Hallo, I have a laptop with Win 7 32bit and I use Firefox as a browser. Due to something I downloaded (not exactly sure what, maybe YouTube downloader or something) my home page keeps changing to "apype.com" and there is a new search engine added "google-feed.net", which I cannot get rid of. I also noticed that same thing happend to IE, although I rarely use it.
I tried a couple of antivirus but nothing came up. I have this laptop for personal use mainly, but I also use it for internet banking, managing pypal account, etc.
So I have to be sure if this is a trojan/malware etc in order to act accordingly.
I did a little google search and saw that you people take over when any other action has failed. So maybe you can do your magic here too?
Thanks in advance for your help.
Following the log files which you request in your guide.
Malwarebytes Anti-Malware log:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Database version: 8107
Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421
7/11/2011 7:33:35 μμ
mbam-log-2011-11-07 (19-33-35).txt
Scan type: Quick scan
Objects scanned: 181073
Time elapsed: 3 minute(s), 22 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
gmer log:
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-11-07 20:13:58
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9500325AS rev.0001SDM1
Running: cozg9oy5.exe; Driver: C:\Users\Sokratis\AppData\Local\Temp\agldruog.sys
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKey + 13D1 83479349 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 834B2D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x91C35320, 0x3EEAF7, 0xE8000020]
init C:\Windows\system32\DRIVERS\aksifdh.sys entry point in "init" section [0x926DE090]
PAGE peauth.sys 9441FB9B 72 Bytes [0E, EA, 5B, EC, 2D, 6E, 84, ...]
PAGE peauth.sys 9441FBEC 111 Bytes [67, 3B, EA, 24, 49, 1C, 3D, ...]
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[2040] kernel32.dll!SetUnhandledExceptionFilter 7626F4FB 4 Bytes [C2, 04, 00, 00]
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\system32\rundll32.exe[1488] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [7574FFF6] C:\Windows\system32\apphelp.dll (Βιβλιοθήκη προγράμματος-πελάτη συμβατότητας εφαρμογών/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1488] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [7574FFF6] C:\Windows\system32\apphelp.dll (Βιβλιοθήκη προγράμματος-πελάτη συμβατότητας εφαρμογών/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1488] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [7574FFF6] C:\Windows\system32\apphelp.dll (Βιβλιοθήκη προγράμματος-πελάτη συμβατότητας εφαρμογών/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1488] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [7574FFF6] C:\Windows\system32\apphelp.dll (Βιβλιοθήκη προγράμματος-πελάτη συμβατότητας εφαρμογών/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3272] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [7574FFF6] C:\Windows\system32\apphelp.dll (Βιβλιοθήκη προγράμματος-πελάτη συμβατότητας εφαρμογών/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3272] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [7574FFF6] C:\Windows\system32\apphelp.dll (Βιβλιοθήκη προγράμματος-πελάτη συμβατότητας εφαρμογών/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3272] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [7574FFF6] C:\Windows\system32\apphelp.dll (Βιβλιοθήκη προγράμματος-πελάτη συμβατότητας εφαρμογών/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3272] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [7574FFF6] C:\Windows\system32\apphelp.dll (Βιβλιοθήκη προγράμματος-πελάτη συμβατότητας εφαρμογών/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Χρόνος εκτέλεσης πλαισίου προγράμματος οδήγησης λειτουργίας πυρήνα/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Χρόνος εκτέλεσης πλαισίου προγράμματος οδήγησης λειτουργίας πυρήνα/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\0000004a halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\x2022\3\xbb\3µ\3\xb3\3Ί\3Δ\3\xae\3Β\3 \0S\0i\0S\0001\09\0001\0 \0E\0t\0h\0e\0r\0n\0e\0t 1?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\xa0\3Α\3Ώ\3Γ\3\xb1\3Α\3Ό\3Ώ\3\xb3\3\xad\3\xb1\3 \0\xb1\3Γ\3Ν\3Α\3Ό\3\xb1\3Δ\3Ώ\3Ε\3 \0\x384\3Ή\3Ί\3Δ\3Ν\3Ώ\3Ε\3 \0U\0S\0B\0 \0R\0e\0a\0l\0t\0e\0k\0 \0R\0T\0L\08\0001\08\0007\0B\0 \08\0000\0002\0.\0001\0001\0b\0/\0g\0 \0005\0004\0M\0b\0p\0s\0 \0002\0.\0000 1?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\xa0\3Α\3Ώ\3Γ\3\xb1\3Α\3Ό\3Ώ\3\xb3\3\xad\3\xb1\3Β\3 \0\x384\3Ή\3Ώ\3Η\3\xad\3Δ\3µ\3Ε\3Γ\3\xb7\3Β\3 \0M\0i\0c\0r\0o\0s\0o\0f\0t\0 \0T\0e\0r\0e\0d\0o 1?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\xa3\3Ε\3Γ\3Ί\3µ\3Ε\3\xae\3 \0B\0l\0u\0e\0t\0o\0o\0t\0h\0 \0(\0ΐ\3Α\3Ώ\3Γ\3Ι\3ΐ\3Ή\3Ί\3Μ\3 \0\x384\3\x2015\3Ί\3Δ\3Ε\3Ώ\3) 1?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\xa0\3Α\3Ώ\3Γ\3\xb1\3Α\3Ό\3Ώ\3\xb3\3\xad\3\xb1\3Β\3 \0M\0i\0c\0r\0o\0s\0o\0f\0t\0 \0I\0S\0A\0T\0A\0P 1?2?4?
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001c7b525a01
Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\x2022\3\xbb\3µ\3\xb3\3Ί\3Δ\3\xae\3Β\3 \0S\0i\0S\0001\09\0001\0 \0E\0t\0h\0e\0r\0n\0e\0t 1?
Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\xa0\3Α\3Ώ\3Γ\3\xb1\3Α\3Ό\3Ώ\3\xb3\3\xad\3\xb1\3 \0\xb1\3Γ\3Ν\3Α\3Ό\3\xb1\3Δ\3Ώ\3Ε\3 \0\x384\3Ή\3Ί\3Δ\3Ν\3Ώ\3Ε\3 \0U\0S\0B\0 \0R\0e\0a\0l\0t\0e\0k\0 \0R\0T\0L\08\0001\08\0007\0B\0 \08\0000\0002\0.\0001\0001\0b\0/\0g\0 \0005\0004\0M\0b\0p\0s\0 \0002\0.\0000 1?
Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\xa0\3Α\3Ώ\3Γ\3\xb1\3Α\3Ό\3Ώ\3\xb3\3\xad\3\xb1\3Β\3 \0\x384\3Ή\3Ώ\3Η\3\xad\3Δ\3µ\3Ε\3Γ\3\xb7\3Β\3 \0M\0i\0c\0r\0o\0s\0o\0f\0t\0 \0T\0e\0r\0e\0d\0o 1?
Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\xa3\3Ε\3Γ\3Ί\3µ\3Ε\3\xae\3 \0B\0l\0u\0e\0t\0o\0o\0t\0h\0 \0(\0ΐ\3Α\3Ώ\3Γ\3Ι\3ΐ\3Ή\3Ί\3Μ\3 \0\x384\3\x2015\3Ί\3Δ\3Ε\3Ώ\3) 1?
Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\xa0\3Α\3Ώ\3Γ\3\xb1\3Α\3Ό\3Ώ\3\xb3\3\xad\3\xb1\3Β\3 \0M\0i\0c\0r\0o\0s\0o\0f\0t\0 \0I\0S\0A\0T\0A\0P 1?2?4?
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001c7b525a01 (not active ControlSet)
---- EOF - GMER 1.0.15 ----
DDS logs:
dds log:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by Sokratis at 20:17:33 on 2011-11-07
Microsoft Windows 7 Home Premium 6.1.7601.1.1253.30.1032.18.3037.1867 [GMT 2:00]
.
AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\Aladdin\eToken\PKIClient\x32\eTSrv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\system32\IoctlSvc.exe
C:\Program Files\Hotkey\PowerBiosServer.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hotkey\Hotkey.exe
C:\Program Files\BisonCam\BisonHK.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\Aladdin\eToken\PKIClient\x32\PKIMonitor.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\YoutubeDownloader.org\YoutubeDownloader\YoutubeDownloader Updater.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.smartwebsearch.net/index.php?from=3
uInternet Settings,ProxyOverride = *.local
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
uRun: [NTServiceManager] c:\program files\youtubedownloader.org\youtubedownloader\YoutubeDownloader Updater.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [HotkeyOSD Software] "c:\program files\hotkey\HotKey.exe"
mRun: [BisonHK] c:\program files\bisoncam\BisonHK.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [FUFAXSTM] "c:\program files\epson software\fax utility\FUFAXSTM.exe"
mRun: [EEventManager] c:\progra~1\epsons~1\eventm~1\EEventManager.exe
mRun: [eTMonitor] "c:\program files\aladdin\etoken\pkiclient\x32\PKIMonitor.exe"
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office11\REFIEBAR.DLL
Trusted Zone: eurobank.gr\ebanking
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{2AF60B41-BD08-4D7B-84A5-B18C5115C8EC} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{2AF60B41-BD08-4D7B-84A5-B18C5115C8EC}\350756564645F6573686146333235423 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{2AF60B41-BD08-4D7B-84A5-B18C5115C8EC}\37F647F637 : DhcpNameServer = 195.170.0.1 195.170.2.2
TCP: Interfaces\{2AF60B41-BD08-4D7B-84A5-B18C5115C8EC}\66F6870216E676C6169637 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{2AF60B41-BD08-4D7B-84A5-B18C5115C8EC}\D4162796C6F657723702960586F6E656 : DhcpNameServer = 94.143.177.166 195.167.65.194
TCP: Interfaces\{6773B106-CEB4-45A4-BFEA-1B79D2F3067A} : DhcpNameServer = 192.168.0.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\sokratis\appdata\roaming\mozilla\firefox\profiles\owfdzacx.default\
FF - prefs.js: browser.search.selectedEngine - GoogleFeed.net
FF - prefs.js: browser.startup.homepage - hxxp://www.smartwebsearch.net/index.php?from=3
FF - prefs.js: keyword.URL - hxxp://smartwebsearch.net/results.php?q=
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2010-3-24 133512]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2010-3-24 810120]
R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2010-3-24 96896]
R2 eTSrv;ETOKSRV;c:\program files\aladdin\etoken\pkiclient\x32\eTSrv.exe [2009-12-31 12640]
R2 PowerBiosServer;PowerBiosServer;c:\program files\hotkey\PowerBiosServer.exe [2009-11-26 36864]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2009-11-2 113504]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-6-10 394856]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2010-3-31 379904]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AKSUP;AKSUP;c:\windows\system32\drivers\aksup.sys [2010-8-28 34472]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-11-10 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 netw5v32;Πρόγραμμα οδήγησης προσαρμογέα Intel(R) Wireless WiFi Link 5000 Series για Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
S3 SiSGbeLH;Πρόγραμμα οδήγησης NDIS 6.0 συσκευής SiS191/SiS190 Ethernet;c:\windows\system32\drivers\SiSGB6.sys [2009-6-10 48128]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-3-9 52224]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
S3 WatAdminSvc;Υπηρεσία Τεχνολογιών ενεργοποίησης των Windows;c:\windows\system32\wat\WatAdminSvc.exe [2010-6-1 1343400]
S3 WSDPrintDevice;Υποστήριξη εκτυπώσεων WSD μέσω UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-14 17920]
S3 WSDScan;Υποστήριξη σάρωσης WSD μέσω UMB;c:\windows\system32\drivers\WSDScan.sys [2009-7-14 20480]
.
=============== Created Last 30 ================
.
2011-11-07 17:28:20 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-07 17:28:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-07 17:08:23 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{7760abba-310b-4ec4-8b3d-6e6238b17dd7}\offreg.dll
2011-11-07 15:28:54 -------- d-sh--w- C:\$RECYCLE.BIN
2011-11-07 15:18:05 98816 ----a-w- c:\windows\sed.exe
2011-11-07 15:18:05 518144 ----a-w- c:\windows\SWREG.exe
2011-11-07 15:18:05 256000 ----a-w- c:\windows\PEV.exe
2011-11-07 15:18:05 208896 ----a-w- c:\windows\MBR.exe
2011-11-05 12:50:39 -------- d-----w- c:\users\sokratis\appdata\roaming\Malwarebytes
2011-11-05 12:50:34 -------- d-----w- c:\programdata\Malwarebytes
2011-11-04 09:58:06 6668624 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{7760abba-310b-4ec4-8b3d-6e6238b17dd7}\mpengine.dll
2011-10-31 14:03:58 -------- d-----w- c:\users\sokratis\appdata\roaming\DVDVideoSoft
2011-10-31 14:03:51 -------- d-----w- c:\users\sokratis\appdata\roaming\DVDVideoSoftIEHelpers
2011-10-31 13:42:09 344064 ----a-w- c:\windows\system32\msvcr70.dll
2011-10-31 13:26:55 -------- d-----w- c:\program files\YoutubeDownloader.org
2011-10-29 10:19:21 -------- d-----w- c:\users\sokratis\appdata\local\FileServe Manager
2011-10-29 10:19:00 -------- d-----w- c:\programdata\FileServe Limited
2011-10-29 10:19:00 -------- d-----w- c:\program files\FileServe Manager
2011-10-29 10:16:45 -------- d-----w- c:\programdata\Web Installer
2011-10-24 12:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 12:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-12 18:47:00 -------- d-----w- c:\program files\iPod
2011-10-12 18:46:58 -------- d-----w- c:\program files\iTunes
2011-10-12 18:42:52 -------- d-----w- c:\program files\Bonjour
2011-10-12 07:00:52 75776 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-12 07:00:52 465408 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-12 07:00:50 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-12 07:00:50 233472 ----a-w- c:\windows\system32\oleacc.dll
2011-10-12 07:00:48 2334720 ----a-w- c:\windows\system32\win32k.sys
.
==================== Find3M ====================
.
2011-10-07 08:51:06 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-03 02:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-01 02:35:59 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-09-01 02:28:15 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-09-01 02:22:54 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-08-30 20:05:04 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-30 20:05:04 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-08-30 20:05:04 50536 ----a-w- c:\windows\system32\jdns_sd.dll
2011-08-30 20:05:04 178536 ----a-w- c:\windows\system32\dnssdX.dll
.
============= FINISH: 20:18:10,57 ===============
attach.log:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 1/6/2010 2:25:25 πμ
System Uptime: 7/11/2011 7:05:54 μμ (1 hours ago)
.
Motherboard: CLEVO Co. | | M740TU(N)/M760TU(N)/W7X0TUN
Processor: Pentium(R) Dual-Core CPU T4400 @ 2.20GHz | U2E1 | 2200/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 465 GiB total, 167,686 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: Storage
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_EPSON&PROD_STORAGE&REV_1.00#7&18062011&0&4C4A4A593030373080&0#
Manufacturer: EPSON
Name: E:\
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_EPSON&PROD_STORAGE&REV_1.00#7&18062011&0&4C4A4A593030373080&0#
Service: WUDFRd
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Συλλογή φωτογραφιών του Windows Live
Πακέτο γλωσσών για τα Ελληνικά του Microsoft .NET Framework 4 Client Profile
7-Zip 4.65
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9 - Greek
Any Video Converter 3.2.2
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bing Bar
BisonCam
Bonjour
ConvertHelper 2.2
ConvertXtoDVD 4.0.12.327
D3DX10
DivX Setup
Epson Easy Photo Print 2
Epson Event Manager
Epson FAX Utility
Epson PC-FAX Driver
EPSON PX810FW Series Printer Uninstall
EPSON Scan
Epson Stylus Photo PX710W_PX810FW_TX710W_TX810FW Manual
EpsonNet Print
EpsonNet Setup
ESET NOD32 Antivirus
eToken PKI Client 5.1 SP1
Hotkey
iTunes
Java Auto Updater
Java(TM) 6 Update 29
JDownloader
Junk Mail filter update
K-Lite Codec Pack 5.7.0 (Full)
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile ELL Language Pack
Microsoft Application Error Reporting
Microsoft IntelliPoint 8.2
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Mozilla Firefox 7.0.1 (x86 el)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 8
neroxml
NVIDIA Drivers
PS3 Media Server
QuickTime
Security Update for Πακέτο γλωσσών για τα Ελληνικά του Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Πακέτο γλωσσών για τα Ελληνικά του Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Skype Toolbars
Skype™ 4.2
Synaptics Pointing Device Driver
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
VC80CRTRedist - 8.0.50727.4053
VCRedistSetup
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
WinRAR archiver
.
==== End Of File ===========================
I tried a couple of antivirus but nothing came up. I have this laptop for personal use mainly, but I also use it for internet banking, managing pypal account, etc.
So I have to be sure if this is a trojan/malware etc in order to act accordingly.
I did a little google search and saw that you people take over when any other action has failed. So maybe you can do your magic here too?
Thanks in advance for your help.
Following the log files which you request in your guide.
Malwarebytes Anti-Malware log:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Database version: 8107
Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421
7/11/2011 7:33:35 μμ
mbam-log-2011-11-07 (19-33-35).txt
Scan type: Quick scan
Objects scanned: 181073
Time elapsed: 3 minute(s), 22 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
gmer log:
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-11-07 20:13:58
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9500325AS rev.0001SDM1
Running: cozg9oy5.exe; Driver: C:\Users\Sokratis\AppData\Local\Temp\agldruog.sys
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKey + 13D1 83479349 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 834B2D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x91C35320, 0x3EEAF7, 0xE8000020]
init C:\Windows\system32\DRIVERS\aksifdh.sys entry point in "init" section [0x926DE090]
PAGE peauth.sys 9441FB9B 72 Bytes [0E, EA, 5B, EC, 2D, 6E, 84, ...]
PAGE peauth.sys 9441FBEC 111 Bytes [67, 3B, EA, 24, 49, 1C, 3D, ...]
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[2040] kernel32.dll!SetUnhandledExceptionFilter 7626F4FB 4 Bytes [C2, 04, 00, 00]
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\system32\rundll32.exe[1488] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [7574FFF6] C:\Windows\system32\apphelp.dll (Βιβλιοθήκη προγράμματος-πελάτη συμβατότητας εφαρμογών/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1488] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [7574FFF6] C:\Windows\system32\apphelp.dll (Βιβλιοθήκη προγράμματος-πελάτη συμβατότητας εφαρμογών/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1488] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [7574FFF6] C:\Windows\system32\apphelp.dll (Βιβλιοθήκη προγράμματος-πελάτη συμβατότητας εφαρμογών/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1488] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [7574FFF6] C:\Windows\system32\apphelp.dll (Βιβλιοθήκη προγράμματος-πελάτη συμβατότητας εφαρμογών/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3272] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [7574FFF6] C:\Windows\system32\apphelp.dll (Βιβλιοθήκη προγράμματος-πελάτη συμβατότητας εφαρμογών/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3272] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [7574FFF6] C:\Windows\system32\apphelp.dll (Βιβλιοθήκη προγράμματος-πελάτη συμβατότητας εφαρμογών/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3272] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [7574FFF6] C:\Windows\system32\apphelp.dll (Βιβλιοθήκη προγράμματος-πελάτη συμβατότητας εφαρμογών/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3272] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [7574FFF6] C:\Windows\system32\apphelp.dll (Βιβλιοθήκη προγράμματος-πελάτη συμβατότητας εφαρμογών/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Χρόνος εκτέλεσης πλαισίου προγράμματος οδήγησης λειτουργίας πυρήνα/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Χρόνος εκτέλεσης πλαισίου προγράμματος οδήγησης λειτουργίας πυρήνα/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\0000004a halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\x2022\3\xbb\3µ\3\xb3\3Ί\3Δ\3\xae\3Β\3 \0S\0i\0S\0001\09\0001\0 \0E\0t\0h\0e\0r\0n\0e\0t 1?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\xa0\3Α\3Ώ\3Γ\3\xb1\3Α\3Ό\3Ώ\3\xb3\3\xad\3\xb1\3 \0\xb1\3Γ\3Ν\3Α\3Ό\3\xb1\3Δ\3Ώ\3Ε\3 \0\x384\3Ή\3Ί\3Δ\3Ν\3Ώ\3Ε\3 \0U\0S\0B\0 \0R\0e\0a\0l\0t\0e\0k\0 \0R\0T\0L\08\0001\08\0007\0B\0 \08\0000\0002\0.\0001\0001\0b\0/\0g\0 \0005\0004\0M\0b\0p\0s\0 \0002\0.\0000 1?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\xa0\3Α\3Ώ\3Γ\3\xb1\3Α\3Ό\3Ώ\3\xb3\3\xad\3\xb1\3Β\3 \0\x384\3Ή\3Ώ\3Η\3\xad\3Δ\3µ\3Ε\3Γ\3\xb7\3Β\3 \0M\0i\0c\0r\0o\0s\0o\0f\0t\0 \0T\0e\0r\0e\0d\0o 1?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\xa3\3Ε\3Γ\3Ί\3µ\3Ε\3\xae\3 \0B\0l\0u\0e\0t\0o\0o\0t\0h\0 \0(\0ΐ\3Α\3Ώ\3Γ\3Ι\3ΐ\3Ή\3Ί\3Μ\3 \0\x384\3\x2015\3Ί\3Δ\3Ε\3Ώ\3) 1?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\xa0\3Α\3Ώ\3Γ\3\xb1\3Α\3Ό\3Ώ\3\xb3\3\xad\3\xb1\3Β\3 \0M\0i\0c\0r\0o\0s\0o\0f\0t\0 \0I\0S\0A\0T\0A\0P 1?2?4?
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001c7b525a01
Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\x2022\3\xbb\3µ\3\xb3\3Ί\3Δ\3\xae\3Β\3 \0S\0i\0S\0001\09\0001\0 \0E\0t\0h\0e\0r\0n\0e\0t 1?
Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\xa0\3Α\3Ώ\3Γ\3\xb1\3Α\3Ό\3Ώ\3\xb3\3\xad\3\xb1\3 \0\xb1\3Γ\3Ν\3Α\3Ό\3\xb1\3Δ\3Ώ\3Ε\3 \0\x384\3Ή\3Ί\3Δ\3Ν\3Ώ\3Ε\3 \0U\0S\0B\0 \0R\0e\0a\0l\0t\0e\0k\0 \0R\0T\0L\08\0001\08\0007\0B\0 \08\0000\0002\0.\0001\0001\0b\0/\0g\0 \0005\0004\0M\0b\0p\0s\0 \0002\0.\0000 1?
Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\xa0\3Α\3Ώ\3Γ\3\xb1\3Α\3Ό\3Ώ\3\xb3\3\xad\3\xb1\3Β\3 \0\x384\3Ή\3Ώ\3Η\3\xad\3Δ\3µ\3Ε\3Γ\3\xb7\3Β\3 \0M\0i\0c\0r\0o\0s\0o\0f\0t\0 \0T\0e\0r\0e\0d\0o 1?
Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\xa3\3Ε\3Γ\3Ί\3µ\3Ε\3\xae\3 \0B\0l\0u\0e\0t\0o\0o\0t\0h\0 \0(\0ΐ\3Α\3Ώ\3Γ\3Ι\3ΐ\3Ή\3Ί\3Μ\3 \0\x384\3\x2015\3Ί\3Δ\3Ε\3Ώ\3) 1?
Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\xa0\3Α\3Ώ\3Γ\3\xb1\3Α\3Ό\3Ώ\3\xb3\3\xad\3\xb1\3Β\3 \0M\0i\0c\0r\0o\0s\0o\0f\0t\0 \0I\0S\0A\0T\0A\0P 1?2?4?
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001c7b525a01 (not active ControlSet)
---- EOF - GMER 1.0.15 ----
DDS logs:
dds log:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by Sokratis at 20:17:33 on 2011-11-07
Microsoft Windows 7 Home Premium 6.1.7601.1.1253.30.1032.18.3037.1867 [GMT 2:00]
.
AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\Aladdin\eToken\PKIClient\x32\eTSrv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\system32\IoctlSvc.exe
C:\Program Files\Hotkey\PowerBiosServer.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hotkey\Hotkey.exe
C:\Program Files\BisonCam\BisonHK.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\Aladdin\eToken\PKIClient\x32\PKIMonitor.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\YoutubeDownloader.org\YoutubeDownloader\YoutubeDownloader Updater.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.smartwebsearch.net/index.php?from=3
uInternet Settings,ProxyOverride = *.local
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
uRun: [NTServiceManager] c:\program files\youtubedownloader.org\youtubedownloader\YoutubeDownloader Updater.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [HotkeyOSD Software] "c:\program files\hotkey\HotKey.exe"
mRun: [BisonHK] c:\program files\bisoncam\BisonHK.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [FUFAXSTM] "c:\program files\epson software\fax utility\FUFAXSTM.exe"
mRun: [EEventManager] c:\progra~1\epsons~1\eventm~1\EEventManager.exe
mRun: [eTMonitor] "c:\program files\aladdin\etoken\pkiclient\x32\PKIMonitor.exe"
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office11\REFIEBAR.DLL
Trusted Zone: eurobank.gr\ebanking
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{2AF60B41-BD08-4D7B-84A5-B18C5115C8EC} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{2AF60B41-BD08-4D7B-84A5-B18C5115C8EC}\350756564645F6573686146333235423 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{2AF60B41-BD08-4D7B-84A5-B18C5115C8EC}\37F647F637 : DhcpNameServer = 195.170.0.1 195.170.2.2
TCP: Interfaces\{2AF60B41-BD08-4D7B-84A5-B18C5115C8EC}\66F6870216E676C6169637 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{2AF60B41-BD08-4D7B-84A5-B18C5115C8EC}\D4162796C6F657723702960586F6E656 : DhcpNameServer = 94.143.177.166 195.167.65.194
TCP: Interfaces\{6773B106-CEB4-45A4-BFEA-1B79D2F3067A} : DhcpNameServer = 192.168.0.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\sokratis\appdata\roaming\mozilla\firefox\profiles\owfdzacx.default\
FF - prefs.js: browser.search.selectedEngine - GoogleFeed.net
FF - prefs.js: browser.startup.homepage - hxxp://www.smartwebsearch.net/index.php?from=3
FF - prefs.js: keyword.URL - hxxp://smartwebsearch.net/results.php?q=
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2010-3-24 133512]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2010-3-24 810120]
R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2010-3-24 96896]
R2 eTSrv;ETOKSRV;c:\program files\aladdin\etoken\pkiclient\x32\eTSrv.exe [2009-12-31 12640]
R2 PowerBiosServer;PowerBiosServer;c:\program files\hotkey\PowerBiosServer.exe [2009-11-26 36864]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2009-11-2 113504]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-6-10 394856]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2010-3-31 379904]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AKSUP;AKSUP;c:\windows\system32\drivers\aksup.sys [2010-8-28 34472]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-11-10 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 netw5v32;Πρόγραμμα οδήγησης προσαρμογέα Intel(R) Wireless WiFi Link 5000 Series για Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
S3 SiSGbeLH;Πρόγραμμα οδήγησης NDIS 6.0 συσκευής SiS191/SiS190 Ethernet;c:\windows\system32\drivers\SiSGB6.sys [2009-6-10 48128]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-3-9 52224]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
S3 WatAdminSvc;Υπηρεσία Τεχνολογιών ενεργοποίησης των Windows;c:\windows\system32\wat\WatAdminSvc.exe [2010-6-1 1343400]
S3 WSDPrintDevice;Υποστήριξη εκτυπώσεων WSD μέσω UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-14 17920]
S3 WSDScan;Υποστήριξη σάρωσης WSD μέσω UMB;c:\windows\system32\drivers\WSDScan.sys [2009-7-14 20480]
.
=============== Created Last 30 ================
.
2011-11-07 17:28:20 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-07 17:28:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-07 17:08:23 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{7760abba-310b-4ec4-8b3d-6e6238b17dd7}\offreg.dll
2011-11-07 15:28:54 -------- d-sh--w- C:\$RECYCLE.BIN
2011-11-07 15:18:05 98816 ----a-w- c:\windows\sed.exe
2011-11-07 15:18:05 518144 ----a-w- c:\windows\SWREG.exe
2011-11-07 15:18:05 256000 ----a-w- c:\windows\PEV.exe
2011-11-07 15:18:05 208896 ----a-w- c:\windows\MBR.exe
2011-11-05 12:50:39 -------- d-----w- c:\users\sokratis\appdata\roaming\Malwarebytes
2011-11-05 12:50:34 -------- d-----w- c:\programdata\Malwarebytes
2011-11-04 09:58:06 6668624 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{7760abba-310b-4ec4-8b3d-6e6238b17dd7}\mpengine.dll
2011-10-31 14:03:58 -------- d-----w- c:\users\sokratis\appdata\roaming\DVDVideoSoft
2011-10-31 14:03:51 -------- d-----w- c:\users\sokratis\appdata\roaming\DVDVideoSoftIEHelpers
2011-10-31 13:42:09 344064 ----a-w- c:\windows\system32\msvcr70.dll
2011-10-31 13:26:55 -------- d-----w- c:\program files\YoutubeDownloader.org
2011-10-29 10:19:21 -------- d-----w- c:\users\sokratis\appdata\local\FileServe Manager
2011-10-29 10:19:00 -------- d-----w- c:\programdata\FileServe Limited
2011-10-29 10:19:00 -------- d-----w- c:\program files\FileServe Manager
2011-10-29 10:16:45 -------- d-----w- c:\programdata\Web Installer
2011-10-24 12:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 12:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-12 18:47:00 -------- d-----w- c:\program files\iPod
2011-10-12 18:46:58 -------- d-----w- c:\program files\iTunes
2011-10-12 18:42:52 -------- d-----w- c:\program files\Bonjour
2011-10-12 07:00:52 75776 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-12 07:00:52 465408 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-12 07:00:50 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-12 07:00:50 233472 ----a-w- c:\windows\system32\oleacc.dll
2011-10-12 07:00:48 2334720 ----a-w- c:\windows\system32\win32k.sys
.
==================== Find3M ====================
.
2011-10-07 08:51:06 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-03 02:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-01 02:35:59 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-09-01 02:28:15 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-09-01 02:22:54 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-08-30 20:05:04 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-30 20:05:04 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-08-30 20:05:04 50536 ----a-w- c:\windows\system32\jdns_sd.dll
2011-08-30 20:05:04 178536 ----a-w- c:\windows\system32\dnssdX.dll
.
============= FINISH: 20:18:10,57 ===============
attach.log:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 1/6/2010 2:25:25 πμ
System Uptime: 7/11/2011 7:05:54 μμ (1 hours ago)
.
Motherboard: CLEVO Co. | | M740TU(N)/M760TU(N)/W7X0TUN
Processor: Pentium(R) Dual-Core CPU T4400 @ 2.20GHz | U2E1 | 2200/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 465 GiB total, 167,686 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: Storage
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_EPSON&PROD_STORAGE&REV_1.00#7&18062011&0&4C4A4A593030373080&0#
Manufacturer: EPSON
Name: E:\
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_EPSON&PROD_STORAGE&REV_1.00#7&18062011&0&4C4A4A593030373080&0#
Service: WUDFRd
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Συλλογή φωτογραφιών του Windows Live
Πακέτο γλωσσών για τα Ελληνικά του Microsoft .NET Framework 4 Client Profile
7-Zip 4.65
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9 - Greek
Any Video Converter 3.2.2
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bing Bar
BisonCam
Bonjour
ConvertHelper 2.2
ConvertXtoDVD 4.0.12.327
D3DX10
DivX Setup
Epson Easy Photo Print 2
Epson Event Manager
Epson FAX Utility
Epson PC-FAX Driver
EPSON PX810FW Series Printer Uninstall
EPSON Scan
Epson Stylus Photo PX710W_PX810FW_TX710W_TX810FW Manual
EpsonNet Print
EpsonNet Setup
ESET NOD32 Antivirus
eToken PKI Client 5.1 SP1
Hotkey
iTunes
Java Auto Updater
Java(TM) 6 Update 29
JDownloader
Junk Mail filter update
K-Lite Codec Pack 5.7.0 (Full)
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile ELL Language Pack
Microsoft Application Error Reporting
Microsoft IntelliPoint 8.2
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Mozilla Firefox 7.0.1 (x86 el)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 8
neroxml
NVIDIA Drivers
PS3 Media Server
QuickTime
Security Update for Πακέτο γλωσσών για τα Ελληνικά του Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Πακέτο γλωσσών για τα Ελληνικά του Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Skype Toolbars
Skype™ 4.2
Synaptics Pointing Device Driver
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
VC80CRTRedist - 8.0.50727.4053
VCRedistSetup
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
WinRAR archiver
.
==== End Of File ===========================