NikosAlfa147

113 Posts

7648

March 18th, 2008 06:00

Please Help...serious problem with laptop!

Dear forum,

I have a serious problem with my laptop.

Yesterday I tried to download a program for my wife, which was probably a virus (I tried to download from eMule the Nucleus Kernal PowerPoint recovery software) and while it started installing, I got a blue screen, and the laptop switched off.

I tried to turn it on, and it kept going into a loop...blue screen, reboot, blue screen, reboot etc. So I tried F8 and I went to "Last known configuration" and it went into checkdisk, then I got into Windows XP Home.

I tried to use McAfee, but Virus Scan was missing, and I tried to install it, and it wouldn't let me.

I tried System Restore, but it wouldn't restore to an earlier time.

Then I tried to run HJT...and everything froze!!! I then rebooted the system, and from then on it keeps going into checkdisk...and when it finishes it won't let me into windows...but instead I get the same blue screen and then reboots!!

If I skip the checkdisk, I go into Windows normaly with no problems (but I do get a message "Windows Recovered from a serious error" or something like that), but I still can't run McAfee to do a virus scan and I have to firewall or anything like that!

When I reboot or switch of my laptop...and then turn it back on, it keeps going into checkdisk...then I have to cancel it to go into windows normaly.

When I try to run HJT this, everything freezes!!! So I don't have a log!

I also can't go into Safe Mode, cause I also get a blue screen and the system reboots by itself!!!

I forgot to tell you that I ran a search to see what files have been installed/created yesterday, and I found mdelk.exe which can't be deleted. Maybe that will help.

Any help?!

PLEASE help me guys! :-)

Message Edited by NikosAlfa147 on 03-18-2008 04:35 AM

Responses(103)

N

NikosAlfa147

113 Posts

0

March 22nd, 2008 06:00

And at last...here's the HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 09:29:25, on 22-Mar-08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\FerrariWallPaper\FerrariWP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Novosoft\Handy Backup\hbagent.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\PC Connectivity Solution\NclBTHandler.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\nikos\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.formula1.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ferrariworld.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = turbo.hol.gr:3128
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZiAcer.EXE
O4 - HKLM\..\Run: [\\Plato\EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P34 "\\Plato\EPSON Stylus CX3600 Series" /O6 "USB002" /M "Stylus CX3600"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Auto EPSON Stylus CX3600 Series on VASSILISLAPTOP] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P49 "Auto EPSON Stylus CX3600 Series on VASSILISLAPTOP" /O22 "\\VASSILISLAPTOP\EPSON" /M "Stylus CX3600"
O4 - HKLM\..\Run: [\\VASSILISLAPTOP\EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P43 "\\VASSILISLAPTOP\EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
O4 - HKLM\..\Run: [Auto EPSON Stylus CX3600 Series on DESKTOP] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P42 "Auto EPSON Stylus CX3600 Series on DESKTOP" /O15 "\\DESKTOP\EPSON" /M "Stylus CX3600"
O4 - HKLM\..\Run: [\\Desktop\EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P36 "\\Desktop\EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [FerrariWallPaper] C:\Program Files\FerrariWallPaper\FerrariWP.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [\\Plato\EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P34 "\\Plato\EPSON Stylus CX3600 Series" /M "Stylus CX3600" /EF "HKCU"
O4 - HKCU\..\Run: [OnlineCdrom] C:\DOCUME~1\NIKOSA~1\APPLIC~1\ATOMDE~1\32third.exe
O4 - HKCU\..\Run: [PokerSuperstarsSetup.exe] C:\DOCUME~1\NIKOSA~1\Desktop\POKERS~1.EXE /r
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [Handy Backup 4.1] C:\Program Files\Novosoft\Handy Backup\hbagent.exe -logon
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: www.ferrarixchallenge.com
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1187201028696
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{147DDB66-960F-4CCE-8F3A-5C2FEA83F58D}: NameServer = 91.132.4.4,91.132.4.20
O17 - HKLM\System\CCS\Services\Tcpip\..\{664A9738-1888-4E74-AA9E-4A5C1B595F34}: NameServer = 91.132.4.4,91.132.4.20
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: McAfee Application Installer Cleanup (0214531206126686) (0214531206126686mcinstcleanup) - Unknown owner - C:\DOCUME~1\NIKOSA~1\LOCALS~1\Temp\021453~1.EXE (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

N

NikosAlfa147

113 Posts

0

March 22nd, 2008 06:00

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:56 15360]
"\\Plato\EPSON Stylus CX3600 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.exe" [2004-03-04 05:00 98304]
"OnlineCdrom"="C:\DOCUME~1\NIKOSA~1\APPLIC~1\ATOMDE~1\32third.exe" [ ]
"PokerSuperstarsSetup.exe"="C:\DOCUME~1\NIKOSA~1\Desktop\POKERS~1.exe" [ ]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 15:58 1744896]
"Handy Backup 4.1"="C:\Program Files\Novosoft\Handy Backup\hbagent.exe" [2006-03-27 12:27 1478144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" []
"SoundMan"="SOUNDMAN.EXE" [2003-08-05 13:59 57344 C:\WINDOWS\soundman.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2003-06-27 23:53 88363 C:\WINDOWS\AGRSMMSG.exe]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 16:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-08-12 21:10 335872]
"LManager"="C:\PROGRA~1\LAUNCH~1\QtZiAcer.EXE" [2008-03-21 19:50 294912]
"\\Plato\EPSON Stylus CX3600 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.exe" [2004-03-04 05:00 98304]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"Auto EPSON Stylus CX3600 Series on VASSILISLAPTOP"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.exe" [2004-03-04 05:00 98304]
"\\VASSILISLAPTOP\EPSON Stylus CX3600 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.exe" [2004-03-04 05:00 98304]
"Auto EPSON Stylus CX3600 Series on DESKTOP"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.exe" [2004-03-04 05:00 98304]
"\\Desktop\EPSON Stylus CX3600 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.exe" [2004-03-04 05:00 98304]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-16 00:48 479232]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 10:56 110592 C:\WINDOWS\system32\bthprops.cpl]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2003-04-18 14:36 110592]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2003-04-18 15:20 610304]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-08-10 23:31 180269]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 13:20 227328]
"FerrariWallPaper"="C:\Program Files\FerrariWallPaper\FerrariWP.exe" [2005-01-24 12:27 45056]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 13:45 36040]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 15:58 1744896]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2003-07-29 16:14:16 499773]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-23 21:37:56 217194]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cobian Backup 8 interface]
C:\Program Files\Cobian Backup 8\cbInterface.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Handy Backup 4.1]
--a------ 2006-03-27 12:27 1478144 C:\Program Files\Novosoft\Handy Backup\hbagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
--a------ 2008-03-21 18:45 582992 C:\Program Files\McAfee.com\Agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]
--a------ 2005-09-26 10:26 110592 C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-10-25 18:58 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2006-05-03 02:56 36975 C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-08-10 23:31 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"McSysmon"=3 (0x3)
"MskService"=2 (0x2)
"mcmscsvc"=2 (0x2)
"McRedirector"=2 (0x2)
"McShield"=2 (0x2)
"McNASvc"=2 (0x2)
"McAfee HackerWatch Service"=2 (0x2)
"Emproxy"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\MSNMSGR.EXE"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"38749:TCP"= 38749:TCP:utorrent
"38749:UDP"= 38749:UDP:utorrentd_udp
"50002:UDP"= 50002:UDP:N95
"50002:TCP"= 50002:TCP:N95
"4262:TCP"= 4262:TCP:eMule
"4672:UDP"= 4672:UDP:eMule

S2 0214531206126686mcinstcleanup;McAfee Application Installer Cleanup (0214531206126686);C:\DOCUME~1\NIKOSA~1\LOCALS~1\Temp\ 021453~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini []

.
Contents of the 'Scheduled Tasks' folder
"2008-03-15 04:20:48 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe'
"2008-02-29 23:00:38 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-22 09:23:44
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"\\\\Plato\\EPSON Stylus CX3600 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATI9BE.EXE /P34 \"\\\\Plato\\EPSON Stylus CX3600 Series\" /O6 \"USB002\" /M \"Stylus CX3600\""
"\\\\VASSILISLAPTOP\\EPSON Stylus CX3600 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATI9BE.EXE /P43 \"\\\\VASSILISLAPTOP\\EPSON Stylus CX3600 Series\" /O6 \"USB001\" /M \"Stylus CX3600\""
"\\\\Desktop\\EPSON Stylus CX3600 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATI9BE.EXE /P36 \"\\\\Desktop\\EPSON Stylus CX3600 Series\" /O6 \"USB001\" /M \"Stylus CX3600\""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"\\\\Plato\\EPSON Stylus CX3600 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATI9BE.EXE /P34 \"\\\\Plato\\EPSON Stylus CX3600 Series\" /M \"Stylus CX3600\" /EF \"HKCU\""
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\NclBTHandler.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-03-22 9:27:12 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-22 07:27:06
ComboFix2.txt 2008-03-21 18:07:24
.
2008-03-14 00:01:15 --- E O F ---

N

NikosAlfa147

113 Posts

0

March 22nd, 2008 06:00

Good news keep on coming!

I did what you asked with ComboFix and HJT worked at last!!

Here's the ComboFix log:

----------------

ComboFix 08-03-20.5 - Nikos Alexiadis 2008-03-22 9:16:55.3 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.144 [GMT 2:00]
Running from: C:\Documents and Settings\Nikos Alexiadis\Desktop\Combo-Fix.exe
Command switches used :: C:\Documents and Settings\Nikos Alexiadis\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\hblogon.dll
C:\WINDOWS\Tasks\AE3DD2CC918643D0.job
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\hblogon.dll
C:\WINDOWS\System32\uxyujxhw.onv
C:\WINDOWS\Tasks\AE3DD2CC918643D0.job

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_UXYUJXHW
-------\Service_UXYUJXHW

(((((((((((((((((((((((((   Files Created from 2008-02-22 to 2008-03-22 )))))))))))))))))))))))))))))))
.

2008-03-21 21:12 . 2008-03-22 09:21   3,280   --a------   C:\WINDOWS\system32\Config.MPF
2008-03-20 23:22 . 2008-03-20 23:22      d--------   C:\Deckard
2008-03-20 22:15 . 2008-03-20 22:15      d--------   C:\Program Files\nikos
2008-03-19 22:58 . 2008-03-19 22:58      d--------   C:\Program Files\CCleaner
2008-03-19 21:47 . 2008-03-19 21:47      d--hs----   C:\FOUND.000
2008-03-18 20:41 . 2008-03-18 20:41      d--------   C:\WINDOWS\system32\ActiveScan
2008-03-18 20:41 . 2008-03-18 20:41   30,590   --a------   C:\WINDOWS\system32\pavas.ico
2008-03-18 20:41 . 2008-03-18 20:41   2,550   --a------   C:\WINDOWS\system32\Uninstall.ico
2008-03-18 20:41 . 2008-03-18 20:41   1,406   --a------   C:\WINDOWS\system32\Help.ico
2008-03-17 22:29 . 2006-12-22 16:02   170,408   --a------   C:\WINDOWS\system32\drivers\mfehidk.sys
2008-03-17 22:29 . 2007-03-02 14:16   109,608   --a------   C:\WINDOWS\system32\drivers\Mpfp.sys
2008-03-17 22:29 . 2006-12-22 16:02   71,496   --a------   C:\WINDOWS\system32\drivers\mfeavfk.sys
2008-03-17 22:29 . 2006-12-22 16:02   37,480   --a------   C:\WINDOWS\system32\drivers\mfesmfk.sys
2008-03-17 22:29 . 2006-12-22 16:02   34,184   --a------   C:\WINDOWS\system32\drivers\mfebopk.sys
2008-03-17 22:29 . 2006-12-22 16:02   32,008   --a------   C:\WINDOWS\system32\drivers\mferkdk.sys
2008-03-17 21:56 . 2008-03-17 21:56      d--------   C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-03-17 21:17 . 2008-03-17 21:17      d--------   C:\Documents and Settings\Nikos Alexiadis\Application Data\Nucleus Kernel PowerPoint Recovery
2008-03-17 20:52 . 2008-03-17 20:52      d--------   C:\Program Files\Recovery for PowerPoint
2008-03-15 20:59 . 2008-03-15 20:59      d--------   C:\Program Files\Novosoft
2008-03-15 20:59 . 2008-03-15 20:59      d--------   C:\Documents and Settings\Nikos Alexiadis\Application Data\Novosoft
2008-03-13 23:18 . 2008-03-13 23:18      d--------   C:\Documents and Settings\All Users\Application Data\TVU networks
2008-03-12 19:17 . 2008-03-12 19:17      d--------   C:\Program Files\Cobian Backup 8
2008-03-02 14:44 . 2007-07-30 19:19   271,224   --a------   C:\WINDOWS\system32\mucltui.dll
2008-03-02 14:44 . 2007-07-30 19:19   207,736   --a------   C:\WINDOWS\system32\muweb.dll
2008-03-02 14:44 . 2007-07-30 19:19   30,072   --a------   C:\WINDOWS\system32\mucltui.dll.mui
2008-03-02 12:26 . 2008-03-02 12:26      d--hs----   C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-02 12:25 . 2008-03-02 12:25      d--------   C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-28 21:03 . 2003-10-25 19:07      d--------   C:\Program Files\AviSynth 2.5
2008-02-28 21:03 . 2004-02-22 10:11   719,872   --a------   C:\WINDOWS\system32\devil.dll
2008-02-28 21:03 . 2006-10-07 17:43   502,784   --a------   C:\WINDOWS\x2.64.exe
2008-02-28 21:03 . 2007-11-13 09:31   399,360   --a------   C:\WINDOWS\system32\Smab.dll
2008-02-28 21:03 . 2007-05-17 17:30   318,976   --a------   C:\WINDOWS\system32\avisynth.dll
2008-02-28 21:03 . 2005-02-28 13:16   240,128   --a------   C:\WINDOWS\system32\x.264.exe
2008-02-28 21:03 . 2006-04-12 09:47   217,073   --a------   C:\WINDOWS\meta4.exe
2008-02-28 21:03 . 2004-01-25 00:00   70,656   --a------   C:\WINDOWS\system32\yv12vfw.dll
2008-02-28 21:03 . 2004-01-25 00:00   70,656   --a------   C:\WINDOWS\system32\i420vfw.dll
2008-02-28 21:03 . 2006-04-05 08:09   66,560   --a------   C:\WINDOWS\MOTA113.exe
2008-02-28 21:03 . 2005-07-14 12:31   27,648   --a------   C:\WINDOWS\system32\AVSredirect.dll
2008-02-28 21:01 . 2008-02-28 21:01      d--------   C:\Program Files\eRightSoft
2008-02-28 20:16 . 2008-02-28 20:16      d--------   C:\Program Files\WinAVI Video Converter
2008-02-28 19:42 . 2008-02-28 19:42      d--------   C:\Program Files\K-Lite Codec Pack
2008-02-28 19:42 . 2008-01-10 13:15   755,027   --a------   C:\WINDOWS\system32\xvidcore.dll
2008-02-28 19:42 . 2007-09-04 17:56   164,352   --a------   C:\WINDOWS\system32\unrar.dll
2008-02-28 19:41 . 2008-02-28 19:41      d--------   C:\Documents and Settings\Nikos Alexiadis\Application Data\Media Player Classic
2008-02-27 23:36 . 2008-02-27 23:36      d--------   C:\Program Files\AllToAVI

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-20 20:30   14,848   ----a-w   C:\WINDOWS\system32\dllcache\register.exe
2008-03-17 21:12   90,112   ----a-w   C:\WINDOWS\DUMP5cb7.tmp
2008-03-17 20:51   90,112   ----a-w   C:\WINDOWS\DUMP5f38.tmp
2008-02-04 19:26   151,040   --sh--w   C:\WINDOWS\system32\VistaUltm.dll
2008-01-11 05:53   44,544   ----a-w   C:\WINDOWS\system32\dllcache\pngfilt.dll
2008-01-09 11:18   3,596,288   ----a-w   C:\WINDOWS\system32\qt-dx331.dll
2008-01-09 11:18   200,704   ----a-w   C:\WINDOWS\system32\ssldivx.dll
2008-01-09 11:18   1,044,480   ----a-w   C:\WINDOWS\system32\libdivx.dll
2008-01-09 11:16   81,920   ----a-w   C:\WINDOWS\system32\dpl100.dll
2008-01-09 11:16   196,608   ----a-w   C:\WINDOWS\system32\dtu100.dll
2003-01-21 11:00   13,942,408   ----a-r   C:\WINDOWS\system32\config\systemprofile\MpSetup.exe
2003-01-21 01:00   13,942,408   ----a-r   C:\Documents and Settings\Nikos Alexiadis\MpSetup.exe
2003-01-21 01:00   13,942,408   ----a-r   C:\Documents and Settings\Administrator\MpSetup.exe
2003-01-21 01:00   13,942,408   ------r   C:\Documents and Settings\Default User\MpSetup.exe
2006-05-03 10:06   163,328   --sh--r   C:\WINDOWS\system32\flvDX.dll
2007-02-21 11:47   31,232   --sh--r   C:\WINDOWS\system32\msfDX.dll
2007-12-17 13:43   27,648   --sh--w   C:\WINDOWS\system32\Smab0.dll
2002-12-11 15:27   73,728   --sha-w   C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe
.

Bugbatter

3 Apprentice

•

20.5K Posts

0

March 22nd, 2008 11:00

Good work. Please send another file:

C:\QooBox\Quarantine\uxyujxhw.onv.vir

As you did before, please go here:
http://www.bleepingcomputer.com/submit-malware.php?channel=4
In the boxes provided:
Paste a link to this topic
Browse to
C:\QooBox\Quarantine\uxyujxhw.onv.vir
Add any comments, and click �Send File�.

We still have some more fixing to do, but I want to address your Safemode problem first.

Please download and run SafeBootKeyRepair:
http://download.bleepingcomputer.com/sUBs/SafeBootKeyRepair.exe

To run SafeBootKeyRepair.exe:
1. Close all programs/windows so that you have nothing open and are at your Desktop.
2. Double-click the SafeBootKeyRepair.exe file, and follow the instructions.
When finished, it will produce a log for you.
3. Post the entire contents of C:\SafeBoot_Repair.txt in your next reply.

N

NikosAlfa147

113 Posts

0

March 22nd, 2008 12:00

Please let me know when I can install Karspersky.

N

NikosAlfa147

113 Posts

0

March 22nd, 2008 12:00

Just rebooted my computer to see if safemode works...it woks fine, with no problems!

What's next?

Thanks again!

N

NikosAlfa147

113 Posts

0

March 22nd, 2008 12:00

Couldn't find the file you requested, so nothing was uploaded.

I double-clicked the safe-boot file, ran it, I got a "Please Wait" for a long time, went back to C:\ and found the log.

Here are the contents:

Reg export of SafeBoot key after repair:
========================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot]
"AlternateShell"="cmd.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\AppMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Base]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot file system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\CryptSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\DcomLaunch]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmadmin]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmboot.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmio.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmload.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmserver]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\EventLog]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\HelpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Netlogon]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PCI Configuration]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PlugPlay]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PNP Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Primary disk]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PSEXESVC]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\RpcSs]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SCSI Class]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sermouse.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SRService]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\System Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\WinMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]
@="Universal Serial Bus controllers"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]
@="CD-ROM Drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]
@="Standard floppy disk controller"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]
@="PCMCIA Adapters"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
@="SCSIAdapter"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]
@="Floppy disk drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
@="Human Interface Devices"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AFD]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AppMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Base]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Boot Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Boot file system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Browser]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\CryptSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\DcomLaunch]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Dhcp]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmadmin]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmboot.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmio.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmload.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmserver]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\DnsCache]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\EventLog]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\HelpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ip6fw.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ipnat.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LanmanServer]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LanmanWorkstation]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LmHosts]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\MCODS]
@=""

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Messenger]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\MpfService]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NDIS]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NDIS Wrapper]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Ndisuio]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBIOS]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBIOSGroup]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBT]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetDDEGroup]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Netlogon]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetMan]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Network]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetworkProvider]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NtLmSsp]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PCI Configuration]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PlugPlay]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PNP Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PNP_TDI]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Primary disk]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PSEXESVC]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpcdd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpdd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpwd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdsessmgr]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\RpcSs]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SCSI Class]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sermouse.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sharedaccess]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SRService]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Streams Drivers]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\System Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Tcpip]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\TDI]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\tdpipe.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\tdtcp.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\termservice]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\UploadMgr]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\WinMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\WZCSVC]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{36FC9E60-C465-11CF-8056-444553540000}]
@="Universal Serial Bus controllers"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}]
@="CD-ROM Drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}]
@="Standard floppy disk controller"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}]
@="Net"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}]
@="NetClient"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}]
@="NetService"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}]
@="NetTrans"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}]
@="PCMCIA Adapters"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
@="SCSIAdapter"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}]
@="Floppy disk drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
@="Human Interface Devices"

========================

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\mcmscsvc
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\PSEXESVC

Bugbatter

3 Apprentice

•

20.5K Posts

0

March 22nd, 2008 13:00

Please launch HijackThis to scan and place a checkmark next to this:
O4 - HKCU\..\Run: [OnlineCdrom] C:\DOCUME~1\NIKOSA~1\APPLIC~1\ATOMDE~1\32third.exe
Close all windows except Hijackthis and click "Fix Checked".
Close HijackThis.

Now run CCleaner per earlier instructions. Don't forget to reboot after that.

Please do another online virus scan with Panda ActiveScan
>Here. You need to use Internet Explorer for this scan.

Once you get to the Panda site, scroll down a bit and click on Scan your PC
A new window will appear; click on Check Now!
A new window will appear; fill in the boxes (Country, State, email addy)
Click on Scan Now! >
If you have never used TotalScan before, you will be prompted to install an ActiveX control (asinst.cab) : click on Install. Panda will install the component, and then install the latest signature files.
From "Select a device to scan...", choose "My Computer"
Allow the scan to run. It'll take a while.
When complete, click on "See Report", and then on "Save report"; save it to a convenient location.
Please post that report in your next reply. Simply open the text file, then copy/paste the content here. Also, please include a fresh HJT log.

After you do that it should be okay to install Kaspersky. Make sure all remnants of prior anti-virus programs have been removed before you install the new one.

We still have more to do, but we are almost finished.

Message Edited by Bugbatter on 03-22-2008 10:31 AM

N

NikosAlfa147

113 Posts

0

March 22nd, 2008 17:00

And finaly the HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 20:38:13, on 22-Mar-08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\FerrariWallPaper\FerrariWP.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\PROGRA~1\LAUNCH~1\QtZiAcer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Novosoft\Handy Backup\hbagent.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\NclBTHandler.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\nikos\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.formula1.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ferrariworld.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = turbo.hol.gr:3128
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [\\Plato\EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P34 "\\Plato\EPSON Stylus CX3600 Series" /O6 "USB002" /M "Stylus CX3600"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Auto EPSON Stylus CX3600 Series on VASSILISLAPTOP] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P49 "Auto EPSON Stylus CX3600 Series on VASSILISLAPTOP" /O22 "\\VASSILISLAPTOP\EPSON" /M "Stylus CX3600"
O4 - HKLM\..\Run: [\\VASSILISLAPTOP\EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P43 "\\VASSILISLAPTOP\EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
O4 - HKLM\..\Run: [Auto EPSON Stylus CX3600 Series on DESKTOP] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P42 "Auto EPSON Stylus CX3600 Series on DESKTOP" /O15 "\\DESKTOP\EPSON" /M "Stylus CX3600"
O4 - HKLM\..\Run: [\\Desktop\EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P36 "\\Desktop\EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [FerrariWallPaper] C:\Program Files\FerrariWallPaper\FerrariWP.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZiAcer.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [\\Plato\EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P34 "\\Plato\EPSON Stylus CX3600 Series" /M "Stylus CX3600" /EF "HKCU"
O4 - HKCU\..\Run: [PokerSuperstarsSetup.exe] C:\DOCUME~1\NIKOSA~1\Desktop\POKERS~1.EXE /r
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [Handy Backup 4.1] C:\Program Files\Novosoft\Handy Backup\hbagent.exe -logon
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: www.ferrarixchallenge.com
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1187201028696
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{147DDB66-960F-4CCE-8F3A-5C2FEA83F58D}: NameServer = 91.132.4.4,91.132.4.20
O17 - HKLM\System\CCS\Services\Tcpip\..\{664A9738-1888-4E74-AA9E-4A5C1B595F34}: NameServer = 91.132.4.4,91.132.4.20
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: McAfee Application Installer Cleanup (0214531206126686) (0214531206126686mcinstcleanup) - Unknown owner - C:\DOCUME~1\NIKOSA~1\LOCALS~1\Temp\021453~1.EXE (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

N

NikosAlfa147

113 Posts

0

March 22nd, 2008 17:00

Incident                                                                        Status                        Location

Potentially unwanted tool:application/kill&clean                                Not disinfected               HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\extensions\CmdMapping\{BF69DF00-2734-477F-8257-27CD04F88779}
Spyware:Cookie/WebtrendsLive                                                    Not disinfected               C:\Documents and Settings\LocalService\Cookies\nikos alexiadis@S111319[2].txt
Virus:Trj/Bancos.RQ                                                             Not disinfected               C:\Documents and Settings\Nikos Alexiadis\Desktop\Combo-Fix.exe[327882R2FWJFW\pv.cfexe]
Spyware:Cookie/Mediaplex                                                        Not disinfected               C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\COOKIES.TXT[.mediaplex.com/]
Spyware:Cookie/Casalemedia                                                      Not disinfected               C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\COOKIES.TXT[.casalemedia.com/]
Spyware:Cookie/FastClick                                                        Not disinfected               C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\COOKIES.TXT[.fastclick.net/]
Spyware:Cookie/Apmebf                                                           Not disinfected               C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\COOKIES.TXT[.apmebf.com/]
Spyware:Cookie/Smartadserver                                                    Not disinfected               C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\COOKIES.TXT[.smartadserver.com/]

N

NikosAlfa147

113 Posts

0

March 22nd, 2008 17:00

Virus:W32/Bagle.RP.worm                                                         Disinfected                   C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\DRIVERS\srosa.sys.vir
Virus:W32/Bagle.RP.worm                                                         Disinfected                   C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\wintems.exe.vir
Virus:W32/Bagle.RP.worm                                                         Disinfected                   C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\mdelk.exe.vir
Virus:W32/Bagle.RP.worm                                                         Disinfected                   C:\QooBox\Quarantine\CATCHME.ZIP[wintems.exe]
Virus:W32/Bagle.RP.worm                                                         Disinfected                   C:\QooBox\Quarantine\CATCHME.ZIP[127012.exe]
Virus:W32/Bagle.RP.worm                                                         Disinfected                   C:\QooBox\Quarantine\CATCHME.ZIP[srosa.sys]
Virus:W32/Bagle.RP.worm                                                         Disinfected                   C:\QooBox\Quarantine\CATCHME.ZIP[wintems.exe.1]
Virus:W32/Bagle.RP.worm                                                         Disinfected                   C:\QooBox\Quarantine\CATCHME.ZIP[mdelk.exe]

N

NikosAlfa147

113 Posts

0

March 22nd, 2008 17:00

Done.

Here are the logs:

CCleaner:

CLEANING COMPLETE - (11.377 secs)
------------------------------------------------------------------------------------------
15.0MB removed.
------------------------------------------------------------------------------------------

Details of files deleted
------------------------------------------------------------------------------------------
IE Temporary Internet Files (223 files) 2.46MB
C:\Documents and Settings\Nikos Alexiadis\Cookies\nikos_alexiadis@live365[1].txt 98 bytes
C:\Documents and Settings\Nikos Alexiadis\Cookies\nikos_alexiadis@serving-sys[2].txt 554 bytes
C:\Documents and Settings\Nikos Alexiadis\Cookies\nikos_alexiadis@adbrite[2].txt 209 bytes
C:\Documents and Settings\Nikos Alexiadis\Cookies\nikos_alexiadis@mail.google[2].txt 200 bytes
C:\Documents and Settings\Nikos Alexiadis\Cookies\nikos_alexiadis@p.live[2].txt 103 bytes
C:\Documents and Settings\Nikos Alexiadis\Cookies\nikos_alexiadis@h.live[2].txt 68 bytes
C:\Documents and Settings\Nikos Alexiadis\Cookies\nikos_alexiadis@rad.msn[3].txt 680 bytes
C:\Documents and Settings\Nikos Alexiadis\Cookies\nikos_alexiadis@formula1[2].txt 260 bytes
C:\Documents and Settings\Nikos Alexiadis\Cookies\nikos_alexiadis@messenger.msn[2].txt 96 bytes
C:\Documents and Settings\Nikos Alexiadis\Cookies\nikos_alexiadis@login.live[3].txt 182 bytes
C:\Documents and Settings\Nikos Alexiadis\Cookies\nikos_alexiadis@rad.live[3].txt 680 bytes
C:\Documents and Settings\Nikos Alexiadis\Cookies\nikos_alexiadis@hotmail.msn[2].txt 70 bytes
C:\Documents and Settings\Nikos Alexiadis\Cookies\nikos_alexiadis@b s.serving-sys[1].txt 111 bytes
C:\Documents and Settings\Nikos Alexiadis\Cookies\nikos_alexiadis@onlinestores.metaservices.microsoft[1].txt 146 bytes
C:\Documents and Settings\Nikos Alexiadis\Cookies\nikos_alexiadis@live[3].txt 396 bytes
C:\Documents and Settings\Nikos Alexiadis\Cookies\nikos_alexiadis@doubleclick[3].txt 101 bytes
C:\Documents and Settings\Nikos Alexiadis\Cookies\nikos_alexiadis@msn[2].txt 337 bytes
C:\Documents and Settings\Nikos Alexiadis\Cookies\nikos_alexiadis@forum.tvunetworks[2].txt 174 bytes
C:\Documents and Settings\Nikos Alexiadis\Cookies\nikos_alexiadis@www.formula1[2].txt 92 bytes
C:\Documents and Settings\Nikos Alexiadis\Cookies\nikos_alexiadis@msn[1].txt 337 bytes
C:\Documents and Settings\Nikos Alexiadis\Cookies\nikos_alexiadis@messenger.msn[1].txt 96 bytes
C:\Documents and Settings\Nikos Alexiadis\Cookies\nikos_alexiadis@p.live[1].txt 103 bytes
C:\Documents and Settings\Nikos Alexiadis\Cookies\nikos_alexiadis@rad.msn[2].txt 680 bytes
C:\Documents and Settings\Nikos Alexiadis\Cookies\nikos_alexiadis@login.live[2].txt 184 bytes
C:\Documents and Settings\Nikos Alexiadis\Cookies\nikos_alexiadis@hotmail.msn[1].txt 71 bytes
C:\Documents and Settings\Nikos Alexiadis\Cookies\nikos_alexiadis@live[2].txt 399 bytes
C:\Documents and Settings\Nikos Alexiadis\Cookies\nikos_alexiadis@h.live[1].txt 69 bytes
C:\Documents and Settings\Nikos Alexiadis\Cookies\nikos_alexiadis@www.elist24.co[1].txt 180 bytes
C:\Documents and Settings\Nikos Alexiadis\Cookies\nikos_alexiadis@rad.live[2].txt 690 bytes
C:\Documents and Settings\Nikos Alexiadis\Cookies\nikos_alexiadis@doubleclick[2].txt 87 bytes
C:\Documents and Settings\Nikos Alexiadis\Cookies\nikos_alexiadis@mail.google[1].txt 201 bytes
C:\Documents and Settings\Nikos Alexiadis\Cookies\nikos_alexiadis@imrworldwide[2].txt 226 bytes
C:\Documents and Settings\Nikos Alexiadis\Cookies\nikos_alexiadis@wheels24.co[2].txt 155 bytes
C:\Documents and Settings\Nikos Alexiadis\Cookies\nikos_alexiadis@revsci[2].txt 1.08KB
C:\Documents and Settings\Nikos Alexiadis\Cookies\nikos_alexiadis@google[2].txt 224 bytes
C:\Documents and Settings\Nikos Alexiadis\Cookies\nikos_alexiadis@mail.google[3].txt 119 bytes
Marked for deletion: C:\Documents and Settings\Nikos Alexiadis\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Marked for deletion: C:\Documents and Settings\Nikos Alexiadis\Cookies\index.dat
Marked for deletion: C:\Documents and Settings\Nikos Alexiadis\Local Settings\History\History.IE5\index.dat
Marked for deletion: C:\Documents and Settings\Nikos Alexiadis\Local Settings\History\History.IE5\MSHist012008032220080323\index.dat
C:\WINDOWS\TEMP\WGAErrLog.txt 255 bytes
C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\index.dat 32.00KB
C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\desktop.ini 67 bytes
C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\4PQPRLUV\desktop.ini 67 bytes
C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\SR9Z8ZOM\desktop.ini 67 bytes
C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\5C9GO8DO\desktop.ini 67 bytes
C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\3CLIO1PC\desktop.ini 67 bytes
C:\WINDOWS\TEMP\Cookies\index.dat 16.00KB
C:\WINDOWS\TEMP\History\History.IE5\index.dat 16.00KB
C:\WINDOWS\TEMP\History\History.IE5\desktop.ini 145 bytes
C:\WINDOWS\TEMP\WGANotify.settings 409 bytes
C:\WINDOWS\TEMP\mcmsc_JaCQMbeofJgUAFp 0 bytes
C:\Documents and Settings\Nikos Alexiadis\Local Settings\Temp\plugtmp\lh_support.xml 2.43KB
C:\Documents and Settings\Nikos Alexiadis\Local Settings\Temp\jusched.log 684 bytes
C:\Documents and Settings\Nikos Alexiadis\Local Settings\Temp\TWAIN.LOG 693 bytes
C:\Documents and Settings\Nikos Alexiadis\Local Settings\Temp\Twain001.Mtx 2 bytes
C:\Documents and Settings\Nikos Alexiadis\Local Settings\Temp\Twunk002.MTX 0 bytes
C:\Documents and Settings\Nikos Alexiadis\Local Settings\Temp\Twunk001.MTX 156 bytes
C:\Documents and Settings\Nikos Alexiadis\Local Settings\Temp\Temporary Directory 1 for ATI Graphics driver v6.14.10.6378 & VIA Graphics driver v6.14.10.0055.zip\ATI\Setup.exe 12.00KB
C:\Documents and Settings\Nikos Alexiadis\Local Settings\Temp\{0bedbd4e-2d34-47b5-9973-57e62b29307c}\CP_XP.reg 2.24KB
C:\Documents and Settings\Nikos Alexiadis\Local Settings\Temp\MessengerCache\KgoEtHZTlQJiLLQm4soV5MrxTDw= 22.55KB
C:\Documents and Settings\Nikos Alexiadis\Local Settings\Temp\MessengerCache\+JjXQQS2FrbuzyGqXJr8VtxfDVKg= 2.10KB
C:\Documents and Settings\Nikos Alexiadis\Local Settings\Temp\MessengerCache\z19sEwdR3pFK3OqGa73Gch+L2h4= 4.05KB
C:\Documents and Settings\Nikos Alexiadis\Local Settings\Temp\MessengerCache\td30y2Fygf+nu9pjShzKoKHxJVdA= 25.40KB
C:\Documents and Settings\Nikos Alexiadis\Local Settings\Temp\MessengerCache\ltrS8MjZJ2aeLVKuVCg1PikT18g= 5.54KB
C:\Documents and Settings\Nikos Alexiadis\Local Settings\Temp\MessengerCache\cc1r1cn5qJ8xkfW5cu9r73q1B4M= 1.53KB
C:\Documents and Settings\Nikos Alexiadis\Local Settings\Temp\swreg.exe 0.13MB
C:\Documents and Settings\Nikos Alexiadis\Local Settings\Temp\swxcacls.exe 0.20MB
C:\Documents and Settings\Nikos Alexiadis\Local Settings\Temp\plugtmp-1\lh_support.xml 2.43KB
C:\WINDOWS\system32\wbem\Logs\FrameWork.log 1.86KB
C:\WINDOWS\system32\wbem\Logs\wmiprov.log 335 bytes
C:\WINDOWS\setupapi.log 6.95KB
C:\WINDOWS\0.log 0 bytes
C:\WINDOWS\setupact.log 0 bytes
C:\WINDOWS\setuperr.log 0 bytes
C:\WINDOWS\ntbtlog.txt 0.15MB
C:\WINDOWS\system32\LogFiles\HTTPERR\httperr1.log 1.38KB
Removed Cookie: us.dell.com
Removed Cookie: dell.com
Removed Cookie: www.babybmw.net
Removed Cookie: amazon.com
Removed Cookie: google.com
Removed Cookie: en.f1-live.com
Removed Cookie: wunderloop.net
Removed Cookie: smartadserver.com
Removed Cookie: mail.google.com
Removed Cookie: www.alfisti.gr
Removed Cookie: www.4tforum.gr
Removed Cookie: 4tforum.gr
Removed Cookie: sport.gr
Removed Cookie: outline.sport.gr
Removed Cookie: doubleclick.net
Removed Cookie: imageshack.us
Removed Cookie: autosport.com
Removed Cookie: 4wheelsblog.com
Removed Cookie: 2o7.net
Removed Cookie: live.com
Removed Cookie: msnportal.112.2o7.net
Removed Cookie: haynet.adbureau.net
Removed Cookie: uk.sitestat.com
Removed Cookie: acer.com
Removed Cookie: support.acer-euro.com
Removed Cookie: msn.com
Removed Cookie: c.live.com
Removed Cookie: www.acereurope.com
Removed Cookie: www.in.gr
Removed Cookie: imrworldwide.com
Removed Cookie: www.papasotiriou.gr
Removed Cookie: assets.in.gr
Removed Cookie: facebook.com
Removed Cookie: furious.adman.gr
Removed Cookie: ad.yieldmanager.com
Removed Cookie: youtube.com
Removed Cookie: google.gr
Removed Cookie: edmunds.com
Removed Cookie: www.virginmedia.com
Removed Cookie: virginmedia.com
Removed Cookie: revsci.net
Removed Cookie: rsi.edmunds.com
Removed Cookie: questionmarket.com
Removed Cookie: tuningnews.blogsome.com
Removed Cookie: blogsome.com
Removed Cookie: worldcarfans.com
Removed Cookie: casalemedia.com
Removed Cookie: www.worldcarfans.com
Removed Cookie: fastclick.net
Removed Cookie: tribalfusion.com
Removed Cookie: xerades.gr
Removed Cookie: www.theprancinghorse.co.uk
Removed Cookie: germancarzone.com
Removed Cookie: www.germancarzone.com
Removed Cookie: www.bmwforum.gr
Removed Cookie: carscoop.blogspot.com
Removed Cookie: statcounter.com
Removed Cookie: abmr.net
Removed Cookie: connextra.com
Removed Cookie: quantserve.com
Removed Cookie: www.imageshack.us
Removed Cookie: forums.vwvortex.com
Removed Cookie: vortexmediagroup.com
Removed Cookie: britishblogs.co.uk
Removed Cookie: www.donvid.com
Removed Cookie: leenks.com
Removed Cookie: www.leenks.com
Removed Cookie: statse.webtrendslive.com
Removed Cookie: www.google.com
Removed Cookie: utorrent.com
Removed Cookie: www.autocarmagazine.co.uk
Removed Cookie: apmebf.com
Removed Cookie: autotriti.gr
Removed Cookie: www.asfalistra.gr
Removed Cookie: aus2.mozilla.org
Removed Cookie: shoppingads.com
Removed Cookie: 212.107.6.3
C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\downloads.rdf 206 bytes
Firefox/Mozilla Temporary Internet Cache (106 files) 11.5MB
C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\history.dat 0.30MB
C:\Documents and Settings\Nikos Alexiadis\Application Data\Microsoft\Office\Recent\BMW 120i money.xls.LNK 713 bytes
C:\Documents and Settings\Nikos Alexiadis\Application Data\Microsoft\Office\Recent\index.dat 64 bytes
C:\Documents and Settings\Nikos Alexiadis\Application Data\Microsoft\Office\Recent\My Documents.LNK 568 bytes
C:\Documents and Settings\Nikos Alexiadis\Application Data\Sun\Java\Deployment\cache\6.0\host\3626790-2a050b15.hst 13 bytes
C:\Documents and Settings\Nikos Alexiadis\Application Data\Sun\Java\Deployment\cache\6.0\3\7a846d43-2cd19fc8.idx 389 bytes
C:\Documents and Settings\Nikos Alexiadis\Application Data\Sun\Java\Deployment\cache\6.0\3\7a846d43-2cd19fc8 3.55KB
C:\Documents and Settings\Nikos Alexiadis\Application Data\Sun\Java\Deployment\cache\6.0\7\26462e87-60f74a8b.idx 514 bytes
C:\Documents and Settings\Nikos Alexiadis\Application Data\Sun\Java\Deployment\cache\6.0\7\26462e87-60f74a8b 46.97KB
C:\Documents and Settings\Nikos Alexiadis\Application Data\Sun\Java\Deployment\cache\6.0\59\575fb4bb-77dd4649.idx 389 bytes
C:\Documents and Settings\Nikos Alexiadis\Application Data\Sun\Java\Deployment\cache\6.0\59\575fb4bb-77dd4649 1.29KB
C:\Documents and Settings\Nikos Alexiadis\Application Data\Sun\Java\Deployment\cache\6.0\lastAccessed 1 bytes
C:\Documents and Settings\Nikos Alexiadis\Application Data\Macromedia\Flash Player\#SharedObjects\BEBDA5WW\pagead2.googlesyndication.com\pagead\googleadplayer.swf\mediaPlayerUserSettings.sol 94 bytes
C:\Documents and Settings\Nikos Alexiadis\Application Data\Macromedia\Flash Player\#SharedObjects\BEBDA5WW\www.youtube.com\soundData.sol 58 bytes
C:\Documents and Settings\Nikos Alexiadis\Application Data\Macromedia\Flash Player\#SharedObjects\BEBDA5WW\www.youtube.com\timeDisplayConfig.sol 81 bytes
C:\Documents and Settings\Nikos Alexiadis\Application Data\Macromedia\Flash Player\#SharedObjects\BEBDA5WW\www.youtube.com\videostats.sol 199 bytes
C:\Documents and Settings\Nikos Alexiadis\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#pagead2.googlesyndication.com\settings.sol 99 bytes
C:\Documents and Settings\Nikos Alexiadis\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.youtube.com\settings.sol 85 bytes
C:\Documents and Settings\Nikos Alexiadis\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol 471 bytes
------------------------------------------------------------------------------------------

N

NikosAlfa147

113 Posts

0

March 22nd, 2008 17:00

Conti' of Panda Scan:

Virus:W32/Bagle.RP.worm                                                         Disinfected                   C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\DRIVERS\DOWN\15307110.exe.vir
Virus:W32/Bagle.RC.worm                                                         Disinfected                   C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\DRIVERS\DOWN\29949915.exe.vir
Virus:W32/Bagle.RC.worm                                                         Disinfected                   C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\DRIVERS\DOWN\44564099.exe.vir
Virus:W32/Bagle.RP.worm                                                         Disinfected                   C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\DRIVERS\DOWN\1067214.exe.vir
Virus:W32/Bagle.RC.worm                                                         Disinfected                   C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\DRIVERS\DOWN\110949.exe.vir
Virus:W32/Bagle.RP.worm                                                         Disinfected                   C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\DRIVERS\DOWN\1211602.exe.vir
Virus:W32/Bagle.RP.worm                                                         Disinfected                   C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\DRIVERS\DOWN\30402917.exe.vir
Virus:W32/Bagle.SB.worm                                                         Disinfected                   C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\DRIVERS\DOWN\720425.exe.vir
Virus:W32/Bagle.RP.worm                                                         Disinfected                   C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\DRIVERS\DOWN\483595.exe.vir
Virus:W32/Bagle.RP.worm                                                         Disinfected                   C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\DRIVERS\DOWN\1553984.exe.vir
Virus:W32/Bagle.RP.worm                                                         Disinfected                   C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\DRIVERS\DOWN\113403.exe.vir
Virus:W32/Bagle.RP.worm                                                         Disinfected                   C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\DRIVERS\DOWN\127012.exe.vir

Bugbatter

3 Apprentice

•

20.5K Posts

0

March 22nd, 2008 18:00

We will run a process that will remove ComboFix and all of its files. That process will also reset System Restore.

Have you tried to uninstall McAfee in Safemode? Yes, you will need to go to the McAfee Security Center (via the icon in your system tray) to DISABLE each of the individual McAfee components that you plan on removing.

Next, go to Add/Remove Programs and remove components of McAfee Security Center.

1. Download the removal tool from: http://download.mcafee.com/products/licensed/cust_support_patches/MCPR.exe

2. Click Save and save the file to any folder on your computer.
3. Navigate to the folder where the file is saved.
4. Make sure all McAfee windows are closed.
5. Double-click MCPR.EXE to run the removal tool.

6. Restart your computer after receiving the message CleanUp Successful.

Your McAfee product will not be fully removed until the system is restarted.
If the message Cleanup Unsuccessful is displayed, you can view and save your MCPR log files for analysis by Technical Support.

Let me know how that goes so we can do the final cleanup.

Bugbatter

3 Apprentice

•

20.5K Posts

0

March 22nd, 2008 18:00

It looks like you have a suite of McAfee protection on there. Are you going to remove all of it, or just disable the anti-virus component before you install Kaspersky? You may have a problem if McAfee's components don't play nicely with KAV.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. It is possible that you may be running Java code in your applications that absolutely require a specific version of the JRE to run. Please follow these steps to remove older version Java components and update.

Updating Java:

Download the latest version of Java Runtime Environment (JRE) 6.
Scroll down to where it says "Java Runtime Environment (JRE) 6u5 allows end-users to run Java applications".
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement".
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each of the Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u5-windows-i586-p.exe to install the newest version.

Official JAVA Installation Instructions if needed.

Please post a fresh HijackThis log after that and let me know how things are running. If all is well, we'll clean up our tools and reset System Restore. If you find that any of your programs are not working, you may have to reinstall them.

1
2
3
4
5
6
7

View All

No Events found!

Virus & Spyware

Please Help...serious problem with laptop!