Tech Support Forum - View Single Post - IEXPLORE issues + plus popups + unknown .exe

LeoNe · 02-28-2007, 03:24 AM

Ok , here is Comboscan and supplementary

ComboScan v20070221.16 run by LeoNiDaS on 2007-02-28 at 12:17:24
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as LeoNiDaS.exe) ---------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 12:17:25 μμ, on 28/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Saitek\Software\Profiler.exe
C:\Program Files\Saitek\Software\SaiMfd.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\LeoNiDaS\Desktop\comboscan.exe
H:\HFAISTOS\UTILITIES\GUDilitieS\Antivirus\hijackthis\LeoNiDaS.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.gr/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AVPCC] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe" /wait
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
O4 - HKLM\..\Run: [SaiSmart] C:\Program Files\Saitek\Software\SaiSmart.exe
O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\Software\SaiMfd.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/pa.../GSManager.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E9C1BBDE-A254-442D-9453-5662EEE59302}: NameServer = 195.170.0.1,195.170.2.2
O23 - Service: AVP Control Centre Service (AVPCC) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: KAV Monitor Service (KAVMonitorService) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpm.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

-- Files created between 2007-01-28 and 2007-02-28 ------------------------------

2007-02-25 21:59:16 0 d-------- C:\Program Files\Ace Utilities<ACEUTI~1>
2007-02-21 23:58:06 0 d-------- C:\Documents and Settings\LeoNiDaS\Application Data\TuneUp Software<TUNEUP~1>
2007-02-21 23:57:51 0 d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software<TUNEUP~1>
2007-02-21 23:04:04 29603 --a------ C:\WINDOWS\system32\drivers\glauiad.sys
2007-02-21 23:04:04 24576 --a------ C:\WINDOWS\system32\CoInst.dll
2007-02-21 23:04:00 0 d-------- C:\Program Files\jetSpeed520<JETSPE~1>
2007-02-21 17:32:16 318 --a------ C:\delete.bat
2007-02-21 17:29:30 0 d-------- C:\NoLopBackups<NOLOPB~1>
2007-02-21 17:25:17 0 d-------- C:\Program Files\SpywareBlaster<SPYWAR~1>
2007-02-21 16:10:03 0 d-------- C:\Documents and Settings\Administrator\DoctorWeb<DOCTOR~1>
2007-02-21 15:10:26 0 d-------- C:\Documents and Settings\LeoNiDaS\DoctorWeb<DOCTOR~1>
2007-02-21 10:57:38 0 d-------- C:\Documents and Settings\LeoNiDaS\Application Data\Media Player Classic<MEDIAP~1>
2007-02-21 10:56:45 0 d-------- C:\Program Files\Media Player Classic<MEDIAP~1>
2007-02-21 10:50:04 0 d-------- C:\Program Files\QuickTime Alternative<QUICKT~2>
2007-02-21 10:07:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer<APPLEC~1>
2007-02-12 21:20:36 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy<SPYBOT~1>
2007-02-12 20:58:28 0 d-------- C:\Program Files\Yahoo!
2007-02-12 13:03:03 21075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2007-02-12 13:03:03 14568 --a------ C:\WINDOWS\system32\drivers\wg6n.sys
2007-02-12 13:03:03 14568 --a------ C:\WINDOWS\system32\drivers\wg5n.sys
2007-02-12 13:03:03 14568 --a------ C:\WINDOWS\system32\drivers\wg4n.sys
2007-02-12 13:03:03 14568 --a------ C:\WINDOWS\system32\drivers\wg3n.sys
2007-02-12 13:03:03 60496 --a------ C:\WINDOWS\system32\drivers\Teefer.sys
2007-02-12 13:03:02 83096 --a------ C:\WINDOWS\system32\SSSensor.dll
2007-02-12 13:03:01 0 d-------- C:\Program Files\Sygate

-- Find3M Report ----------------------------------------------------------------

2007-02-28 12:09:52 0 d-------- C:\Program Files\Mozilla Firefox<MOZILL~1>
2007-02-28 12:08:19 0 d-------- C:\Program Files\DC++<DC__~1>
2007-02-28 11:43:28 0 d-------- C:\Program Files\DVD Region+CSS Free<DVDREG~1>
2007-02-24 19:59:47 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard<WISEIN~1>
2007-02-24 19:47:57 0 d-------- C:\Program Files\WinAVI VideoConverter<WINAVI~1>
2007-02-24 19:47:38 0 d-------- C:\Program Files\Java
2007-02-22 12:59:37 0 d-------- C:\Program Files\DVDFab Decrypter 3<DVDFAB~2>
2007-02-21 10:36:39 0 d-------- C:\Program Files\QuickTime<QUICKT~1>
2007-02-21 00:37:30 0 --a------ C:\Documents and Settings\LeoNiDaS\Application Data\AVSDVDPlayer.m3u<AVSDVD~1.M3U>
2007-02-06 22:18:01 0 d-------- C:\Program Files\audiograbber<AUDIOG~1>
2007-02-02 13:23:39 0 d---s---- C:\Documents and Settings\LeoNiDaS\Application Data\Microsoft<MICROS~1>
2007-01-25 12:48:48 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-01-21 13:49:17 0 d-------- C:\Documents and Settings\LeoNiDaS\Application Data\Leadertech<LEADER~1>
2007-01-21 00:40:07 0 dr-h----- C:\Documents and Settings\LeoNiDaS\Application Data\SecuROM
2007-01-21 00:40:06 108144 --a------ C:\WINDOWS\system32\CmdLineExt.dll<CMDLIN~1.DLL>
2007-01-20 22:43:19 0 d-------- C:\Program Files\Atari
2007-01-20 17:40:38 0 d-------- C:\Documents and Settings\LeoNiDaS\Application Data\AdobeUM
2007-01-16 19

23 0 d-------- C:\Program Files\Recover My Files<RECOVE~1>
2007-01-13 09:47:57 0 d-------- C:\Program Files\MSN Messenger<MSNMES~1>
2007-01-04 16:45:49 202240 --a------ C:\WINDOWS\system32\300_saver_02.scr<300_SA~1.SCR>

-- Registry Dump ----------------------------------------------------------------

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"AVPCC"="\"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus Personal Pro\\avpcc.exe\" /wait"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"CmUsbSound"="RunDll32 cmcnfgu.cpl,CMICtrlWnd"
"Profiler"="C:\\Program Files\\Saitek\\Software\\Profiler.exe"
"SaiSmart"="C:\\Program Files\\Saitek\\Software\\SaiSmart.exe"
"SaiMfd"="C:\\Program Files\\Saitek\\Software\\SaiMfd.exe"
"SmcService"="C:\\PROGRA~1\\Sygate\\SPF\\smc.exe -startgui"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"updateMgr"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_8 -reboot 1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"Creative WebCam Tray"="C:\\Program Files\\Creative\\Shared Files\\CAMTRAY.EXE"
"SoundMan"="SOUNDMAN.EXE"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0

-- End of ComboScan: finished at 2007-02-28 at 12:17:41 -------------------------

ComboScan v20070221.16 run by LeoNiDaS on 2007-02-26 at 11:43:34
Supplementary logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information -----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon(tm) 64 X2 Dual Core Processor 3800+
CPU 1: AMD Athlon(tm) 64 X2 Dual Core Processor 3800+
Percentage of Memory in Use: 35%
Physical Memory (total/avail): 1023.48 MiB / 663.72 MiB
Pagefile Memory (total/avail): 2460.36 MiB / 2232.29 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1997.73 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 69.23 GiB total, 5.87 GiB free.
D: is CDROM (CDFS)
E: is CDROM (No Media)
F: is Fixed (NTFS) - 135.22 GiB total, 2.27 GiB free.
G: is Fixed (NTFS) - 97.65 GiB total, 0.47 GiB free.
H: is Fixed (NTFS) - 186.31 GiB total, 0.19 GiB free.
I: is CDROM (No Media)

-- Security Center --------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.
UpdatesDisableNotify is set.

FW: Sygate Personal Firewall v4.6 (Sygate Technologies, Inc.)

-- Environment Variables --------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\LeoNiDaS\Application Data
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=REBORN
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\LeoNiDaS
LOGONSERVER=\\REBORN
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 43 Stepping 1, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2b01
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\LeoNiDaS\LOCALS~1\Temp
TMP=C:\DOCUME~1\LeoNiDaS\LOCALS~1\Temp
USERDOMAIN=REBORN
USERNAME=LeoNiDaS
USERPROFILE=C:\Documents and Settings\LeoNiDaS
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI

-- User Profiles ----------------------------------------------------------------

LeoNiDaS (admin)
Administrator (admin)

-- Add/Remove Programs ----------------------------------------------------------

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CA9EC1C6-3B51-11D6-B1A9-BCD2747AA951}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D43F13A1-1E39-4BD4-9682-DF889FE75421}\setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
300_saver_02 --> C:\WINDOWS\system32\300_saver_02.scr /u
AC3Filter (remove only) --> C:\Program Files\AC3Filter\uninstall.exe
Ace Utilities --> "C:\Program Files\Ace Utilities\uninstall.exe"
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 7.0.8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Alcohol 120% --> MsiExec.exe /X{E9F81423-211E-46B6-9AE0-38568BC5CF6F}
Anti-Leech Plugin for Mozilla, Opera, Netscape --> C:\Program Files\Anti-Leech\ALNN\setup2.exe -u
Athlon 64 Processor Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x8
AVS DVD Player version 2.2 --> "C:\Program Files\AVSMedia\DVDPlayer\unins000.exe"
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Creative PC-CAM Center Lite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D43F13A1-1E39-4BD4-9682-DF889FE75421}\setup.exe" -l0x9 /remove
Creative WebCam Monitor --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CA9EC1C6-3B51-11D6-B1A9-BCD2747AA951}\setup.exe" -l0x9 /remove
Creative WebCam NX Driver (1.02.01.0827) --> C:\WINDOWS\CtDrvIns.exe -uninstall -script P1110.uns -unsext NT -plugin p1110pin.dll -pluginres p1110pin.crl
Creative WebCam NX User's Guide (English) --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\Creative WebCam NX\Creative WebCam NX User's Guide\English\CTManual.isu"
DC++ 0.698 --> "C:\Program Files\DC++\uninstall.exe"
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Pro Trial --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DVD Region+CSS Free 5.50 --> "C:\Program Files\DVD Region+CSS Free\unins000.exe"
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
DVDFab Decrypter 3.0.8.0 --> "C:\Program Files\DVDFab Decrypter 3\unins000.exe"
EVE-ONLINE (remove only) --> C:\Program Files\CCP\EVE\Uninstall.exe
Fraps --> "C:\Program Files\Fraps\uninstall.exe"
GdiplusUpgrade --> MsiExec.exe /I{5421155F-B033-49DB-9B33-8F80F233D4D5}
HijackThis 1.99.1 --> H:\HFAISTOS\UTILITIES\GUDilitieS\Antivirus\hijackthis\HijackThis.exe /uninstall
HSP LGSO 1.0 --> "C:\Program Files\Microsoft Games\Flight Simulator 9\Scenery\HSP\unins000.exe"
IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
JeppTerrain --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7D28A0F2-349E-11D3-A90C-0090270E86DC}\setup.exe" -uninst
jetSpeed 520 ADSL Modem --> C:\Program Files\jetSpeed520\Adsl\uninstall.exe
Kaspersky(TM) Anti-Virus Personal Pro 4.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F5E2A5A-92C5-4DF1-808D-1688C50CBFEE}\Setup.exe" -l0x9
Medieval II Total War --> C:\Program Files\InstallShield Installation Information\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}\Setup.exe -runfromtemp -l0x0009 -removeonly
Microsoft Flight Simulator 2004 A Century of Flight --> "C:\Program Files\Microsoft Games\Flight Simulator 9\UNINSTAL.EXE" /runtemp /addremove
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Plus! for Windows XP --> MsiExec.exe /I{EEC2DAFD-5558-40AC-8E9C-5005C8F810E8}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mozilla Firefox (1.5.0.10) --> C:\Program Files\Mozilla Firefox\uninstall\uninstall.exe /ua "1.5.0.10 (el)"
MSN Messenger 7.5 --> MsiExec.exe /I{4043A416-03EC-11DA-BFBD-00065BBDC0B5}
Nero 6 --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
overland --> MsiExec.exe /I{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
PowerQuest PartitionMagic 7.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1E5007FA-DA5E-4EDD-BDE5-14D128D66887}\Setup.exe"
QuickTime Alternative 1.77 --> "C:\Program Files\QuickTime Alternative\unins000.exe"
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Recover My Files --> "C:\Program Files\Recover My Files\unins000.exe"
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
SST Programming Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{03ADCA1C-BCF0-4B12-AFCF-8EBF2CB3AB07}\setup.exe" AddRem
Sygate Personal Firewall --> MsiExec.exe /I{F34D9A5F-484A-4E31-A9D3-908CB265B289}
TEAC USB 3D AUDIO --> C:\WINDOWS\CmiUSB2Uninstall.exe C:\Program Files\TEAC USB 3D AUDIO#TEAC USB 3D AUDIO#TEAC USB 3D AUDIO#
TeamSpeak 2 RC2 --> "C:\Program Files\Teamspeak2_RC2\unins000.exe"
ubi.com --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AEDDF5A3-29CE-11D5-A8C2-000102246AAE}\Setup.exe" -l0x9 UNINSTALL-L0x9 -uninst
Ventrilo --> C:\PROGRA~1\Ventrilo\UNWISE.EXE C:\PROGRA~1\Ventrilo\INSTALL.LOG
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
WinRAR 3.3 – Εφαρμογή Διαχείρισης Συμπιεσμένων Αρχείων --> C:\Program Files\WinRAR\uninstall.exe
XviD MPEG-4 Video Codec --> "C:\Program Files\XviD\unins000.exe"

-- End of ComboScan: finished at 2007-02-26 at 11:44:01 -------------------------

ANd here is FindLOP .txt

Volume in drive C is SPaRTaN
Volume Serial Number is 24EE-1F89

Directory of C:\Documents and Settings\Administrator\Application Data

08/07/2006 11:07 ££ <DIR> Lavasoft
0 File(s) 0 bytes
1 Dir(s) 12.273.197.056 bytes free
Volume in drive C is SPaRTaN
Volume Serial Number is 24EE-1F89

Directory of C:\Documents and Settings\All Users\Application Data

18/07/2006 03:17 ££ <DIR> Adobe
21/02/2007 10:50 §£ <DIR> Apple Computer
18/07/2006 03:38 ££ <DIR> CyberLink
27/02/2007 11:31 §£ <DIR> DVD Shrink
24/02/2007 07:43 ££ 12.844 hpzinstall.log
31/03/2006 07:11 ££ <DIR> nView_Profiles
25/10/2006 01:11 ££ <DIR> PC Suite
21/02/2007 11:07 ££ <DIR> Spybot - Search & Destroy
21/02/2007 11:57 ££ <DIR> TuneUp Software
1 File(s) 12.844 bytes
8 Dir(s) 12.273.192.960 bytes free
Volume in drive C is SPaRTaN
Volume Serial Number is 24EE-1F89

Directory of C:\Documents and Settings\LeoNiDaS\Application Data

18/07/2006 02:40 ££ <DIR> Adobe
20/01/2007 05:40 ££ <DIR> AdobeUM
06/04/2006 06:28 ££ <DIR> Ahead
21/02/2007 12:37 §£ 0 AVSDVDPlayer.m3u
13/07/2006 01:11 ££ <DIR> BSplayer
27/12/2006 07:43 ££ <DIR> Creative
18/07/2006 07:08 ££ <DIR> CyberLink
15/06/2006 10:36 §£ 5.932 GdiplusUpgrade_MSIApproach_Wrapper.log
16/06/2006 05:54 ££ <DIR> Google
31/03/2006 06:57 ££ <DIR> Identities
18/11/2006 04:58 ££ <DIR> InstallShield
11/04/2006 02:52 ££ <DIR> Lavasoft
21/01/2007 01:49 ££ <DIR> Leadertech
31/03/2006 10:19 ££ <DIR> Macromedia
21/02/2007 10:57 §£ <DIR> Media Player Classic
31/03/2006 05:39 ££ <DIR> Mozilla
01/09/2006 01:55 §£ <DIR> My Games
25/10/2006 01:11 ££ <DIR> PC Suite
01/07/2006 06:04 ££ <DIR> Sun
24/08/2006 05:59 ££ <DIR> teamspeak2
21/02/2007 11:58 ££ <DIR> TuneUp Software
25/06/2006 05:24 ££ <DIR> ubi.com
03/04/2006 12:23 ££ <DIR> Ventrilo
2 File(s) 5.932 bytes
21 Dir(s) 12.273.192.960 bytes free
Volume in drive C is SPaRTaN
Volume Serial Number is 24EE-1F89

Directory of C:\Documents and Settings\Default User\Application Data

31/03/2006 07:44 ££ <DIR> .
31/03/2006 07:44 ££ <DIR> ..
31/03/2006 07:44 ££ 62 desktop.ini
1 File(s) 62 bytes
2 Dir(s) 12.273.192.960 bytes free
Volume in drive C is SPaRTaN
Volume Serial Number is 24EE-1F89

Directory of C:\Documents and Settings\LocalService\Application Data

Volume in drive C is SPaRTaN
Volume Serial Number is 24EE-1F89

Directory of C:\Documents and Settings\NetworkService\Application Data

[TRACE] Enumerating jobs and queues

Unfortunately , I didnt save DrWebCureit report , I guess i have removed the viruses and not quarrantined them .

Standingby ,
Leon .

02-28-2007, 03:24 AM	#9 (permalink)
LeoNe Registered User Join Date: Feb 2007 Posts: 9 OS: WinXP SP2	Ok , here is Comboscan and supplementary ComboScan v20070221.16 run by LeoNiDaS on 2007-02-28 at 12:17:24 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- HijackThis (run as LeoNiDaS.exe) --------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 12:17:25 μμ, on 28/2/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Sygate\SPF\smc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpm.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe C:\WINDOWS\system32\RunDll32.exe C:\Program Files\Saitek\Software\Profiler.exe C:\Program Files\Saitek\Software\SaiMfd.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Documents and Settings\LeoNiDaS\Desktop\comboscan.exe H:\HFAISTOS\UTILITIES\GUDilitieS\Antivirus\hijackthis\LeoNiDaS.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.gr/ O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [AVPCC] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe" /wait O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe O4 - HKLM\..\Run: [SaiSmart] C:\Program Files\Saitek\Software\SaiSmart.exe O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\Software\SaiMfd.exe O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/pa.../GSManager.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{E9C1BBDE-A254-442D-9453-5662EEE59302}: NameServer = 195.170.0.1,195.170.2.2 O23 - Service: AVP Control Centre Service (AVPCC) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe" /service (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: KAV Monitor Service (KAVMonitorService) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpm.exe" /service (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe -- Files created between 2007-01-28 and 2007-02-28 ------------------------------ 2007-02-25 21:59:16 0 d-------- C:\Program Files\Ace Utilities<ACEUTI~1> 2007-02-21 23:58:06 0 d-------- C:\Documents and Settings\LeoNiDaS\Application Data\TuneUp Software<TUNEUP~1> 2007-02-21 23:57:51 0 d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software<TUNEUP~1> 2007-02-21 23:04:04 29603 --a------ C:\WINDOWS\system32\drivers\glauiad.sys 2007-02-21 23:04:04 24576 --a------ C:\WINDOWS\system32\CoInst.dll 2007-02-21 23:04:00 0 d-------- C:\Program Files\jetSpeed520<JETSPE~1> 2007-02-21 17:32:16 318 --a------ C:\delete.bat 2007-02-21 17:29:30 0 d-------- C:\NoLopBackups<NOLOPB~1> 2007-02-21 17:25:17 0 d-------- C:\Program Files\SpywareBlaster<SPYWAR~1> 2007-02-21 16:10:03 0 d-------- C:\Documents and Settings\Administrator\DoctorWeb<DOCTOR~1> 2007-02-21 15:10:26 0 d-------- C:\Documents and Settings\LeoNiDaS\DoctorWeb<DOCTOR~1> 2007-02-21 10:57:38 0 d-------- C:\Documents and Settings\LeoNiDaS\Application Data\Media Player Classic<MEDIAP~1> 2007-02-21 10:56:45 0 d-------- C:\Program Files\Media Player Classic<MEDIAP~1> 2007-02-21 10:50:04 0 d-------- C:\Program Files\QuickTime Alternative<QUICKT~2> 2007-02-21 10:07:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer<APPLEC~1> 2007-02-12 21:20:36 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy<SPYBOT~1> 2007-02-12 20:58:28 0 d-------- C:\Program Files\Yahoo! 2007-02-12 13:03:03 21075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys 2007-02-12 13:03:03 14568 --a------ C:\WINDOWS\system32\drivers\wg6n.sys 2007-02-12 13:03:03 14568 --a------ C:\WINDOWS\system32\drivers\wg5n.sys 2007-02-12 13:03:03 14568 --a------ C:\WINDOWS\system32\drivers\wg4n.sys 2007-02-12 13:03:03 14568 --a------ C:\WINDOWS\system32\drivers\wg3n.sys 2007-02-12 13:03:03 60496 --a------ C:\WINDOWS\system32\drivers\Teefer.sys 2007-02-12 13:03:02 83096 --a------ C:\WINDOWS\system32\SSSensor.dll 2007-02-12 13:03:01 0 d-------- C:\Program Files\Sygate -- Find3M Report ---------------------------------------------------------------- 2007-02-28 12:09:52 0 d-------- C:\Program Files\Mozilla Firefox<MOZILL~1> 2007-02-28 12:08:19 0 d-------- C:\Program Files\DC++<DC__~1> 2007-02-28 11:43:28 0 d-------- C:\Program Files\DVD Region+CSS Free<DVDREG~1> 2007-02-24 19:59:47 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard<WISEIN~1> 2007-02-24 19:47:57 0 d-------- C:\Program Files\WinAVI VideoConverter<WINAVI~1> 2007-02-24 19:47:38 0 d-------- C:\Program Files\Java 2007-02-22 12:59:37 0 d-------- C:\Program Files\DVDFab Decrypter 3<DVDFAB~2> 2007-02-21 10:36:39 0 d-------- C:\Program Files\QuickTime<QUICKT~1> 2007-02-21 00:37:30 0 --a------ C:\Documents and Settings\LeoNiDaS\Application Data\AVSDVDPlayer.m3u<AVSDVD~1.M3U> 2007-02-06 22:18:01 0 d-------- C:\Program Files\audiograbber<AUDIOG~1> 2007-02-02 13:23:39 0 d---s---- C:\Documents and Settings\LeoNiDaS\Application Data\Microsoft<MICROS~1> 2007-01-25 12:48:48 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1> 2007-01-21 13:49:17 0 d-------- C:\Documents and Settings\LeoNiDaS\Application Data\Leadertech<LEADER~1> 2007-01-21 00:40:07 0 dr-h----- C:\Documents and Settings\LeoNiDaS\Application Data\SecuROM 2007-01-21 00:40:06 108144 --a------ C:\WINDOWS\system32\CmdLineExt.dll<CMDLIN~1.DLL> 2007-01-20 22:43:19 0 d-------- C:\Program Files\Atari 2007-01-20 17:40:38 0 d-------- C:\Documents and Settings\LeoNiDaS\Application Data\AdobeUM 2007-01-16 1923 0 d-------- C:\Program Files\Recover My Files<RECOVE~1> 2007-01-13 09:47:57 0 d-------- C:\Program Files\MSN Messenger<MSNMES~1> 2007-01-04 16:45:49 202240 --a------ C:\WINDOWS\system32\300_saver_02.scr<300_SA~1.SCR> -- Registry Dump ---------------------------------------------------------------- [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" "nwiz"="nwiz.exe /install" "AVPCC"="\"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus Personal Pro\\avpcc.exe\" /wait" "NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit" "CmUsbSound"="RunDll32 cmcnfgu.cpl,CMICtrlWnd" "Profiler"="C:\\Program Files\\Saitek\\Software\\Profiler.exe" "SaiSmart"="C:\\Program Files\\Saitek\\Software\\SaiSmart.exe" "SaiMfd"="C:\\Program Files\\Saitek\\Software\\SaiMfd.exe" "SmcService"="C:\\PROGRA~1\\Sygate\\SPF\\smc.exe -startgui" "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\"" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background" "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe" "updateMgr"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_8 -reboot 1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe" "Creative WebCam Tray"="C:\\Program Files\\Creative\\Shared Files\\CAMTRAY.EXE" "SoundMan"="SOUNDMAN.EXE" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 -- End of ComboScan: finished at 2007-02-28 at 12:17:41 ------------------------- ComboScan v20070221.16 run by LeoNiDaS on 2007-02-26 at 11:43:34 Supplementary logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ----------------------------------------------------------- Microsoft Windows XP Professional (build 2600) SP 2.0 Architecture: X86; Language: English CPU 0: AMD Athlon(tm) 64 X2 Dual Core Processor 3800+ CPU 1: AMD Athlon(tm) 64 X2 Dual Core Processor 3800+ Percentage of Memory in Use: 35% Physical Memory (total/avail): 1023.48 MiB / 663.72 MiB Pagefile Memory (total/avail): 2460.36 MiB / 2232.29 MiB Virtual Memory (total/avail): 2047.88 MiB / 1997.73 MiB A: is Removable (No Media) C: is Fixed (NTFS) - 69.23 GiB total, 5.87 GiB free. D: is CDROM (CDFS) E: is CDROM (No Media) F: is Fixed (NTFS) - 135.22 GiB total, 2.27 GiB free. G: is Fixed (NTFS) - 97.65 GiB total, 0.47 GiB free. H: is Fixed (NTFS) - 186.31 GiB total, 0.19 GiB free. I: is CDROM (No Media) -- Security Center -------------------------------------------------------------- AUOptions is disabled. Windows Internal Firewall is disabled. FirstRunDisabled is set. AntiVirusDisableNotify is set. FirewallDisableNotify is set. UpdatesDisableNotify is set. FW: Sygate Personal Firewall v4.6 (Sygate Technologies, Inc.) -- Environment Variables -------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\LeoNiDaS\Application Data CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=REBORN ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\LeoNiDaS LOGONSERVER=\\REBORN NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 15 Model 43 Stepping 1, AuthenticAMD PROCESSOR_LEVEL=15 PROCESSOR_REVISION=2b01 ProgramFiles=C:\Program Files PROMPT=$P$G SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\LeoNiDaS\LOCALS~1\Temp TMP=C:\DOCUME~1\LeoNiDaS\LOCALS~1\Temp USERDOMAIN=REBORN USERNAME=LeoNiDaS USERPROFILE=C:\Documents and Settings\LeoNiDaS windir=C:\WINDOWS __COMPAT_LAYER=EnableNXShowUI -- User Profiles ---------------------------------------------------------------- LeoNiDaS (admin) Administrator (admin) -- Add/Remove Programs ---------------------------------------------------------- --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CA9EC1C6-3B51-11D6-B1A9-BCD2747AA951}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D43F13A1-1E39-4BD4-9682-DF889FE75421}\setup.exe" -l0x9 --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf 300_saver_02 --> C:\WINDOWS\system32\300_saver_02.scr /u AC3Filter (remove only) --> C:\Program Files\AC3Filter\uninstall.exe Ace Utilities --> "C:\Program Files\Ace Utilities\uninstall.exe" Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete Adobe Reader 7.0.8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000} Alcohol 120% --> MsiExec.exe /X{E9F81423-211E-46B6-9AE0-38568BC5CF6F} Anti-Leech Plugin for Mozilla, Opera, Netscape --> C:\Program Files\Anti-Leech\ALNN\setup2.exe -u Athlon 64 Processor Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x8 AVS DVD Player version 2.2 --> "C:\Program Files\AVSMedia\DVDPlayer\unins000.exe" CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe" Creative PC-CAM Center Lite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D43F13A1-1E39-4BD4-9682-DF889FE75421}\setup.exe" -l0x9 /remove Creative WebCam Monitor --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CA9EC1C6-3B51-11D6-B1A9-BCD2747AA951}\setup.exe" -l0x9 /remove Creative WebCam NX Driver (1.02.01.0827) --> C:\WINDOWS\CtDrvIns.exe -uninstall -script P1110.uns -unsext NT -plugin p1110pin.dll -pluginres p1110pin.crl Creative WebCam NX User's Guide (English) --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\Creative WebCam NX\Creative WebCam NX User's Guide\English\CTManual.isu" DC++ 0.698 --> "C:\Program Files\DC++\uninstall.exe" DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER DivX Pro Trial --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC DVD Region+CSS Free 5.50 --> "C:\Program Files\DVD Region+CSS Free\unins000.exe" DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe" DVDFab Decrypter 3.0.8.0 --> "C:\Program Files\DVDFab Decrypter 3\unins000.exe" EVE-ONLINE (remove only) --> C:\Program Files\CCP\EVE\Uninstall.exe Fraps --> "C:\Program Files\Fraps\uninstall.exe" GdiplusUpgrade --> MsiExec.exe /I{5421155F-B033-49DB-9B33-8F80F233D4D5} HijackThis 1.99.1 --> H:\HFAISTOS\UTILITIES\GUDilitieS\Antivirus\hijackthis\HijackThis.exe /uninstall HSP LGSO 1.0 --> "C:\Program Files\Microsoft Games\Flight Simulator 9\Scenery\HSP\unins000.exe" IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100} J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110} JeppTerrain --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7D28A0F2-349E-11D3-A90C-0090270E86DC}\setup.exe" -uninst jetSpeed 520 ADSL Modem --> C:\Program Files\jetSpeed520\Adsl\uninstall.exe Kaspersky(TM) Anti-Virus Personal Pro 4.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F5E2A5A-92C5-4DF1-808D-1688C50CBFEE}\Setup.exe" -l0x9 Medieval II Total War --> C:\Program Files\InstallShield Installation Information\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}\Setup.exe -runfromtemp -l0x0009 -removeonly Microsoft Flight Simulator 2004 A Century of Flight --> "C:\Program Files\Microsoft Games\Flight Simulator 9\UNINSTAL.EXE" /runtemp /addremove Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9} Microsoft Plus! for Windows XP --> MsiExec.exe /I{EEC2DAFD-5558-40AC-8E9C-5005C8F810E8} Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7} Mozilla Firefox (1.5.0.10) --> C:\Program Files\Mozilla Firefox\uninstall\uninstall.exe /ua "1.5.0.10 (el)" MSN Messenger 7.5 --> MsiExec.exe /I{4043A416-03EC-11DA-BFBD-00065BBDC0B5} Nero 6 --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI overland --> MsiExec.exe /I{766273C1-A39B-47EB-ACE8-DEBDD8094BCC} PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall PowerQuest PartitionMagic 7.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1E5007FA-DA5E-4EDD-BDE5-14D128D66887}\Setup.exe" QuickTime Alternative 1.77 --> "C:\Program Files\QuickTime Alternative\unins000.exe" Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE Recover My Files --> "C:\Program Files\Recover My Files\unins000.exe" Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe" SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe" SST Programming Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{03ADCA1C-BCF0-4B12-AFCF-8EBF2CB3AB07}\setup.exe" AddRem Sygate Personal Firewall --> MsiExec.exe /I{F34D9A5F-484A-4E31-A9D3-908CB265B289} TEAC USB 3D AUDIO --> C:\WINDOWS\CmiUSB2Uninstall.exe C:\Program Files\TEAC USB 3D AUDIO#TEAC USB 3D AUDIO#TEAC USB 3D AUDIO# TeamSpeak 2 RC2 --> "C:\Program Files\Teamspeak2_RC2\unins000.exe" ubi.com --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AEDDF5A3-29CE-11D5-A8C2-000102246AAE}\Setup.exe" -l0x9 UNINSTALL-L0x9 -uninst Ventrilo --> C:\PROGRA~1\Ventrilo\UNWISE.EXE C:\PROGRA~1\Ventrilo\INSTALL.LOG Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F} Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe" WinRAR 3.3 – Εφαρμογή Διαχείρισης Συμπιεσμένων Αρχείων --> C:\Program Files\WinRAR\uninstall.exe XviD MPEG-4 Video Codec --> "C:\Program Files\XviD\unins000.exe" -- End of ComboScan: finished at 2007-02-26 at 11:44:01 ------------------------- ANd here is FindLOP .txt Volume in drive C is SPaRTaN Volume Serial Number is 24EE-1F89 Directory of C:\Documents and Settings\Administrator\Application Data 08/07/2006 11:07 ££ <DIR> Lavasoft 0 File(s) 0 bytes 1 Dir(s) 12.273.197.056 bytes free Volume in drive C is SPaRTaN Volume Serial Number is 24EE-1F89 Directory of C:\Documents and Settings\All Users\Application Data 18/07/2006 03:17 ££ <DIR> Adobe 21/02/2007 10:50 §£ <DIR> Apple Computer 18/07/2006 03:38 ££ <DIR> CyberLink 27/02/2007 11:31 §£ <DIR> DVD Shrink 24/02/2007 07:43 ££ 12.844 hpzinstall.log 31/03/2006 07:11 ££ <DIR> nView_Profiles 25/10/2006 01:11 ££ <DIR> PC Suite 21/02/2007 11:07 ££ <DIR> Spybot - Search & Destroy 21/02/2007 11:57 ££ <DIR> TuneUp Software 1 File(s) 12.844 bytes 8 Dir(s) 12.273.192.960 bytes free Volume in drive C is SPaRTaN Volume Serial Number is 24EE-1F89 Directory of C:\Documents and Settings\LeoNiDaS\Application Data 18/07/2006 02:40 ££ <DIR> Adobe 20/01/2007 05:40 ££ <DIR> AdobeUM 06/04/2006 06:28 ££ <DIR> Ahead 21/02/2007 12:37 §£ 0 AVSDVDPlayer.m3u 13/07/2006 01:11 ££ <DIR> BSplayer 27/12/2006 07:43 ££ <DIR> Creative 18/07/2006 07:08 ££ <DIR> CyberLink 15/06/2006 10:36 §£ 5.932 GdiplusUpgrade_MSIApproach_Wrapper.log 16/06/2006 05:54 ££ <DIR> Google 31/03/2006 06:57 ££ <DIR> Identities 18/11/2006 04:58 ££ <DIR> InstallShield 11/04/2006 02:52 ££ <DIR> Lavasoft 21/01/2007 01:49 ££ <DIR> Leadertech 31/03/2006 10:19 ££ <DIR> Macromedia 21/02/2007 10:57 §£ <DIR> Media Player Classic 31/03/2006 05:39 ££ <DIR> Mozilla 01/09/2006 01:55 §£ <DIR> My Games 25/10/2006 01:11 ££ <DIR> PC Suite 01/07/2006 06:04 ££ <DIR> Sun 24/08/2006 05:59 ££ <DIR> teamspeak2 21/02/2007 11:58 ££ <DIR> TuneUp Software 25/06/2006 05:24 ££ <DIR> ubi.com 03/04/2006 12:23 ££ <DIR> Ventrilo 2 File(s) 5.932 bytes 21 Dir(s) 12.273.192.960 bytes free Volume in drive C is SPaRTaN Volume Serial Number is 24EE-1F89 Directory of C:\Documents and Settings\Default User\Application Data 31/03/2006 07:44 ££ <DIR> . 31/03/2006 07:44 ££ <DIR> .. 31/03/2006 07:44 ££ 62 desktop.ini 1 File(s) 62 bytes 2 Dir(s) 12.273.192.960 bytes free Volume in drive C is SPaRTaN Volume Serial Number is 24EE-1F89 Directory of C:\Documents and Settings\LocalService\Application Data Volume in drive C is SPaRTaN Volume Serial Number is 24EE-1F89 Directory of C:\Documents and Settings\NetworkService\Application Data [TRACE] Enumerating jobs and queues Unfortunately , I didnt save DrWebCureit report , I guess i have removed the viruses and not quarrantined them . Standingby , Leon .