVE%\*.exe /md5 >

< "%WinDir%\$NtUninstallKB*$." /30 >

< %systemdrive%\Program Files\Common Files\ComObjects\*.* /s >

< %systemroot%\*. /mp /s >

< %systemroot%\*. /rp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\Installer\ /s >

< %systemroot%\system32\Cache\ /s >

< %systemroot%\system32\config\systemprofile\Application Data /s >

< %PROGRAMFILES%\*. >
[2011/09/23 22:51:08 | 000,000,000 | ---D | M] -- C:\Program Files\Activision
[2012/08/09 21:44:17 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2011/02/09 19:38:45 | 000,000,000 | ---D | M] -- C:\Program Files\Auralog
[2010/07/16 21:40:49 | 000,000,000 | ---D | M] -- C:\Program Files\Combined Community Codec Pack
[2012/10/06 20:23:26 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2010/06/20 12:38:54 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2011/02/09 19:28:57 | 000,000,000 | ---D | M] -- C:\Program Files\DAEMON Tools Lite
[2010/11/04 15:41:42 | 000,000,000 | ---D | M] -- C:\Program Files\DVD Shrink
[2012/10/06 05:18:30 | 000,000,000 | ---D | M] -- C:\Program Files\DVDVideoSoft
[2012/10/06 01:42:16 | 000,000,000 | ---D | M] -- C:\Program Files\Enigma Software Group
[2012/10/06 05:12:42 | 000,000,000 | ---D | M] -- C:\Program Files\ESET
[2010/06/20 12:49:46 | 000,000,000 | ---D | M] -- C:\Program Files\GIGABYTE
[2011/12/01 12:20:35 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2012/04/10 08:24:32 | 000,000,000 | ---D | M] -- C:\Program Files\GUM93.tmp
[2010/06/20 12:55:15 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2010/06/20 12:50:22 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2012/09/21 22:53:23 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2012/09/15 09:20:55 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2010/07/13 21:51:28 | 000,000,000 | ---D | M] -- C:\Program Files\JRE
[2012/10/06 06:45:29 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/13 01:33:49 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2012/10/06 03:52:00 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2010/06/20 12:41:46 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2011/04/15 22:01:37 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2012/09/09 11:02:35 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2012/09/09 18:20:43 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Maintenance Service
[2010/10/24 22:45:05 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2010/06/20 12:38:19 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2011/04/13 01:58:40 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2010/10/24 22:42:32 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 6.0
[2010/07/12 15:02:45 | 000,000,000 | ---D | M] -- C:\Program Files\Nero
[2011/04/13 01:21:41 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2010/06/20 12:40:29 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/07/13 21:51:24 | 000,000,000 | ---D | M] -- C:\Program Files\OpenOffice.org 3
[2011/04/13 02:03:28 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2010/06/20 12:55:15 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
[2010/10/24 22:44:59 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2012/08/28 20:32:39 | 000,000,000 | R--D | M] -- C:\Program Files\Skype
[2012/10/06 02:11:15 | 000,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2010/06/20 12:47:42 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2012/06/03 20:55:39 | 000,000,000 | ---D | M] -- C:\Program Files\uTorrent
[2010/09/08 19:26:18 | 000,000,000 | ---D | M] -- C:\Program Files\VideoLAN
[2011/04/13 01:24:32 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2011/04/13 01:21:37 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2010/06/20 12:40:32 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2011/04/13 21:49:31 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2010/06/20 12:41:46 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2011/07/09 23:53:20 | 000,000,000 | ---D | M] -- C:\Program Files\YoutubeDownloader.org

< %appdata%\*.* >
[2010/06/20 15:26:41 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\lili\Application Data\desktop.ini

< MD5 for: AFD.SYS >
[2011/08/17 16:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\system32\dllcache\afd.sys
[2011/08/17 16:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\system32\drivers\afd.sys
[2008/04/13 22:19:23 | 000,138,112 | ---- | M] (Microsoft Corporation) MD5=322D0E36693D6E24A2398BEE62A268CD -- C:\WINDOWS\$NtUninstallKB951748$\afd.sys
[2008/04/13 22:19:23 | 000,138,112 | ---- | M] (Microsoft Corporation) MD5=322D0E36693D6E24A2398BEE62A268CD -- C:\WINDOWS\ServicePackFiles\i386\afd.sys
[2011/02/16 16:22:48 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=355556D9E580915118CD7EF736653A89 -- C:\WINDOWS\$NtUninstallKB2592799$\afd.sys
[2008/10/16 18:07:58 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=38D7B715504DA4741DF35E3594FE2099 -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\afd.sys
[2008/08/14 13:34:26 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=4D43E74F2A1239D53929B82600F1971C -- C:\WINDOWS\$hf_mig$\KB956803\SP3QFE\afd.sys
[2008/08/14 12:51:43 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=55E6E1C51B6D30E54335750955453702 -- C:\WINDOWS\$NtServicePackUninstall$\afd.sys
[2006/03/02 15:00:00 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=5AC495F4CB807B2B98AD2AD591E6D92E -- C:\WINDOWS\$NtUninstallKB951748_0$\afd.sys
[2008/08/14 12:48:52 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=6A0397376853E604DE8E1E7A87FC08AC -- C:\WINDOWS\$hf_mig$\KB956803\SP2QFE\afd.sys
[2008/10/16 17:43:01 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7618D5218F2A614672EC61A80D854A37 -- C:\WINDOWS\$NtUninstallKB2503665$\afd.sys
[2008/08/14 13:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7E775010EF291DA96AD17CA4B17137D7 -- C:\WINDOWS\$hf_mig$\KB956803\SP3GDR\afd.sys
[2008/08/14 13:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7E775010EF291DA96AD17CA4B17137D7 -- C:\WINDOWS\$NtUninstallKB2509553$\afd.sys
[2011/02/16 16:25:05 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=8D499B1276012EB907E7A9E0F4D8FDA4 -- C:\WINDOWS\$hf_mig$\KB2503665\SP3QFE\afd.sys
[2008/06/20 13:44:38 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=944CA435BFCFC82CC1ED9E3A7D731AA9 -- C:\WINDOWS\$NtUninstallKB956803_0$\afd.sys
[2008/06/20 14:48:03 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=D6EE6014241D034E63C49A50CB2B442A -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys
[2008/06/20 13:44:08 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=D99DDFFB33DEACDCF20717CB520379F6 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\afd.sys
[2008/06/20 14:40:08 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=E3049B90FE06F3F740B7CFDA44995E2C -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\afd.sys
[2008/06/20 14:40:08 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=E3049B90FE06F3F740B7CFDA44995E2C -- C:\WINDOWS\$NtUninstallKB956803$\afd.sys
[2011/08/17 16:41:46 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=F6B7B1ECD7B41736BDB6FF4B092BCB79 -- C:\WINDOWS\$hf_mig$\KB2592799\SP3QFE\afd.sys

< MD5 for: ATAPI.SYS >
[2006/03/02 15:00:00 | 018,809,921 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2011/04/13 01:13:04 | 023,920,796 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2011/04/13 01:13:04 | 023,920,796 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 21:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\erdnt\cache\atapi.sys
[2008/04/13 21:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 21:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2006/03/02 15:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys

< MD5 for: CRYPTSVC.DLL >
[2006/03/02 15:00:00 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=DB4CB40F91CAC71EEA9F7E289DBEC05B -- C:\WINDOWS\$NtServicePackUninstall$\cryptsvc.dll
[2008/04/14 19:29:24 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F50F73977012F0F5CF807451B79B6736 -- C:\WINDOWS\erdnt\cache\cryptsvc.dll
[2008/04/14 19:29:24 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F50F73977012F0F5CF807451B79B6736 -- C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll
[2008/04/14 19:29:24 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F50F73977012F0F5CF807451B79B6736 -- C:\WINDOWS\system32\cryptsvc.dll

< MD5 for: DNSRSLVR.DLL >
[2006/03/02 15:00:00 | 000,046,080 | ---- | M] (Microsoft Corporation) MD5=64484EBDF104E91F8EAD7AEE952EEED6 -- C:\WINDOWS\$NtServicePackUninstall$\dnsrslvr.dll
[2009/04/20 20:07:05 | 000,046,080 | ---- | M] (Microsoft Corporation) MD5=721F278FB07EB5CB2F47A9A8D7B00D3E -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\dnsrslvr.dll
[2008/04/14 19:29:26 | 000,046,080 | ---- | M] (Microsoft Corporation) MD5=B88F912AEC6E655051A935C2D41FA5B3 -- C:\WINDOWS\$NtUninstallKB2509553$\dnsrslvr.dll
[2008/04/14 19:29:26 | 000,046,080 | ---- | M] (Microsoft Corporation) MD5=B88F912AEC6E655051A935C2D41FA5B3 -- C:\WINDOWS\ServicePackFiles\i386\dnsrslvr.dll
[2009/04/20 20:18:35 | 000,046,080 | ---- | M] (Microsoft Corporation) MD5=F99BE5941B69DC781C1C5A5D71280469 -- C:\WINDOWS\system32\dllcache\dnsrslvr.dll
[2009/04/20 20:18:35 | 000,046,080 | ---- | M] (Microsoft Corporation) MD5=F99BE5941B69DC781C1C5A5D71280469 -- C:\WINDOWS\system32\dnsrslvr.dll

< MD5 for: ES.DLL >
[2006/03/02 15:00:00 | 000,243,200 | ---- | M] (Microsoft Corporation) MD5=1C44D024781BDA77DC5DA9373BE170A6 -- C:\WINDOWS\$NtUninstallKB950974_0$\es.dll
[2008/07/07 23:30:48 | 000,253,952 | ---- | M] (Microsoft Corporation) MD5=20739EEE87AF14FABEA5FFF2B1AEAFA8 -- C:\WINDOWS\$NtServicePackUninstall$\es.dll
[2008/04/14 19:29:27 | 000,246,272 | ---- | M] (Microsoft Corporation) MD5=53B11DD7E1BF16BDE231B63A3D6C6BC0 -- C:\WINDOWS\$NtUninstallKB950974$\es.dll
[2008/04/14 19:29:27 | 000,246,272 | ---- | M] (Microsoft Corporation) MD5=53B11DD7E1BF16BDE231B63A3D6C6BC0 -- C:\WINDOWS\ServicePackFiles\i386\es.dll
[2008/07/07 23:24:03 | 000,253,952 | ---- | M] (Microsoft Corporation) MD5=6D75E47CBBC42224F3200143F6155130 -- C:\WINDOWS\$hf_mig$\KB950974\SP3QFE\es.dll
[2008/07/07 23:17:19 | 000,253,952 | ---- | M] (Microsoft Corporation) MD5=820AF4755D0E5580494F839B625C2262 -- C:\WINDOWS\$hf_mig$\KB950974\SP2QFE\es.dll
[2008/07/07 23:28:00 | 000,253,952 | ---- | M] (Microsoft Corporation) MD5=C35DF6D336EBCB2F5E8D817A531BA666 -- C:\WINDOWS\$hf_mig$\KB950974\SP3GDR\es.dll
[2008/07/07 23:28:00 | 000,253,952 | ---- | M] (Microsoft Corporation) MD5=C35DF6D336EBCB2F5E8D817A531BA666 -- C:\WINDOWS\erdnt\cache\es.dll
[2008/07/07 23:28:00 | 000,253,952 | ---- | M] (Microsoft Corporation) MD5=C35DF6D336EBCB2F5E8D817A531BA666 -- C:\WINDOWS\system32\dllcache\es.dll
[2008/07/07 23:28:00 | 000,253,952 | ---- | M] (Microsoft Corporation) MD5=C35DF6D336EBCB2F5E8D817A531BA666 -- C:\WINDOWS\system32\es.dll

< MD5 for: EXPLORER.EXE >
[2008/04/14 19:30:35 | 001,038,336 | ---- | M] (Microsoft Corporation) MD5=8B93A11CDA30DD8AD9902B59BB401411 -- C:\WINDOWS\erdnt\cache\explorer.exe
[2008/04/14 19:30:35 | 001,038,336 | ---- | M] (Microsoft Corporation) MD5=8B93A11CDA30DD8AD9902B59BB401411 -- C:\WINDOWS\explorer.exe
[2008/04/14 19:30:35 | 001,038,336 | ---- | M] (Microsoft Corporation) MD5=8B93A11CDA30DD8AD9902B59BB401411 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2006/03/02 15:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=8C0A90F37FA70DBE55B17A57EDB521FF -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: IPNATHLP.DLL >
[2006/03/02 15:00:00 | 000,335,360 | ---- | M] (Microsoft Corporation) MD5=102FA7D67DD6075CF0EE433B1492F6B4 -- C:\WINDOWS\$NtServicePackUninstall$\ipnathlp.dll
[2008/04/14 19:29:33 | 000,335,360 | ---- | M] (Microsoft Corporation) MD5=522873DF0FFD34FB1A8AF7D7E276727E -- C:\WINDOWS\ServicePackFiles\i386\ipnathlp.dll
[2008/04/14 19:29:33 | 000,335,360 | ---- | M] (Microsoft Corporation) MD5=522873DF0FFD34FB1A8AF7D7E276727E -- C:\WINDOWS\system32\ipnathlp.dll

< MD5 for: IPSEC.SYS >
[2008/04/13 22:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\erdnt\cache\ipsec.sys
[2008/04/13 22:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\ServicePackFiles\i386\ipsec.sys
[2008/04/13 22:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\system32\drivers\ipsec.sys
[2006/03/02 15:00:00 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=64537AA5C003A6AFEEE1DF819062D0D1 -- C:\WINDOWS\$NtServicePackUninstall$\ipsec.sys

< MD5 for: NETBT.SYS >
[2006/03/02 15:00:00 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=0C80E410CD2F47134407EE7DD19CC86B -- C:\WINDOWS\$NtServicePackUninstall$\netbt.sys
[2008/04/13 22:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=74B2B2F5BEA5E9A3DC021D685551BD3D -- C:\WINDOWS\ServicePackFiles\i386\netbt.sys
[2008/04/13 22:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=74B2B2F5BEA5E9A3DC021D685551BD3D -- C:\WINDOWS\system32\drivers\netbt.sys

< MD5 for: NETMAN.DLL >
[2008/04/14 19:29:44 | 000,198,144 | ---- | M] (Microsoft Corporation) MD5=A443996504A45CDF60CBA800DCB14420 -- C:\WINDOWS\erdnt\cache\netman.dll
[2008/04/14 19:29:44 | 000,198,144 | ---- | M] (Microsoft Corporation) MD5=A443996504A45CDF60CBA800DCB14420 -- C:\WINDOWS\ServicePackFiles\i386\netman.dll
[2008/04/14 19:29:44 | 000,198,144 | ---- | M] (Microsoft Corporation) MD5=A443996504A45CDF60CBA800DCB14420 -- C:\WINDOWS\system32\netman.dll
[2006/03/02 15:00:00 | 000,198,144 | ---- | M] (Microsoft Corporation) MD5=B4355B0D14253D773EC6F3C3B5EC9BA3 -- C:\WINDOWS\$NtServicePackUninstall$\netman.dll

< MD5 for: QMGR.DLL >
[2008/04/14 19:29:52 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=ABDC5CF759C736DFBFEB031FDC01E303 -- C:\WINDOWS\erdnt\cache\qmgr.dll
[2008/04/14 19:29:52 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=ABDC5CF759C736DFBFEB031FDC01E303 -- C:\WINDOWS\ServicePackFiles\i386\qmgr.dll
[2008/04/14 19:29:52 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=ABDC5CF759C736DFBFEB031FDC01E303 -- C:\WINDOWS\system32\bits\qmgr.dll
[2008/04/14 19:29:52 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=ABDC5CF759C736DFBFEB031FDC01E303 -- C:\WINDOWS\system32\qmgr.dll
[2006/03/02 15:00:00 | 000,382,464 | ---- | M] (Microsoft Corporation) MD5=D58E7D771BE5A694D53499D0F18BB83F -- C:\WINDOWS\$NtServicePackUninstall$\qmgr.dll

< MD5 for: RPCSS.DLL >
[2009/02/09 13:03:09 | 000,401,408 | ---- | M] (Microsoft Corporation) MD5=291336620D7B6DEB2647FE0C0F9D5902 -- C:\WINDOWS\$hf_mig$\KB956572\SP2QFE\rpcss.dll
[2009/02/09 13:19:00 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=4CE591871C94C66A2533142973ADA605 -- C:\WINDOWS\$NtServicePackUninstall$\rpcss.dll
[2006/03/02 15:00:00 | 000,395,776 | ---- | M] (Microsoft Corporation) MD5=96BB036AE90A3153C61420573FE46EA0 -- C:\WINDOWS\$NtUninstallKB956572_0$\rpcss.dll
[2009/02/09 13:52:33 | 000,401,408 | ---- | M] (Microsoft Corporation) MD5=B5F06957525D494D2C261B5739367524 -- C:\WINDOWS\$hf_mig$\KB956572\SP3GDR\rpcss.dll
[2009/02/09 13:52:33 | 000,401,408 | ---- | M] (Microsoft Corporation) MD5=B5F06957525D494D2C261B5739367524 -- C:\WINDOWS\erdnt\cache\rpcss.dll
[2009/02/09 13:52:33 | 000,401,408 | ---- | M] (Microsoft Corporation) MD5=B5F06957525D494D2C261B5739367524 -- C:\WINDOWS\system32\dllcache\rpcss.dll
[2009/02/09 13:52:33 | 000,401,408 | ---- | M] (Microsoft Corporation) MD5=B5F06957525D494D2C261B5739367524 -- C:\WINDOWS\system32\rpcss.dll
[2008/04/14 19:29:54 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=CAF10713E4A7C574FB8C86D34FF70616 -- C:\WINDOWS\$NtUninstallKB956572$\rpcss.dll
[2008/04/14 19:29:54 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=CAF10713E4A7C574FB8C86D34FF70616 -- C:\WINDOWS\ServicePackFiles\i386\rpcss.dll
[2009/02/09 13:55:49 | 000,401,408 | ---- | M] (Microsoft Corporation) MD5=DEA58EFF8827D923395CF52FDC5A2AE1 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\rpcss.dll

< MD5 for: SERVICES.EXE >
[2009/02/09 12:50:45 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=14378B794DD02504AD6FD7B668AC8C94 -- C:\WINDOWS\$hf_mig$\KB956572\SP2QFE\services.exe
[2009/02/09 14:16:08 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=1AE2E5CE9EEE92C125D2B95B1B85268C -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2006/03/02 15:00:00 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=1F4074C8027DFA38A1AB8ACA6967C783 -- C:\WINDOWS\$NtUninstallKB956572_0$\services.exe
[2008/04/14 19:31:01 | 000,109,056 | ---- | M] (Microsoft Corporation) MD5=207AB7A1A36004BB6F33E58E71C1C90E -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2008/04/14 19:31:01 | 000,109,056 | ---- | M] (Microsoft Corporation) MD5=207AB7A1A36004BB6F33E58E71C1C90E -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2009/02/09 14:23:04 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=2A0BB5C67281C423F8D7D6B7D79699AC -- C:\WINDOWS\$hf_mig$\KB956572\SP3GDR\services.exe
[2009/02/09 14:23:04 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=2A0BB5C67281C423F8D7D6B7D79699AC -- C:\WINDOWS\erdnt\cache\services.exe
[2009/02/09 14:23:04 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=2A0BB5C67281C423F8D7D6B7D79699AC -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/09 14:23:04 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=2A0BB5C67281C423F8D7D6B7D79699AC -- C:\WINDOWS\system32\services.exe
[2009/02/09 13:07:24 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=8B030D578706000A9416A7B244A415F4 -- C:\WINDOWS\$NtServicePackUninstall$\services.exe

< MD5 for: SR.SYS >
[2006/03/02 15:00:00 | 000,073,600 | ---- | M] (Microsoft Corporation) MD5=682CED06B35E1391091FF802C7F224F6 -- C:\WINDOWS\$NtServicePackUninstall$\sr.sys
[2008/04/14 19:02:25 | 000,073,472 | ---- | M] (Microsoft Corporation) MD5=A41AC0D87DC3054DB716F1456C84391C -- C:\WINDOWS\ServicePackFiles\i386\sr.sys
[2008/04/14 19:02:25 | 000,073,472 | ---- | M] (Microsoft Corporation) MD5=A41AC0D87DC3054DB716F1456C84391C -- C:\WINDOWS\system32\drivers\sr.sys

< MD5 for: SRSVC.DLL >
[2008/04/14 19:30:07 | 000,171,520 | ---- | M] (Microsoft Corporation) MD5=BB9B6E360FF1A701A7920AA798A335BF -- C:\WINDOWS\erdnt\cache\srsvc.dll
[2008/04/14 19:30:07 | 000,171,520 | ---- | M] (Microsoft Corporation) MD5=BB9B6E360FF1A701A7920AA798A335BF -- C:\WINDOWS\ServicePackFiles\i386\srsvc.dll
[2008/04/14 19:30:07 | 000,171,520 | ---- | M] (Microsoft Corporation) MD5=BB9B6E360FF1A701A7920AA798A335BF -- C:\WINDOWS\system32\srsvc.dll
[2006/03/02 15:00:00 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=BD5300CA375C341E4BBDDA4B91B1C56B -- C:\WINDOWS\$NtServicePackUninstall$\srsvc.dll

< MD5 for: SVCHOST.EXE >
[2008/04/14 19:31:05 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=274E9C78C12EBF74DC56B2BF64312F34 -- C:\WINDOWS\erdnt\cache\svchost.exe
[2008/04/14 19:31:05 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=274E9C78C12EBF74DC56B2BF64312F34 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/14 19:31:05 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=274E9C78C12EBF74DC56B2BF64312F34 -- C:\WINDOWS\system32\svchost.exe
[2012/09/07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2006/03/02 15:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=D0488D4C9C04CA3FFDA71D8A0D7959FA -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: TCPIP.SYS >
[2008/06/20 13:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
[2008/06/20 13:44:42 | 000,360,960 | ---- | M] (Microsoft Corporation) MD5=744E57C99232201AE98C49168B918F48 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[2008/04/13 22:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008/04/13 22:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008/06/20 14:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[2008/06/20 14:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\erdnt\cache\tcpip.sys
[2008/06/20 14:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008/06/20 14:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2006/03/02 15:00:00 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtUninstallKB951748_0$\tcpip.sys
[2008/06/20 14:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[2008/06/20 14:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys

< MD5 for: USERINIT.EXE >
[2006/03/02 15:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=E0EB5D17FCF2C50357E32B8A6D0799ED -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 19:31:08 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=FD570C21EC04E768DE7577CAD6081C76 -- C:\WINDOWS\erdnt\cache\userinit.exe
[2008/04/14 19:31:08 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=FD570C21EC04E768DE7577CAD6081C76 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 19:31:08 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=FD570C21EC04E768DE7577CAD6081C76 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: VOLSNAP.SYS >
[2008/04/14 18:47:31 | 000,053,632 | ---- | M] (Microsoft Corporation) MD5=3CF5DC3FDF17AE17D488D4548AC33741 -- C:\WINDOWS\ServicePackFiles\i386\volsnap.sys
[2008/04/14 18:47:31 | 000,053,632 | ---- | M] (Microsoft Corporation) MD5=3CF5DC3FDF17AE17D488D4548AC33741 -- C:\WINDOWS\system32\drivers\volsnap.sys
[2006/03/02 15:00:00 | 000,053,632 | ---- | M] (Microsoft Corporation) MD5=B26DA873095E796F84326F3E160E1FB3 -- C:\WINDOWS\$NtServicePackUninstall$\volsnap.sys

< MD5 for: WINLOGON.EXE >
[2012/09/07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2006/03/02 15:00:00 | 000,508,416 | ---- | M] (Microsoft Corporation) MD5=5C13423B50E48732AD8DC2E6C2B25EFD -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/14 19:31:11 | 000,513,536 | ---- | M] (Microsoft Corporation) MD5=5C928CB57C89F8623608DBF5467379EE -- C:\WINDOWS\erdnt\cache\winlogon.exe
[2008/04/14 19:31:11 | 000,513,536 | ---- | M] (Microsoft Corporation) MD5=5C928CB57C89F8623608DBF5467379EE -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 19:31:11 | 000,513,536 | ---- | M] (Microsoft Corporation) MD5=5C928CB57C89F8623608DBF5467379EE -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WMISVC.DLL >
[2008/04/14 19:30:12 | 000,145,408 | ---- | M] (Microsoft Corporation) MD5=075EC50CA60F1B4EE576886BEF72AB21 -- C:\WINDOWS\ServicePackFiles\i386\wmisvc.dll
[2008/04/14 19:30:12 | 000,145,408 | ---- | M] (Microsoft Corporation) MD5=075EC50CA60F1B4EE576886BEF72AB21 -- C:\WINDOWS\system32\wbem\wmisvc.dll
[2006/03/02 15:00:00 | 000,145,408 | ---- | M] (Microsoft Corporation) MD5=7D59A5D747B3DCCFB718205868E76595 -- C:\WINDOWS\$NtServicePackUninstall$\wmisvc.dll

< MD5 for: WSCSVC.DLL >
[2008/04/14 19:30:12 | 000,080,896 | ---- | M] (Microsoft Corporation) MD5=1A5DDC44B0AB7C40C13796DB7DB82989 -- C:\WINDOWS\ServicePackFiles\i386\wscsvc.dll
[2008/04/14 19:30:12 | 000,080,896 | ---- | M] (Microsoft Corporation) MD5=1A5DDC44B0AB7C40C13796DB7DB82989 -- C:\WINDOWS\system32\wscsvc.dll
[2006/03/02 15:00:00 | 000,081,408 | ---- | M] (Microsoft Corporation) MD5=25F5E44C836FF17AE73B5A5D5BED6D33 -- C:\WINDOWS\$NtServicePackUninstall$\wscsvc.dll

< MD5 for: WUAUSERV.DLL >
[2006/03/02 15:00:00 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=0B1279926EBE0B9FC8B81675EAEC846D -- C:\WINDOWS\$NtServicePackUninstall$\wuauserv.dll
[2008/04/14 19:30:15 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=6F55057EE883AC1675F31242B6DD6EF3 -- C:\WINDOWS\ServicePackFiles\i386\wuauserv.dll
[2008/04/14 19:30:15 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=6F55057EE883AC1675F31242B6DD6EF3 -- C:\WINDOWS\system32\wuauserv.dll

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790 -> Junction
[C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e -> Junction

< End of report >
 
OTL Extras logfile created on: 6/10/2012 8:58:34 μμ - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\lili\Επιφάνεια εργασίας
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000408 | Country: Ελλάδα | Language: ELL | Date Format: d/M/yyyy

988,42 Mb Total Physical Memory | 552,27 Mb Available Physical Memory | 55,87% Memory free
2,32 Gb Paging File | 2,03 Gb Available in Paging File | 87,68% Paging File free
Paging file location(s): C:\pagefile.sys 1476 2952 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 209,85 Gb Free Space | 90,11% Space Free | Partition Type: NTFS

Computer Name: LILIA | User Name: lili | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"6162:TCP" = 6162:TCP:*:Enabled:eek:xlkjlne

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Disabled:Google Earth -- (Google)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 35
"{350C9408-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{43FFE159-3199-4188-A1CD-629166AD1032}" = Nero 7 Ultra Edition
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5607C1B8-DA2B-31D0-93A6-968D8C23A944}" = Microsoft .NET Framework 3.5 Language Pack SP1 - ell
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57481C12-C102-395A-8BC3-941F2D79A114}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - ELL
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{6AA26B7C-7C26-33B4-88DD-431CB7C94742}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - ELL
"{7ED169D4-5053-4166-93DF-53B12AE6C539}" = Energy Saver Advance B8.0711.1
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B700113B-24A8-4D4C-8484-0CC944F764C8}" = Google SketchUp 8
"{B99FC4CE-FA4F-4CAB-ACA4-CFD56FDCE5A9}" = OpenOffice.org 3.2
"{BE09FBC2-74BF-42A5-8FFF-12E784BAA42C}" = ESET Smart Security
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
"DAEMON Tools Lite" = DAEMON Tools Lite
"DVD Shrink_is1" = DVD Shrink 3.2
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
"Microsoft .NET Framework 3.5 Language Pack SP1 - ell" = Πακέτο γλώσσας του Microsoft .NET Framework 3.5 SP1 - ELL
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 15.0.1 (x86 el)" = Mozilla Firefox 15.0.1 (x86 el)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"TMM70" = TELL ME MORE
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.0.5
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/2/2011 2:15:54 μμ | Computer Name = LILIA | Source = Application Error | ID = 1000
Description = Ελαττωματική εφαρμογή firefox.exe, έκδοση 1.9.2.3989, ελαττωματική
λειτουργική μονάδα datamngr.dll, έκδοση 1.0.0.1, ελαττωματική διεύθυνση 0x00079cdd.

Error - 9/2/2011 12:29:01 μμ | Computer Name = LILIA | Source = crypt32 | ID = 131083
Description = Αποτυχημένη εξαγωγή από το αρχείο cab αυτόματης ενημέρωσης, της ριζικής
λίστας άλλου κατασκευαστή: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
με σφάλμα: Παρουσιάστηκε εσωτερικό σφάλμα αλληλουχίας πιστοποιητικών.

Error - 10/4/2011 4:04:20 μμ | Computer Name = LILIA | Source = Application Error | ID = 1000
Description = Ελαττωματική εφαρμογή explorer.exe, έκδοση 6.0.2900.2180, ελαττωματική
λειτουργική μονάδα nemp4splitter.ax, έκδοση 4.9.4.1, ελαττωματική διεύθυνση 0x0002a65b.

Error - 13/4/2011 4:06:51 μμ | Computer Name = LILIA | Source = Application Hang | ID = 1002
Description = Κρεμασμένη εφαρμογή firefox.exe, έκδοση 1.9.2.3989, στοιχείο ελέγχου
κρεμάσματος hungapp, έκδοση 0.0.0.0, διεύθυνση κρεμάσματος 0x00000000.

Error - 19/5/2011 2:32:07 μμ | Computer Name = LILIA | Source = Application Hang | ID = 1002
Description = Κρεμασμένη εφαρμογή chrome.exe, έκδοση 0.0.0.0, στοιχείο ελέγχου κρεμάσματος
hungapp, έκδοση 0.0.0.0, διεύθυνση κρεμάσματος 0x00000000.

Error - 20/5/2011 2:37:47 μμ | Computer Name = LILIA | Source = Application Hang | ID = 1002
Description = Κρεμασμένη εφαρμογή chrome.exe, έκδοση 0.0.0.0, στοιχείο ελέγχου κρεμάσματος
hungapp, έκδοση 0.0.0.0, διεύθυνση κρεμάσματος 0x00000000.

Error - 29/5/2011 9:48:45 πμ | Computer Name = LILIA | Source = Application Hang | ID = 1002
Description = Κρεμασμένη εφαρμογή firefox.exe, έκδοση 1.9.2.3989, στοιχείο ελέγχου
κρεμάσματος hungapp, έκδοση 0.0.0.0, διεύθυνση κρεμάσματος 0x00000000.

Error - 31/5/2011 4:02:08 μμ | Computer Name = LILIA | Source = Application Hang | ID = 1002
Description = Κρεμασμένη εφαρμογή firefox.exe, έκδοση 1.9.2.3989, στοιχείο ελέγχου
κρεμάσματος hungapp, έκδοση 0.0.0.0, διεύθυνση κρεμάσματος 0x00000000.

Error - 9/7/2011 4:49:42 μμ | Computer Name = LILIA | Source = Application Hang | ID = 1002
Description = Κρεμασμένη εφαρμογή FreeYouTubeToMP3Converter.exe, έκδοση 3.9.28.219,
στοιχείο ελέγχου κρεμάσματος hungapp, έκδοση 0.0.0.0, διεύθυνση κρεμάσματος 0x00000000.

Error - 18/7/2011 12:06:38 μμ | Computer Name = LILIA | Source = Application Error | ID = 1000
Description = Ελαττωματική εφαρμογή chrome.exe, έκδοση 0.0.0.0, ελαττωματική λειτουργική
μονάδα gcswf32.dll, έκδοση 10.3.181.35, ελαττωματική διεύθυνση 0x003b7fec.

[ System Events ]
Error - 5/10/2012 11:36:10 μμ | Computer Name = LILIA | Source = Service Control Manager | ID = 7034
Description = Η λειτουργία της υπηρεσίας Java Quick Starter τερματίστηκε αναπάντεχα.
Αυτό συνέβη 1 φορά(ές).

Error - 5/10/2012 11:37:53 μμ | Computer Name = LILIA | Source = Service Control Manager | ID = 7023
Description = Η υπηρεσία Server Config τερματίστηκε με το ακόλουθο σφάλμα: %%126

Error - 5/10/2012 11:41:02 μμ | Computer Name = LILIA | Source = Service Control Manager | ID = 7023
Description = Η υπηρεσία Server Config τερματίστηκε με το ακόλουθο σφάλμα: %%126

Error - 5/10/2012 11:43:14 μμ | Computer Name = LILIA | Source = DCOM | ID = 10010
Description = Ο διακομιστής {1BE1F766-5536-11D1-B726-00C04FB926AF} δεν καταχωρήθηκε
με το διακομιστή DCOM μέσα το απαιτούμενο χρονικό όριο.

Error - 5/10/2012 11:53:31 μμ | Computer Name = LILIA | Source = Service Control Manager | ID = 7023
Description = Η υπηρεσία Server Config τερματίστηκε με το ακόλουθο σφάλμα: %%126

Error - 6/10/2012 12:01:31 πμ | Computer Name = LILIA | Source = Service Control Manager | ID = 7023
Description = Η υπηρεσία Server Config τερματίστηκε με το ακόλουθο σφάλμα: %%126

Error - 6/10/2012 12:15:25 πμ | Computer Name = LILIA | Source = atapi | ID = 262153
Description = Η συσκευή, \Device\Ide\IdePort3, δεν αποκρίθηκε μέσα στο χρονικό όριο.

Error - 6/10/2012 10:44:54 πμ | Computer Name = LILIA | Source = Service Control Manager | ID = 7023
Description = Η υπηρεσία Server Config τερματίστηκε με το ακόλουθο σφάλμα: %%126

Error - 6/10/2012 12:03:18 μμ | Computer Name = LILIA | Source = Service Control Manager | ID = 7023
Description = Η υπηρεσία Server Config τερματίστηκε με το ακόλουθο σφάλμα: %%126

Error - 6/10/2012 1:20:13 μμ | Computer Name = LILIA | Source = Service Control Manager | ID = 7034
Description = Η λειτουργία της υπηρεσίας Skype C2C Service τερματίστηκε αναπάντεχα.
Αυτό συνέβη 1 φορά(ές).


< End of report >
 
Please open OTL, copy the content below in the box and paste it to the Custom Scans/Fixes box in OTL:

:OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.smartwebsearch.net/index.php?from=3
IE - HKCU\..\SearchScopes,DefaultScope = {AB79D3B4-AEDB-428a-B504-BAC00521A1C7}
IE - HKCU\..\SearchScopes\{AB79D3B4-AEDB-428a-B504-BAC00521A1C7}: "URL" = http://www.smartwebsearch.net/index.php?from=4&q={searchTerms}
FF - prefs.js..browser.startup.homepage: "http://www.smartwebsearch.net/index.php?from=3"
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}:6.0.33
FF - prefs.js..keyword.URL: "http://smartwebsearch.net/results.php?q="
[2012/08/10 06:39:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\lili\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O24 - Desktop Components:0 (Τρέχουσα αρχική σελίδα) - About:Home
[2012/04/10 08:24:32 | 000,000,000 | ---D | M] -- C:\Program Files\GUM93.tmp
[2011/07/09 23:53:20 | 000,000,000 | ---D | M] -- C:\Program Files\YoutubeDownloader.org

:commands
[emptytemp]
[reboot]
Click to expand...

Then, hit Run Fix. When the fix log launches, please post that in your next reply.
 
1000 THANKS HERES THE LOG:
All processes killed
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AB79D3B4-AEDB-428a-B504-BAC00521A1C7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AB79D3B4-AEDB-428a-B504-BAC00521A1C7}\ not found.
Prefs.js: "http://www.smartwebsearch.net/index.php?from=3" removed from browser.startup.homepage
Prefs.js: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}:6.0.33 removed from extensions.enabledAddons
Prefs.js: "http://smartwebsearch.net/results.php?q=" removed from keyword.URL
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} folder moved successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Free YouTube to Mp3 Converter\ deleted successfully.
C:\Documents and Settings\lili\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm moved successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0\ deleted successfully.
File About:Home not found.
C:\Program Files\GUM93.tmp folder moved successfully.
C:\Program Files\YoutubeDownloader.org\YoutubeDownloader\FF folder moved successfully.
C:\Program Files\YoutubeDownloader.org\YoutubeDownloader folder moved successfully.
C:\Program Files\YoutubeDownloader.org folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: lili
->Temp folder emptied: 754688 bytes
->Temporary Internet Files folder emptied: 82054 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 70665247 bytes
->Flash cache emptied: 1112 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32835 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32835 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 68,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 10062012_220150

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 
I took the iniative and here are the logs from SecurityCheck and FSS:
Results of screen317's Security Check version 0.99.51
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
ESET Smart Security
`````````Anti-malware/Other Utilities Check:`````````
Secunia PSI (3.0.0.4001)
Malwarebytes Anti-Malware version 1.65.0.1400
Java(TM) 6 Update 35
Java version out of Date!
Adobe Flash Player 11.4.402.265
Adobe Reader X (10.1.4)
Mozilla Firefox (15.0.1)
````````Process Check: objlist.exe by Laurent````````
ESET NOD32 Antivirus egui.exe
ESET NOD32 Antivirus ekrn.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C::
````````````````````End of Log``````````````````````
 
Farbar Service Scanner Version: 19-09-2012
Ran by lili (administrator) on 07-10-2012 at 01:01:53
Running from "C:\Documents and Settings\lili\Επιφάνεια εργασίας"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll
[2006-03-02 15:00] - [2008-04-14 19:29] - 0128000 ____A (Microsoft Corporation) 94C7EE99425BC8342D2991A915D8A8A9

C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll
[2006-03-02 15:00] - [2009-04-20 20:18] - 0046080 ____A (Microsoft Corporation) F99BE5941B69DC781C1C5A5D71280469

C:\WINDOWS\system32\ipnathlp.dll
[2006-03-02 15:00] - [2008-04-14 19:29] - 0335360 ____A (Microsoft Corporation) 522873DF0FFD34FB1A8AF7D7E276727E

C:\WINDOWS\system32\netman.dll
[2006-03-02 15:00] - [2008-04-14 19:29] - 0198144 ____A (Microsoft Corporation) A443996504A45CDF60CBA800DCB14420

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2010-06-20 12:37] - [2008-04-14 19:30] - 0145408 ____A (Microsoft Corporation) 075EC50CA60F1B4EE576886BEF72AB21

C:\WINDOWS\system32\srsvc.dll
[2010-06-20 12:39] - [2008-04-14 19:30] - 0171520 ____A (Microsoft Corporation) BB9B6E360FF1A701A7920AA798A335BF

C:\WINDOWS\system32\Drivers\sr.sys
[2010-06-20 12:39] - [2008-04-14 19:02] - 0073472 ____A (Microsoft Corporation) A41AC0D87DC3054DB716F1456C84391C

C:\WINDOWS\system32\wscsvc.dll
[2006-03-02 15:00] - [2008-04-14 19:30] - 0080896 ____A (Microsoft Corporation) 1A5DDC44B0AB7C40C13796DB7DB82989

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2010-06-20 12:37] - [2008-04-14 19:30] - 0145408 ____A (Microsoft Corporation) 075EC50CA60F1B4EE576886BEF72AB21

C:\WINDOWS\system32\wuauserv.dll
[2010-06-20 12:39] - [2008-04-14 19:30] - 0006656 ____A (Microsoft Corporation) 6F55057EE883AC1675F31242B6DD6EF3

C:\WINDOWS\system32\qmgr.dll
[2010-06-20 12:39] - [2008-04-14 19:29] - 0409088 ____A (Microsoft Corporation) ABDC5CF759C736DFBFEB031FDC01E303

C:\WINDOWS\system32\es.dll
[2006-03-02 15:00] - [2008-07-07 23:28] - 0253952 ____A (Microsoft Corporation) C35DF6D336EBCB2F5E8D817A531BA666

C:\WINDOWS\system32\cryptsvc.dll
[2006-03-02 15:00] - [2008-04-14 19:29] - 0062464 ____A (Microsoft Corporation) F50F73977012F0F5CF807451B79B6736

C:\WINDOWS\system32\svchost.exe
[2006-03-02 15:00] - [2008-04-14 19:31] - 0014336 ____A (Microsoft Corporation) 274E9C78C12EBF74DC56B2BF64312F34

C:\WINDOWS\system32\rpcss.dll
[2006-03-02 15:00] - [2009-02-09 13:52] - 0401408 ____A (Microsoft Corporation) B5F06957525D494D2C261B5739367524

C:\WINDOWS\system32\services.exe
[2006-03-02 15:00] - [2009-02-09 14:23] - 0111104 ____A (Microsoft Corporation) 2A0BB5C67281C423F8D7D6B7D79699AC


Extra List:
=======
Epfwndis(10) epfwtdi(11) Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x0B00000005000000010000000200000003000000040000000B000000080000000900000006000000070000000A000000
IpSec Tag value is correct.

**** End of log ****
 
Status
Not open for further replies.

Similar threads

N
Microsoft releases optional fix for actively exploited Secure Boot vulnerability
Replies
8
Views
623
SirEvilJebus
SirEvilJebus
Cal Jeffrey
Blizzard promises quarterly story and content updates for Diablo IV
Replies
6
Views
670
Ohnooze
Ohnooze
Daniel Sims
Intel B760 motherboard could receive price hike over B660
Replies
5
Views
779
Lew Zealand
Lew Zealand

Latest posts

Back