[Redgerasimos]

Hehey guys! I want to thank you for your useful programms and i want help with a virus called Virtumonde.
Kaspersky detected this once upon a time... detected: adware not-a-virus:AdWare.Win32.Virtumonde.tro File: C:\WINDOWS\SYSTEM32\QTXPAVBD.DLL I pressed deleted disinfect etc but in the next reboot kaspersky detected Virtumonde as a new DLL file @ system32 folder with different name...Plx help what should i do to remove this?

[Advertisements]

Hello Redgerasimos

Welcome to G2Go.
=====================
* Click here to download HJTsetup.exe

• Save HJTsetup.exe to your desktop.
• Doubleclick on the HJTsetup.exe icon on your desktop.
• By default it will install to C:\Program Files\Trend Micro\Hijack This.
• Click on I agree
• Then Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
• Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
• Come back here to this thread and Paste the log in your next reply.
• DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

[kahdah]

Hello Redgerasimos

Welcome to G2Go.
=====================
* Click here to download HJTsetup.exe

• Save HJTsetup.exe to your desktop.
• Doubleclick on the HJTsetup.exe icon on your desktop.
• By default it will install to C:\Program Files\Trend Micro\Hijack This.
• Click on I agree
• Then Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
• Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
• Come back here to this thread and Paste the log in your next reply.
• DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

[Redgerasimos]

Tyvm This is the report:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:40:55 μμ, on 26/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\USB Storage RW\DskWatch.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ZTE\ZXDSL852\CnxDslTb.exe
C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.c...a...&tbid=60327
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aokerkyra.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.c...spx?tb_id=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.c...aspx?TbId=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.c...spx?tb_id=60327
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.c...aspx?TbId=60327
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Συνδέσεις
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [USB Storage RW] C:\Program Files\USB Storage RW\DskWatch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [VGAUtil] C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZTE\ZXDSL852\CnxDslTb.exe" "ZTE\ZXDSL852"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Λήψη όλων με το FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Λήψη με χρήση του FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: Προσθήκη στο ιστολόγιο - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Προσθήκη στο ιστολόγιο στο Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/...UI.cab55579.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/...dy.cab55579.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab55579.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1192450896109
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemreq.../sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1192450882062
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoe...ggPublisher.exe
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/...xy.cab55579.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driver...driveragent.cab
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (ZPA_Backgammon Object) - http://zone.msn.com/...on.cab55579.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{96EDCE5C-F18B-47AD-8D73-20554CD7AD02}: NameServer = 213.5.41.8 213.5.17.21
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - AppInit_DLLs: "C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll"
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 11542 bytes

[kahdah]

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

• Close all other windows before proceeding.
• Double-click on dss.exe and follow the prompts.
• When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

[Redgerasimos]

MAINT TEXT:

Deckard's System Scanner v20071014.68
Run by Γεράσιμος Κύρλος on 2008-05-26 15:50:51
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
84: 2008-05-26 12:50:57 UTC - RP543 - Deckard's System Scanner Restore Point
83: 2008-05-26 12:32:14 UTC - RP542 - Installed SUPERAntiSpyware Free Edition
82: 2008-05-25 21:06:26 UTC - RP541 - Σημείο ελέγχου συστήματος
81: 2008-05-24 17:06:39 UTC - RP540 - Installed Adobe Reader 7.1.0
80: 2008-05-24 00:32:30 UTC - RP539 - Σημείο ελέγχου συστήματος


-- First Restore Point --
1: 2008-05-13 13:18:32 UTC - RP460 - Σημείο ελέγχου συστήματος


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Γεράσιμος Κύρλος.exe) -----------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:53:49 μμ, on 26/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\USB Storage RW\DskWatch.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ZTE\ZXDSL852\CnxDslTb.exe
C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Opera\Opera.exe
C:\Documents and Settings\Γεράσιμος Κύρλος\Επιφάνεια εργασίας\PC repair\dss.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Γεράσιμος Κύρλος.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.c...a...&tbid=60327
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aokerkyra.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.c...spx?tb_id=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.c...aspx?TbId=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.c...spx?tb_id=60327
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.c...aspx?TbId=60327
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Συνδέσεις
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Βοηθός εισόδου του Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {B14C73EA-0FD9-45D6-B8B6-1C2E40C29709} - C:\WINDOWS\system32\khfDtTjG.dll
O2 - BHO: (no name) - {DCCCA731-65CB-4465-986F-101220212306} - (no file)
O2 - BHO: (no name) - {E243A8E7-6244-49E0-A361-22DBF30FD46C} - (no file)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [USB Storage RW] C:\Program Files\USB Storage RW\DskWatch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [VGAUtil] C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZTE\ZXDSL852\CnxDslTb.exe" "ZTE\ZXDSL852"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Λήψη όλων με το FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Λήψη με χρήση του FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: Προσθήκη στο ιστολόγιο - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Προσθήκη στο ιστολόγιο στο Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/...UI.cab55579.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/...dy.cab55579.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab55579.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1192450896109
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemreq.../sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1192450882062
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoe...ggPublisher.exe
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/...xy.cab55579.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driver...driveragent.cab
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (ZPA_Backgammon Object) - http://zone.msn.com/...on.cab55579.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{96EDCE5C-F18B-47AD-8D73-20554CD7AD02}: NameServer = 213.5.41.8 213.5.17.21
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - AppInit_DLLs: "C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll"
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: ssqRJdDV - ssqRJdDV.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 13012 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 oreans32 - c:\windows\system32\drivers\oreans32.sys
R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R1 sp_rsdrv2 (Spyware Terminator Driver 2) - c:\windows\system32\drivers\sp_rsdrv2.sys
R3 CnxEtP (ZTE ZXDSL852 Adapter Filter Driver) - c:\windows\system32\drivers\cnxetp.sys <Not Verified; Conexant Systems, Inc.; Conexant AccessRunner ADSL>
R3 CnxEtU (ZTE ZXDSL852 Interface Device Driver) - c:\windows\system32\drivers\cnxetu.sys <Not Verified; Conexant Systems, Inc.; Conexant AccessRunner ADSL>
R3 CnxTgNL (ZTE ZXDSL852 LAN Adapter Driver) - c:\windows\system32\drivers\cnxtgnl.sys <Not Verified; Conexant Systems, Inc.; Conexant AccessRunner ADSL>
R3 dskwatch (Disk Watch Filter) - c:\windows\system32\drivers\dskwatch.sys
R3 GPCIDrv - c:\windows\gpcidrv.sys
R3 GVTDrv - c:\windows\system32\drivers\gvtdrv.sys
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

S3 NPF (NetGroup Packet Filter Driver) - c:\windows\system32\drivers\npf.sys <Not Verified; CACE Technologies; WinPcap Netgroup Packet Filter Driver>
S3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 CLCapSvc (CyberLink Background Capture Service (CBCS)) - "c:\program files\cyberlink\powercinema\kernel\tv\clcapsvc.exe" <Not Verified; ; CLCapSvc Module>
R2 CLSched (CyberLink Task Scheduler (CTS)) - "c:\program files\cyberlink\powercinema\kernel\tv\clsched.exe" <Not Verified; ; CLSched Module>
R2 CyberLink Media Library Service - "c:\program files\cyberlink\shared files\clml_ntservice\clmlserver.exe" <Not Verified; Cyberlink; Cyberlink Media Library Server>
R2 sp_rssrv (Spyware Terminator Realtime Shield Service) - "c:\program files\spyware terminator\sp_rsser.exe" <Not Verified; Crawler.com; Crawler Spyware Terminator>

S3 rpcapd (Remote Packet Capture Protocol v.0 (experimental)) - "c:\program files\winpcap\rpcapd.exe" -d -f "c:\program files\winpcap\rpcapd.ini" <Not Verified; CACE Technologies; Remote Packet Capture Daemon>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-05-26 09:40:54 462 --a------ C:\WINDOWS\Tasks\RegCure Program Check.job
2008-05-25 15:28:48 396 --a------ C:\WINDOWS\Tasks\RegCure.job


-- Files created between 2008-04-26 and 2008-05-26 -----------------------------

2008-05-26 15:39:38 0 d-------- C:\Program Files\Trend Micro
2008-05-26 15:33:26 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-26 15:32:17 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-05-26 15:32:17 0 d-------- C:\Documents and Settings\Γεράσιμος Κύρλος\Application Data\SUPERAntiSpyware.com
2008-05-25 19:22:06 2624 --a------ C:\WINDOWS\system32\jhfhhwll.exe
2008-05-25 15:26:39 0 d-------- C:\Program Files\RegCure
2008-05-24 20:12:48 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-05-24 19:17:33 2624 --a------ C:\WINDOWS\system32\vvukgdcv.exe
2008-05-24 19:08:57 126528 --a------ C:\WINDOWS\system32\qtxpavbd.dll
2008-05-24 17:02:46 126528 --a------ C:\WINDOWS\system32\jamersiv.dll
2008-05-23 17:05:18 2624 --a------ C:\WINDOWS\system32\dtxkvunc.exe
2008-05-22 17:47:26 2624 --a------ C:\WINDOWS\system32\umxheugh.exe
2008-05-21 17:03:38 2624 --a------ C:\WINDOWS\system32\jwxnfjil.exe
2008-05-21 16:55:16 126528 --a------ C:\WINDOWS\system32\pjfciwsp.dll
2008-05-20 17:21:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-20 17:18:34 0 d-------- C:\Program Files\WinClamAVShield
2008-05-20 17:13:00 0 d-------- C:\searchplugins
2008-05-20 17:12:16 0 d-------- C:\Program Files\Crawler
2008-05-20 17:11:54 141312 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-05-20 17:11:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-05-20 17:11:44 0 d-------- C:\Documents and Settings\Γεράσιμος Κύρλος\Application Data\Spyware Terminator
2008-05-20 17:11:37 0 d-------- C:\Program Files\Spyware Terminator
2008-05-20 16:58:41 2624 --a------ C:\WINDOWS\system32\sudlbjlb.exe
2008-05-20 15:53:23 2112 --a------ C:\WINDOWS\system32\nmtxaeil.exe
2008-05-19 15:52:20 2112 --a------ C:\WINDOWS\system32\ihnjbqcc.exe
2008-05-18 15:46:21 2112 --a------ C:\WINDOWS\system32\pctdjqrd.exe
2008-05-17 15:45:37 2112 --a------ C:\WINDOWS\system32\hmdlkjxr.exe
2008-05-17 13:10:44 0 d-------- C:\Program Files\Incomplete
2008-05-16 15:46:40 2112 --a------ C:\WINDOWS\system32\lvjyyfmh.exe
2008-05-15 15:49:56 2112 --a------ C:\WINDOWS\system32\lgmqqplb.exe
2008-05-14 15:47:55 2112 --a------ C:\WINDOWS\system32\wjlxeyee.exe
2008-05-13 16:18:21 312935 --ahs---- C:\WINDOWS\system32\GjTtDfhk.ini2
2008-05-13 16:18:08 370176 -----n--- C:\WINDOWS\system32\khfDtTjG.dll
2008-05-13 16:14:38 110602 --a------ C:\WINDOWS\system32\xcdsfx32.bin
2008-05-13 16:14:35 0 d-------- C:\Program Files\Driver Magician


-- Find3M Report ---------------------------------------------------------------

2008-05-26 15:45:56 0 d-------- C:\Documents and Settings\Γεράσιμος Κύρλος\Application Data\Skype
2008-05-26 15:31:49 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-26 09:42:28 0 d-------- C:\Documents and Settings\Γεράσιμος Κύρλος\Application Data\skypePM
2008-05-26 09:41:10 5112 --a------ C:\WINDOWS\GPCIDrv.sys
2008-05-25 23:25:50 0 d-------- C:\Program Files\Warcraft III
2008-05-25 14:37:26 127823 --a------ C:\Documents and Settings\Γεράσιμος Κύρλος\Application Data\Cosmos Prefs
2008-05-25 12:33:55 0 d-------- C:\Program Files\VirtualDJ
2008-05-24 20:12:18 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-24 20:00:19 0 d-------- C:\Documents and Settings\Γεράσιμος Κύρλος\Application Data\AdobeUM
2008-05-24 11:59:06 0 d-------- C:\Documents and Settings\Γεράσιμος Κύρλος\Application Data\uTorrent
2008-05-23 07:20:04 0 d-------- C:\Documents and Settings\Γεράσιμος Κύρλος\Application Data\SiteAdvisor
2008-05-21 14:53:14 597860 --a------ C:\WINDOWS\system32\perfh008.dat
2008-05-21 14:53:14 112858 --a------ C:\WINDOWS\system32\perfc008.dat
2008-05-20 18:21:33 0 d-------- C:\Program Files\DAEMON Tools
2008-05-20 18:21:31 0 d-------- C:\Program Files\Intelore
2008-05-20 17:59:22 0 d-------- C:\Program Files\ErrorSmart
2008-05-17 13:20:09 0 d-------- C:\Program Files\LimeWire
2008-05-14 15:59:42 0 d-------- C:\Program Files\World of Warcraft
2008-05-13 16:40:40 0 d-------- C:\Program Files\MagicISO
2008-05-13 16:27:15 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-13 16:11:02 0 d-------- C:\Program Files\ImTOO
2008-05-13 16:10:51 0 d-------- C:\Program Files\NCH Swift Sound
2008-05-10 00:47:49 0 d-------- C:\Program Files\DivX
2008-04-23 11:55:11 0 d-------- C:\Program Files\ePrompter
2008-04-18 13:09:37 0 d-------- C:\Documents and Settings\Γεράσιμος Κύρλος\Application Data\LimeWire
2008-04-16 13:50:38 0 d-------- C:\Documents and Settings\Γεράσιμος Κύρλος\Application Data\U3
2008-04-09 18:18:50 0 d-------- C:\Program Files\Opera
2008-04-09 11:40:42 0 d-------- C:\Program Files\AvRack
2008-04-03 01:01:12 0 d-------- C:\Program Files\RadarSync Ltd
2008-04-03 00:53:31 0 d-------- C:\Documents and Settings\Γεράσιμος Κύρλος\Application Data\Auslogics
2008-04-03 00:53:22 0 d-------- C:\Program Files\Auslogics
2008-04-03 00:39:30 3182 --a------ C:\Documents and Settings\Γεράσιμος Κύρλος\Application Data\wklnhst.dat
2008-04-02 18:40:16 90 --a------ C:\WINDOWS\vmreg32.dll
2008-04-02 16:26:16 0 d-------- C:\Program Files\Creative
2008-04-02 15:49:01 0 d-------- C:\Program Files\Realtek AC97
2008-04-02 15:36:32 0 d-------- C:\Program Files\SymplisIT
2008-04-01 00:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-04-01 00:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-04-01 00:25:46 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-04-01 00:25:46 831488 --a------ C:\WINDOWS\system32\divx_xx0a.dll
2008-04-01 00:25:46 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-31 14:05:33 0 d-------- C:\Program Files\Cosmos
2008-03-21 23:30:08 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 23:28:54 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-03-21 23:28:54 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-03-21 23:28:20 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B14C73EA-0FD9-45D6-B8B6-1C2E40C29709}]
13/05/2008 04:18 ££ 370176 --------- C:\WINDOWS\system32\khfDtTjG.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DCCCA731-65CB-4465-986F-101220212306}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E243A8E7-6244-49E0-A361-22DBF30FD46C}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"USB Storage RW"="C:\Program Files\USB Storage RW\DskWatch.exe" [23/12/2004 03:00 ££]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 05:25 §£]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6172\SiteAdv.exe" [31/07/2006 06:03 ££]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" [08/11/2006 07:28 ££]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [05/12/2007 02:41 §£]
"nwiz"="nwiz.exe" [05/12/2007 02:41 §£ C:\WINDOWS\system32\nwiz.exe]
"VGAUtil"="C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe" [02/01/2007 10:22 §£]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [04/12/2005 04:39 ££]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [05/12/2007 02:41 §£]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [25/03/2008 03:52 ££]
"SoundMan"="SOUNDMAN.EXE" [16/04/2007 04:28 ££ C:\WINDOWS\SOUNDMAN.EXE]
"CnxDslTaskBar"="C:\Program Files\ZTE\ZXDSL852\CnxDslTb.exe" [16/03/2005 02:14 ££]
"SpywareTerminator"="C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe" [20/05/2008 05:11 ££]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [07/09/2004 03:00 ££]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 12:34 ££]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [01/02/2008 06:22 ££]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [27/02/2007 11:39 §£]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [20/12/2006 12:55 ££ 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 27/02/2007 11:39 §£ 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqRJdDV]
ssqRJdDV.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"="C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\khfDtTjG


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{050c8c59-0ae8-11dd-b67e-00d0d08b48af}]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ef78dd41-5ace-11db-9cf1-806d6172696f}]

*Newly Created Service* - SASDIFSV
*Newly Created Service* - SASENUM
*Newly Created Service* - SASKUTIL



-- Hosts -----------------------------------------------------------------------

127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD

8383 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-05-26 15:54:58 ------------

EXTRA TEXT:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: Other (0408) - see http://preview.tinyurl.com/mhhp6

CPU 0: AMD Sempron™ Processor 2600+
Percentage of Memory in Use: 48%
Physical Memory (total/avail): 1534.73 MiB / 794.07 MiB
Pagefile Memory (total/avail): 4456.47 MiB / 3811.36 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1923.29 MiB

C: is Fixed (NTFS) - 149.04 GiB total, 51.95 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)

\\.\PHYSICALDRIVE0 - WDC WD1600BB-00GUA0 - 149.05 GiB - 1 partition
\PARTITION0 (bootable) - Σύστημα αρχείων προς εγκατάσταση - 149.04 GiB - C:

\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
UpdatesDisableNotify is set.

FW: Kaspersky Internet Security v6.0.1.411 () Disabled
AV: Kaspersky Internet Security v6.0.1.411 (?) Disabled

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"="C:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe:*:Enabled:PowerCinema"
"C:\\Documents and Settings\\Γεράσιμος Κύρλος\\Επιφάνεια εργασίας\\utorrent.exe"="C:\\Documents and Settings\\Γεράσιμος Κύρλος\\Επιφάνεια εργασίας\\utorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Downloads\\utorrent.exe"="C:\\Downloads\\utorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\Warcraft III\\Frozen Throne.exe"="C:\\Program Files\\Warcraft III\\Frozen Throne.exe:*:Enabled:Warcraft III - The Frozen Throne"
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"="C:\\Program Files\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\\Program Files\\WC3Banlist\\WC3Banlist.exe"="C:\\Program Files\\WC3Banlist\\WC3Banlist.exe:*:Enabled:WC3Banlist"
"C:\\Program Files\\World of Warcraft\\Launcher.exe"="C:\\Program Files\\World of Warcraft\\Launcher.exe:*:Enabled:World of Warcraft"
"C:\\Program Files\\FlashGet\\flashget.exe"="C:\\Program Files\\FlashGet\\flashget.exe:*:Enabled:FlashGet"
"C:\\Program Files\\Kaspersky Lab\\Kaspersky Internet Security 6.0\\avp.exe"="C:\\Program Files\\Kaspersky Lab\\Kaspersky Internet Security 6.0\\avp.exe:*:Enabled:Kaspersky Internet Security 6.0"
"C:\\Program Files\\Morpheus\\Morpheus.exe"="C:\\Program Files\\Morpheus\\Morpheus.exe:*:Enabled:M5Shell"
"C:\\Program Files\\Mediatwins software\\AEDTools\\aedtools.exe"="C:\\Program Files\\Mediatwins software\\AEDTools\\aedtools.exe:*:Enabled:Advanced Encode Decode Tools"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"="C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe:*:Enabled:Battlefield 2"
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"="C:\\Program Files\\Winamp Remote\\bin\\Orb.exe:*:Enabled:Orb"
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe:*:Enabled:OrbTray"
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\\Program Files\\SymplisIT\\DriverMagic\\DriverMagic.exe"="C:\\Program Files\\SymplisIT\\DriverMagic\\DriverMagic.exe:*:Enabled:DriverMagic"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\‚œ¨α© £¦ ‰η¨Ά¦\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=NOOB
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\‚œ¨α© £¦ ‰η¨Ά¦
LOGONSERVER=\\NOOB
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;c:\Program Files\Microsoft SQL Server\90\Tools\binn\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 28 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=1c00
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\D548~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\D548~1\LOCALS~1\Temp
USERDOMAIN=NOOB
USERNAME=‚œ¨α© £¦ ‰η¨Ά¦
USERPROFILE=C:\Documents and Settings\‚œ¨α© £¦ ‰η¨Ά¦
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Γεράσιμος Κύρλος (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F90CBE30-7269-465D-AB66-0DCF33CE3618}\setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Συλλογή φωτογραφιών του Windows Live --> MsiExec.exe /X{CA24751D-6A9D-43D9-BEDA-7501B26AF098}
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Βοηθός εισόδου του Windows Live --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Ενημέρωση ασφαλείας για Windows XP (KB890046) --> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Ενημέρωση ασφαλείας για Windows XP (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Ενημέρωση ασφαλείας για Windows XP (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Ενημέρωση ασφαλείας για Windows XP (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Ενημέρωση ασφαλείας για Windows XP (KB896424) --> "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Ενημέρωση ασφαλείας για Windows XP (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Ενημέρωση ασφαλείας για Windows XP (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Ενημέρωση ασφαλείας για Windows XP (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Ενημέρωση ασφαλείας για Windows XP (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Ενημέρωση ασφαλείας για Windows XP (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Ενημέρωση ασφαλείας για Windows XP (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Ενημέρωση ασφαλείας για Windows XP (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Ενημέρωση ασφαλείας για Windows XP (KB904706) --> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Ενημέρωση ασφαλείας για Windows XP (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Ενημέρωση ασφαλείας για Windows XP (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Ενημέρωση ασφαλείας για Windows XP (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Ενημέρωση ασφαλείας για Windows XP (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Ενημέρωση ασφαλείας για Windows XP (KB911567) --> "C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
Ενημέρωση ασφαλείας για Windows XP (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Ενημέρωση ασφαλείας για Windows XP (KB912919) --> "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Ενημέρωση ασφαλείας για Windows XP (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Ενημέρωση ασφαλείας για Windows XP (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Ενημέρωση ασφαλείας για Windows XP (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Ενημέρωση ασφαλείας για Windows XP (KB917344) --> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Ενημέρωση ασφαλείας για Windows XP (KB917422) --> "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Ενημέρωση ασφαλείας για Windows XP (KB917953) --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Ενημέρωση ασφαλείας για Windows XP (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Ενημέρωση ασφαλείας για Windows XP (KB918439) --> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Ενημέρωση ασφαλείας για Windows XP (KB918899) --> "C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
Ενημέρωση ασφαλείας για Windows XP (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Ενημέρωση ασφαλείας για Windows XP (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Ενημέρωση ασφαλείας για Windows XP (KB920214) --> "C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
Ενημέρωση ασφαλείας για Windows XP (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Ενημέρωση ασφαλείας για Windows XP (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Ενημέρωση ασφαλείας για Windows XP (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Ενημέρωση ασφαλείας για Windows XP (KB921398) --> "C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Ενημέρωση ασφαλείας για Windows XP (KB921503) --> "C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Ενημέρωση ασφαλείας για Windows XP (KB921883) --> "C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Ενημέρωση ασφαλείας για Windows XP (KB922616) --> "C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Ενημέρωση ασφαλείας για Windows XP (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Ενημέρωση ασφαλείας για Windows XP (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Ενημέρωση ασφαλείας για Windows XP (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Ενημέρωση ασφαλείας για Windows XP (KB923694) --> "C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Ενημέρωση ασφαλείας για Windows XP (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Ενημέρωση ασφαλείας για Windows XP (KB924191) --> "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Ενημέρωση ασφαλείας για Windows XP (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Ενημέρωση ασφαλείας για Windows XP (KB924496) --> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Ενημέρωση ασφαλείας για Windows XP (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Ενημέρωση ασφαλείας για Windows XP (KB925486) --> "C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
Ενημέρωση ασφαλείας για Windows XP (KB925902) --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Ενημέρωση ασφαλείας για Windows XP (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Ενημέρωση ασφαλείας για Windows XP (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Ενημέρωση ασφαλείας για Windows XP (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Ενημέρωση ασφαλείας για Windows XP (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\

[kahdah]

Download the HostsXpert 4.2 - Hosts File Manager.

• Unzip HostsXpert 4.2 - Hosts File Manager to a convenient folder such as C:\HostsXpert 4.2 - Hosts File Manager
• Run HostsXpert 4.2 - Hosts File Manager from its new home
• Click on "File Handling".
• Click on "Restore MS Hosts File".
• Click OK on the Confirmation box.
• Click on "Make Read Only?"
• Click the X to exit the program.
• Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.

===============
Please visit this web page for instructions for downloading and running Combofix >ComboFix Instructions
We now suggest that you install the Windows Recovery Console.
The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.

Post the log from ComboFix when you've accomplished all of that, along with a new HijackThis log.

[Redgerasimos]

COMBO FIX LOG:

ComboFix 08-05-25.4 - Γεράσιμος Κύρλος 2008-05-26 17:31:12.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1253.1.1032.18.971 [GMT 3:00]
Running from: C:\Combo fix\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Γεράσιμος Κύρλος\Application Data\addon.dat
C:\WINDOWS\b.exe
C:\WINDOWS\vmreg32.dll

.
((((((((((((((((((((((((( Files Created from 2008-04-26 to 2008-05-26 )))))))))))))))))))))))))))))))
.

2008-05-26 17:21 . <DIR> C:\Documents and Settings\+ί±-?ώΉΎ? ¦²±ΈΎ?
2008-05-26 17:07 . 2008-05-26 17:07 361,466 --a------ C:\Documents and Settings\catchme.zip
2008-05-26 16:26 . 2008-05-26 17:28 <DIR> d-------- C:\Combo fix
2008-05-26 15:50 . 2008-05-26 15:50 <DIR> d-------- C:\Deckard
2008-05-26 15:39 . 2008-05-26 15:39 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-26 15:33 . 2008-05-26 15:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-26 15:32 . 2008-05-26 16:26 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-05-26 15:32 . 2008-05-26 15:32 <DIR> d-------- C:\Documents and Settings\Γεράσιμος Κύρλος\Application Data\SUPERAntiSpyware.com
2008-05-25 15:26 . 2008-05-25 16:17 <DIR> d-------- C:\Program Files\RegCure
2008-05-24 19:08 . 2008-05-26 14:44 126,528 --a------ C:\WINDOWS\system32\qtxpavbd.dll
2008-05-24 17:02 . 2008-05-24 17:03 126,528 --a------ C:\WINDOWS\system32\jamersiv.dll
2008-05-20 18:00 . 2008-05-20 18:05 269 --a------ C:\WINDOWS\wininit.ini
2008-05-20 17:21 . 2008-05-20 17:21 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-20 17:21 . 2008-05-20 18:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-20 17:18 . 2008-05-26 15:10 <DIR> d-------- C:\Program Files\WinClamAVShield
2008-05-20 17:13 . 2008-05-20 17:13 <DIR> d-------- C:\searchplugins
2008-05-20 17:12 . 2008-05-20 17:13 <DIR> d-------- C:\Program Files\Crawler
2008-05-20 17:11 . 2008-05-26 15:10 <DIR> d-------- C:\Program Files\Spyware Terminator
2008-05-20 17:11 . 2008-05-26 13:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-05-20 17:11 . 2008-05-26 15:10 <DIR> d-------- C:\Documents and Settings\Γεράσιμος Κύρλος\Application Data\Spyware Terminator
2008-05-20 17:11 . 2008-05-20 17:11 141,312 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-05-17 13:10 . 2008-05-17 13:15 <DIR> d-------- C:\Program Files\Incomplete
2008-05-14 15:38 . 2008-05-14 15:38 124,480 --------- C:\WINDOWS\system32\rxsppnrj.dll_old
2008-05-13 16:14 . 2008-05-13 16:40 <DIR> d-------- C:\Program Files\Driver Magician
2008-05-13 16:14 . 2004-09-28 11:13 526,184 --a------ C:\WINDOWS\system32\XceedCry.dll
2008-05-13 16:14 . 2004-03-09 00:00 224,016 --a------ C:\WINDOWS\system32\Tabctl32.ocx
2008-05-13 16:14 . 2004-08-11 15:55 110,602 --a------ C:\WINDOWS\system32\xcdsfx32.bin

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-26 14:32 3,235,616 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-05-26 14:32 158,887,712 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-05-26 14:15 --------- d-----w C:\Documents and Settings\Γεράσιμος Κύρλος\Application Data\skypePM
2008-05-26 14:13 5,112 ----a-w C:\WINDOWS\GPCIDrv.sys
2008-05-26 14:13 17,962 ----a-w C:\WINDOWS\system32\drivers\GVTDrv.sys
2008-05-26 14:08 303,980 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-05-26 14:08 2,128,484 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-05-26 13:50 --------- d-----w C:\Program Files\Warcraft III
2008-05-26 13:41 --------- d-----w C:\Documents and Settings\Γεράσιμος Κύρλος\Application Data\Skype
2008-05-26 13:10 3,344 ----a-w C:\Documents and Settings\Γεράσιμος Κύρλος\Application Data\wklnhst.dat
2008-05-26 12:31 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-25 12:11 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-25 09:33 --------- d-----w C:\Program Files\VirtualDJ
2008-05-24 17:12 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-24 17:00 --------- d-----w C:\Documents and Settings\Γεράσιμος Κύρλος\Application Data\AdobeUM
2008-05-24 08:59 --------- d-----w C:\Documents and Settings\Γεράσιμος Κύρλος\Application Data\uTorrent
2008-05-23 04:20 --------- d-----w C:\Documents and Settings\Γεράσιμος Κύρλος\Application Data\SiteAdvisor
2008-05-20 15:21 --------- d-----w C:\Program Files\Intelore
2008-05-20 15:21 --------- d-----w C:\Program Files\DAEMON Tools
2008-05-20 14:59 --------- d-----w C:\Program Files\ErrorSmart
2008-05-17 10:20 --------- d-----w C:\Program Files\LimeWire
2008-05-14 12:59 --------- d-----w C:\Program Files\World of Warcraft
2008-05-13 13:40 --------- d-----w C:\Program Files\MagicISO
2008-05-13 13:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-13 13:11 --------- d-----w C:\Program Files\ImTOO
2008-05-13 13:10 --------- d-----w C:\Program Files\NCH Swift Sound
2008-05-13 12:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\SymplisIT
2008-05-09 21:47 --------- d-----w C:\Program Files\DivX
2008-04-23 08:55 --------- d-----w C:\Program Files\ePrompter
2008-04-18 10:09 --------- d-----w C:\Documents and Settings\Γεράσιμος Κύρλος\Application Data\LimeWire
2008-04-16 10:50 --------- d-----w C:\Documents and Settings\Γεράσιμος Κύρλος\Application Data\U3
2008-04-09 15:18 --------- d-----w C:\Program Files\Opera
2008-04-09 08:40 --------- d-----w C:\Program Files\AvRack
2008-04-02 22:01 --------- d-----w C:\Program Files\RadarSync Ltd
2008-04-02 21:53 --------- d-----w C:\Program Files\Auslogics
2008-04-02 21:53 --------- d-----w C:\Documents and Settings\Γεράσιμος Κύρλος\Application Data\Auslogics
2008-04-02 15:25 61,824 ----a-w C:\WINDOWS\system32\drivers\nic1394.sys
2008-04-02 15:25 61,056 ----a-w C:\WINDOWS\system32\drivers\ohci1394.sys
2008-04-02 15:24 6,400 ----a-w C:\WINDOWS\system32\drivers\enum1394.sys
2008-04-02 15:24 53,248 ----a-w C:\WINDOWS\system32\drivers\1394bus.sys
2008-04-02 15:23 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys
2008-04-02 15:23 4,352 ----a-w C:\WINDOWS\system32\drivers\swenum.sys
2008-04-02 15:23 196,864 ----a-w C:\WINDOWS\system32\drivers\rdpdr.sys
2008-04-02 15:22 60,800 ----a-w C:\WINDOWS\system32\drivers\arp1394.sys
2008-04-02 15:22 15,488 ----a-w C:\WINDOWS\system32\drivers\mssmbios.sys
2008-04-02 13:26 --------- d-----w C:\Program Files\Creative
2008-04-02 12:49 --------- d-----w C:\Program Files\Realtek AC97
2008-04-02 12:36 --------- d-----w C:\Program Files\SymplisIT
2008-03-31 21:25 831,488 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-03-31 21:25 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-03-31 21:25 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-03-31 11:05 --------- d-----w C:\Program Files\Cosmos
2008-03-25 12:52 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-03-21 20:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-03-21 20:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 20:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-03-21 20:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-03-21 20:28 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-03-21 20:28 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-03-21 20:28 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-03-21 20:28 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-03-21 20:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-03-21 20:28 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-03-09 12:29 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-12-04 15:13 81,920 ----a-w C:\Documents and Settings\Γεράσιμος Κύρλος\Application Data\ezpinst.exe
2007-12-04 15:13 47,360 ----a-w C:\Documents and Settings\Γεράσιμος Κύρλος\Application Data\pcouffin.sys
2007-08-13 19:37 8,833 --sha-w C:\WINDOWS\system32\usvr\usvr.dat
.

((((((((((((((((((((((((((((( snapshot@2008-05-26_17.20.38.35 )))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-07 15:00 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 18:22 21898024]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-02-27 11:39 1310720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"USB Storage RW"="C:\Program Files\USB Storage RW\DskWatch.exe" [2004-12-23 15:00 208896]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6172\SiteAdv.exe" [2006-07-31 18:03 35416]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"VGAUtil"="C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe" [2007-01-02 10:22 544768]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2005-12-04 16:39 461584]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-25 15:52 185896]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 16:28 577536 C:\WINDOWS\SOUNDMAN.EXE]
"CnxDslTaskBar"="C:\Program Files\ZTE\ZXDSL852\CnxDslTb.exe" [2005-03-16 14:14 278528]
"SpywareTerminator"="C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe" [2008-05-20 17:11 1817600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-07 15:00 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqRJdDV]
ssqRJdDV.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Warcraft III\\Frozen Throne.exe"=
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"C:\\Program Files\\WC3Banlist\\WC3Banlist.exe"=
"C:\\Program Files\\World of Warcraft\\Launcher.exe"=
"C:\\Program Files\\Kaspersky Lab\\Kaspersky Internet Security 6.0\\avp.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2007-09-21 17:49]
R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2006-12-15 23:21]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-05-20 17:11]
R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ []
R2 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 06:29]
R3 CnxEtP;ZTE ZXDSL852 Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys [2005-06-03 13:28]
R3 CnxEtU;ZTE ZXDSL852 Interface Device Driver;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys [2005-06-03 13:28]
R3 CnxTgNL;ZTE ZXDSL852 LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgNL.sys [2005-06-03 13:28]
R3 dskwatch;Disk Watch Filter;C:\WINDOWS\system32\drivers\dskwatch.sys [2004-11-30 11:19]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2006-12-20 15:00]
R3 GPCIDrv;GPCIDrv;C:\WINDOWS\GPCIDrv.sys [2008-05-26 17:13]
R3 GVTDrv;GVTDrv;C:\WINDOWS\system32\Drivers\GVTDrv.sys [2008-05-26 17:13]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2005-08-03 00:10]

.
Contents of the 'Scheduled Tasks' folder
"2008-05-26 14:11:38 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-05-25 12:28:48 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-26 17:33:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-26 17:34:27
ComboFix-quarantined-files.txt 2008-05-26 14:34:04
ComboFix2.txt 2008-05-26 14:21:07

20 Κατάλογοι 56,160,321,536 διαθέσιμα byte
23 Κατάλογοι 56,147,951,616 διαθέσιμα byte

206 --- E O F --- 2007-07-11 19:01:07


HijackThis New Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:39:33 μμ, on 26/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\USB Storage RW\DskWatch.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ZTE\ZXDSL852\CnxDslTb.exe
C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aokerkyra.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.c...spx?tb_id=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.c...aspx?TbId=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Συνδέσεις
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Βοηθός εισόδου του Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [USB Storage RW] C:\Program Files\USB Storage RW\DskWatch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [VGAUtil] C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZTE\ZXDSL852\CnxDslTb.exe" "ZTE\ZXDSL852"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Λήψη όλων με το FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Λήψη με χρήση του FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: Προσθήκη στο ιστολόγιο - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Προσθήκη στο ιστολόγιο στο Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/...UI.cab55579.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/...dy.cab55579.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab55579.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1192450896109
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemreq.../sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1192450882062
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoe...ggPublisher.exe
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/...xy.cab55579.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driver...driveragent.cab
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (ZPA_Backgammon Object) - http://zone.msn.com/...on.cab55579.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{96EDCE5C-F18B-47AD-8D73-20554CD7AD02}: NameServer = 213.5.41.8 213.5.17.21
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: ssqRJdDV - ssqRJdDV.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 11838 bytes

[kahdah]

Please submit the following files to one of these online file scanners.
(All you have to do is copy and paste it in)

C:\WINDOWS\system32\drivers\npf.sys

Jotti File Scan
VirusTotal File Scan

This will produce a report after the scan is complete, please copy and paste those results in your next post.

[Redgerasimos]

I didnt get exactly what you mean by copy pasting the files @ C:\WINDOWS\system32\drivers\npf.sys but i posted each Log and got these results...Sry but im quite noob with these things

Combo_Fix_Log.txt

Last file scanned at least one scanner reported something about: Pinch.exe (MD5: e53e5220428b5c02cbac01edd28a7bfd, size: 22667 bytes), detected by:
Scanner Malware name
A-Squared X
AntiVir X
ArcaVir X
Avast Win32:Delf-IFY
AVG Antivirus X
BitDefender Packer.Malware.FriCryptor.A
ClamAV X
CPsecure X
Dr.Web X
F-Prot Antivirus X
F-Secure Anti-Virus X
Fortinet X
Ikarus X
Kaspersky Anti-Virus X
NOD32 X
Norman Virus Control X
Panda Antivirus X
Sophos Antivirus X
VirusBuster X
VBA32 X

HijackThis log.txt

Last file scanned at least one scanner reported something about: myjmtqjk.exe (MD5: 7a9bc5f547b9729abb218f95c2e7c8a8, size: 118784 bytes), detected by:
Scanner Malware name
A-Squared Trojan.Win32.Agent.lpu
AntiVir TR/Crypt.XPACK.Gen
ArcaVir X
Avast X
AVG Antivirus Downloader.Zlob.13.A
BitDefender X
ClamAV X
CPsecure X
Dr.Web X
F-Prot Antivirus X
F-Secure Anti-Virus Type_Win32
Fortinet X
Ikarus X
Kaspersky Anti-Virus Type_Win32
NOD32 a variant of Win32/TrojanDownloader.FakeAlert.BP
Norman Virus Control X
Panda Antivirus X
Sophos Antivirus Mal/EncPk-DG
VirusBuster X
VBA32 X

[kahdah]

Hi what I mean is copy the below file name:(In bold)

C:\WINDOWS\system32\drivers\npf.sys

Then go here > http://virusscan.jotti.org/


Then where it says browse right click on the empty space and click on Paste.
It will paste in the file name then click on submit.
Copy the results and post them here.

[Redgerasimos]

haha you made it so simple that i didnt understood it!!! ^^ Here is the report... xD

Last file scanned at least one scanner reported something about: Install.exe (MD5: e859b4da71ccbb5af5c81fa091000202, size: 4431559 bytes), detected by:
Scanner Malware name
A-Squared X
AntiVir ADSPY/Dropper.Ardamax.Gen
ArcaVir Trojan.Spy.Ardamax.N
Avast Win32:Agent-LWO
AVG Antivirus PSW.Generic5.HHS
BitDefender Trojan.Spy.Ardamax.N
ClamAV Trojan.Dropper-2328
CPsecure Troj.Spy.W32.Ardamax.N
Dr.Web Program.Ardamax
F-Prot Antivirus W32/Trojan.CCFT
F-Secure Anti-Virus Trojan-Spy.Win32.Ardamax.n
Fortinet Spy/Ardamax
Ikarus Trojan-Spy.Win32.Ardamax.n
Kaspersky Anti-Virus Trojan-Spy.Win32.Ardamax.n
NOD32 Win32/KeyLogger.Ardamax application
Norman Virus Control W32/Ardamax.CRU
Panda Antivirus Application/Ardamax
Sophos Antivirus X
VirusBuster TrojanSpy.Ardamax.W
VBA32 Trojan-Spy.Win32.Ardamax.n

Scanner results found nothing btw

[kahdah]

Hi it shows that you scanned this file Install.exe I need this file scanned > C:\WINDOWS\system32\drivers\npf.sys

[Redgerasimos]

Bah sorry!

File: npf.sys
Status: OK(Note: file has been scanned before. Therefore, this file's scan results will not be stored in the database)

Scan taken on 26 May 2008 19:40:11 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing

Nothing found from Virustotal also...

[kahdah]

1. Please open Notepad

• Click Start , then Run
• type in notepad in the Run Box then hit ok.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\WINDOWS\system32\qtxpavbd.dll
C:\WINDOWS\system32\jamersiv.dll
C:\WINDOWS\system32\rxsppnrj.dll_old
C:\WINDOWS\Tasks\RegCure.job
Folder::
C:\Program Files\RegCure
C:\Program Files\ErrorSmart
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqRJdDV]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000000

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.




5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt
• A new HijackThis log.

[Redgerasimos]

Combo Fix Log

ComboFix 08-05-25.4 - Γεράσιμος Κύρλος 2008-05-26 23:52:48.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1253.1.1032.18.855 [GMT 3:00]
Running from: C:\Combo fix\ComboFix.exe
Command switches used :: C:\Combo fix\CFScript.txt
* Created a new restore point

FILE ::
C:\WINDOWS\system32\jamersiv.dll
C:\WINDOWS\system32\qtxpavbd.dll
C:\WINDOWS\system32\rxsppnrj.dll_old
C:\WINDOWS\Tasks\RegCure.job
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\ErrorSmart
C:\Program Files\ErrorSmart\ErrorSmart.exe.BAK
C:\Program Files\ErrorSmart\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest
C:\Program Files\ErrorSmart\Microsoft.VC80.CRT\msvcp80.dll
C:\Program Files\ErrorSmart\Microsoft.VC80.CRT\msvcr80.dll
C:\Program Files\ErrorSmart\Microsoft.VC80.MFC\mfc80.dll
C:\Program Files\ErrorSmart\Microsoft.VC80.MFC\Microsoft.VC80.MFC.manifest
C:\Program Files\ErrorSmart\Patch by DCrack.exe
C:\Program Files\ErrorSmart\RegCleaner.dll
C:\Program Files\RegCure
C:\Program Files\RegCure\0_days.htm
C:\Program Files\RegCure\1_days.htm
C:\Program Files\RegCure\15_days.htm
C:\Program Files\RegCure\2_days.htm
C:\Program Files\RegCure\30_days.htm
C:\Program Files\RegCure\5_days.htm
C:\Program Files\RegCure\Animated-Bar.gif
C:\Program Files\RegCure\AutoUpdate.dll
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10.bak
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10.reg
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\Δείγματα εικόνων.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0211321.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0211324.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0211327.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0211328.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0211334.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0211335.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0211336.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0211337.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0211338.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0211339.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0211346.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0214316.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0216410.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0216411.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0216416.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0216417.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0216491.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0216492.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0216493.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0216494.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0216495.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0216496.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0216497.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0216498.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0216499.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0216532.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0216533.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0216561.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0216562.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0216642.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0216644.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0216710.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0217095.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0217096.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0218120.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0220168.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0222177.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0222188.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0222189.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0222200.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0222207.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0222208.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0222213.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0222214.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0222261.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0222303.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0222304.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0222305.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0222313.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0223375.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0223397.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0223398.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0223475.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0223476.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0223477.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0223478.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0223527.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0223538.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0223567.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0223568.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0223685.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0223686.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0223891.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0223892.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0223940.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0223941.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0223945.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0223946.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0223947.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0223948.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0223949.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0223950.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0223951.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0223952.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0223955.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0223956.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0223957.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0223958.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0223959.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0223960.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0223961.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0223962.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0223963.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0223964.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0223965.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0223966.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0223967.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0223968.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0223969.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0223971.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0223972.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0223973.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0223974.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0223975.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0223976.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0223977.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0223978.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0223979.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0223980.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0223981.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0223982.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0223983.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0223984.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0223985.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0223986.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0223987.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0223988.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0223989.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0223990.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0223991.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0223992.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0223993.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0223994.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0223995.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0223996.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0223997.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0223998.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0223999.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0224000.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0224128.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0224129.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0224130.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0224131.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0224132.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0224190.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0224191.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0224192.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0224193.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0224219.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0230313.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0230336.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0230337.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0230338.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0230339.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0230341.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0230342.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0230343.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0232315.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0233412.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0234477.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0234478.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0234486.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0234487.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0235477.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0235478.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0235479.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0235480.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0235481.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0235482.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0235483.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0236497.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0236498.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0236499.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0236500.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0236501.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0236502.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0238572.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0238574.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0238578.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0240746.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0240747.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0240748.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0240749.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0240751.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0240752.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0240754.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0240755.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0240824.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0241843.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0241844.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0241845.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0241846.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0241847.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0241848.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0242946.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0242947.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0242948.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0242949.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0242950.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0242951.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0242952.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0242977.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0243143.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0243144.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0243145.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0243441.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0243442.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0243470.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0243471.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0243472.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0243473.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0243474.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0243475.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0243476.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0243477.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0243478.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0243479.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0243480.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0243481.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0243482.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0243483.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0243484.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0243485.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0243486.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0243487.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0243488.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0243489.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0243490.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0243491.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0243492.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0243493.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0243494.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0243495.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0243496.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0243556.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0243557.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0243558.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0243559.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0243560.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0243561.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0243659.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0243660.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0243661.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0243662.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0243663.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0243664.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0243672.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0243673.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0243674.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0243675.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0243697.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0243698.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0243699.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0243700.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0243701.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0243708.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0243710.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0243711.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0243713.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0243714.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0243715.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0243716.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0247055.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0247057.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0247105.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0247107.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0247152.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0247154.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0247199.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0247201.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0247246.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0247248.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0248309.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0248310.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0248311.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0251363.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\A0251364.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\BSR Movie Lab.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\BSR Movie Studio.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\BSR User Account Configuration.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\Bulent's Screen Recorder 3.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\Driver.Magician.v3.28 + Fully Working Keygen.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\EasyInfo.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\Electronic Arts Product Support.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\ErrorSmart.v2.7.2861.900.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\FILE_ID.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\Launch BF2 Standalone Server.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\PhotoMeister Sample Album.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\Play Battlefield 2.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\Play BF2 Online Now!.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\Register this Product.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\Screen Recorder 3 Help.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\Spyware Doctor.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\Start BSR With User Account.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\Tutorial.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\Uninstall Screen Recorder 3.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\View the README file.lnk
C:\Program Files\RegCure\Backup\RegCureBak_May_25_08_16_17_10\Windows Messenger.lnk
C:\Program Files\RegCure\buttonfill.jpg
C:\Program Files\RegCure\buttonfill_expire.jpg
C:\Program Files\RegCure\buttonfill_mo.jpg
C:\Program Files\RegCure\buttonfill_mo_expire.jpg
C:\Program Files\RegCure\config.xml
C:\Program Files\RegCure\contentwrapper.gif
C:\Program Files\RegCure\expire.css
C:\Program Files\RegCure\footerbar.gif
C:\Program Files\RegCure\help.chm
C:\Program Files\RegCure\info_bubble.jpg
C:\Program Files\RegCure\Logs\Regcure-25-05-08-16-19-19.zip
C:\Program Files\RegCure\Logs\SystemInfo.zip
C:\Program Files\RegCure\LogSettings.xml
C:\Program Files\RegCure\main.css
C:\Program Files\RegCure\process-animation.gif
C:\Program Files\RegCure\RegCure.exe
C:\Program Files\RegCure\settings.xml
C:\Program Files\RegCure\subtitlebar.gif
C:\Program Files\RegCure\Thumbs.db
C:\Program Files\RegCure\tile_titlebar.jpg
C:\Program Files\RegCure\uninst.exe
C:\Program Files\RegCure\whitelist.dat
C:\Program Files\RegCure\zlibwapi.dll
C:\WINDOWS\system32\_000005_.tmp.dll
C:\WINDOWS\system32\jamersiv.dll
C:\WINDOWS\system32\qtxpavbd.dll
C:\WINDOWS\system32\rxsppnrj.dll_old
C:\WINDOWS\Tasks\RegCure.job

.
((((((((((((((((((((((((( Files Created from 2008-04-26 to 2008-05-26 )))))))))))))))))))))))))))))))
.

2008-05-26 20:49 . 2008-05-26 20:49 <DIR> d-------- C:\VundoFix Backups
2008-05-26 17:21 . 2008-05-26 17:21 <DIR> d-------- C:\Documents and Settings\Γεράσιμος Κύρλος
2008-05-26 17:21 . <DIR> C:\Documents and Settings\+ί±-?ώΉΎ? ¦²±ΈΎ?\Local Settings
2008-05-26 17:21 . <DIR> C:\Documents and Settings\+ί±-?ώΉΎ? ¦²±ΈΎ?\Local Settings
2008-05-26 17:07 . 2008-05-26 17:07 361,466 --a------ C:\Documents and Settings\catchme.zip
2008-05-26 16:26 . 2008-05-26 23:52 <DIR> d-------- C:\Combo fix
2008-05-26 15:50 . 2008-05-26 15:50 <DIR> d-------- C:\Deckard
2008-05-26 15:39 . 2008-05-26 15:39 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-26 15:33 . 2008-05-26 15:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-26 15:32 . 2008-05-26 16:26 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-05-20 18:00 . 2008-05-20 18:05 269 --a------ C:\WINDOWS\wininit.ini
2008-05-20 17:21 . 2008-05-20 17:21 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-20 17:21 . 2008-05-20 18:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-20 17:18 . 2008-05-26 17:40 <DIR> d-------- C:\Program Files\WinClamAVShield
2008-05-20 17:13 . 2008-05-20 17:13 <DIR> d-------- C:\searchplugins
2008-05-20 17:12 . 2008-05-20 17:13 <DIR> d-------- C:\Program Files\Crawler
2008-05-20 17:11 . 2008-05-26 15:10 <DIR> d-------- C:\Program Files\Spyware Terminator
2008-05-20 17:11 . 2008-05-26 13:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-05-20 17:11 . 2008-05-20 17:11 141,312 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-05-17 13:10 . 2008-05-17 13:15 <DIR> d-------- C:\Program Files\Incomplete
2008-05-13 16:14 . 2008-05-13 16:40 <DIR> d-------- C:\Program Files\Driver Magician
2008-05-13 16:14 . 2004-09-28 11:13 526,184 --a------ C:\WINDOWS\system32\XceedCry.dll
2008-05-13 16:14 . 2004-03-09 00:00 224,016 --a------ C:\WINDOWS\system32\Tabctl32.ocx
2008-05-13 16:14 . 2004-08-11 15:55 110,602 --a------ C:\WINDOWS\system32\xcdsfx32.bin

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-26 21:04 3,248,416 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-05-26 21:04 17,962 ----a-w C:\WINDOWS\system32\drivers\GVTDrv.sys
2008-05-26 21:04 159,075,872 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-05-26 20:59 305,540 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-05-26 20:59 2,131,508 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-05-26 20:44 --------- d-----w C:\Program Files\Warcraft III
2008-05-26 14:13 5,112 ----a-w C:\WINDOWS\GPCIDrv.sys
2008-05-26 12:31 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-25 12:11 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-25 09:33 --------- d-----w C:\Program Files\VirtualDJ
2008-05-24 17:12 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-20 15:21 --------- d-----w C:\Program Files\Intelore
2008-05-20 15:21 --------- d-----w C:\Program Files\DAEMON Tools
2008-05-17 10:20 --------- d-----w C:\Program Files\LimeWire
2008-05-14 12:59 --------- d-----w C:\Program Files\World of Warcraft
2008-05-13 13:40 --------- d-----w C:\Program Files\MagicISO
2008-05-13 13:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-13 13:11 --------- d-----w C:\Program Files\ImTOO
2008-05-13 13:10 --------- d-----w C:\Program Files\NCH Swift Sound
2008-05-13 12:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\SymplisIT
2008-05-09 21:47 --------- d-----w C:\Program Files\DivX
2008-04-23 08:55 --------- d-----w C:\Program Files\ePrompter
2008-04-09 15:18 --------- d-----w C:\Program Files\Opera
2008-04-09 08:40 --------- d-----w C:\Program Files\AvRack
2008-04-02 22:01 --------- d-----w C:\Program Files\RadarSync Ltd
2008-04-02 21:53 --------- d-----w C:\Program Files\Auslogics
2008-04-02 15:25 61,824 ----a-w C:\WINDOWS\system32\drivers\nic1394.sys
2008-04-02 15:25 61,056 ----a-w C:\WINDOWS\system32\drivers\ohci1394.sys
2008-04-02 15:24 6,400 ----a-w C:\WINDOWS\system32\drivers\enum1394.sys
2008-04-02 15:24 53,248 ----a-w C:\WINDOWS\system32\drivers\1394bus.sys
2008-04-02 15:23 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys
2008-04-02 15:23 4,352 ----a-w C:\WINDOWS\system32\drivers\swenum.sys
2008-04-02 15:23 196,864 ----a-w C:\WINDOWS\system32\drivers\rdpdr.sys
2008-04-02 15:22 60,800 ----a-w C:\WINDOWS\system32\drivers\arp1394.sys
2008-04-02 15:22 15,488 ----a-w C:\WINDOWS\system32\drivers\mssmbios.sys
2008-04-02 13:26 --------- d-----w C:\Program Files\Creative
2008-04-02 12:49 --------- d-----w C:\Program Files\Realtek AC97
2008-04-02 12:36 --------- d-----w C:\Program Files\SymplisIT
2008-03-31 11:05 --------- d-----w C:\Program Files\Cosmos
2008-03-09 12:29 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-08-13 19:37 8,833 --sha-w C:\WINDOWS\system32\usvr\usvr.dat
.

((((((((((((((((((((((((((((( snapshot@2008-05-26_17.20.38.35 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-26 14:10:16 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-26 21:01:54 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2007-12-07 02:08:49 124,928 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\advpack.dll
+ 2007-12-19 22:52:54 347,136 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\dxtmsft.dll
+ 2007-12-07 02:08:49 214,528 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\dxtrans.dll
+ 2007-12-07 02:08:49 133,120 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\extmgr.dll
+ 2007-12-07 02:08:49 63,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\icardie.dll
+ 2007-12-06 11:00:39 70,656 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ie4uinit.exe
+ 2007-12-07 02:08:49 153,088 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieakeng.dll
+ 2007-12-07 02:08:49 230,400 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieaksie.dll
+ 2007-12-06 04:59:51 161,792 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieakui.dll
+ 2007-12-07 02:08:49 383,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieapfltr.dll
+ 2007-12-07 02:08:50 384,512 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iedkcs32.dll
+ 2007-12-07 02:08:52 6,066,176 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieframe.dll
+ 2007-12-07 02:08:52 44,544 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iernonce.dll
+ 2007-12-07 02:08:52 267,776 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iertutil.dll
+ 2007-12-06 11:00:58 13,824 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieudinit.exe
+ 2007-12-06 11:01:28 625,664 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iexplore.exe
+ 2007-12-07 02:08:53 27,648 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\jsproxy.dll
+ 2007-12-07 02:08:53 459,264 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeeds.dll
+ 2007-12-07 02:08:53 52,224 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeedsbs.dll
+ 2007-12-08 05:08:56 3,592,192 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtml.dll
+ 2007-12-07 02:08:54 478,208 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtmled.dll
+ 2007-12-07 02:08:54 193,024 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msrating.dll
+ 2007-12-07 02:08:55 671,232 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mstime.dll
+ 2007-12-07 02:08:55 102,912 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\occache.dll
+ 2008-01-11 05:36:09 44,544 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\pngfilt.dll
+ 2007-03-06 01:17:34 217,824 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:18:46 394,464 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\updspapi.dll
+ 2007-12-07 02:08:55 105,984 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\url.dll
+ 2007-12-07 02:08:55 1,159,680 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\urlmon.dll
+ 2007-12-07 02:08:56 233,472 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\webcheck.dll
+ 2007-12-07 02:08:56 824,832 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll
- 2008-03-18 17:28:33 2,560 ----a-r C:\WINDOWS\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2008-05-26 19:48:01 2,560 ----a-r C:\WINDOWS\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
- 2008-03-18 17:28:33 34,304 ----a-r C:\WINDOWS\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\misc.exe
+ 2008-05-26 19:48:01 34,304 ----a-r C:\WINDOWS\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\misc.exe
- 2008-03-18 17:28:33 8,192 ----a-r C:\WINDOWS\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
+ 2008-05-26 19:48:01 8,192 ----a-r C:\WINDOWS\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
- 2008-03-18 17:28:33 3,584 ----a-r C:\WINDOWS\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
+ 2008-05-26 19:48:01 3,584 ----a-r C:\WINDOWS\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
- 2008-03-18 17:28:33 16,384 ----a-r C:\WINDOWS\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
+ 2008-05-26 19:48:01 16,384 ----a-r C:\WINDOWS\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
- 2008-03-18 17:28:33 22,528 ----a-r C:\WINDOWS\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
+ 2008-05-26 19:48:01 22,528 ----a-r C:\WINDOWS\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
- 2008-03-18 17:28:33 45,056 ----a-r C:\WINDOWS\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
+ 2008-05-26 19:48:01 45,056 ----a-r C:\WINDOWS\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
+ 2008-05-26 19:42:51 1,532 ----a-w C:\WINDOWS\SoftwareDistribution\EventCache\{8A1786DF-BA67-4717-AB47-F710DCBE848E}.bin
- 2007-12-07 02:08:49 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2008-03-01 12:58:33 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
- 2007-12-07 02:08:49 124,928 -c--a-w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2008-03-01 12:58:33 124,928 -c--a-w C:\WINDOWS\system32\dllcache\advpack.dll
- 2004-09-07 12:00:00 561,179 -c--a-w C:\WINDOWS\system32\dllcache\dao360.dll
+ 2008-03-25 04:50:25 554,008 -c--a-w C:\WINDOWS\system32\dllcache\dao360.dll
- 2006-06-26 17:41:23 148,480 -c--a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
+ 2008-02-20 05:33:57 148,992 -c--a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
- 2004-09-07 12:00:00 46,080 -c--a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
+ 2008-02-20 05:33:57 46,080 -c--a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
- 2007-12-19 22:52:54 347,136 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-03-01 12:58:33 347,136 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2007-12-07 02:08:49 214,528 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-03-01 12:58:34 214,528 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2007-12-07 02:08:49 133,120 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-03-01 12:58:34 133,120 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2007-06-19 13:30:47 282,112 -c--a-w C:\WINDOWS\system32\dllcache\gdi32.dll
+ 2008-02-20 06:50:58 282,624 -c--a-w C:\WINDOWS\system32\dllcache\gdi32.dll
- 2007-12-07 02:08:49 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll
+ 2008-03-01 12:58:34 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll
- 2007-12-06 11:00:39 70,656 -c--a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
+ 2008-02-29 08:55:25 70,656 -c--a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
- 2007-12-07 02:08:49 153,088 -c--a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2008-03-01 12:58:34 153,088 -c--a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
- 2007-12-07 02:08:49 230,400 -c--a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2008-03-01 12:58:34 230,400 -c--a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
- 2007-12-06 04:59:51 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll
+ 2008-02-15 05:44:25 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll
- 2007-12-07 02:08:49 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll
+ 2008-03-01 12:58:34 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll
- 2007-12-07 02:08:50 384,512 -c--a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2008-03-01 12:58:35 384,512 -c--a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
- 2007-12-07 02:08:52 6,066,176 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll
+ 2008-03-01 12:58:36 6,066,176 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll
- 2007-12-07 02:08:52 44,544 -c--a-w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2008-03-01 12:58:37 44,544 -c--a-w C:\WINDOWS\system32\dllcache\iernonce.dll
- 2007-12-07 02:08:52 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll
+ 2008-03-01 12:58:37 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll
- 2007-12-06 11:00:58 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe
+ 2008-02-22 10:00:51 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe
- 2007-12-06 11:01:28 625,664 -c--a-w C:\WINDOWS\system32\dllcache\iexplore.exe
+ 2008-02-29 08:55:46 625,664 -c--a-w C:\WINDOWS\system32\dllcache\iexplore.exe
- 2007-12-07 02:08:53 27,648 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-03-01 12:58:38 27,648 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2004-09-07 12:00:00 512,029 -c--a-w C:\WINDOWS\system32\dllcache\msexch40.dll
+ 2008-03-25 04:50:28 518,944 -c--a-w C:\WINDOWS\system32\dllcache\msexch40.dll
- 2004-09-07 12:00:00 319,517 -c--a-w C:\WINDOWS\system32\dllcache\msexcl40.dll
+ 2008-03-25 04:50:30 326,432 -c--a-w C:\WINDOWS\system32\dllcache\msexcl40.dll
- 2007-12-07 02:08:53 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll
+ 2008-03-01 12:58:38 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll
- 2007-12-07 02:08:53 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
+ 2008-03-01 12:58:38 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
- 2007-12-08 05:08:56 3,592,192 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-03-01 15:28:42 3,591,680 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2007-12-07 02:08:54 478,208 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-03-01 12:58:41 478,208 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2004-09-07 12:00:00 1,507,356 -c--a-w C:\WINDOWS\system32\dllcache\msjet40.dll
+ 2008-03-25 04:50:34 1,516,568 -c--a-w C:\WINDOWS\system32\dllcache\msjet40.dll
- 2004-09-07 12:00:00 358,976 -c--a-w C:\WINDOWS\system32\dllcache\msjetol1.dll
+ 2008-03-25 04:50:40 355,112 -c--a-w C:\WINDOWS\system32\dllcache\msjetol1.dll
- 2004-09-07 12:00:00 192,543 -c--a-w C:\WINDOWS\system32\dllcache\msjint40.dll
+ 2008-03-25 04:50:16 199,456 -c--a-w C:\WINDOWS\system32\dllcache\msjint40.dll
- 2004-09-07 12:00:00 53,279 -c--a-w C:\WINDOWS\system32\dllcache\msjter40.dll
+ 2008-03-25 04:50:42 60,192 -c--a-w C:\WINDOWS\system32\dllcache\msjter40.dll
- 2004-09-07 12:00:00 241,693 -c--a-w C:\WINDOWS\system32\dllcache\msjtes40.dll
+ 2008-03-25 04:50:42 248,608 -c--a-w C:\WINDOWS\system32\dllcache\msjtes40.dll
- 2004-09-07 12:00:00 213,023 -c--a-w C:\WINDOWS\system32\dllcache\msltus40.dll
+ 2008-03-25 04:50:44 219,936 -c--a-w C:\WINDOWS\system32\dllcache\msltus40.dll
- 2004-09-07 12:00:00 348,189 -c--a-w C:\WINDOWS\system32\dllcache\mspbde40.dll
+ 2008-03-25 04:50:45 355,104 -c--a-w C:\WINDOWS\system32\dllcache\mspbde40.dll
- 2007-12-07 02:08:54 193,024 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-03-01 12:58:41 193,024 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
- 2004-09-07 12:00:00 421,919 -c--a-w C:\WINDOWS\system32\dllcache\msrd2x40.dll
+ 2008-03-25 04:50:47 432,928 -c--a-w C:\WINDOWS\system32\dllcache\msrd2x40.dll
- 2004-09-07 12:00:00 315,423 -c--a-w C:\WINDOWS\system32\dllcache\msrd3x40.dll
+ 2008-03-25 04:50:49 322,336 -c--a-w C:\WINDOWS\system32\dllcache\msrd3x40.dll
- 2004-09-07 12:00:00 552,989 -c--a-w C:\WINDOWS\system32\dllcache\msrepl40.dll
+ 2008-03-25 04:50:52 559,904 -c--a-w C:\WINDOWS\system32\dllcache\msrepl40.dll
- 2004-09-07 12:00:00 258,077 -c--a-w C:\WINDOWS\system32\dllcache\mstext40.dll
+ 2008-03-25 04:50:55 264,992 -c--a-w C:\WINDOWS\system32\dllcache\mstext40.dll
- 2007-12-07 02:08:55 671,232 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-03-01 12:58:41 671,232 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
- 2004-09-07 12:00:00 831,519 -c--a-w C:\WINDOWS\system32\dllcache\mswdat10.dll
+ 2008-03-25 04:50:57 838,432 -c--a-w C:\WINDOWS\system32\dllcache\mswdat10.dll
- 2004-09-07 12:00:00 614,429 -c--a-w C:\WINDOWS\system32\dllcache\mswstr10.dll
+ 2008-03-25 04:50:17 621,344 -c--a-w C:\WINDOWS\system32\dllcache\mswstr10.dll
- 2004-09-07 12:00:00 348,189 -c--a-w C:\WINDOWS\system32\dllcache\msxbde40.dll
+ 2008-03-25 04:50:58 355,104 -c--a-w C:\WINDOWS\system32\dllcache\msxbde40.dll
- 2007-12-07 02:08:55 102,912 -c--a-w C:\WINDOWS\system32\dllcache\occache.dll
+ 2008-03-01 12:58:41 102,912 -c--a-w C:\WINDOWS\system32\dllcache\occache.dll
- 2008-01-11 05:36:09 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-03-01 12:58:41 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2007-12-07 02:08:55 105,984 -c--a-w C:\WINDOWS\system32\dllcache\url.dll
+ 2008-03-01 12:58:41 105,984 -c--a-w C:\WINDOWS\system32\dllcache\url.dll
- 2007-12-07 02:08:55 1,159,680 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-03-01 12:58:42 1,159,680 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2007-12-07 02:08:56 233,472 -c--a-w C:\WINDOWS\system32\dllcache\webcheck.dll
+ 2008-03-01 12:58:42 233,472 -c--a-w C:\WINDOWS\system32\dllcache\webcheck.dll
- 2007-03-08 15:33:12 1,843,840 -c--a-w C:\WINDOWS\system32\dllcache\win32k.sys
+ 2008-03-20 08:06:51 1,845,504 -c--a-w C:\WINDOWS\system32\dllcache\win32k.sys
- 2007-12-07 02:08:56 824,832 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-03-01 12:58:43 826,368 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
- 2006-06-26 17:41:23 148,480 ----a-w C:\WINDOWS\system32\dnsapi.dll
+ 2008-02-20 05:33:57 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll
- 2004-09-07 12:00:00 46,080 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
+ 2008-02-20 05:33:57 46,080 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
- 2007-12-19 22:52:54 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-03-01 12:58:33 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2007-12-07 02:08:49 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-03-01 12:58:34 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2007-12-07 02:08:49 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2008-03-01 12:58:34 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll
- 2008-03-18 22:04:26 227,208 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-05-26 21:01:50 227,208 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2007-06-19 13:30:47 282,112 ----a-w C:\WINDOWS\system32\gdi32.dll
+ 2008-02-20 06:50:58 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
- 2007-12-07 02:08:49 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
+ 2008-03-01 12:58:34 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
- 2007-12-06 11:00:39 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
+ 2008-02-29 08:55:25 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
- 2007-12-07 02:08:49 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
+ 2008-03-01 12:58:34 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
- 2007-12-07 02:08:49 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
+ 2008-03-01 12:58:34 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
- 2007-12-06 04:59:51 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
+ 2008-02-15 05:44:25 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
- 2007-12-07 02:08:49 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
+ 2008-03-01 12:58:34 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
- 2007-12-07 02:08:50 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
+ 2008-03-01 12:58:35 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
- 2007-12-07 02:08:52 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
+ 2008-03-01 12:58:36 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
- 2007-12-07 02:08:52 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
+ 2008-03-01 12:58:37 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
- 2007-12-07 02:08:52 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
+ 2008-03-01 12:58:37 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
- 2007-12-06 11:00:58 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2008-02-22 10:00:51 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
- 2007-12-07 02:08:53 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2008-03-01 12:58:38 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2008-03-05 06:30:56 19,148,408 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-05-09 11:35:06 16,863,864 ----a-w C:\WINDOWS\system32\MRT.exe
- 2004-09-07 12:00:00 512,029 ----a-w C:\WINDOWS\system32\msexch40.dll
+ 2008-03-25 04:50:28 518,944 ----a-w C:\WINDOWS\system32\msexch40.dll
- 2004-09-07 12:00:00 319,517 ----a-w C:\WINDOWS\system32\msexcl40.dll
+ 2008-03-25 04:50:30 326,432 ----a-w C:\WINDOWS\system32\msexcl40.dll
- 2007-12-07 02:08:53 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
+ 2008-03-01 12:58:38 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
- 2007-12-07 02:08:53 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
+ 2008-03-01 12:58:38 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
- 2007-12-08 05:08:56 3,592,192 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-03-01 15:28:42 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2007-12-07 02:08:54 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-03-01 12:58:41 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2004-09-07 12:00:00 1,507,356 ----a-w C:\WINDOWS\system32\msjet40.dll
+ 2008-03-25 04:50:34 1,516,568 ----a-w C:\WINDOWS\system32\msjet40.dll
- 2004-09-07 12:00:00 358,976 ----a-w C:\WINDOWS\system32\msjetoledb40.dll
+ 2008-03-25 04:50:40 355,112 ----a-w C:\WINDOWS\system32\msjetoledb40.dll
- 2004-09-07 12:00:00 192,543 ----a-w C:\WINDOWS\system32\msjint40.dll
+ 2008-03-25 04:50:16 199,456 ----a-w C:\WINDOWS\system32\msjint40.dll
- 2004-09-07 12:00:00 53,279 ----a-w C:\WINDOWS\system32\msjter40.dll
+ 2008-03-25 04:50:42 60,192 ----a-w C:\WINDOWS\system32\msjter40.dll
- 2004-09-07 12:00:00 241,693 ----a-w C:\WINDOWS\system32\msjtes40.dll
+ 2008-03-25 04:50:42 248,608 ----a-w C:\WINDOWS\system32\msjtes40.dll
- 2004-09-07 12:00:00 213,023 ----a-w C:\WINDOWS\system32\msltus40.dll
+ 2008-03-25 04:50:44 219,936 ----a-w C:\WINDOWS\system32\msltus40.dll
- 2004-09-07 12:00:00 348,189 ----a-w C:\WINDOWS\system32\mspbde40.dll
+ 2008-03-25 04:50:45 355,104 ----a-w C:\WINDOWS\system32\mspbde40.dll
- 2007-12-07 02:08:54 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2008-03-01 12:58:41 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
- 2004-09-07 12:00:00 421,919 ----a-w C:\WINDOWS\system32\msrd2x40.dll
+ 2008-03-25 04:50:47 432,928 ----a-w C:\WINDOWS\system32\msrd2x40.dll
- 2004-09-07 12:00:00 315,423 ----a-w C:\WINDOWS\system32\msrd3x40.dll
+ 2008-03-25 04:50:49 322,336 ----a-w C:\WINDOWS\system32\msrd3x40.dll
- 2004-09-07 12:00:00 552,989 ----a-w C:\WINDOWS\system32\msrepl40.dll
+ 2008-03-25 04:50:52 559,904 ----a-w C:\WINDOWS\system32\msrepl40.dll
- 2004-09-07 12:00:00 258,077 ----a-w C:\WINDOWS\system32\mstext40.dll
+ 2008-03-25 04:50:55 264,992 ----a-w C:\WINDOWS\system32\mstext40.dll
- 2007-12-07 02:08:55 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2008-03-01 12:58:41 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
- 2004-09-07 12:00:00 831,519 ----a-w C:\WINDOWS\system32\mswdat10.dll
+ 2008-03-25 04:50:57 838,432 ----a-w C:\WINDOWS\system32\mswdat10.dll
- 2004-09-07 12:00:00 614,429 ----a-w C:\WINDOWS\system32\mswstr10.dll
+ 2008-03-25 04:50:17 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
- 2004-09-07 12:00:00 348,189 ----a-w C:\WINDOWS\system32\msxbde40.dll
+ 2008-03-25 04:50:58 355,104 ----a-w C:\WINDOWS\system32\msxbde40.dll
- 2007-04-16 19:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
+ 2007-07-30 16:19:10 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
- 2007-12-07 02:08:55 102,912 ----a-w C:\WINDOWS\system32\occache.dll
+ 2008-03-01 12:58:41 102,912 ----a-w C:\WINDOWS\system32\occache.dll
- 2008-01-11 05:36:09 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-03-01 12:58:41 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2007-12-07 02:08:55 105,984 ----a-w C:\WINDOWS\system32\url.dll
+ 2008-03-01 12:58:41 105,984 ----a-w C:\WINDOWS\system32\url.dll
- 2007-12-07 02:08:55 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-03-01 12:58:42 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2007-12-07 02:08:56 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2008-03-01 12:58:42 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
- 2007-03-08 15:33:12 1,843,840 ----a-w C:\WINDOWS\system32\win32k.sys
+ 2008-03-20 08:06:51 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
- 2007-12-07 02:08:56 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
continued...

Edited by Redgerasimos, 26 May 2008 - 03:25 PM.