TechSpot

Mozilla's homepage: http://www.search.starburnsoftware.com/#

Solved
By giannhs_mastro
Oct 6, 2012
Topic Status:
Not open for further replies.
  1. I have already read the [SOLVED] Some spyware. User: Islam Expert: Broni and my issue is quite similar:
    No matter the changes I make to mozilla's homepage, it keeps redirecting after a reboot or a fresh boot to http://www.search.starburnsoftware.com/#
    Done the 5 step guide and here are the logs:
  2. giannhs_mastro

    giannhs_mastro TS Rookie Topic Starter Posts: 21

    Malwarebytes Anti-Malware 1.65.0.1400
    www.malwarebytes.org

    Database version: v2012.10.05.12

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    lili :: LILIA [administrator]

    10/06/2012 7:08:15 AM
    mbam-log-2012-10-06 (07-08-15). txt

    Scan type: Quick Scan
    Scanning options enabled: Memory | Startup | Registry | File System | Heuristic method / Extra | Heuristic method / Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 185629
    Time elapsed: 3 minute (s), 7 second (s)

    Memory Processes detected: 0
    (No malicious items detected)

    Evidence was found in memory: 0
    (No malicious items detected)

    Found keys in the registry: 0
    (No malicious items detected)

    Identified Registry Values​​: 0
    (No malicious items detected)

    Identified Registry Data Items: 0
    (No malicious items detected)

    Identified Folders: 0
    (No malicious items detected)

    Files found: 0
    (No malicious items detected)

    (end)
  3. giannhs_mastro

    giannhs_mastro TS Rookie Topic Starter Posts: 21

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-10-06 11:51:04
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T1L0-10 WDC_WD2500KS-00MJB0 rev.02.01C03
    Running: kenvh40b.exe; Driver: C:\DOCUME~1\lili\LOCALS~1\Temp\uxtdapod.sys


    ---- System - GMER 1.0.15 ----

    SSDT 85557C90 ZwAssignProcessToJobObject
    SSDT 85558200 ZwDebugActiveProcess
    SSDT 855582F0 ZwDuplicateObject
    SSDT 85557590 ZwOpenProcess
    SSDT 85557800 ZwOpenThread
    SSDT 85557FD0 ZwProtectVirtualMemory
    SSDT 855580E0 ZwQueueApcThread
    SSDT 85557EC0 ZwSetContextThread
    SSDT 85557D90 ZwSetInformationThread
    SSDT 85554DA0 ZwSetSecurityObject
    SSDT 85557B90 ZwSuspendProcess
    SSDT 85557A80 ZwSuspendThread
    SSDT 855576E0 ZwTerminateProcess
    SSDT 85557A50 ZwTerminateThread
    SSDT 855586D0 ZwWriteVirtualMemory

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[2044] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 00]

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
    AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
    AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
    AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
    AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\xa0\3Α\3Ώ\3Γ\3\xb1\3Α\3Ό\3Ώ\3\xb3\3\xad\3\xb1\3Β\3 \0\x384\3Ή\3Ί\3Δ\3Ν\3Ώ\3Ε\3 \0001\0003\09\0004 1?
    Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\x2018\3Γ\3Ν\3\xb3\3Η\3Α\3Ώ\3\xbd\3Ώ\3Β\3 \0ΐ\3Α\3Ώ\3Γ\3\xb1\3Α\3Ό\3Ώ\3\xb3\3\xad\3\xb1\3Β\3 \0R\0A\0S 1?
    Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\x2018\3ΐ\3µ\3Ε\3Έ\3µ\3\x2015\3\xb1\3Β\3 \0ΐ\3\xb1\3Α\3\xac\3\xbb\3\xbb\3\xb7\3\xbb\3\xb7\3 1?
    Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\xa0\3\xb1\3Ί\3\xad\3Δ\3Ώ\3 \0Η\3Α\3Ώ\3\xbd\3Ώ\3\x384\3Ή\3\xb1\3\xb3\3Α\3\xac\3Ό\3Ό\3\xb1\3Δ\3Ώ\3Β\3 \0M\0i\0n\0i\0p\0o\0r\0t 1?2?
    Reg HKLM\SYSTEM\ControlSet003\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\xa0\3Α\3Ώ\3Γ\3\xb1\3Α\3Ό\3Ώ\3\xb3\3\xad\3\xb1\3Β\3 \0\x384\3Ή\3Ί\3Δ\3Ν\3Ώ\3Ε\3 \0001\0003\09\0004 1?
    Reg HKLM\SYSTEM\ControlSet003\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\x2018\3Γ\3Ν\3\xb3\3Η\3Α\3Ώ\3\xbd\3Ώ\3Β\3 \0ΐ\3Α\3Ώ\3Γ\3\xb1\3Α\3Ό\3Ώ\3\xb3\3\xad\3\xb1\3Β\3 \0R\0A\0S 1?
    Reg HKLM\SYSTEM\ControlSet003\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\x2018\3ΐ\3µ\3Ε\3Έ\3µ\3\x2015\3\xb1\3Β\3 \0ΐ\3\xb1\3Α\3\xac\3\xbb\3\xbb\3\xb7\3\xbb\3\xb7\3 1?
    Reg HKLM\SYSTEM\ControlSet003\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\xa0\3\xb1\3Ί\3\xad\3Δ\3Ώ\3 \0Η\3Α\3Ώ\3\xbd\3Ώ\3\x384\3Ή\3\xb1\3\xb3\3Α\3\xac\3Ό\3Ό\3\xb1\3Δ\3Ώ\3Β\3 \0M\0i\0n\0i\0p\0o\0r\0t 1?2?
    Reg HKLM\SOFTWARE\Classes\CLSID\{1b41de48-c606-4a9d-a1c5-94423f4ddb5a}@Model 221
    Reg HKLM\SOFTWARE\Classes\CLSID\{1b41de48-c606-4a9d-a1c5-94423f4ddb5a}@Therad 30
    Reg HKLM\SOFTWARE\Classes\CLSID\{1b41de48-c606-4a9d-a1c5-94423f4ddb5a}@MData 0x2B 0x8F 0x78 0x29 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}@scansk 0x71 0xDE 0x50 0xE5 ...

    ---- EOF - GMER 1.0.15 ----
  4. giannhs_mastro

    giannhs_mastro TS Rookie Topic Starter Posts: 21

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_35
    Run by lili at 11:52:53 on 2012-10-06
    Microsoft Windows XP Home Edition 5.1.2600.3.1253.30.1032.18.988.554 [GMT 3:00]
    .
    AV: ESET Smart Security 4.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
    FW: ESET Personal firewall *Disabled*
    FW: AVG Firewall *Disabled*
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost.exe -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\ESET\ESET Smart Security\egui.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\YoutubeDownloader.org\YoutubeDownloader\YoutubeDownloader Updater.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.smartwebsearch.net/index.php?from=3
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
    uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED
    uRun: [NTServiceManager] c:\program files\youtubedownloader.org\youtubedownloader\YoutubeDownloader Updater.exe
    uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
    uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [SoundMan] SOUNDMAN.EXE
    mRun: [AlcWzrd] ALCWZRD.EXE
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    IE: Free YouTube to Mp3 Converter - c:\documents and settings\lili\application data\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1349489967296
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: igfxcui - igfxdev.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\lili\application data\mozilla\firefox\profiles\t20h67g7.default\
    FF - prefs.js: browser.search.selectedEngine - GoogleFeed.net
    FF - prefs.js: browser.startup.homepage - hxxp://www.smartwebsearch.net/index.php?from=3
    FF - prefs.js: keyword.URL - hxxp://smartwebsearch.net/results.php?q=
    FF - plugin: c:\documents and settings\lili\application data\mozilla\plugins\np-mswmp.dll
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_265.dll
    FF - plugin: c:\windows\system32\npdeployJava1.dll
    FF - plugin: c:\windows\system32\npptools.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-2-9 218688]
    R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-11-16 108792]
    R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2009-11-16 735960]
    R2 GEST Service;GEST Service for program management.;c:\program files\gigabyte\energysaver\GSvr.exe [2010-6-20 80392]
    R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2012-8-13 3064000]
    R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2010-6-20 108032]
    S2 dvspr;Server Config;c:\windows\system32\svchost.exe -k netsvcs [2006-3-2 14336]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-28 136176]
    S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-5-9 250288]
    S3 esgiguard;esgiguard;\??\c:\program files\enigma software group\spyhunter\esgiguard.sys --> c:\program files\enigma software group\spyhunter\esgiguard.sys [?]
    S3 gupdatem;Υπηρεσία Google Update (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-7-28 136176]
    S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-8-9 114144]
    .
    =============== Created Last 30 ================
    .
    2012-10-06 03:45:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-10-06 03:45:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-10-06 02:09:51 -------- d-sha-r- C:\cmdcons
    2012-10-06 01:22:44 -------- d-----w- c:\documents and settings\lili\application data\Malwarebytes
    2012-10-06 01:21:56 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
    2012-10-05 23:11:15 -------- d-----w- c:\program files\Trend Micro
    2012-10-05 23:04:41 -------- d-----w- c:\documents and settings\lili\application data\LavasoftStatistics
    2012-10-05 23:04:15 -------- d-----w- c:\documents and settings\lili\application data\Ad-Aware Antivirus
    2012-10-05 22:42:16 -------- d-----w- c:\program files\Enigma Software Group
    2012-10-05 22:41:56 -------- d-----w- c:\program files\common files\Wise Installation Wizard
    2012-09-09 08:02:27 73696 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll
    .
    ==================== Find3M ====================
    .
    2012-10-06 04:01:29 16608 ----a-w- c:\windows\gdrv.sys
    2012-09-21 19:23:19 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-09-21 19:23:19 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-08-28 17:24:56 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
    2012-08-28 17:24:53 473072 ----a-w- c:\windows\system32\deployJava1.dll
    2012-08-28 15:39:23 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2012-08-28 15:04:59 916992 ----a-w- c:\windows\system32\wininet.dll
    2012-08-28 15:04:57 43520 ------w- c:\windows\system32\licmgr10.dll
    2012-08-28 15:04:57 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2012-08-28 12:07:15 385024 ------w- c:\windows\system32\html.iec
    2012-04-10 05:24:31 3993600 -c--a-w- c:\program files\GUT94.tmp
    .
    ============= FINISH: 11:53:12,42 ===============
  5. giannhs_mastro

    giannhs_mastro TS Rookie Topic Starter Posts: 21

    I will be glad to read any expert advice
  6. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello, and welcome to TechSpot.


    [​IMG] Please see here for the board rules and other FAQ.

    Please feel free to introduce yourself, after you follow the steps below to get started.

    Information
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

    Download AdwCleaner by Xplode onto your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Delete.
    • A logfile will automatically open after the scan has finished.
    • Please post the content of that logfile in your reply.
    • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.


    Please download and run TDSSKiller to your desktop as outlined below:

    Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    For Windows XP, double-click to start.
    For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

    [​IMG]

    -------------------------

    Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    [​IMG]

    ------------------------

    Click the Start Scan button.

    [​IMG]

    -----------------------

    If a suspicious object is detected, the default action will be Skip, click on Continue
    If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue


    [​IMG]

    ----------------------

    If malicious objects are found, they will show in the Scan results and offer three (3) options.

    Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


    [​IMG]


    --------------------

    A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
    Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

    -------------------

    Here's a summary of what to do if you would like to print it out:

    If a suspicious object is detected, the default action will be Skip, click on Continue
    If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue

    If malicious objects are found, they will show in the Scan results and offer three (3) options.

    Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


    avast! aswMBR

    Please download aswMBR from here
    • Save aswMBR.exe to your Desktop
    • Double click aswMBR.exe to run it
    • Click the Scan button to start the scan as illustrated below
    [​IMG]
    Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives
    • Once the scan finishes click Save log to save the log to your Desktop
      [​IMG]
    • Copy and paste the contents of aswMBR.txt back here for review
    • Please also find MBR.dat on your Desktop, and rename it to MBR.txt. Upload that as well. Do not copy and paste MBR.dat/txt, it needs to be uploaded.
  7. giannhs_mastro

    giannhs_mastro TS Rookie Topic Starter Posts: 21

    Hello , Dragon Master Jay

    Thanks for your lightning fast reply!
    I followed all the above steps and only the TDSSKiller seemed to have found something, however it couldn'd be cured only quarantined-skip-delete so I skipped it.
    I didn't get the bump reply quote?
    Anyways, here are the logs:
  8. giannhs_mastro

    giannhs_mastro TS Rookie Topic Starter Posts: 21

    # AdwCleaner v2.003 - Logfile created 10/06/2012 at 19:01:39
    # Updated 23/09/2012 by Xplode
    # Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
    # User : lili - LILIA
    # Boot Mode : Normal
    # Running from : C:\Documents and Settings\lili\Επιφάνεια εργασίας\adwcleaner.exe
    # Option [Search]


    ***** [Services] *****


    ***** [Files / Folders] *****

    Folder Found : C:\Program Files\DAEMON Tools Toolbar

    ***** [Registry] *****

    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Bandoo
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
    Key Found : HKLM\Software\Bandoo
    Key Found : HKLM\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}
    Key Found : HKLM\SOFTWARE\Classes\AppID\BandooCore.EXE
    Key Found : HKLM\SOFTWARE\Classes\BandooCore.BandooCore
    Key Found : HKLM\SOFTWARE\Classes\BandooCore.BandooCore.1
    Key Found : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr
    Key Found : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr.1
    Key Found : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr
    Key Found : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr.1
    Key Found : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr
    Key Found : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr.1
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}
    Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}
    Key Found : HKU\S-1-5-21-1275210071-1035525444-839522115-1004\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}
    Key Found : HKU\S-1-5-21-1275210071-1035525444-839522115-1004\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
    Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v8.0.6001.18702

    [OK] Registry is clean.

    -\\ Mozilla Firefox v15.0.1 (el)

    Profile name : default
    File : C:\Documents and Settings\lili\Application Data\Mozilla\Firefox\Profiles\t20h67g7.default\prefs.js

    [OK] File is clean.

    *************************

    AdwCleaner[R1].txt - [3475 octets] - [06/10/2012 19:01:39]

    ########## EOF - C:\AdwCleaner[R1].txt - [3535 octets] ##########

    AFTER SCAN WAS PRESSED

    # AdwCleaner v2.003 - Logfile created 10/06/2012 at 19:02:05
    # Updated 23/09/2012 by Xplode
    # Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
    # User : lili - LILIA
    # Boot Mode : Normal
    # Running from : C:\Documents and Settings\lili\Επιφάνεια εργασίας\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    Folder Deleted : C:\Program Files\DAEMON Tools Toolbar

    ***** [Registry] *****

    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Bandoo
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
    Key Deleted : HKLM\Software\Bandoo
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\BandooCore.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.BandooCore
    Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.BandooCore.1
    Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr
    Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr.1
    Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr
    Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr.1
    Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr
    Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr.1
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v8.0.6001.18702

    Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

    -\\ Mozilla Firefox v15.0.1 (el)

    Profile name : default
    File : C:\Documents and Settings\lili\Application Data\Mozilla\Firefox\Profiles\t20h67g7.default\prefs.js

    [OK] File is clean.

    *************************

    AdwCleaner[R1].txt - [3604 octets] - [06/10/2012 19:01:39]
    AdwCleaner[S1].txt - [3626 octets] - [06/10/2012 19:02:05]

    ########## EOF - C:\AdwCleaner[S1].txt - [3686 octets] ##########
    AFTER DELETE WAS PRESSED
  9. giannhs_mastro

    giannhs_mastro TS Rookie Topic Starter Posts: 21

    19:07:25.0328 0896 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
    19:07:25.0687 0896 ============================================================
    19:07:25.0687 0896 Current date / time: 2012/10/06 19:07:25.0687
    19:07:25.0687 0896 SystemInfo:
    19:07:25.0687 0896
    19:07:25.0687 0896 OS Version: 5.1.2600 ServicePack: 3.0
    19:07:25.0687 0896 Product type: Workstation
    19:07:25.0687 0896 ComputerName: LILIA
    19:07:25.0687 0896 UserName: lili
    19:07:25.0687 0896 Windows directory: C:\WINDOWS
    19:07:25.0687 0896 System windows directory: C:\WINDOWS
    19:07:25.0687 0896 Processor architecture: Intel x86
    19:07:25.0687 0896 Number of processors: 2
    19:07:25.0687 0896 Page size: 0x1000
    19:07:25.0687 0896 Boot type: Normal boot
    19:07:25.0687 0896 ============================================================
    19:07:27.0015 0896 Drive \Device\Harddisk0\DR0 - Size: 0x3A38A25E00 (232.88 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
    19:07:27.0015 0896 ============================================================
    19:07:27.0015 0896 \Device\Harddisk0\DR0:
    19:07:27.0015 0896 MBR partitions:
    19:07:27.0015 0896 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C0681
    19:07:27.0015 0896 ============================================================
    19:07:27.0046 0896 C: <-> \Device\Harddisk0\DR0\Partition1
    19:07:27.0062 0896 ============================================================
    19:07:27.0062 0896 Initialize success
    19:07:27.0062 0896 ============================================================
    19:08:42.0796 2892 ============================================================
    19:08:42.0796 2892 Scan started
    19:08:42.0796 2892 Mode: Manual; SigCheck; TDLFS;
    19:08:42.0796 2892 ============================================================
    19:08:43.0140 2892 ================ Scan system memory ========================
    19:08:43.0140 2892 System memory - ok
    19:08:43.0140 2892 ================ Scan services =============================
    19:08:43.0203 2892 Abiosdsk - ok
    19:08:43.0203 2892 abp480n5 - ok
    19:08:43.0250 2892 [ 1C3C72C504F312C19426CC7CB9AD8E98 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
    19:08:44.0593 2892 ACPI - ok
    19:08:44.0625 2892 [ 99F9466C2611E379C88FBBFC8DF89B17 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
    19:08:44.0734 2892 ACPIEC - ok
    19:08:44.0812 2892 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    19:08:44.0828 2892 AdobeFlashPlayerUpdateSvc - ok
    19:08:44.0843 2892 adpu160m - ok
    19:08:44.0890 2892 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
    19:08:45.0000 2892 aec - ok
    19:08:45.0046 2892 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
    19:08:45.0109 2892 AFD - ok
    19:08:45.0109 2892 Aha154x - ok
    19:08:45.0109 2892 aic78u2 - ok
    19:08:45.0109 2892 aic78xx - ok
    19:08:45.0140 2892 [ 2D60F4A987FB1D39281EFD8C4FD0A298 ] Alerter C:\WINDOWS\system32\alrsvc.dll
    19:08:45.0234 2892 Alerter - ok
    19:08:45.0250 2892 [ 9E2814734BE84F8395FB45C16DB6F17B ] ALG C:\WINDOWS\System32\alg.exe
    19:08:45.0343 2892 ALG - ok
    19:08:45.0343 2892 AliIde - ok
    19:08:45.0343 2892 amsint - ok
    19:08:45.0343 2892 AppMgmt - ok
    19:08:45.0359 2892 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
    19:08:45.0453 2892 Arp1394 - ok
    19:08:45.0453 2892 asc - ok
    19:08:45.0453 2892 asc3350p - ok
    19:08:45.0468 2892 asc3550 - ok
    19:08:45.0515 2892 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
    19:08:45.0531 2892 aspnet_state - ok
    19:08:45.0562 2892 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    19:08:45.0671 2892 AsyncMac - ok
    19:08:45.0687 2892 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
    19:08:45.0781 2892 atapi - ok
    19:08:45.0781 2892 Atdisk - ok
    19:08:45.0796 2892 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    19:08:45.0906 2892 Atmarpc - ok
    19:08:45.0953 2892 [ BE097D45F15D94690E94C9A2AF1C5730 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
    19:08:46.0046 2892 AudioSrv - ok
    19:08:46.0078 2892 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
    19:08:46.0171 2892 audstub - ok
    19:08:46.0218 2892 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
    19:08:46.0312 2892 Beep - ok
    19:08:46.0375 2892 [ ABDC5CF759C736DFBFEB031FDC01E303 ] BITS C:\WINDOWS\system32\qmgr.dll
    19:08:46.0468 2892 BITS - ok
    19:08:46.0500 2892 [ F4B7EC34FAD0BE626977EF3E85499FC1 ] Browser C:\WINDOWS\System32\browser.dll
    19:08:46.0531 2892 Browser - ok
    19:08:46.0578 2892 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
    19:08:46.0671 2892 cbidf2k - ok
    19:08:46.0687 2892 cd20xrnt - ok
    19:08:46.0687 2892 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
    19:08:46.0796 2892 Cdaudio - ok
    19:08:46.0812 2892 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
    19:08:46.0921 2892 Cdfs - ok
    19:08:46.0937 2892 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
    19:08:47.0046 2892 Cdrom - ok
    19:08:47.0046 2892 Changer - ok
    19:08:47.0078 2892 [ BE6F88236BA32F780CD93BBCAF54AE32 ] CiSvc C:\WINDOWS\system32\cisvc.exe
    19:08:47.0187 2892 CiSvc - ok
    19:08:47.0218 2892 [ BC6C0DBFB19D610D9B1E996F4452B161 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
    19:08:47.0312 2892 ClipSrv - ok
    19:08:47.0328 2892 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    19:08:47.0343 2892 clr_optimization_v2.0.50727_32 - ok
    19:08:47.0359 2892 CmdIde - ok
    19:08:47.0359 2892 COMSysApp - ok
    19:08:47.0359 2892 Cpqarray - ok
    19:08:47.0390 2892 [ F50F73977012F0F5CF807451B79B6736 ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
    19:08:47.0500 2892 CryptSvc - ok
    19:08:47.0500 2892 dac2w2k - ok
    19:08:47.0500 2892 dac960nt - ok
    19:08:47.0546 2892 [ B5F06957525D494D2C261B5739367524 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
    19:08:47.0609 2892 DcomLaunch - ok
    19:08:47.0656 2892 [ 94C7EE99425BC8342D2991A915D8A8A9 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
    19:08:47.0750 2892 Dhcp - ok
    19:08:47.0750 2892 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
    19:08:47.0859 2892 Disk - ok
    19:08:47.0875 2892 dmadmin - ok
    19:08:47.0906 2892 [ FD983F66EEB5245EF9B28EA3444B2E20 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
    19:08:48.0062 2892 dmboot - ok
    19:08:48.0062 2892 [ A732FC0D3B930E2539018EB8EC9314C2 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
    19:08:48.0187 2892 dmio - ok
    19:08:48.0203 2892 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
    19:08:48.0328 2892 dmload - ok
    19:08:48.0375 2892 [ F78D2A217BE961A73BBCBA8C502746F6 ] dmserver C:\WINDOWS\System32\dmserver.dll
    19:08:48.0453 2892 dmserver - ok
    19:08:48.0484 2892 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
    19:08:48.0562 2892 DMusic - ok
    19:08:48.0593 2892 [ F99BE5941B69DC781C1C5A5D71280469 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
    19:08:48.0687 2892 Dnscache - ok
    19:08:48.0734 2892 [ AEF153DBE79177F71B03AA013FA237A2 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
    19:08:48.0828 2892 Dot3svc - ok
    19:08:48.0843 2892 dpti2o - ok
    19:08:48.0843 2892 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
    19:08:48.0937 2892 drmkaud - ok
    19:08:48.0984 2892 [ 555E54AC2F601A8821CEF58961653991 ] dtsoftbus01 C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys
    19:08:49.0015 2892 dtsoftbus01 - ok
    19:08:49.0031 2892 dvspr - ok
    19:08:49.0078 2892 [ AF82DC664E3D8E2CBA3B95E68F6448A7 ] eamon C:\WINDOWS\system32\DRIVERS\eamon.sys
    19:08:49.0109 2892 eamon - ok
    19:08:49.0125 2892 [ DFD142289BBE62FE420B018A33CE6104 ] EapHost C:\WINDOWS\System32\eapsvc.dll
    19:08:49.0234 2892 EapHost - ok
    19:08:49.0250 2892 [ 686A799C1BF1B18941994DAF9F45DB06 ] ehdrv C:\WINDOWS\system32\DRIVERS\ehdrv.sys
    19:08:49.0281 2892 ehdrv - ok
    19:08:49.0390 2892 [ 9329BA45C8B97485926A171E34C2ABB8 ] EhttpSrv C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
    19:08:49.0406 2892 EhttpSrv - ok
    19:08:49.0453 2892 [ 3543C6195D5ED4EDA0316D3E1BA0E6EE ] ekrn C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    19:08:49.0500 2892 ekrn - ok
    19:08:49.0546 2892 [ 39F48A0784BE8465CD1AC80B36D61613 ] epfw C:\WINDOWS\system32\DRIVERS\epfw.sys
    19:08:49.0578 2892 epfw - ok
    19:08:49.0578 2892 [ 3B47010B2425B69826004767E59045BA ] Epfwndis C:\WINDOWS\system32\DRIVERS\Epfwndis.sys
    19:08:49.0625 2892 Epfwndis - ok
    19:08:49.0640 2892 [ 763C43360A541C92EF6C97452B312F3B ] epfwtdi C:\WINDOWS\system32\DRIVERS\epfwtdi.sys
    19:08:49.0656 2892 epfwtdi - ok
    19:08:49.0671 2892 [ 94F58EC326A57BBE8E81636B9B583578 ] ERSvc C:\WINDOWS\System32\ersvc.dll
    19:08:49.0765 2892 ERSvc - ok
    19:08:49.0796 2892 esgiguard - ok
    19:08:49.0828 2892 [ 2A0BB5C67281C423F8D7D6B7D79699AC ] Eventlog C:\WINDOWS\system32\services.exe
    19:08:49.0875 2892 Eventlog - ok
    19:08:49.0921 2892 [ C35DF6D336EBCB2F5E8D817A531BA666 ] EventSystem C:\WINDOWS\system32\es.dll
    19:08:49.0953 2892 EventSystem - ok
    19:08:49.0984 2892 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
    19:08:50.0093 2892 Fastfat - ok
    19:08:50.0125 2892 [ CAAE78D8D1009415AB67C11B03A0793F ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
    19:08:50.0187 2892 FastUserSwitchingCompatibility - ok
    19:08:50.0203 2892 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
    19:08:50.0296 2892 Fdc - ok
    19:08:50.0312 2892 [ 418D3078A9B107DE75C9BA9B56CBA035 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
    19:08:50.0453 2892 Fips - ok
    19:08:50.0484 2892 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    19:08:50.0593 2892 Flpydisk - ok
    19:08:50.0609 2892 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
    19:08:50.0718 2892 FltMgr - ok
    19:08:50.0765 2892 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    19:08:50.0781 2892 FontCache3.0.0.0 - ok
    19:08:50.0781 2892 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
    19:08:50.0906 2892 Fs_Rec - ok
    19:08:50.0906 2892 [ 9C798FDC0D53DFBA6F4C4059A11FBFE8 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    19:08:51.0046 2892 Ftdisk - ok
    19:08:51.0078 2892 [ 5C230948DD6652228F88CA7AE6CB276C ] gdrv C:\WINDOWS\gdrv.sys
    19:08:51.0750 2892 gdrv - ok
    19:08:51.0796 2892 [ 7CE32949B965A4B6622ACCAB3ADB0144 ] GEST Service C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
    19:08:51.0796 2892 GEST Service - ok
    19:08:51.0828 2892 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
    19:08:51.0921 2892 Gpc - ok
    19:08:51.0968 2892 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
    19:08:52.0000 2892 gupdate - ok
    19:08:52.0015 2892 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
    19:08:52.0015 2892 gupdatem - ok
    19:08:52.0078 2892 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    19:08:52.0156 2892 HDAudBus - ok
    19:08:52.0234 2892 [ A8555880AA97C410DCEA531B4799FA11 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
    19:08:52.0328 2892 helpsvc - ok
    19:08:52.0328 2892 HidServ - ok
    19:08:52.0359 2892 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
    19:08:52.0484 2892 hidusb - ok
    19:08:52.0546 2892 [ 0C71805B04E14FD1AE2ED3938F4F2D05 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
    19:08:52.0625 2892 hkmsvc - ok
    19:08:52.0640 2892 hpn - ok
    19:08:52.0656 2892 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
    19:08:52.0687 2892 HTTP - ok
    19:08:52.0703 2892 [ 4E71FDAC76E5E9ED1C88DC3FB16E301D ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
    19:08:52.0781 2892 HTTPFilter - ok
    19:08:52.0796 2892 i2omgmt - ok
    19:08:52.0796 2892 i2omp - ok
    19:08:52.0812 2892 [ F8D6633482E0BD81766C74441B134FDF ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    19:08:52.0937 2892 i8042prt - ok
    19:08:53.0093 2892 [ B2768350BB50469AEB1AFE694372B613 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
    19:08:53.0453 2892 ialm - ok
    19:08:53.0531 2892 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    19:08:53.0578 2892 idsvc - ok
    19:08:53.0609 2892 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
    19:08:53.0718 2892 Imapi - ok
    19:08:53.0750 2892 [ 2471854671044613A324486986236FFF ] ImapiService C:\WINDOWS\system32\imapi.exe
    19:08:53.0843 2892 ImapiService - ok
    19:08:53.0843 2892 ini910u - ok
    19:08:54.0000 2892 [ 557E20484A095D949912883F5AB29E88 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
    19:08:54.0359 2892 IntcAzAudAddService - ok
    19:08:54.0375 2892 [ 331244286FA249F2456E6D78FDA4A93E ] IntcHdmiAddService C:\WINDOWS\system32\drivers\IntcHdmi.sys
    19:08:54.0453 2892 IntcHdmiAddService - ok
    19:08:54.0468 2892 IntelIde - ok
    19:08:54.0500 2892 [ BB055E429E9F54AA3FBA2DD33BEB0935 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
    19:08:54.0593 2892 intelppm - ok
    19:08:54.0640 2892 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
    19:08:54.0765 2892 Ip6Fw - ok
    19:08:54.0781 2892 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    19:08:54.0921 2892 IpFilterDriver - ok
    19:08:54.0937 2892 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
    19:08:55.0031 2892 IpInIp - ok
    19:08:55.0062 2892 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
    19:08:55.0156 2892 IpNat - ok
    19:08:55.0187 2892 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
    19:08:55.0281 2892 IPSec - ok
    19:08:55.0281 2892 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
    19:08:55.0390 2892 IRENUM - ok
    19:08:55.0406 2892 [ D3715A2DBA29215BE59DCFC11294D493 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
    19:08:55.0515 2892 isapnp - ok
    19:08:55.0625 2892 [ 0E410EDC8D0527801B899CF29E60597C ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
    19:08:55.0640 2892 JavaQuickStarterService - ok
    19:08:55.0640 2892 [ AF1FD8035B4A34EAF25F8BB1CD3C95FF ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    19:08:55.0750 2892 Kbdclass - ok
    19:08:55.0765 2892 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
    19:08:55.0843 2892 kmixer - ok
    19:08:55.0875 2892 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
    19:08:55.0953 2892 KSecDD - ok
    19:08:55.0984 2892 [ 3BA436C67CDBD9B8D7A48E0B698CA937 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
    19:08:56.0015 2892 lanmanserver - ok
    19:08:56.0031 2892 [ 5709251CF3B95CCDE29E3E04C96C6DD6 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
    19:08:56.0078 2892 lanmanworkstation - ok
    19:08:56.0078 2892 lbrtfdc - ok
    19:08:56.0109 2892 [ 429F8A7802C1E7D8254C1EE7B70499E3 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
    19:08:56.0203 2892 LmHosts - ok
    19:08:56.0218 2892 [ E5D6246619CDF5ABC631D3600AAF1DAD ] Messenger C:\WINDOWS\System32\msgsvc.dll
    19:08:56.0296 2892 Messenger - ok
    19:08:56.0343 2892 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
    19:08:56.0437 2892 mnmdd - ok
    19:08:56.0453 2892 [ DC6F63935B77436AC4EDEEF59025CDC9 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
    19:08:56.0546 2892 mnmsrvc - ok
    19:08:56.0562 2892 [ 4C84460A6BC9A5BF60555C04BE55792E ] Modem C:\WINDOWS\system32\drivers\Modem.sys
    19:08:56.0656 2892 Modem - ok
    19:08:56.0656 2892 [ 6BE02786A7C13CCEAE728298EFFA0730 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
    19:08:56.0765 2892 Mouclass - ok
    19:08:56.0796 2892 [ 89DDB41A54DDF8B3E5B7B9E92ED23A50 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
    19:08:56.0921 2892 mouhid - ok
    19:08:56.0921 2892 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
    19:08:57.0031 2892 MountMgr - ok
    19:08:57.0078 2892 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    19:08:57.0093 2892 MozillaMaintenance - ok
    19:08:57.0093 2892 mraid35x - ok
    19:08:57.0109 2892 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    19:08:57.0218 2892 MRxDAV - ok
    19:08:57.0281 2892 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    19:08:57.0343 2892 MRxSmb - ok
    19:08:57.0375 2892 [ 3D3535F73A38BEB3E4491E2C0459F77D ] MSDTC C:\WINDOWS\system32\msdtc.exe
    19:08:57.0453 2892 MSDTC - ok
    19:08:57.0484 2892 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
    19:08:57.0593 2892 Msfs - ok
    19:08:57.0593 2892 MSIServer - ok
    19:08:57.0609 2892 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
    19:08:57.0718 2892 MSKSSRV - ok
    19:08:57.0718 2892 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    19:08:57.0812 2892 MSPCLOCK - ok
    19:08:57.0812 2892 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
    19:08:57.0921 2892 MSPQM - ok
    19:08:57.0953 2892 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    19:08:58.0031 2892 mssmbios - ok
    19:08:58.0046 2892 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
    19:08:58.0109 2892 Mup - ok
    19:08:58.0156 2892 [ 730BD15AF8C65C3BBD040D121576123D ] napagent C:\WINDOWS\System32\qagentrt.dll
    19:08:58.0250 2892 napagent - ok
    19:08:58.0375 2892 [ F46070DDADA5C396B1F2EBF1C46DBB08 ] NBService C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    19:08:58.0421 2892 NBService - ok
    19:08:58.0453 2892 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
    19:08:58.0546 2892 NDIS - ok
    19:08:58.0562 2892 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    19:08:58.0593 2892 NdisTapi - ok
    19:08:58.0609 2892 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    19:08:58.0703 2892 Ndisuio - ok
    19:08:58.0734 2892 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    19:08:58.0828 2892 NdisWan - ok
    19:08:58.0859 2892 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
    19:08:58.0875 2892 NDProxy - ok
    19:08:58.0875 2892 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
    19:08:58.0968 2892 NetBIOS - ok
    19:08:58.0984 2892 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
    19:08:59.0093 2892 NetBT - ok
    19:08:59.0109 2892 [ EAE9FB52F7552C0EA407BE6EFF69C094 ] NetDDE C:\WINDOWS\system32\netdde.exe
    19:08:59.0203 2892 NetDDE - ok
    19:08:59.0203 2892 [ EAE9FB52F7552C0EA407BE6EFF69C094 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
    19:08:59.0281 2892 NetDDEdsdm - ok
    19:08:59.0296 2892 [ 1806020B8905C2A400ECD23733B78B87 ] Netlogon C:\WINDOWS\system32\lsass.exe
    19:08:59.0375 2892 Netlogon - ok
    19:08:59.0406 2892 [ A443996504A45CDF60CBA800DCB14420 ] Netman C:\WINDOWS\System32\netman.dll
    19:08:59.0500 2892 Netman - ok
    19:08:59.0500 2892 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    19:08:59.0515 2892 NetTcpPortSharing - ok
    19:08:59.0546 2892 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
    19:08:59.0640 2892 NIC1394 - ok
    19:08:59.0687 2892 [ C5E2A69E52BB7F3B0C698E2726D871EF ] Nla C:\WINDOWS\System32\mswsock.dll
    19:08:59.0718 2892 Nla - ok
    19:08:59.0796 2892 [ 433049770B810D7C83C5C94CDB3E09D2 ] NMIndexingService C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    19:08:59.0828 2892 NMIndexingService - ok
    19:08:59.0828 2892 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
    19:08:59.0921 2892 Npfs - ok
    19:08:59.0953 2892 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
    19:09:00.0062 2892 Ntfs - ok
    19:09:00.0078 2892 [ 1806020B8905C2A400ECD23733B78B87 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
    19:09:00.0156 2892 NtLmSsp - ok
    19:09:00.0187 2892 [ 5AA7FCAAFB3A3F81641BFA9DAB55CE42 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
    19:09:00.0281 2892 NtmsSvc - ok
    19:09:00.0296 2892 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
    19:09:00.0406 2892 Null - ok
    19:09:00.0437 2892 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    19:09:00.0546 2892 NwlnkFlt - ok
    19:09:00.0546 2892 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    19:09:00.0656 2892 NwlnkFwd - ok
    19:09:00.0656 2892 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    19:09:00.0750 2892 ohci1394 - ok
    19:09:00.0750 2892 [ 3D383486B2D3B97CD44334A406AE3418 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
    19:09:00.0859 2892 Parport - ok
    19:09:00.0875 2892 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
    19:09:00.0968 2892 PartMgr - ok
    19:09:01.0000 2892 [ CBC2A624A1DAC81BD1A2932985A8955F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
    19:09:01.0109 2892 ParVdm - ok
    19:09:01.0109 2892 [ DCB32B61125E35AF33CB8CD54A1E7737 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
    19:09:01.0218 2892 PCI - ok
    19:09:01.0218 2892 PCIDump - ok
    19:09:01.0234 2892 [ D0F88F309E94460AE276C843192D9DE7 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
    19:09:01.0359 2892 PCIIde - ok
    19:09:01.0390 2892 [ 1E052D2D5A43C0D097FD96B1490D6083 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
    19:09:01.0515 2892 Pcmcia - ok
    19:09:01.0515 2892 PDCOMP - ok
    19:09:01.0515 2892 PDFRAME - ok
    19:09:01.0515 2892 PDRELI - ok
    19:09:01.0531 2892 PDRFRAME - ok
    19:09:01.0531 2892 perc2 - ok
    19:09:01.0531 2892 perc2hib - ok
    19:09:01.0562 2892 [ 2A0BB5C67281C423F8D7D6B7D79699AC ] PlugPlay C:\WINDOWS\system32\services.exe
    19:09:01.0593 2892 PlugPlay - ok
    19:09:01.0593 2892 [ 1806020B8905C2A400ECD23733B78B87 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
    19:09:01.0671 2892 PolicyAgent - ok
    19:09:01.0671 2892 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
    19:09:01.0781 2892 PptpMiniport - ok
    19:09:01.0781 2892 [ 1806020B8905C2A400ECD23733B78B87 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
    19:09:01.0859 2892 ProtectedStorage - ok
    19:09:01.0875 2892 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
    19:09:02.0000 2892 PSched - ok
    19:09:02.0031 2892 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
    19:09:02.0125 2892 Ptilink - ok
    19:09:02.0125 2892 ql1080 - ok
    19:09:02.0140 2892 Ql10wnt - ok
    19:09:02.0140 2892 ql12160 - ok
    19:09:02.0140 2892 ql1240 - ok
    19:09:02.0140 2892 ql1280 - ok
    19:09:02.0171 2892 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
    19:09:02.0281 2892 RasAcd - ok
    19:09:02.0296 2892 [ A45F25BED4DEF4E941B7CCFB5391E782 ] RasAuto C:\WINDOWS\System32\rasauto.dll
    19:09:02.0375 2892 RasAuto - ok
    19:09:02.0390 2892 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    19:09:02.0484 2892 Rasl2tp - ok
    19:09:02.0515 2892 [ A31E640E2CB33C8E029B4235E6F6681B ] RasMan C:\WINDOWS\System32\rasmans.dll
    19:09:02.0609 2892 RasMan - ok
    19:09:02.0609 2892 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    19:09:02.0703 2892 RasPppoe - ok
    19:09:02.0718 2892 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
    19:09:02.0812 2892 Raspti - ok
    19:09:02.0828 2892 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
    19:09:02.0984 2892 Rdbss - ok
    19:09:03.0000 2892 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    19:09:03.0093 2892 RDPCDD - ok
    19:09:03.0140 2892 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
    19:09:03.0187 2892 RDPWD - ok
    19:09:03.0218 2892 [ 279C3728D2AF16167EC544F495F39341 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
    19:09:03.0312 2892 RDSessMgr - ok
    19:09:03.0328 2892 [ EB83EDB7F55F1910E4DB8C823A86CEED ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
    19:09:03.0437 2892 redbook - ok
    19:09:03.0484 2892 [ A9BF621F4C5B89CEA6DD4FAE77281754 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
    19:09:03.0578 2892 RemoteAccess - ok
    19:09:03.0593 2892 [ 9651CCA84B86457879A69DB07FA98617 ] RpcLocator C:\WINDOWS\system32\locator.exe
    19:09:03.0671 2892 RpcLocator - ok
    19:09:03.0687 2892 [ B5F06957525D494D2C261B5739367524 ] RpcSs C:\WINDOWS\System32\rpcss.dll
    19:09:03.0734 2892 RpcSs - ok
    19:09:03.0765 2892 [ 0A4E041DBA5D0FB36863460DCBAE2623 ] RSVP C:\WINDOWS\system32\rsvp.exe
    19:09:03.0875 2892 RSVP - ok
    19:09:03.0906 2892 [ EEB84629064ABCB6198864D25BF15B1A ] RTLE8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
    19:09:03.0984 2892 RTLE8023xp - ok
    19:09:04.0000 2892 [ 1806020B8905C2A400ECD23733B78B87 ] SamSs C:\WINDOWS\system32\lsass.exe
    19:09:04.0078 2892 SamSs - ok
    19:09:04.0093 2892 [ 5DBE70E8932492DCFE78D21965652968 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
    19:09:04.0171 2892 SCardSvr - ok
    19:09:04.0218 2892 [ 9D48CFB98C9FD9159D00243FE665CF43 ] Schedule C:\WINDOWS\system32\schedsvc.dll
    19:09:04.0312 2892 Schedule - ok
    19:09:04.0359 2892 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
    19:09:04.0453 2892 Secdrv - ok
    19:09:04.0484 2892 [ 1B2629D2114A76ED82D33D028CB9E9A0 ] seclogon C:\WINDOWS\System32\seclogon.dll
    19:09:04.0578 2892 seclogon - ok
    19:09:04.0593 2892 [ 5FED33452FD871BDE528AF32F0D5063F ] SENS C:\WINDOWS\system32\sens.dll
    19:09:04.0671 2892 SENS - ok
    19:09:04.0687 2892 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
    19:09:04.0796 2892 serenum - ok
    19:09:04.0796 2892 [ AD994A88BBFA3C686397951B11A701A5 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
    19:09:04.0906 2892 Serial - ok
    19:09:04.0953 2892 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
    19:09:05.0046 2892 Sfloppy - ok
    19:09:05.0078 2892 [ 522873DF0FFD34FB1A8AF7D7E276727E ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
    19:09:05.0171 2892 SharedAccess - ok
    19:09:05.0187 2892 [ CAAE78D8D1009415AB67C11B03A0793F ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
    19:09:05.0203 2892 ShellHWDetection - ok
    19:09:05.0203 2892 Simbad - ok
    19:09:05.0375 2892 [ 753D254205E0A62100A050BD8B458D06 ] Skype C2C Service C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    19:09:05.0531 2892 Skype C2C Service - ok
    19:09:05.0562 2892 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
    19:09:05.0578 2892 SkypeUpdate - ok
    19:09:05.0578 2892 Sparrow - ok
    19:09:05.0625 2892 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
    19:09:05.0718 2892 splitter - ok
    19:09:05.0734 2892 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
    19:09:05.0765 2892 Spooler - ok
    19:09:05.0781 2892 [ A41AC0D87DC3054DB716F1456C84391C ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
    19:09:05.0875 2892 sr - ok
    19:09:05.0921 2892 [ BB9B6E360FF1A701A7920AA798A335BF ] srservice C:\WINDOWS\system32\srsvc.dll
    19:09:06.0000 2892 srservice - ok
    19:09:06.0046 2892 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
    19:09:06.0109 2892 Srv - ok
    19:09:06.0156 2892 [ 0870FA719DCFC9C49044A4852CC0859E ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
    19:09:06.0234 2892 SSDPSRV - ok
    19:09:06.0265 2892 [ C93AAC10D3B6375E9C859AD8779B63BF ] stisvc C:\WINDOWS\system32\wiaservc.dll
    19:09:06.0390 2892 stisvc - ok
    19:09:06.0421 2892 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
    19:09:06.0546 2892 swenum - ok
    19:09:06.0562 2892 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
    19:09:06.0671 2892 swmidi - ok
    19:09:06.0687 2892 SwPrv - ok
    19:09:06.0687 2892 symc810 - ok
    19:09:06.0687 2892 symc8xx - ok
    19:09:06.0687 2892 sym_hi - ok
    19:09:06.0703 2892 sym_u3 - ok
    19:09:06.0703 2892 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
    19:09:06.0781 2892 sysaudio - ok
    19:09:06.0828 2892 [ C4AAC8BA839951337C8029CCC1841D8B ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
    19:09:06.0906 2892 SysmonLog - ok
    19:09:06.0953 2892 [ 3AFFC05E23E4A809B324952E8BCE29C0 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
    19:09:07.0046 2892 TapiSrv - ok
    19:09:07.0093 2892 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
    19:09:07.0125 2892 Tcpip - ok
    19:09:07.0171 2892 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
    19:09:07.0265 2892 TDPIPE - ok
    19:09:07.0265 2892 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
    19:09:07.0375 2892 TDTCP - ok
    19:09:07.0390 2892 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
    19:09:07.0531 2892 TermDD - ok
    19:09:07.0578 2892 [ 949249FFEFBDF35AB5A3BB31800B7C20 ] TermService C:\WINDOWS\System32\termsrv.dll
    19:09:07.0671 2892 TermService - ok
    19:09:07.0687 2892 [ CAAE78D8D1009415AB67C11B03A0793F ] Themes C:\WINDOWS\System32\shsvcs.dll
    19:09:07.0703 2892 Themes - ok
    19:09:07.0703 2892 TosIde - ok
    19:09:07.0734 2892 [ 3986C1B3E63E831288F4CE4AC5902886 ] TrkWks C:\WINDOWS\system32\trkwks.dll
    19:09:07.0828 2892 TrkWks - ok
    19:09:07.0843 2892 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
    19:09:07.0937 2892 Udfs - ok
    19:09:07.0937 2892 ultra - ok
    19:09:07.0968 2892 [ C81B8635DEE0D3EF5F64B3DD643023A5 ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
    19:09:08.0031 2892 UMWdf - ok
    19:09:08.0062 2892 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
    19:09:08.0187 2892 Update - ok
    19:09:08.0203 2892 [ 0A0435BE61CE7BB2F43A529EAC811CB8 ] upnphost C:\WINDOWS\System32\upnphost.dll
    19:09:08.0296 2892 upnphost - ok
    19:09:08.0296 2892 [ A7F37334A19A15F41935C8EC9037007F ] UPS C:\WINDOWS\System32\ups.exe
    19:09:08.0390 2892 UPS - ok
    19:09:08.0421 2892 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
    19:09:08.0531 2892 usbehci - ok
    19:09:08.0609 2892 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
    19:09:08.0750 2892 usbhub - ok
    19:09:08.0781 2892 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    19:09:08.0875 2892 USBSTOR - ok
    19:09:08.0921 2892 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    19:09:09.0062 2892 usbuhci - ok
    19:09:09.0140 2892 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
    19:09:09.0296 2892 VgaSave - ok
    19:09:09.0296 2892 ViaIde - ok
    19:09:09.0375 2892 [ 3CF5DC3FDF17AE17D488D4548AC33741 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
    19:09:09.0546 2892 VolSnap - ok
    19:09:09.0609 2892 [ 2B2B357B63ACBEE389BEA503B5CA89CE ] VSS C:\WINDOWS\System32\vssvc.exe
    19:09:09.0703 2892 VSS - ok
    19:09:09.0734 2892 [ B49EE293A184A0FFFF710CDD6713BD47 ] W32Time C:\WINDOWS\system32\w32time.dll
    19:09:09.0828 2892 W32Time - ok
    19:09:09.0875 2892 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
    19:09:09.0968 2892 Wanarp - ok
    19:09:09.0968 2892 WDICA - ok
    19:09:09.0984 2892 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
    19:09:10.0078 2892 wdmaud - ok
    19:09:10.0109 2892 [ 7D28CEE58219B1ADE976C8438442BF41 ] WebClient C:\WINDOWS\System32\webclnt.dll
    19:09:10.0203 2892 WebClient - ok
    19:09:10.0281 2892 [ 075EC50CA60F1B4EE576886BEF72AB21 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
    19:09:10.0375 2892 winmgmt - ok
    19:09:10.0390 2892 [ A477391B7A8B0A0DAABADB17CF533A4B ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
    19:09:10.0406 2892 WmdmPmSN - ok
    19:09:10.0453 2892 [ DDED6630AFD8227395A714E3162A97D7 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
    19:09:10.0531 2892 WmiApSrv - ok
    19:09:10.0546 2892 [ C1B3D9D75C3FB735F5FA3A5806ADED57 ] WpdUsb C:\WINDOWS\system32\Drivers\wpdusb.sys
    19:09:10.0578 2892 WpdUsb - ok
    19:09:10.0593 2892 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
    19:09:10.0718 2892 WS2IFSL - ok
    19:09:10.0750 2892 [ 1A5DDC44B0AB7C40C13796DB7DB82989 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
    19:09:10.0843 2892 wscsvc - ok
    19:09:10.0875 2892 [ 6F55057EE883AC1675F31242B6DD6EF3 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
    19:09:10.0968 2892 wuauserv - ok
    19:09:11.0015 2892 [ 0AF6479664B3AAB3B46881143345AEAA ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
    19:09:11.0109 2892 WZCSVC - ok
    19:09:11.0140 2892 [ 34994678129C0BD63E4C29E5780F4D34 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
    19:09:11.0218 2892 xmlprov - ok
    19:09:11.0218 2892 ================ Scan global ===============================
    19:09:11.0265 2892 [ E8944EEC78EC2FE5F3A613DDF201C815 ] C:\WINDOWS\system32\basesrv.dll
    19:09:11.0312 2892 [ D516D93886E734EFBCF80AF943B9BE79 ] C:\WINDOWS\system32\winsrv.dll
    19:09:11.0343 2892 [ D516D93886E734EFBCF80AF943B9BE79 ] C:\WINDOWS\system32\winsrv.dll
    19:09:11.0375 2892 [ 2A0BB5C67281C423F8D7D6B7D79699AC ] C:\WINDOWS\system32\services.exe
    19:09:11.0375 2892 [Global] - ok
    19:09:11.0375 2892 ================ Scan MBR ==================================
    19:09:11.0390 2892 [ 3C27C0429156ADC19E0F46AF77CD22D7 ] \Device\Harddisk0\DR0
    19:09:11.0546 2892 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
    19:09:11.0546 2892 \Device\Harddisk0\DR0 - detected TDSS File System (1)
    19:09:11.0546 2892 ================ Scan VBR ==================================
    19:09:11.0546 2892 [ EEF04C25F89BE61937F7A3686881120C ] \Device\Harddisk0\DR0\Partition1
    19:09:11.0546 2892 \Device\Harddisk0\DR0\Partition1 - ok
    19:09:11.0546 2892 ============================================================
    19:09:11.0546 2892 Scan finished
    19:09:11.0546 2892 ============================================================
    19:09:11.0656 0232 Detected object count: 1
    19:09:11.0656 0232 Actual detected object count: 1
    19:11:27.0703 0232 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
    19:11:27.0703 0232 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
    19:11:42.0593 0848 Deinitialize success
  10. giannhs_mastro

    giannhs_mastro TS Rookie Topic Starter Posts: 21

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-10-06 19:13:41
    -----------------------------
    19:13:41.015 OS Version: Windows 5.1.2600 Service Pack 3
    19:13:41.015 Number of processors: 2 586 0xF06
    19:13:41.015 ComputerName: LILIA UserName: lili
    19:13:41.468 Initialize success
    19:15:29.265 AVAST engine defs: 12100600
    19:16:05.656 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T1L0-10
    19:16:05.656 Disk 0 Vendor: WDC_WD2500KS-00MJB0 02.01C03 Size: 238474MB BusType: 3
    19:16:05.671 Disk 0 MBR read successfully
    19:16:05.687 Disk 0 MBR scan
    19:16:05.734 Disk 0 Windows XP default MBR code
    19:16:05.734 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238464 MB offset 63
    19:16:05.734 Disk 0 scanning sectors +488376000
    19:16:05.812 Disk 0 scanning C:\WINDOWS\system32\drivers
    19:16:16.328 Service scanning
    19:16:33.390 Modules scanning
    19:16:37.546 Disk 0 trace - called modules:
    19:16:37.562 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
    19:16:37.562 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x866fcab8]
    19:16:37.562 3 CLASSPNP.SYS[f750cfd7] -> nt!IofCallDriver -> \Device\00000069[0x86775948]
    19:16:37.562 5 ACPI.sys[f7382620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T1L0-10[0x86701d98]
    19:16:38.093 AVAST engine scan C:\WINDOWS
    19:16:51.343 AVAST engine scan C:\WINDOWS\system32
    19:20:24.406 AVAST engine scan C:\WINDOWS\system32\drivers
    19:20:41.218 AVAST engine scan C:\Documents and Settings\lili
    19:22:14.125 AVAST engine scan C:\Documents and Settings\All Users
    19:22:43.562 Scan finished successfully
    19:24:55.359 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\lili\Επιφάνεια εργασίας\MBR.dat"
    19:24:55.359 The log file has been saved successfully to "C:\Documents and Settings\lili\Επιφάνεια εργασίας\aswMBR.txt"
  11. giannhs_mastro

    giannhs_mastro TS Rookie Topic Starter Posts: 21

    3ΐŽΠΌ |ϋPPόΎ|ΏPWΉεσ¤Λ½Ύ±8n | uƒΕβτΝ‹υƒΖIt8,tφ µ΄‹π¬< tό» ΄ΝλςˆNθF s*ώF€~ t €~ t ¶u€FƒFƒV
    θ! s ¶뼁>ώ}Ut €~ tΘ ·λ©‹όW‹υΛΏ ŠV ΄Νr#ŠΑ$?˜ŠήŠόCχγ‹Ρ†Φ±ξBχβ9V
    w#r9FsΈ» |‹N‹V ΝsQOtN2δŠV ΝλδŠV `»U΄AΝr6ϋUu0φΑt+a`j j v
    vj h |jj΄B‹τΝaasOt 2δŠV ΝλΦaωΓ‹ž ⚡¬¨¦ §ε¤˜΅˜ › ˜£œ¨ ©£α«ΰ¤ ‘αΆ£˜ ΅˜«α «ž 樫ਫ਼ «¦¬ Άœ «¦¬¨š ΅¦η ©¬©«γ£˜«¦ Šœε§œ «¦ Άœ «¦¬¨š ΅ζ ©η©«ž£˜ ,MΐΠΐΠ € ώ?  U
     
  12. giannhs_mastro

    giannhs_mastro TS Rookie Topic Starter Posts: 21

    The last being MBR.dat renamed to MBR.txt and opened with notepad.I also get this message when I open Mozilla:
    ESET Smart Security
    Address has been blocked.
    URL address:
    "fbfreegifts.com/img/text.png"
    IP address:
    93.170.104.62:80
  13. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    ComboFix scan

    Please download ComboFix[​IMG] by sUBs
    From BleepingComputer.com

    Please save the file to your Desktop.

    Important information about ComboFix


    After the download:
    • Close any open browsers.
    • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
    • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
    Running ComboFix:
    • Double click on ComboFix.exe & follow the prompts.
    • When ComboFix finishes, it will produce a report for you.
    • Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.
    Troubleshooting ComboFix

    Safe Mode:

    If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

    (To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
    logo appears. A list of options will appear, select "Safe Mode.")

    Re-downloading:

    If this doesn't work either, try the same method (above method), but try to download it again, except name
    ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

    Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

    NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
  14. giannhs_mastro

    giannhs_mastro TS Rookie Topic Starter Posts: 21

    ComboFix 12-10-04.02 - lili 06/10/2012 20:21:31.3.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1253.30.1032.18.988.434 [GMT 3:00]
    Running from: c:\documents and settings\lili\Επιφάνεια εργασίας\ComboFix.exe
    AV: ESET Smart Security 4.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
    FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
    FW: ESET Personal firewall *Disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-09-06 to 2012-10-06 )))))))))))))))))))))))))))))))
    .
    .
    2012-10-06 03:45 . 2012-10-06 03:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-10-06 03:45 . 2012-09-07 14:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-10-06 01:22 . 2012-10-06 01:22 -------- d-----w- c:\documents and settings\lili\Application Data\Malwarebytes
    2012-10-06 01:21 . 2012-10-06 01:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2012-10-05 23:11 . 2012-10-05 23:11 -------- d-----w- c:\program files\Trend Micro
    2012-10-05 23:04 . 2012-10-05 23:04 -------- d-----w- c:\documents and settings\lili\Application Data\LavasoftStatistics
    2012-10-05 23:04 . 2012-10-05 23:04 -------- d-----w- c:\documents and settings\lili\Application Data\Ad-Aware Antivirus
    2012-10-05 22:42 . 2012-10-05 22:42 -------- d-----w- c:\program files\Enigma Software Group
    2012-10-05 22:41 . 2012-10-05 22:41 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
    2012-09-09 08:02 . 2012-09-09 08:02 73696 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-10-06 16:03 . 2010-06-20 09:49 16608 ----a-w- c:\windows\gdrv.sys
    2012-09-21 19:23 . 2012-05-09 11:51 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-09-21 19:23 . 2011-07-11 11:14 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-08-28 17:24 . 2012-08-10 03:39 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
    2012-08-28 17:24 . 2010-07-13 18:47 473072 ----a-w- c:\windows\system32\deployJava1.dll
    2012-08-28 15:39 . 2012-08-10 03:39 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2012-08-28 15:04 . 2006-03-02 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
    2012-08-28 15:04 . 2006-03-02 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
    2012-08-28 15:04 . 2006-03-02 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2012-08-28 12:07 . 2006-03-02 12:00 385024 ------w- c:\windows\system32\html.iec
    2012-04-10 05:24 . 2012-04-10 05:24 3993600 -c--a-w- c:\program files\GUT94.tmp
    2012-09-09 08:02 . 2011-08-16 20:53 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-06-03 880528]
    "NTServiceManager"="c:\program files\YoutubeDownloader.org\YoutubeDownloader\YoutubeDownloader Updater.exe" [2011-07-01 436224]
    "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDCPL"="RTHDCPL.EXE" [2008-06-27 16875008]
    "SoundMan"="SOUNDMAN.EXE" [2008-06-18 77824]
    "AlcWzrd"="ALCWZRD.EXE" [2008-06-19 2808832]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-17 150040]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-17 170520]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-17 141848]
    "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-11-16 2054360]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^lili^Start Menu^Προγράμματα^Εκκίνηση^OpenOffice.org 3.2.lnk]
    path=c:\documents and settings\lili\Start Menu\Προγράμματα\Εκκίνηση\OpenOffice.org 3.2.lnk
    backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GEST]
    m’|\ό [X]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    c:\windows\system32\dumprep 0 -k [X]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    2007-03-12 10:49 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
    2011-01-20 09:20 1305408 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2007-03-09 15:53 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "6162:TCP"= 6162:TCP:eek:xlkjlne
    .
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [9/2/2011 7:29 μμ 218688]
    R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [16/11/2009 9:03 πμ 108792]
    R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [16/11/2009 9:04 πμ 735960]
    R2 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\EnergySaver\GSvr.exe [20/6/2010 12:49 μμ 80392]
    R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [20/6/2010 12:55 μμ 108032]
    S2 dvspr;Server Config;c:\windows\system32\svchost.exe -k netsvcs [2/3/2006 3:00 μμ 14336]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [28/7/2010 5:42 μμ 136176]
    S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [13/8/2012 1:33 μμ 3064000]
    S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [13/7/2012 1:28 μμ 160944]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [9/5/2012 2:51 μμ 250288]
    S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
    S3 gupdatem;Υπηρεσία Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [28/7/2010 5:42 μμ 136176]
    S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [9/8/2012 8:45 μμ 114144]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - 54569545
    *NewlyCreated* - ASWMBR
    *Deregistered* - 54569545
    *Deregistered* - aswMBR
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    dvspr
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-10-06 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-09 19:23]
    .
    2012-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-07-28 14:42]
    .
    2012-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-07-28 14:42]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.smartwebsearch.net/index.php?from=3
    IE: Free YouTube to Mp3 Converter - c:\documents and settings\lili\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
    TCP: DhcpNameServer = 192.168.2.1
    FF - ProfilePath - c:\documents and settings\lili\Application Data\Mozilla\Firefox\Profiles\t20h67g7.default\
    FF - prefs.js: browser.search.selectedEngine - GoogleFeed.net
    FF - prefs.js: browser.startup.homepage - hxxp://www.smartwebsearch.net/index.php?from=3
    FF - prefs.js: keyword.URL - hxxp://smartwebsearch.net/results.php?q=
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-10-06 20:24
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1b41de48-c606-4a9d-a1c5-94423f4ddb5a}]
    @Denied: (Full) (Everyone)
    "Model"=dword:000000dd
    "Therad"=dword:0000001e
    "MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
    38,95,44,51,c4,5c,06,a5,56,2b,b8,be,d2,f0,e1,81,4a,6c,e4,83,e0,8b,c5,07,bb,\
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
    @Denied: (Full) (Everyone)
    "scansk"=hex(0):71,de,50,e5,55,4e,2c,3c,25,43,f8,b2,2d,88,97,2f,dc,da,2f,20,7b,
    7a,36,14,be,51,85,63,b4,d1,2a,89,da,3f,94,32,a2,cf,f6,75,00,00,00,00,00,00,\
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\ESET\ESET Security\CurrentVersion\Info]
    @Denied: (2) (LocalSystem)
    "AppDataDir"="c:\\Documents and Settings\\All Users\\Application Data\\ESET\\ESET Smart Security\\"
    "DataDir"="ESET\\ESET Smart Security\\"
    "EditionName"=" "
    "InstallDir"="c:\\Program Files\\ESET\\ESET Smart Security\\"
    "LanguageId"=dword:00000409
    "PackageTag"=dword:6090e758
    "ProductBase"=dword:00000001
    "ProductCode"="{BE09FBC2-74BF-42A5-8FFF-12E784BAA42C}"
    "ProductName"="ESET Smart Security"
    "ProductType"="ess"
    "ProductVersion"="4.0.474.0"
    "UniqueId"="00085CCE4DA4B4C4"
    "ScannerBuild"=dword:000017cd
    "ScannerVersionId"=dword:00001214
    "ScannerVersion"="Open window for status."
    "FixId"=dword:00000009
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'explorer.exe'(560)
    c:\windows\system32\webcheck.dll
    c:\program files\Common Files\Ahead\Lib\NeroDigitalExt.dll
    c:\program files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
    c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
    .
    Completion time: 2012-10-06 20:25:59
    ComboFix-quarantined-files.txt 2012-10-06 17:25
    .
    Pre-Run: 7 Κατάλογοι 225.170.104.320 διαθέσιμα byte
    Post-Run: 8 Κατάλογοι 225.293.983.744 διαθέσιμα byte
    .
    - - End Of File - - 81ADF3A1448ADCEAF78F3E12AE6F6502
  15. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Next scan:

    Please download OTL to your Desktop. (If you already have it downloaded, then just follow the instructions below).
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Copy the code below in the quotebox, and then under the Custom Scans/Fixes box paste it in:

    • Click the Run Scan button. The scan will not take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) and paste (Edit->Paste) the contents of these files, one at a time.

    Note: in the event that OTL fails to run, please use alternate download links to try again:

    http://oldtimer.geekstogo.com/OTL.com
    http://oldtimer.geekstogo.com/OTL.scr
  16. giannhs_mastro

    giannhs_mastro TS Rookie Topic Starter Posts: 21

    OTL logfile created on: 6/10/2012 8:58:34 μμ - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\lili\Επιφάνεια εργασίας
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000408 | Country: Ελλάδα | Language: ELL | Date Format: d/M/yyyy

    988,42 Mb Total Physical Memory | 552,27 Mb Available Physical Memory | 55,87% Memory free
    2,32 Gb Paging File | 2,03 Gb Available in Paging File | 87,68% Paging File free
    Paging file location(s): C:\pagefile.sys 1476 2952 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 232,88 Gb Total Space | 209,85 Gb Free Space | 90,11% Space Free | Partition Type: NTFS

    Computer Name: LILIA | User Name: lili | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/10/06 20:56:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\lili\Επιφάνεια εργασίας\OTL.exe
    PRC - [2011/07/01 15:45:16 | 000,436,224 | ---- | M] () -- C:\Program Files\YoutubeDownloader.org\YoutubeDownloader\YoutubeDownloader Updater.exe
    PRC - [2009/11/16 09:04:30 | 000,735,960 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    PRC - [2009/11/16 09:03:32 | 002,054,360 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
    PRC - [2008/07/11 19:00:06 | 000,080,392 | ---- | M] () -- C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
    PRC - [2008/06/18 13:01:56 | 000,077,824 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SoundMan.exe
    PRC - [2008/04/14 19:30:35 | 001,038,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/07/01 15:45:16 | 000,436,224 | ---- | M] () -- C:\Program Files\YoutubeDownloader.org\YoutubeDownloader\YoutubeDownloader Updater.exe
    MOD - [2008/07/11 19:00:06 | 000,080,392 | ---- | M] () -- C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
    MOD - [2007/12/07 14:24:56 | 000,117,256 | ---- | M] () -- C:\Program Files\GIGABYTE\EnergySaver\ycc.dll


    ========== Services (SafeList) ==========

    SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
    SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\vczuxxt.dll -- (dvspr)
    SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
    SRV - [2012/09/21 22:23:19 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/09/09 11:02:26 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/08/13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Stopped] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
    SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2009/11/16 09:12:54 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
    SRV - [2009/11/16 09:04:30 | 000,735,960 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
    SRV - [2008/07/11 19:00:06 | 000,080,392 | ---- | M] () [Auto | Running] -- C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe -- (GEST Service)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | On_Demand | Unknown] -- C:\ComboFix\mbr.sys -- (mbr)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\lili\LOCALS~1\Temp\catchme.sys -- (catchme)
    DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\lili\LOCALS~1\Temp\aswMBR.sys -- (aswMBR)
    DRV - [2012/10/06 19:03:17 | 000,016,608 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\gdrv.sys -- (gdrv)
    DRV - [2011/02/09 19:35:46 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
    DRV - [2009/11/16 09:06:48 | 000,055,768 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)
    DRV - [2009/11/16 09:06:44 | 000,135,048 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)
    DRV - [2009/11/16 09:03:36 | 000,108,792 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
    DRV - [2009/11/16 08:56:12 | 000,116,520 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
    DRV - [2009/06/19 08:10:40 | 000,033,096 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis)
    DRV - [2008/06/27 06:24:56 | 004,742,656 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
    DRV - [2008/06/16 10:08:42 | 000,109,184 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
    DRV - [2008/04/29 11:09:56 | 000,108,032 | R--- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.smartwebsearch.net/index.php?from=3
    IE - HKCU\..\SearchScopes,DefaultScope = {AB79D3B4-AEDB-428a-B504-BAC00521A1C7}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
    IE - HKCU\..\SearchScopes\{AB79D3B4-AEDB-428a-B504-BAC00521A1C7}: "URL" = http://www.smartwebsearch.net/index.php?from=4&q={searchTerms}
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "google-feed.net"
    FF - prefs.js..browser.search.selectedEngine: "GoogleFeed.net"
    FF - prefs.js..browser.startup.homepage: "http://www.smartwebsearch.net/index.php?from=3"
    FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}:6.0.33
    FF - prefs.js..keyword.URL: "http://smartwebsearch.net/results.php?q="
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/09 11:02:27 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/16 09:31:28 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2011/04/12 23:22:52 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Documents and Settings\lili\Application Data\IDM\idmmzcc3

    [2011/08/16 20:20:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\lili\Application Data\Mozilla\Extensions
    [2012/08/10 10:05:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\lili\Application Data\Mozilla\Firefox\Profiles\t20h67g7.default\extensions
    [2012/10/06 19:03:20 | 000,002,126 | ---- | M] () -- C:\Documents and Settings\lili\Application Data\Mozilla\Firefox\Profiles\t20h67g7.default\searchplugins\GoogleFeed.xml
    [2012/09/15 09:20:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2012/08/28 20:32:39 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2012/08/10 06:39:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
    [2012/09/15 09:20:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
    [2012/09/09 11:02:27 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2012/08/09 20:45:41 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
    [2012/09/09 11:02:22 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2012/08/09 20:45:41 | 000,000,760 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
    [2012/08/09 20:45:41 | 000,001,219 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-el.xml

    O1 HOSTS File: ([2012/10/06 06:11:50 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\alcwzrd.exe (RealTek Semicoductor Corp.)
    O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
    O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SoundMan.exe (Realtek Semiconductor Corp.)
    O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
    O4 - HKCU..\Run: [NTServiceManager] C:\Program Files\YoutubeDownloader.org\YoutubeDownloader\YoutubeDownloader Updater.exe ()
    O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\lili\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1349489967296 (WUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
    O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9EAFC37D-68C1-4F75-B87A-109334EEC732}: DhcpNameServer = 192.168.2.1
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O24 - Desktop Components:0 (Τρέχουσα αρχική σελίδα) - About:Home
    O24 - Desktop WallPaper: C:\Documents and Settings\lili\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\lili\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2010/06/20 12:41:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    MsConfig - StartUpFolder: C:^Documents and Settings^lili^Start Menu^Προγράμματα^Εκκίνηση^OpenOffice.org 3.2.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe - ()
    MsConfig - StartUpReg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
    MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
    MsConfig - StartUpReg: GEST - hkey= - key= - File not found
    MsConfig - StartUpReg: KernelFaultCheck - hkey= - key= - File not found
    MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
    MsConfig - State: "system.ini" - 0
    MsConfig - State: "win.ini" - 0
    MsConfig - State: "bootini" - 0
    MsConfig - State: "services" - 0
    MsConfig - State: "startup" - 2

    SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
    SafeBootMin: Base - Driver Group
    SafeBootMin: Boot Bus Extender - Driver Group
    SafeBootMin: Boot file system - Driver Group
    SafeBootMin: File system - Driver Group
    SafeBootMin: Filter - Driver Group
    SafeBootMin: PCI Configuration - Driver Group
    SafeBootMin: PNP Filter - Driver Group
    SafeBootMin: Primary disk - Driver Group
    SafeBootMin: SCSI Class - Driver Group
    SafeBootMin: sermouse.sys - Driver
    SafeBootMin: System Bus Extender - Driver Group
    SafeBootMin: vds - Service
    SafeBootMin: vga.sys - Driver
    SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
    SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

    ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
    ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
    ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
    ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
    ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
    ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /I:/UserInstall %SystemRoot%\system32\themeui.dll
    ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Ενοποίηση δεδομένων για τη δυναμική HTML της Java
    ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
    ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
    ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Σύνταξη ιστοσελίδων για προχωρημένους
    ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
    ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
    ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
    ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
    ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
    ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - Κλάσεις DirectAnimation της Java
    ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
    ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
    ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
    ActiveX: {5CA109D3-A084-47E8-A9CB-D497322E3F50} - BingBar 7.0
    ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
    ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
    ActiveX: {6AA26B7C-7C26-33B4-88DD-431CB7C94742} - .NET Framework
    ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
    ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
    ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /I:U shell32.dll
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
    ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
    ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
    ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
    ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate
    ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
    ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Χρονοδιάγραμμα εργασιών
    ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
    ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
    ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
    ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
    ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
    ActiveX: >{21d337f6-7548-4c7c-a931-2eeaf254b69a} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
    ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
    ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
    ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.ffds - C:\Program Files\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

    NetSvcs: 6to4 - File not found
    NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
    NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: dvspr - C:\WINDOWS\system32\vczuxxt.dll File not found

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/10/06 20:56:21 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\lili\Επιφάνεια εργασίας\OTL.exe
    [2012/10/06 20:20:29 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2012/10/06 20:20:29 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2012/10/06 20:20:29 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2012/10/06 20:20:29 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2012/10/06 20:20:25 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2012/10/06 20:20:22 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/10/06 20:17:10 | 004,762,471 | R--- | C] (Swearware) -- C:\Documents and Settings\lili\Επιφάνεια εργασίας\ComboFix.exe
    [2012/10/06 19:12:39 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\lili\Επιφάνεια εργασίας\aswMBR.exe
    [2012/10/06 19:06:44 | 002,212,440 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\lili\Επιφάνεια εργασίας\tdsskiller.exe
    [2012/10/06 07:11:09 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\lili\Επιφάνεια εργασίας\dds.com
    [2012/10/06 07:08:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lili\Επιφάνεια εργασίας\LOGS
    [2012/10/06 06:45:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Προγράμματα\Malwarebytes' Anti-Malware
    [2012/10/06 06:45:26 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2012/10/06 06:45:26 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2012/10/06 06:32:37 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\lili\Επιφάνεια εργασίας\TFC.exe
    [2012/10/06 05:09:51 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2012/10/06 05:03:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
    [2012/10/06 04:53:24 | 000,000,000 | R--D | C] -- C:\Documents and Settings\lili\Τα έγγραφά μου\Τα βίντεό μου
    [2012/10/06 04:53:24 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\Τα βίντεό μου
    [2012/10/06 04:22:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lili\Application Data\Malwarebytes
    [2012/10/06 04:21:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2012/10/06 02:11:15 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
    [2012/10/06 02:04:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lili\Application Data\LavasoftStatistics
    [2012/10/06 02:04:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lili\Application Data\Ad-Aware Antivirus
    [2012/10/06 01:42:16 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
    [2012/10/06 01:41:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
    [2012/10/03 22:03:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lili\Επιφάνεια εργασίας\THE FLYING SWORDS OF DRAGON GATE (2011) 720P BLURAY X264 - ROVERS
    [2012/09/15 09:20:58 | 000,157,680 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
    [2012/09/15 09:20:58 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
    [2012/09/15 09:20:58 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
    [2012/09/12 19:56:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lili\Τα έγγραφά μου\Game.of.Thrones.S02!!
    [2012/09/12 18:30:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lili\Επιφάνεια εργασίας\ΠΛΟΙΟ
    [2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
    [1 C:\Documents and Settings\lili\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\lili\Local Settings\Application Data\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/10/06 20:58:00 | 000,001,168 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2012/10/06 20:58:00 | 000,001,164 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2012/10/06 20:56:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\lili\Επιφάνεια εργασίας\OTL.exe
    [2012/10/06 20:17:31 | 004,762,471 | R--- | M] (Swearware) -- C:\Documents and Settings\lili\Επιφάνεια εργασίας\ComboFix.exe
    [2012/10/06 20:12:34 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\lili\Επιφάνεια εργασίας\MBR.dat
    [2012/10/06 20:04:45 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
    [2012/10/06 20:04:43 | 000,070,144 | ---- | M] () -- C:\Documents and Settings\lili\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/10/06 19:48:06 | 000,051,855 | ---- | M] () -- C:\Documents and Settings\lili\Επιφάνεια εργασίας\MYPROBLEM.JPG
    [2012/10/06 19:36:27 | 000,000,107 | ---- | M] () -- C:\Documents and Settings\lili\default.pls
    [2012/10/06 19:23:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2012/10/06 19:12:52 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\lili\Επιφάνεια εργασίας\aswMBR.exe
    [2012/10/06 19:06:57 | 002,212,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\lili\Επιφάνεια εργασίας\tdsskiller.exe
    [2012/10/06 19:03:17 | 000,016,608 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\gdrv.sys
    [2012/10/06 19:03:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2012/10/06 19:00:59 | 000,513,501 | ---- | M] () -- C:\Documents and Settings\lili\Επιφάνεια εργασίας\adwcleaner.exe
    [2012/10/06 07:11:11 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\lili\Επιφάνεια εργασίας\dds.com
    [2012/10/06 07:09:39 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\lili\Επιφάνεια εργασίας\kenvh40b.exe
    [2012/10/06 06:45:28 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Επιφάνεια εργασίας\Malwarebytes Anti-Malware.lnk
    [2012/10/06 06:40:58 | 000,118,952 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2012/10/06 06:33:00 | 000,540,598 | ---- | M] () -- C:\WINDOWS\System32\perfh008.dat
    [2012/10/06 06:33:00 | 000,432,928 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2012/10/06 06:33:00 | 000,090,456 | ---- | M] () -- C:\WINDOWS\System32\perfc008.dat
    [2012/10/06 06:33:00 | 000,067,884 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2012/10/06 06:32:41 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\lili\Επιφάνεια εργασίας\TFC.exe
    [2012/10/06 06:17:03 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\lili\Επιφάνεια εργασίας\Συντόμευση για το Ιnternet.lnk
    [2012/10/06 06:11:50 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2012/10/06 05:20:24 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2012/10/06 05:09:55 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2012/09/21 22:23:19 | 000,696,240 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
    [2012/09/21 22:23:19 | 000,073,136 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
    [2012/09/12 16:14:35 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
    [1 C:\Documents and Settings\lili\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\lili\Local Settings\Application Data\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/10/06 20:20:29 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2012/10/06 20:20:29 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2012/10/06 20:20:29 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2012/10/06 20:20:29 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2012/10/06 20:20:29 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2012/10/06 20:12:34 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\lili\Επιφάνεια εργασίας\MBR.dat
    [2012/10/06 19:36:27 | 000,000,107 | ---- | C] () -- C:\Documents and Settings\lili\default.pls
    [2012/10/06 19:33:45 | 000,051,855 | ---- | C] () -- C:\Documents and Settings\lili\Επιφάνεια εργασίας\MYPROBLEM.JPG
    [2012/10/06 19:00:58 | 000,513,501 | ---- | C] () -- C:\Documents and Settings\lili\Επιφάνεια εργασίας\adwcleaner.exe
    [2012/10/06 07:09:37 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\lili\Επιφάνεια εργασίας\kenvh40b.exe
    [2012/10/06 06:45:28 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Επιφάνεια εργασίας\Malwarebytes Anti-Malware.lnk
    [2012/10/06 06:17:03 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\lili\Επιφάνεια εργασίας\Συντόμευση για το Ιnternet.lnk
    [2012/10/06 05:09:52 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2012/03/08 14:37:33 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2011/07/29 23:27:46 | 000,032,250 | ---- | C] () -- C:\WINDOWS\System32\epfwdata.bin
    [2011/02/09 19:39:00 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
    [2010/07/12 14:57:14 | 000,070,144 | ---- | C] () -- C:\Documents and Settings\lili\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/07/08 21:55:34 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\lili\Local Settings\Application Data\prvlcl.dat

    ========== ZeroAccess Check ==========

    [2010/10/24 22:43:45 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shdocvw.dll -- [2012/04/20 22:29:45 | 001,510,912 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 13:52:33 | 000,473,600 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 19:30:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== Custom Scans ==========

    ========== Drive Information ==========
  17. giannhs_mastro

    giannhs_mastro TS Rookie Topic Starter Posts: 21

    Physical Drives
    ---------------

    Drive: \\\\.\\PHYSICALDRIVE0 - Fixed\thard disk media
    Interface type: IDE
    Media Type: Fixed\thard disk media
    Model: WDC WD2500KS-00MJB0
    Partitions: 1
    Status: OK
    Status Info: 0

    Partitions
    ---------------

    DeviceID: Disk #0, Partition #0
    PartitionType: Installable File System
    Bootable: True
    BootPartition: True
    PrimaryPartition: True
    Size: 233,00GB
    Starting Offset: 32256
    Hidden sectors: 0

    [2010/06/20 12:55:15 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information

    < %AppData%\Roaming\Mozilla\Firefox\Profiles\*.default\extensions\ /s /md5 >

    < %AppData%\Local\ >

    < %systemroot%\system32\sysprep >

    < *.xpi /md5 >

    < %systemroot%\Downloaded Program Files\ >

    < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile >
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

    < hklm\software\clients\startmenuinternet|command /rs >
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/09/09 11:02:21 | 000,885,824 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/09/09 11:02:21 | 000,885,824 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/09/09 11:02:21 | 000,885,824 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/09/09 11:02:27 | 000,917,984 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/09/09 11:02:27 | 000,917,984 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/09/09 11:02:27 | 000,917,984 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/08/28 15:07:34 | 000,174,080 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/08/28 15:07:34 | 000,174,080 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/08/28 15:07:34 | 000,174,080 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

    < hklm\software\clients\startmenuinternet|command /64 /rs >
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/09/09 11:02:21 | 000,885,824 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/09/09 11:02:21 | 000,885,824 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/09/09 11:02:21 | 000,885,824 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/09/09 11:02:27 | 000,917,984 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/09/09 11:02:27 | 000,917,984 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/09/09 11:02:27 | 000,917,984 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/08/28 15:07:34 | 000,174,080 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/08/28 15:07:34 | 000,174,080 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/08/28 15:07:34 | 000,174,080 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

    < %systemroot%\system32\drivers\*.sys /lockedfiles >

    < %systemroot%\system32\drivers\*.sys /90 >
    [2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys

    < %systemroot%\System32\config\*.sav >
    [2010/06/20 15:25:04 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
    [2010/06/20 15:25:04 | 000,643,072 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
    [2010/06/20 15:25:04 | 000,446,464 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

    < %SYSTEMDRIVE%\*.exe /md5 >

    < "%WinDir%\$NtUninstallKB*$." /30 >

    < %systemdrive%\Program Files\Common Files\ComObjects\*.* /s >

    < %systemroot%\*. /mp /s >

    < %systemroot%\*. /rp /s >

    < %systemroot%\system32\*.dll /lockedfiles >

    < %systemroot%\Tasks\*.job /lockedfiles >

    < %systemroot%\Installer\ /s >

    < %systemroot%\system32\Cache\ /s >

    < %systemroot%\system32\config\systemprofile\Application Data /s >

    < %PROGRAMFILES%\*. >
    [2011/09/23 22:51:08 | 000,000,000 | ---D | M] -- C:\Program Files\Activision
    [2012/08/09 21:44:17 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
    [2011/02/09 19:38:45 | 000,000,000 | ---D | M] -- C:\Program Files\Auralog
    [2010/07/16 21:40:49 | 000,000,000 | ---D | M] -- C:\Program Files\Combined Community Codec Pack
    [2012/10/06 20:23:26 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
    [2010/06/20 12:38:54 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
    [2011/02/09 19:28:57 | 000,000,000 | ---D | M] -- C:\Program Files\DAEMON Tools Lite
    [2010/11/04 15:41:42 | 000,000,000 | ---D | M] -- C:\Program Files\DVD Shrink
    [2012/10/06 05:18:30 | 000,000,000 | ---D | M] -- C:\Program Files\DVDVideoSoft
    [2012/10/06 01:42:16 | 000,000,000 | ---D | M] -- C:\Program Files\Enigma Software Group
    [2012/10/06 05:12:42 | 000,000,000 | ---D | M] -- C:\Program Files\ESET
    [2010/06/20 12:49:46 | 000,000,000 | ---D | M] -- C:\Program Files\GIGABYTE
    [2011/12/01 12:20:35 | 000,000,000 | ---D | M] -- C:\Program Files\Google
    [2012/04/10 08:24:32 | 000,000,000 | ---D | M] -- C:\Program Files\GUM93.tmp
    [2010/06/20 12:55:15 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
    [2010/06/20 12:50:22 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
    [2012/09/21 22:53:23 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
    [2012/09/15 09:20:55 | 000,000,000 | ---D | M] -- C:\Program Files\Java
    [2010/07/13 21:51:28 | 000,000,000 | ---D | M] -- C:\Program Files\JRE
    [2012/10/06 06:45:29 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2011/04/13 01:33:49 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
    [2012/10/06 03:52:00 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
    [2010/06/20 12:41:46 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
    [2011/04/15 22:01:37 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
    [2012/09/09 11:02:35 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
    [2012/09/09 18:20:43 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Maintenance Service
    [2010/10/24 22:45:05 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
    [2010/06/20 12:38:19 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
    [2011/04/13 01:58:40 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
    [2010/10/24 22:42:32 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 6.0
    [2010/07/12 15:02:45 | 000,000,000 | ---D | M] -- C:\Program Files\Nero
    [2011/04/13 01:21:41 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
    [2010/06/20 12:40:29 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
    [2010/07/13 21:51:24 | 000,000,000 | ---D | M] -- C:\Program Files\OpenOffice.org 3
    [2011/04/13 02:03:28 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
    [2010/06/20 12:55:15 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
    [2010/10/24 22:44:59 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
    [2012/08/28 20:32:39 | 000,000,000 | R--D | M] -- C:\Program Files\Skype
    [2012/10/06 02:11:15 | 000,000,000 | ---D | M] -- C:\Program Files\Trend Micro
    [2010/06/20 12:47:42 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
    [2012/06/03 20:55:39 | 000,000,000 | ---D | M] -- C:\Program Files\uTorrent
    [2010/09/08 19:26:18 | 000,000,000 | ---D | M] -- C:\Program Files\VideoLAN
    [2011/04/13 01:24:32 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
    [2011/04/13 01:21:37 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
    [2010/06/20 12:40:32 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
    [2011/04/13 21:49:31 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
    [2010/06/20 12:41:46 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
    [2011/07/09 23:53:20 | 000,000,000 | ---D | M] -- C:\Program Files\YoutubeDownloader.org

    < %appdata%\*.* >
    [2010/06/20 15:26:41 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\lili\Application Data\desktop.ini

    < MD5 for: AFD.SYS >
    [2011/08/17 16:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\system32\dllcache\afd.sys
    [2011/08/17 16:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\system32\drivers\afd.sys
    [2008/04/13 22:19:23 | 000,138,112 | ---- | M] (Microsoft Corporation) MD5=322D0E36693D6E24A2398BEE62A268CD -- C:\WINDOWS\$NtUninstallKB951748$\afd.sys
    [2008/04/13 22:19:23 | 000,138,112 | ---- | M] (Microsoft Corporation) MD5=322D0E36693D6E24A2398BEE62A268CD -- C:\WINDOWS\ServicePackFiles\i386\afd.sys
    [2011/02/16 16:22:48 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=355556D9E580915118CD7EF736653A89 -- C:\WINDOWS\$NtUninstallKB2592799$\afd.sys
    [2008/10/16 18:07:58 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=38D7B715504DA4741DF35E3594FE2099 -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\afd.sys
    [2008/08/14 13:34:26 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=4D43E74F2A1239D53929B82600F1971C -- C:\WINDOWS\$hf_mig$\KB956803\SP3QFE\afd.sys
    [2008/08/14 12:51:43 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=55E6E1C51B6D30E54335750955453702 -- C:\WINDOWS\$NtServicePackUninstall$\afd.sys
    [2006/03/02 15:00:00 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=5AC495F4CB807B2B98AD2AD591E6D92E -- C:\WINDOWS\$NtUninstallKB951748_0$\afd.sys
    [2008/08/14 12:48:52 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=6A0397376853E604DE8E1E7A87FC08AC -- C:\WINDOWS\$hf_mig$\KB956803\SP2QFE\afd.sys
    [2008/10/16 17:43:01 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7618D5218F2A614672EC61A80D854A37 -- C:\WINDOWS\$NtUninstallKB2503665$\afd.sys
    [2008/08/14 13:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7E775010EF291DA96AD17CA4B17137D7 -- C:\WINDOWS\$hf_mig$\KB956803\SP3GDR\afd.sys
    [2008/08/14 13:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7E775010EF291DA96AD17CA4B17137D7 -- C:\WINDOWS\$NtUninstallKB2509553$\afd.sys
    [2011/02/16 16:25:05 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=8D499B1276012EB907E7A9E0F4D8FDA4 -- C:\WINDOWS\$hf_mig$\KB2503665\SP3QFE\afd.sys
    [2008/06/20 13:44:38 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=944CA435BFCFC82CC1ED9E3A7D731AA9 -- C:\WINDOWS\$NtUninstallKB956803_0$\afd.sys
    [2008/06/20 14:48:03 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=D6EE6014241D034E63C49A50CB2B442A -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys
    [2008/06/20 13:44:08 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=D99DDFFB33DEACDCF20717CB520379F6 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\afd.sys
    [2008/06/20 14:40:08 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=E3049B90FE06F3F740B7CFDA44995E2C -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\afd.sys
    [2008/06/20 14:40:08 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=E3049B90FE06F3F740B7CFDA44995E2C -- C:\WINDOWS\$NtUninstallKB956803$\afd.sys
    [2011/08/17 16:41:46 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=F6B7B1ECD7B41736BDB6FF4B092BCB79 -- C:\WINDOWS\$hf_mig$\KB2592799\SP3QFE\afd.sys

    < MD5 for: ATAPI.SYS >
    [2006/03/02 15:00:00 | 018,809,921 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
    [2011/04/13 01:13:04 | 023,920,796 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
    [2011/04/13 01:13:04 | 023,920,796 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
    [2008/04/13 21:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\erdnt\cache\atapi.sys
    [2008/04/13 21:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
    [2008/04/13 21:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
    [2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
    [2006/03/02 15:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
    [2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys

    < MD5 for: CRYPTSVC.DLL >
    [2006/03/02 15:00:00 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=DB4CB40F91CAC71EEA9F7E289DBEC05B -- C:\WINDOWS\$NtServicePackUninstall$\cryptsvc.dll
    [2008/04/14 19:29:24 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F50F73977012F0F5CF807451B79B6736 -- C:\WINDOWS\erdnt\cache\cryptsvc.dll
    [2008/04/14 19:29:24 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F50F73977012F0F5CF807451B79B6736 -- C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll
    [2008/04/14 19:29:24 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F50F73977012F0F5CF807451B79B6736 -- C:\WINDOWS\system32\cryptsvc.dll

    < MD5 for: DNSRSLVR.DLL >
    [2006/03/02 15:00:00 | 000,046,080 | ---- | M] (Microsoft Corporation) MD5=64484EBDF104E91F8EAD7AEE952EEED6 -- C:\WINDOWS\$NtServicePackUninstall$\dnsrslvr.dll
    [2009/04/20 20:07:05 | 000,046,080 | ---- | M] (Microsoft Corporation) MD5=721F278FB07EB5CB2F47A9A8D7B00D3E -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\dnsrslvr.dll
    [2008/04/14 19:29:26 | 000,046,080 | ---- | M] (Microsoft Corporation) MD5=B88F912AEC6E655051A935C2D41FA5B3 -- C:\WINDOWS\$NtUninstallKB2509553$\dnsrslvr.dll
    [2008/04/14 19:29:26 | 000,046,080 | ---- | M] (Microsoft Corporation) MD5=B88F912AEC6E655051A935C2D41FA5B3 -- C:\WINDOWS\ServicePackFiles\i386\dnsrslvr.dll
    [2009/04/20 20:18:35 | 000,046,080 | ---- | M] (Microsoft Corporation) MD5=F99BE5941B69DC781C1C5A5D71280469 -- C:\WINDOWS\system32\dllcache\dnsrslvr.dll
    [2009/04/20 20:18:35 | 000,046,080 | ---- | M] (Microsoft Corporation) MD5=F99BE5941B69DC781C1C5A5D71280469 -- C:\WINDOWS\system32\dnsrslvr.dll

    < MD5 for: ES.DLL >
    [2006/03/02 15:00:00 | 000,243,200 | ---- | M] (Microsoft Corporation) MD5=1C44D024781BDA77DC5DA9373BE170A6 -- C:\WINDOWS\$NtUninstallKB950974_0$\es.dll
    [2008/07/07 23:30:48 | 000,253,952 | ---- | M] (Microsoft Corporation) MD5=20739EEE87AF14FABEA5FFF2B1AEAFA8 -- C:\WINDOWS\$NtServicePackUninstall$\es.dll
    [2008/04/14 19:29:27 | 000,246,272 | ---- | M] (Microsoft Corporation) MD5=53B11DD7E1BF16BDE231B63A3D6C6BC0 -- C:\WINDOWS\$NtUninstallKB950974$\es.dll
    [2008/04/14 19:29:27 | 000,246,272 | ---- | M] (Microsoft Corporation) MD5=53B11DD7E1BF16BDE231B63A3D6C6BC0 -- C:\WINDOWS\ServicePackFiles\i386\es.dll
    [2008/07/07 23:24:03 | 000,253,952 | ---- | M] (Microsoft Corporation) MD5=6D75E47CBBC42224F3200143F6155130 -- C:\WINDOWS\$hf_mig$\KB950974\SP3QFE\es.dll
    [2008/07/07 23:17:19 | 000,253,952 | ---- | M] (Microsoft Corporation) MD5=820AF4755D0E5580494F839B625C2262 -- C:\WINDOWS\$hf_mig$\KB950974\SP2QFE\es.dll
    [2008/07/07 23:28:00 | 000,253,952 | ---- | M] (Microsoft Corporation) MD5=C35DF6D336EBCB2F5E8D817A531BA666 -- C:\WINDOWS\$hf_mig$\KB950974\SP3GDR\es.dll
    [2008/07/07 23:28:00 | 000,253,952 | ---- | M] (Microsoft Corporation) MD5=C35DF6D336EBCB2F5E8D817A531BA666 -- C:\WINDOWS\erdnt\cache\es.dll
    [2008/07/07 23:28:00 | 000,253,952 | ---- | M] (Microsoft Corporation) MD5=C35DF6D336EBCB2F5E8D817A531BA666 -- C:\WINDOWS\system32\dllcache\es.dll
    [2008/07/07 23:28:00 | 000,253,952 | ---- | M] (Microsoft Corporation) MD5=C35DF6D336EBCB2F5E8D817A531BA666 -- C:\WINDOWS\system32\es.dll

    < MD5 for: EXPLORER.EXE >
    [2008/04/14 19:30:35 | 001,038,336 | ---- | M] (Microsoft Corporation) MD5=8B93A11CDA30DD8AD9902B59BB401411 -- C:\WINDOWS\erdnt\cache\explorer.exe
    [2008/04/14 19:30:35 | 001,038,336 | ---- | M] (Microsoft Corporation) MD5=8B93A11CDA30DD8AD9902B59BB401411 -- C:\WINDOWS\explorer.exe
    [2008/04/14 19:30:35 | 001,038,336 | ---- | M] (Microsoft Corporation) MD5=8B93A11CDA30DD8AD9902B59BB401411 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
    [2006/03/02 15:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=8C0A90F37FA70DBE55B17A57EDB521FF -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

    < MD5 for: IPNATHLP.DLL >
    [2006/03/02 15:00:00 | 000,335,360 | ---- | M] (Microsoft Corporation) MD5=102FA7D67DD6075CF0EE433B1492F6B4 -- C:\WINDOWS\$NtServicePackUninstall$\ipnathlp.dll
    [2008/04/14 19:29:33 | 000,335,360 | ---- | M] (Microsoft Corporation) MD5=522873DF0FFD34FB1A8AF7D7E276727E -- C:\WINDOWS\ServicePackFiles\i386\ipnathlp.dll
    [2008/04/14 19:29:33 | 000,335,360 | ---- | M] (Microsoft Corporation) MD5=522873DF0FFD34FB1A8AF7D7E276727E -- C:\WINDOWS\system32\ipnathlp.dll

    < MD5 for: IPSEC.SYS >
    [2008/04/13 22:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\erdnt\cache\ipsec.sys
    [2008/04/13 22:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\ServicePackFiles\i386\ipsec.sys
    [2008/04/13 22:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\system32\drivers\ipsec.sys
    [2006/03/02 15:00:00 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=64537AA5C003A6AFEEE1DF819062D0D1 -- C:\WINDOWS\$NtServicePackUninstall$\ipsec.sys

    < MD5 for: NETBT.SYS >
    [2006/03/02 15:00:00 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=0C80E410CD2F47134407EE7DD19CC86B -- C:\WINDOWS\$NtServicePackUninstall$\netbt.sys
    [2008/04/13 22:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=74B2B2F5BEA5E9A3DC021D685551BD3D -- C:\WINDOWS\ServicePackFiles\i386\netbt.sys
    [2008/04/13 22:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=74B2B2F5BEA5E9A3DC021D685551BD3D -- C:\WINDOWS\system32\drivers\netbt.sys

    < MD5 for: NETMAN.DLL >
    [2008/04/14 19:29:44 | 000,198,144 | ---- | M] (Microsoft Corporation) MD5=A443996504A45CDF60CBA800DCB14420 -- C:\WINDOWS\erdnt\cache\netman.dll
    [2008/04/14 19:29:44 | 000,198,144 | ---- | M] (Microsoft Corporation) MD5=A443996504A45CDF60CBA800DCB14420 -- C:\WINDOWS\ServicePackFiles\i386\netman.dll
    [2008/04/14 19:29:44 | 000,198,144 | ---- | M] (Microsoft Corporation) MD5=A443996504A45CDF60CBA800DCB14420 -- C:\WINDOWS\system32\netman.dll
    [2006/03/02 15:00:00 | 000,198,144 | ---- | M] (Microsoft Corporation) MD5=B4355B0D14253D773EC6F3C3B5EC9BA3 -- C:\WINDOWS\$NtServicePackUninstall$\netman.dll

    < MD5 for: QMGR.DLL >
    [2008/04/14 19:29:52 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=ABDC5CF759C736DFBFEB031FDC01E303 -- C:\WINDOWS\erdnt\cache\qmgr.dll
    [2008/04/14 19:29:52 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=ABDC5CF759C736DFBFEB031FDC01E303 -- C:\WINDOWS\ServicePackFiles\i386\qmgr.dll
    [2008/04/14 19:29:52 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=ABDC5CF759C736DFBFEB031FDC01E303 -- C:\WINDOWS\system32\bits\qmgr.dll
    [2008/04/14 19:29:52 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=ABDC5CF759C736DFBFEB031FDC01E303 -- C:\WINDOWS\system32\qmgr.dll
    [2006/03/02 15:00:00 | 000,382,464 | ---- | M] (Microsoft Corporation) MD5=D58E7D771BE5A694D53499D0F18BB83F -- C:\WINDOWS\$NtServicePackUninstall$\qmgr.dll

    < MD5 for: RPCSS.DLL >
    [2009/02/09 13:03:09 | 000,401,408 | ---- | M] (Microsoft Corporation) MD5=291336620D7B6DEB2647FE0C0F9D5902 -- C:\WINDOWS\$hf_mig$\KB956572\SP2QFE\rpcss.dll
    [2009/02/09 13:19:00 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=4CE591871C94C66A2533142973ADA605 -- C:\WINDOWS\$NtServicePackUninstall$\rpcss.dll
    [2006/03/02 15:00:00 | 000,395,776 | ---- | M] (Microsoft Corporation) MD5=96BB036AE90A3153C61420573FE46EA0 -- C:\WINDOWS\$NtUninstallKB956572_0$\rpcss.dll
    [2009/02/09 13:52:33 | 000,401,408 | ---- | M] (Microsoft Corporation) MD5=B5F06957525D494D2C261B5739367524 -- C:\WINDOWS\$hf_mig$\KB956572\SP3GDR\rpcss.dll
    [2009/02/09 13:52:33 | 000,401,408 | ---- | M] (Microsoft Corporation) MD5=B5F06957525D494D2C261B5739367524 -- C:\WINDOWS\erdnt\cache\rpcss.dll
    [2009/02/09 13:52:33 | 000,401,408 | ---- | M] (Microsoft Corporation) MD5=B5F06957525D494D2C261B5739367524 -- C:\WINDOWS\system32\dllcache\rpcss.dll
    [2009/02/09 13:52:33 | 000,401,408 | ---- | M] (Microsoft Corporation) MD5=B5F06957525D494D2C261B5739367524 -- C:\WINDOWS\system32\rpcss.dll
    [2008/04/14 19:29:54 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=CAF10713E4A7C574FB8C86D34FF70616 -- C:\WINDOWS\$NtUninstallKB956572$\rpcss.dll
    [2008/04/14 19:29:54 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=CAF10713E4A7C574FB8C86D34FF70616 -- C:\WINDOWS\ServicePackFiles\i386\rpcss.dll
    [2009/02/09 13:55:49 | 000,401,408 | ---- | M] (Microsoft Corporation) MD5=DEA58EFF8827D923395CF52FDC5A2AE1 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\rpcss.dll

    < MD5 for: SERVICES.EXE >
    [2009/02/09 12:50:45 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=14378B794DD02504AD6FD7B668AC8C94 -- C:\WINDOWS\$hf_mig$\KB956572\SP2QFE\services.exe
    [2009/02/09 14:16:08 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=1AE2E5CE9EEE92C125D2B95B1B85268C -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
    [2006/03/02 15:00:00 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=1F4074C8027DFA38A1AB8ACA6967C783 -- C:\WINDOWS\$NtUninstallKB956572_0$\services.exe
    [2008/04/14 19:31:01 | 000,109,056 | ---- | M] (Microsoft Corporation) MD5=207AB7A1A36004BB6F33E58E71C1C90E -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
    [2008/04/14 19:31:01 | 000,109,056 | ---- | M] (Microsoft Corporation) MD5=207AB7A1A36004BB6F33E58E71C1C90E -- C:\WINDOWS\ServicePackFiles\i386\services.exe
    [2009/02/09 14:23:04 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=2A0BB5C67281C423F8D7D6B7D79699AC -- C:\WINDOWS\$hf_mig$\KB956572\SP3GDR\services.exe
    [2009/02/09 14:23:04 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=2A0BB5C67281C423F8D7D6B7D79699AC -- C:\WINDOWS\erdnt\cache\services.exe
    [2009/02/09 14:23:04 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=2A0BB5C67281C423F8D7D6B7D79699AC -- C:\WINDOWS\system32\dllcache\services.exe
    [2009/02/09 14:23:04 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=2A0BB5C67281C423F8D7D6B7D79699AC -- C:\WINDOWS\system32\services.exe
    [2009/02/09 13:07:24 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=8B030D578706000A9416A7B244A415F4 -- C:\WINDOWS\$NtServicePackUninstall$\services.exe

    < MD5 for: SR.SYS >
    [2006/03/02 15:00:00 | 000,073,600 | ---- | M] (Microsoft Corporation) MD5=682CED06B35E1391091FF802C7F224F6 -- C:\WINDOWS\$NtServicePackUninstall$\sr.sys
    [2008/04/14 19:02:25 | 000,073,472 | ---- | M] (Microsoft Corporation) MD5=A41AC0D87DC3054DB716F1456C84391C -- C:\WINDOWS\ServicePackFiles\i386\sr.sys
    [2008/04/14 19:02:25 | 000,073,472 | ---- | M] (Microsoft Corporation) MD5=A41AC0D87DC3054DB716F1456C84391C -- C:\WINDOWS\system32\drivers\sr.sys

    < MD5 for: SRSVC.DLL >
    [2008/04/14 19:30:07 | 000,171,520 | ---- | M] (Microsoft Corporation) MD5=BB9B6E360FF1A701A7920AA798A335BF -- C:\WINDOWS\erdnt\cache\srsvc.dll
    [2008/04/14 19:30:07 | 000,171,520 | ---- | M] (Microsoft Corporation) MD5=BB9B6E360FF1A701A7920AA798A335BF -- C:\WINDOWS\ServicePackFiles\i386\srsvc.dll
    [2008/04/14 19:30:07 | 000,171,520 | ---- | M] (Microsoft Corporation) MD5=BB9B6E360FF1A701A7920AA798A335BF -- C:\WINDOWS\system32\srsvc.dll
    [2006/03/02 15:00:00 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=BD5300CA375C341E4BBDDA4B91B1C56B -- C:\WINDOWS\$NtServicePackUninstall$\srsvc.dll

    < MD5 for: SVCHOST.EXE >
    [2008/04/14 19:31:05 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=274E9C78C12EBF74DC56B2BF64312F34 -- C:\WINDOWS\erdnt\cache\svchost.exe
    [2008/04/14 19:31:05 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=274E9C78C12EBF74DC56B2BF64312F34 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
    [2008/04/14 19:31:05 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=274E9C78C12EBF74DC56B2BF64312F34 -- C:\WINDOWS\system32\svchost.exe
    [2012/09/07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
    [2006/03/02 15:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=D0488D4C9C04CA3FFDA71D8A0D7959FA -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

    < MD5 for: TCPIP.SYS >
    [2008/06/20 13:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
    [2008/06/20 13:44:42 | 000,360,960 | ---- | M] (Microsoft Corporation) MD5=744E57C99232201AE98C49168B918F48 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
    [2008/04/13 22:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
    [2008/04/13 22:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
    [2008/06/20 14:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
    [2008/06/20 14:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\erdnt\cache\tcpip.sys
    [2008/06/20 14:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
    [2008/06/20 14:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
    [2006/03/02 15:00:00 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtUninstallKB951748_0$\tcpip.sys
    [2008/06/20 14:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
    [2008/06/20 14:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys

    < MD5 for: USERINIT.EXE >
    [2006/03/02 15:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=E0EB5D17FCF2C50357E32B8A6D0799ED -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
    [2008/04/14 19:31:08 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=FD570C21EC04E768DE7577CAD6081C76 -- C:\WINDOWS\erdnt\cache\userinit.exe
    [2008/04/14 19:31:08 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=FD570C21EC04E768DE7577CAD6081C76 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
    [2008/04/14 19:31:08 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=FD570C21EC04E768DE7577CAD6081C76 -- C:\WINDOWS\system32\userinit.exe

    < MD5 for: VOLSNAP.SYS >
    [2008/04/14 18:47:31 | 000,053,632 | ---- | M] (Microsoft Corporation) MD5=3CF5DC3FDF17AE17D488D4548AC33741 -- C:\WINDOWS\ServicePackFiles\i386\volsnap.sys
    [2008/04/14 18:47:31 | 000,053,632 | ---- | M] (Microsoft Corporation) MD5=3CF5DC3FDF17AE17D488D4548AC33741 -- C:\WINDOWS\system32\drivers\volsnap.sys
    [2006/03/02 15:00:00 | 000,053,632 | ---- | M] (Microsoft Corporation) MD5=B26DA873095E796F84326F3E160E1FB3 -- C:\WINDOWS\$NtServicePackUninstall$\volsnap.sys

    < MD5 for: WINLOGON.EXE >
    [2012/09/07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
    [2006/03/02 15:00:00 | 000,508,416 | ---- | M] (Microsoft Corporation) MD5=5C13423B50E48732AD8DC2E6C2B25EFD -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
    [2008/04/14 19:31:11 | 000,513,536 | ---- | M] (Microsoft Corporation) MD5=5C928CB57C89F8623608DBF5467379EE -- C:\WINDOWS\erdnt\cache\winlogon.exe
    [2008/04/14 19:31:11 | 000,513,536 | ---- | M] (Microsoft Corporation) MD5=5C928CB57C89F8623608DBF5467379EE -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
    [2008/04/14 19:31:11 | 000,513,536 | ---- | M] (Microsoft Corporation) MD5=5C928CB57C89F8623608DBF5467379EE -- C:\WINDOWS\system32\winlogon.exe

    < MD5 for: WMISVC.DLL >
    [2008/04/14 19:30:12 | 000,145,408 | ---- | M] (Microsoft Corporation) MD5=075EC50CA60F1B4EE576886BEF72AB21 -- C:\WINDOWS\ServicePackFiles\i386\wmisvc.dll
    [2008/04/14 19:30:12 | 000,145,408 | ---- | M] (Microsoft Corporation) MD5=075EC50CA60F1B4EE576886BEF72AB21 -- C:\WINDOWS\system32\wbem\wmisvc.dll
    [2006/03/02 15:00:00 | 000,145,408 | ---- | M] (Microsoft Corporation) MD5=7D59A5D747B3DCCFB718205868E76595 -- C:\WINDOWS\$NtServicePackUninstall$\wmisvc.dll

    < MD5 for: WSCSVC.DLL >
    [2008/04/14 19:30:12 | 000,080,896 | ---- | M] (Microsoft Corporation) MD5=1A5DDC44B0AB7C40C13796DB7DB82989 -- C:\WINDOWS\ServicePackFiles\i386\wscsvc.dll
    [2008/04/14 19:30:12 | 000,080,896 | ---- | M] (Microsoft Corporation) MD5=1A5DDC44B0AB7C40C13796DB7DB82989 -- C:\WINDOWS\system32\wscsvc.dll
    [2006/03/02 15:00:00 | 000,081,408 | ---- | M] (Microsoft Corporation) MD5=25F5E44C836FF17AE73B5A5D5BED6D33 -- C:\WINDOWS\$NtServicePackUninstall$\wscsvc.dll

    < MD5 for: WUAUSERV.DLL >
    [2006/03/02 15:00:00 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=0B1279926EBE0B9FC8B81675EAEC846D -- C:\WINDOWS\$NtServicePackUninstall$\wuauserv.dll
    [2008/04/14 19:30:15 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=6F55057EE883AC1675F31242B6DD6EF3 -- C:\WINDOWS\ServicePackFiles\i386\wuauserv.dll
    [2008/04/14 19:30:15 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=6F55057EE883AC1675F31242B6DD6EF3 -- C:\WINDOWS\system32\wuauserv.dll

    ========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
    [C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790 -> Junction
    [C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e -> Junction

    < End of report >
  18. giannhs_mastro

    giannhs_mastro TS Rookie Topic Starter Posts: 21

    OTL Extras logfile created on: 6/10/2012 8:58:34 μμ - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\lili\Επιφάνεια εργασίας
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000408 | Country: Ελλάδα | Language: ELL | Date Format: d/M/yyyy

    988,42 Mb Total Physical Memory | 552,27 Mb Available Physical Memory | 55,87% Memory free
    2,32 Gb Paging File | 2,03 Gb Available in Paging File | 87,68% Paging File free
    Paging file location(s): C:\pagefile.sys 1476 2952 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 232,88 Gb Total Space | 209,85 Gb Free Space | 90,11% Space Free | Partition Type: NTFS

    Computer Name: LILIA | User Name: lili | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    htafile [open] -- "%1" %*
    htmlfile [edit] -- Reg Error: Key error.
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "UpdatesDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "6162:TCP" = 6162:TCP:*:Enabled:eek:xlkjlne

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000 -- (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
    "C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
    "C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
    "C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Disabled:Google Earth -- (Google)
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000 -- (Microsoft Corporation)
    "C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 35
    "{350C9408-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{43FFE159-3199-4188-A1CD-629166AD1032}" = Nero 7 Ultra Edition
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{5607C1B8-DA2B-31D0-93A6-968D8C23A944}" = Microsoft .NET Framework 3.5 Language Pack SP1 - ell
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{57481C12-C102-395A-8BC3-941F2D79A114}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - ELL
    "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
    "{6AA26B7C-7C26-33B4-88DD-431CB7C94742}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - ELL
    "{7ED169D4-5053-4166-93DF-53B12AE6C539}" = Energy Saver Advance B8.0711.1
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
    "{B700113B-24A8-4D4C-8484-0CC944F764C8}" = Google SketchUp 8
    "{B99FC4CE-FA4F-4CAB-ACA4-CFD56FDCE5A9}" = OpenOffice.org 3.2
    "{BE09FBC2-74BF-42A5-8FFF-12E784BAA42C}" = ESET Smart Security
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
    "DAEMON Tools Lite" = DAEMON Tools Lite
    "DVD Shrink_is1" = DVD Shrink 3.2
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "ie8" = Windows Internet Explorer 8
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
    "Microsoft .NET Framework 3.5 Language Pack SP1 - ell" = Πακέτο γλώσσας του Microsoft .NET Framework 3.5 SP1 - ELL
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Mozilla Firefox 15.0.1 (x86 el)" = Mozilla Firefox 15.0.1 (x86 el)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "TMM70" = TELL ME MORE
    "uTorrent" = µTorrent
    "VLC media player" = VLC media player 1.0.5
    "WIC" = Windows Imaging Component
    "Windows Media Format Runtime" = Windows Media Format Runtime
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinRAR archiver" = WinRAR archiver
    "XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 8/2/2011 2:15:54 μμ | Computer Name = LILIA | Source = Application Error | ID = 1000
    Description = Ελαττωματική εφαρμογή firefox.exe, έκδοση 1.9.2.3989, ελαττωματική
    λειτουργική μονάδα datamngr.dll, έκδοση 1.0.0.1, ελαττωματική διεύθυνση 0x00079cdd.

    Error - 9/2/2011 12:29:01 μμ | Computer Name = LILIA | Source = crypt32 | ID = 131083
    Description = Αποτυχημένη εξαγωγή από το αρχείο cab αυτόματης ενημέρωσης, της ριζικής
    λίστας άλλου κατασκευαστή: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    με σφάλμα: Παρουσιάστηκε εσωτερικό σφάλμα αλληλουχίας πιστοποιητικών.

    Error - 10/4/2011 4:04:20 μμ | Computer Name = LILIA | Source = Application Error | ID = 1000
    Description = Ελαττωματική εφαρμογή explorer.exe, έκδοση 6.0.2900.2180, ελαττωματική
    λειτουργική μονάδα nemp4splitter.ax, έκδοση 4.9.4.1, ελαττωματική διεύθυνση 0x0002a65b.

    Error - 13/4/2011 4:06:51 μμ | Computer Name = LILIA | Source = Application Hang | ID = 1002
    Description = Κρεμασμένη εφαρμογή firefox.exe, έκδοση 1.9.2.3989, στοιχείο ελέγχου
    κρεμάσματος hungapp, έκδοση 0.0.0.0, διεύθυνση κρεμάσματος 0x00000000.

    Error - 19/5/2011 2:32:07 μμ | Computer Name = LILIA | Source = Application Hang | ID = 1002
    Description = Κρεμασμένη εφαρμογή chrome.exe, έκδοση 0.0.0.0, στοιχείο ελέγχου κρεμάσματος
    hungapp, έκδοση 0.0.0.0, διεύθυνση κρεμάσματος 0x00000000.

    Error - 20/5/2011 2:37:47 μμ | Computer Name = LILIA | Source = Application Hang | ID = 1002
    Description = Κρεμασμένη εφαρμογή chrome.exe, έκδοση 0.0.0.0, στοιχείο ελέγχου κρεμάσματος
    hungapp, έκδοση 0.0.0.0, διεύθυνση κρεμάσματος 0x00000000.

    Error - 29/5/2011 9:48:45 πμ | Computer Name = LILIA | Source = Application Hang | ID = 1002
    Description = Κρεμασμένη εφαρμογή firefox.exe, έκδοση 1.9.2.3989, στοιχείο ελέγχου
    κρεμάσματος hungapp, έκδοση 0.0.0.0, διεύθυνση κρεμάσματος 0x00000000.

    Error - 31/5/2011 4:02:08 μμ | Computer Name = LILIA | Source = Application Hang | ID = 1002
    Description = Κρεμασμένη εφαρμογή firefox.exe, έκδοση 1.9.2.3989, στοιχείο ελέγχου
    κρεμάσματος hungapp, έκδοση 0.0.0.0, διεύθυνση κρεμάσματος 0x00000000.

    Error - 9/7/2011 4:49:42 μμ | Computer Name = LILIA | Source = Application Hang | ID = 1002
    Description = Κρεμασμένη εφαρμογή FreeYouTubeToMP3Converter.exe, έκδοση 3.9.28.219,
    στοιχείο ελέγχου κρεμάσματος hungapp, έκδοση 0.0.0.0, διεύθυνση κρεμάσματος 0x00000000.

    Error - 18/7/2011 12:06:38 μμ | Computer Name = LILIA | Source = Application Error | ID = 1000
    Description = Ελαττωματική εφαρμογή chrome.exe, έκδοση 0.0.0.0, ελαττωματική λειτουργική
    μονάδα gcswf32.dll, έκδοση 10.3.181.35, ελαττωματική διεύθυνση 0x003b7fec.

    [ System Events ]
    Error - 5/10/2012 11:36:10 μμ | Computer Name = LILIA | Source = Service Control Manager | ID = 7034
    Description = Η λειτουργία της υπηρεσίας Java Quick Starter τερματίστηκε αναπάντεχα.
    Αυτό συνέβη 1 φορά(ές).

    Error - 5/10/2012 11:37:53 μμ | Computer Name = LILIA | Source = Service Control Manager | ID = 7023
    Description = Η υπηρεσία Server Config τερματίστηκε με το ακόλουθο σφάλμα: %%126

    Error - 5/10/2012 11:41:02 μμ | Computer Name = LILIA | Source = Service Control Manager | ID = 7023
    Description = Η υπηρεσία Server Config τερματίστηκε με το ακόλουθο σφάλμα: %%126

    Error - 5/10/2012 11:43:14 μμ | Computer Name = LILIA | Source = DCOM | ID = 10010
    Description = Ο διακομιστής {1BE1F766-5536-11D1-B726-00C04FB926AF} δεν καταχωρήθηκε
    με το διακομιστή DCOM μέσα το απαιτούμενο χρονικό όριο.

    Error - 5/10/2012 11:53:31 μμ | Computer Name = LILIA | Source = Service Control Manager | ID = 7023
    Description = Η υπηρεσία Server Config τερματίστηκε με το ακόλουθο σφάλμα: %%126

    Error - 6/10/2012 12:01:31 πμ | Computer Name = LILIA | Source = Service Control Manager | ID = 7023
    Description = Η υπηρεσία Server Config τερματίστηκε με το ακόλουθο σφάλμα: %%126

    Error - 6/10/2012 12:15:25 πμ | Computer Name = LILIA | Source = atapi | ID = 262153
    Description = Η συσκευή, \Device\Ide\IdePort3, δεν αποκρίθηκε μέσα στο χρονικό όριο.

    Error - 6/10/2012 10:44:54 πμ | Computer Name = LILIA | Source = Service Control Manager | ID = 7023
    Description = Η υπηρεσία Server Config τερματίστηκε με το ακόλουθο σφάλμα: %%126

    Error - 6/10/2012 12:03:18 μμ | Computer Name = LILIA | Source = Service Control Manager | ID = 7023
    Description = Η υπηρεσία Server Config τερματίστηκε με το ακόλουθο σφάλμα: %%126

    Error - 6/10/2012 1:20:13 μμ | Computer Name = LILIA | Source = Service Control Manager | ID = 7034
    Description = Η λειτουργία της υπηρεσίας Skype C2C Service τερματίστηκε αναπάντεχα.
    Αυτό συνέβη 1 φορά(ές).


    < End of report >
  19. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Please open OTL, copy the content below in the box and paste it to the Custom Scans/Fixes box in OTL:

    Then, hit Run Fix. When the fix log launches, please post that in your next reply.
  20. giannhs_mastro

    giannhs_mastro TS Rookie Topic Starter Posts: 21

    1000 THANKS HERES THE LOG:
    All processes killed
    ========== OTL ==========
    HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AB79D3B4-AEDB-428a-B504-BAC00521A1C7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AB79D3B4-AEDB-428a-B504-BAC00521A1C7}\ not found.
    Prefs.js: "http://www.smartwebsearch.net/index.php?from=3" removed from browser.startup.homepage
    Prefs.js: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}:6.0.33 removed from extensions.enabledAddons
    Prefs.js: "http://smartwebsearch.net/results.php?q=" removed from keyword.URL
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\content folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} folder moved successfully.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Free YouTube to Mp3 Converter\ deleted successfully.
    C:\Documents and Settings\lili\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm moved successfully.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0\ deleted successfully.
    File About:Home not found.
    C:\Program Files\GUM93.tmp folder moved successfully.
    C:\Program Files\YoutubeDownloader.org\YoutubeDownloader\FF folder moved successfully.
    C:\Program Files\YoutubeDownloader.org\YoutubeDownloader folder moved successfully.
    C:\Program Files\YoutubeDownloader.org folder moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: lili
    ->Temp folder emptied: 754688 bytes
    ->Temporary Internet Files folder emptied: 82054 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 70665247 bytes
    ->Flash cache emptied: 1112 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32835 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32835 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 68,00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 10062012_220150

    Files\Folders moved on Reboot...

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
  21. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Test to see if the hijacker is still there.
  22. giannhs_mastro

    giannhs_mastro TS Rookie Topic Starter Posts: 21

    No, There isn't, I think. I changed the Homepage to www.google.gr and it stayed this way after a reboot.
  23. giannhs_mastro

    giannhs_mastro TS Rookie Topic Starter Posts: 21

    I took the iniative and here are the logs from SecurityCheck and FSS:
    Results of screen317's Security Check version 0.99.51
    Windows XP Service Pack 3 x86
    Internet Explorer 8
    ``````````````Antivirus/Firewall Check:``````````````
    ESET Smart Security
    `````````Anti-malware/Other Utilities Check:`````````
    Secunia PSI (3.0.0.4001)
    Malwarebytes Anti-Malware version 1.65.0.1400
    Java(TM) 6 Update 35
    Java version out of Date!
    Adobe Flash Player 11.4.402.265
    Adobe Reader X (10.1.4)
    Mozilla Firefox (15.0.1)
    ````````Process Check: objlist.exe by Laurent````````
    ESET NOD32 Antivirus egui.exe
    ESET NOD32 Antivirus ekrn.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C::
    ````````````````````End of Log``````````````````````
  24. giannhs_mastro

    giannhs_mastro TS Rookie Topic Starter Posts: 21

    Farbar Service Scanner Version: 19-09-2012
    Ran by lili (administrator) on 07-10-2012 at 01:01:53
    Running from "C:\Documents and Settings\lili\Επιφάνεια εργασίας"
    Microsoft Windows XP Home Edition Service Pack 3 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Security Center:
    ============

    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    File Check:
    ========
    C:\WINDOWS\system32\dhcpcsvc.dll
    [2006-03-02 15:00] - [2008-04-14 19:29] - 0128000 ____A (Microsoft Corporation) 94C7EE99425BC8342D2991A915D8A8A9

    C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
    C:\WINDOWS\system32\dnsrslvr.dll
    [2006-03-02 15:00] - [2009-04-20 20:18] - 0046080 ____A (Microsoft Corporation) F99BE5941B69DC781C1C5A5D71280469

    C:\WINDOWS\system32\ipnathlp.dll
    [2006-03-02 15:00] - [2008-04-14 19:29] - 0335360 ____A (Microsoft Corporation) 522873DF0FFD34FB1A8AF7D7E276727E

    C:\WINDOWS\system32\netman.dll
    [2006-03-02 15:00] - [2008-04-14 19:29] - 0198144 ____A (Microsoft Corporation) A443996504A45CDF60CBA800DCB14420

    C:\WINDOWS\system32\wbem\WMIsvc.dll
    [2010-06-20 12:37] - [2008-04-14 19:30] - 0145408 ____A (Microsoft Corporation) 075EC50CA60F1B4EE576886BEF72AB21

    C:\WINDOWS\system32\srsvc.dll
    [2010-06-20 12:39] - [2008-04-14 19:30] - 0171520 ____A (Microsoft Corporation) BB9B6E360FF1A701A7920AA798A335BF

    C:\WINDOWS\system32\Drivers\sr.sys
    [2010-06-20 12:39] - [2008-04-14 19:02] - 0073472 ____A (Microsoft Corporation) A41AC0D87DC3054DB716F1456C84391C

    C:\WINDOWS\system32\wscsvc.dll
    [2006-03-02 15:00] - [2008-04-14 19:30] - 0080896 ____A (Microsoft Corporation) 1A5DDC44B0AB7C40C13796DB7DB82989

    C:\WINDOWS\system32\wbem\WMIsvc.dll
    [2010-06-20 12:37] - [2008-04-14 19:30] - 0145408 ____A (Microsoft Corporation) 075EC50CA60F1B4EE576886BEF72AB21

    C:\WINDOWS\system32\wuauserv.dll
    [2010-06-20 12:39] - [2008-04-14 19:30] - 0006656 ____A (Microsoft Corporation) 6F55057EE883AC1675F31242B6DD6EF3

    C:\WINDOWS\system32\qmgr.dll
    [2010-06-20 12:39] - [2008-04-14 19:29] - 0409088 ____A (Microsoft Corporation) ABDC5CF759C736DFBFEB031FDC01E303

    C:\WINDOWS\system32\es.dll
    [2006-03-02 15:00] - [2008-07-07 23:28] - 0253952 ____A (Microsoft Corporation) C35DF6D336EBCB2F5E8D817A531BA666

    C:\WINDOWS\system32\cryptsvc.dll
    [2006-03-02 15:00] - [2008-04-14 19:29] - 0062464 ____A (Microsoft Corporation) F50F73977012F0F5CF807451B79B6736

    C:\WINDOWS\system32\svchost.exe
    [2006-03-02 15:00] - [2008-04-14 19:31] - 0014336 ____A (Microsoft Corporation) 274E9C78C12EBF74DC56B2BF64312F34

    C:\WINDOWS\system32\rpcss.dll
    [2006-03-02 15:00] - [2009-02-09 13:52] - 0401408 ____A (Microsoft Corporation) B5F06957525D494D2C261B5739367524

    C:\WINDOWS\system32\services.exe
    [2006-03-02 15:00] - [2009-02-09 14:23] - 0111104 ____A (Microsoft Corporation) 2A0BB5C67281C423F8D7D6B7D79699AC


    Extra List:
    =======
    Epfwndis(10) epfwtdi(11) Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
    0x0B00000005000000010000000200000003000000040000000B000000080000000900000006000000070000000A000000
    IpSec Tag value is correct.

    **** End of log ****
  25. giannhs_mastro

    giannhs_mastro TS Rookie Topic Starter Posts: 21

    I next run TFC and Online Eset Scan which didnt generate any log, or found a threat
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.