My Anti Spyware

by **FUNBASKETFUN** » Wed Apr 22, 2009 9:05 pm

Dns changer trojan + win32.sober
COULD YOU PLS HELP.??

ALL YOUR INSTRUCTIONS where for windows xp so i couldnt follow..

I have windows vista home premium.
I had panda global antivirus and it did not find the trojan.
I used superantispyware free and found DNS CHANGER TROJAN in the registry keys C:\PROGRAMDATA\MICROSOFT\WINDOWS\STARTUP MENU IN a folder called VIDEOSOFT but although it says removed it finds it in the next scan.
I ALSO USED TRUE SWORD which found only WIN32.SOBER.A also in the registry keys.
BUT DID NOT REMOVE IT AS IT WAS THERE IN THE NEXT SCAN.

I also seem to be unable to always boot my pc but only in safe mode many times and I also get blue screen and a mesage "dumping memory to disc" and rebooting automatically.
Thanks.

It seems that infection in the registry keys could not be fixed???
Or how can i fix it manually.
CAN I DELETE THIS VIDEOSOFT DIRECTORY THAT I DONT KNOW WHAT IT IS??

Many thanks
Funbasketfun

WINDOWS VISTA HOME PREMIUM
INTEL CORE QUAD CPU Q6600 2,40GHZ
4GB RAM
NVIDIA GEFORCE 8500GT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:02:48 πμ, on 22/4/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Panda Security\Panda Global Protection 2009\ApvxdWin.exe
C:\Windows\SYSTEM32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\CyberLink\InstantBurn\Win2K\IBurn.exe
C:\Program Files\CyberLink\Shared Files\brs.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Panda Security\Panda Global Protection 2009\PavBckPT.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\FANIS\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.quest.gr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.gr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.quest.gr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Torrents-Search-Engine Toolbar - {3b419ee1-1fa8-47b9-9aec-6b60ac2e3fca} - C:\Program Files\Torrents-Search-Engine\tbTor1.dll
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Torrents-Search-Engine Toolbar - {3b419ee1-1fa8-47b9-9aec-6b60ac2e3fca} - C:\Program Files\Torrents-Search-Engine\tbTor1.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Βοηθός εισόδου του Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: OTS Software Toolbar - {e41b29e5-88b5-40b1-903e-080e0f2c4b65} - C:\Program Files\OTS_Software\tbOTS_.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Torrents-Search-Engine Toolbar - {3b419ee1-1fa8-47b9-9aec-6b60ac2e3fca} - C:\Program Files\Torrents-Search-Engine\tbTor1.dll
O3 - Toolbar: OTS Software Toolbar - {e41b29e5-88b5-40b1-903e-080e0f2c4b65} - C:\Program Files\OTS_Software\tbOTS_.dll
O3 - Toolbar: Veoh Video Compass - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [InstantBurn] C:\PROGRA~1\CYBERL~1\INSTAN~1\Win2K\IBurn.exe
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [wcmdmgr] C:\Windows\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Global Protection 2009\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Security\Panda Global Protection 2009\Inicio.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [Google Update] "C:\Users\FANIS\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&ξαγωγή στο Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Αποστολή στο OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Α&ποστολή στο OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Πρόχειρες σελίδες HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Έξυπνη επιλογή HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/betaactive ... stubie.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/a-U ... E_UNO1.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/f ... wflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b56986.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate1c9bffd24bfdb1e) (gupdate1c9bffd24bfdb1e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Security, S.L. - C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe
O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\pavsrvx86.exe
O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda security\panda global protection 2009\firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\PsImSvc.exe
O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\PskSvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\TPSrv.exe

--
End of file - 13797 bytes

by **patrik** » Thu Apr 23, 2009 1:50 pm

Hello FUNBASKETFUN, welcome to the Myantispyware forum.

Download RootkitRevealer from here and uzip it to a folder that you create such as C:\RootkitRevealer.
1. Disconnect from the internet and disable all active protection.
2. Double-click RootkitRevealer.exe to run the program.
3. When the program opens, click the Scan button.
4. When the scan is finished, click File->Save and save a log to your desktop.
5. Close RootkitRevealer.

Download RSIT by random/random from here and save it to your desktop.

* Double click on RSIT.exe to run RSIT.
* Click Continue at the disclaimer screen.
* Once it has finished, two logs will open.

Post back with RootkitRevealer log + both RSIT logs. Post each log in separate post.

by **FUNBASKETFUN** » Sat Apr 25, 2009 1:37 pm

Hello again

Thanks for your quick reply.

RootkitRevealer is not for Vista os (thats what they say in their site) Could you pls advise if it is safe to use it as many times when i used non compatible programs i get immediate reboot with blue screen + "dumping memory to disc".

Could you pls send me if available formating VISTA 32 bit instructions(WITH PARTITIONING HARD DISC) just in case we wont be able to solve this?As I have this problem more that 10 days now.

thanks
FUNBASKETFUN

by **patrik** » Sat Apr 25, 2009 3:52 pm

RootkitRevealer is not for Vista os (thats what they say in their site) Could you pls advise if it is safe to use it as many times when i used non compatible programs i get immediate reboot with blue screen + "dumping memory to disc".

Ok, will try other tools.

Download Avenger from here and unzip to your desktop.
Run Avenger, make sure that the box next to "Scan for rootkits" has a tick in it and that the box next to "Automatically disable any rootkits found" does not have a tick in it, then click on ‘Execute’.
Afterwards, Windows restarts, and opens the log generated by The Avenger so you can see the results. If it does not automatically open, then the log can be found at %systemdrive%\avenger.txt (typically C:\avenger.txt).

And please make a RSIT logs, as i have written above.

Post back with Avenger log + both RSIT logs.

by **FUNBASKETFUN** » Sat Apr 25, 2009 6:22 pm

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Completed script processing.

*******************

Finished! Terminate.

by **FUNBASKETFUN** » Sat Apr 25, 2009 6:34 pm

JUST ONE LOG FILE OPENED THE 2ND TIME I RUN RSI (AS I CLOSED IT BY MISTAKE 1ST TIME )

Logfile of random's system information tool 1.06 (written by random/random)
Run by FANIS at 2009-04-25 21:29:56
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 235 GB (49%) free of 477 GB
Total RAM: 3070 MB (54% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:29:58 μμ, on 25/4/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\PROGRAM FILES\PANDA SECURITY\PANDA GLOBAL PROTECTION 2009\WebProxy.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\SYSTEM32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\CyberLink\InstantBurn\Win2K\IBurn.exe
C:\Program Files\CyberLink\Shared Files\brs.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Users\FANIS\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Panda Security\Panda Global Protection 2009\PavBckPT.exe
C:\Program Files\PremierOpinion\pmropn.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Panda Security\Panda Global Protection 2009\avciman.exe
C:\Users\FANIS\Downloads\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\FANIS.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.quest.gr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.gr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.quest.gr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Torrents-Search-Engine Toolbar - {3b419ee1-1fa8-47b9-9aec-6b60ac2e3fca} - C:\Program Files\Torrents-Search-Engine\tbTor1.dll
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Torrents-Search-Engine Toolbar - {3b419ee1-1fa8-47b9-9aec-6b60ac2e3fca} - C:\Program Files\Torrents-Search-Engine\tbTor1.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Βοηθός εισόδου του Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: OTS Software Toolbar - {e41b29e5-88b5-40b1-903e-080e0f2c4b65} - C:\Program Files\OTS_Software\tbOTS_.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Torrents-Search-Engine Toolbar - {3b419ee1-1fa8-47b9-9aec-6b60ac2e3fca} - C:\Program Files\Torrents-Search-Engine\tbTor1.dll
O3 - Toolbar: OTS Software Toolbar - {e41b29e5-88b5-40b1-903e-080e0f2c4b65} - C:\Program Files\OTS_Software\tbOTS_.dll
O3 - Toolbar: Veoh Video Compass - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [InstantBurn] C:\PROGRA~1\CYBERL~1\INSTAN~1\Win2K\IBurn.exe
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [wcmdmgr] C:\Windows\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Global Protection 2009\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Security\Panda Global Protection 2009\Inicio.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [Google Update] "C:\Users\FANIS\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&ξαγωγή στο Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Αποστολή στο OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Α&ποστολή στο OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Πρόχειρες σελίδες HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Έξυπνη επιλογή HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/betaactive ... stubie.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/a-U ... E_UNO1.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-09.sun.com/s/ESD7/JSCDL/ ... 586-jc.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/f ... wflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b56986.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate1c9bffd24bfdb1e) (gupdate1c9bffd24bfdb1e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Security, S.L. - C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe
O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\pavsrvx86.exe
O23 - Service: PremierOpinion - VoiceFive Networks, Inc. - C:\Program Files\PremierOpinion\pmservice.exe
O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda security\panda global protection 2009\firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\PsImSvc.exe
O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\PskSvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\TPSrv.exe

--
End of file - 14912 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachine.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-184900894-92464173-4099346740-1003.job
C:\Windows\tasks\User_Feed_Synchronization-{783C9D9A-F3FC-451E-949D-131C83ECDEAC}.job
C:\Windows\tasks\xvcfucfq.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
HP Print Clips - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll [2007-03-02 177768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-11-07 1088296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-03-21 312928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3b419ee1-1fa8-47b9-9aec-6b60ac2e3fca}]
Torrents-Search-Engine Toolbar - C:\Program Files\Torrents-Search-Engine\tbTor1.dll [2009-03-19 1883672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Βοηθός εισόδου του Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-04-22 259696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-04-03 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-04-22 470512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-04-24 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e41b29e5-88b5-40b1-903e-080e0f2c4b65}]
OTS Software Toolbar - C:\Program Files\OTS_Software\tbOTS_.dll [2008-08-21 1780248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
SweetIM Toolbar Helper - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2008-10-08 1172792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{3b419ee1-1fa8-47b9-9aec-6b60ac2e3fca} - Torrents-Search-Engine Toolbar - C:\Program Files\Torrents-Search-Engine\tbTor1.dll [2009-03-19 1883672]
{e41b29e5-88b5-40b1-903e-080e0f2c4b65} - OTS Software Toolbar - C:\Program Files\OTS_Software\tbOTS_.dll [2008-08-21 1780248]
{52836EB0-631A-47B1-94A6-61F9D9112DAE} - Veoh Video Compass - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll [2009-02-14 404216]
{0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - Veoh Web Player Video Finder - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll [2009-04-03 429816]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-04-22 259696]
{EEE6C35B-6118-11DC-9C72-001320C79847} - SweetIM Toolbar for Internet Explorer - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2008-10-08 1172792]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"InstantBurn"=C:\PROGRA~1\CYBERL~1\INSTAN~1\Win2K\IBurn.exe [2007-06-04 599600]
"BDRegion"=C:\Program Files\Cyberlink\Shared Files\brs.exe [2008-05-16 91432]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2008-05-14 87336]
"LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2008-02-22 62760]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-03-11 49152]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
"wcmdmgr"=C:\Windows\wt\updater\wcmdmgrl.exe [2003-09-22 20480]
"Start WingMan Profiler"=C:\Program Files\Logitech\Gaming Software\LWEMon.exe [2008-04-04 88584]
"LogitechQuickCamRibbon"=C:\Program Files\Logitech\QuickCam\Quickcam.exe [2008-12-20 2656528]
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2008-11-02 167936]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-09-18 13580832]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-09-18 92704]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-03-21 198160]
"APVXDWIN"=C:\Program Files\Panda Security\Panda Global Protection 2009\APVXDWIN.EXE [2008-12-03 869632]
"SCANINICIO"=C:\Program Files\Panda Security\Panda Global Protection 2009\Inicio.exe [2008-07-07 50432]
"SweetIM"=C:\Program Files\SweetIM\Messenger\SweetIM.exe [2009-03-05 111928]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-04-24 148888]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-21 1233920]
"WindowsWelcomeCenter"=oobefldr.dll,ShowWelcomeCenter []
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-12-23 39408]
"VeohPlugin"=C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe [2009-04-03 3558648]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2008-11-07 21633320]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-12-29 687560]
"EA Core"=C:\Program Files\Electronic Arts\EADM\Core.exe [2009-02-06 3325952]
"Google Update"=C:\Users\FANIS\AppData\Local\Google\Update\GoogleUpdate.exe [2009-03-21 133104]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]
"msnmsgr"=~C:\Program Files\MSN Messenger\msnmsgr.exe /background []
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-03-23 1830128]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2009-04-25 20:51:35 ----D---- C:\rsit
2009-04-25 20:40:46 ----D---- C:\Avenger
2009-04-25 20:40:46 ----A---- C:\avenger.txt
2009-04-25 19:29:25 ----D---- C:\Program Files\PremierOpinion
2009-04-25 19:29:10 ----D---- C:\Program Files\CEDP Stealer 6.0 for Messenger
2009-04-25 16:13:56 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-04-25 16:13:22 ----SHD---- C:\Config.Msi
2009-04-24 19:52:38 ----A---- C:\Windows\system32\javaws.exe
2009-04-24 19:52:38 ----A---- C:\Windows\system32\javaw.exe
2009-04-24 19:52:38 ----A---- C:\Windows\system32\java.exe
2009-04-24 19:52:38 ----A---- C:\Windows\system32\deploytk.dll
2009-04-24 19:52:10 ----D---- C:\Program Files\Java
2009-04-24 09:40:19 ----D---- C:\ProgramData\SweetIM
2009-04-24 09:40:19 ----D---- C:\Program Files\SweetIM
2009-04-24 00:27:52 ----A---- C:\Windows\ntbtlog.txt
2009-04-23 21:49:54 ----D---- C:\Users\FANIS\AppData\Roaming\Techno Design IP
2009-04-22 21:13:38 ----SHD---- C:\found.000
2009-04-22 01:02:26 ----D---- C:\Program Files\Trend Micro
2009-04-21 20:52:53 ----A---- C:\log2.txt
2009-04-21 20:52:53 ----A---- C:\log1.txt
2009-04-21 20:50:33 ----D---- C:\Users\FANIS\AppData\Roaming\True Sword
2009-04-21 20:46:26 ----D---- C:\Program Files\True Sword 5
2009-04-19 00:43:47 ----D---- C:\Users\FANIS\AppData\Roaming\Malwarebytes
2009-04-19 00:43:42 ----D---- C:\ProgramData\Malwarebytes
2009-04-19 00:43:42 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-04-18 15:32:59 ----A---- C:\Windows\system32\HHActiveX.dll
2009-04-18 15:32:54 ----A---- C:\Windows\system32\TpUtil.dll
2009-04-18 15:32:54 ----A---- C:\Windows\system32\SYSTOOLS.DLL
2009-04-18 15:32:54 ----A---- C:\Windows\system32\PavSHook.dll
2009-04-18 15:32:54 ----A---- C:\Windows\system32\PavLspHook.dll
2009-04-18 15:32:54 ----A---- C:\Windows\system32\pavipc.dll
2009-04-18 15:32:52 ----D---- C:\Windows\system32\PAV
2009-04-18 15:32:51 ----D---- C:\Users\FANIS\AppData\Roaming\Panda Security
2009-04-18 15:32:51 ----D---- C:\ProgramData\Panda Security
2009-04-18 15:30:17 ----D---- C:\Program Files\Common Files\Panda Security
2009-04-18 13:04:43 ----D---- C:\ProgramData\HP Product Assistant
2009-04-16 22:57:41 ----D---- C:\Program Files\CCleaner
2009-04-16 22:46:27 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2009-04-16 22:46:14 ----D---- C:\Users\FANIS\AppData\Roaming\SUPERAntiSpyware.com
2009-04-16 22:46:14 ----D---- C:\Program Files\SUPERAntiSpyware
2009-04-16 22:31:40 ----A---- C:\Windows\system32\hpzll64X.dll
2009-04-16 00:28:37 ----A---- C:\Windows\system32\winhttp.dll
2009-04-16 00:28:34 ----A---- C:\Windows\system32\xolehlp.dll
2009-04-16 00:28:34 ----A---- C:\Windows\system32\msdtcprx.dll
2009-04-16 00:28:08 ----A---- C:\Windows\system32\rpcss.dll
2009-04-16 00:28:08 ----A---- C:\Windows\system32\ntkrnlpa.exe
2009-04-16 00:28:07 ----A---- C:\Windows\system32\ntoskrnl.exe
2009-04-16 00:28:05 ----A---- C:\Windows\system32\sdohlp.dll
2009-04-16 00:28:05 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2009-04-16 00:28:05 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2009-04-16 00:28:04 ----A---- C:\Windows\system32\iasrecst.dll
2009-04-16 00:28:04 ----A---- C:\Windows\system32\iashost.exe
2009-04-16 00:28:04 ----A---- C:\Windows\system32\iasdatastore.dll
2009-04-16 00:28:04 ----A---- C:\Windows\system32\iasads.dll
2009-04-16 00:27:23 ----A---- C:\Windows\system32\lsasrv.dll
2009-04-16 00:27:22 ----A---- C:\Windows\system32\secur32.dll
2009-04-16 00:27:22 ----A---- C:\Windows\system32\kernel32.dll
2009-04-16 00:27:22 ----A---- C:\Windows\system32\apilogen.dll
2009-04-16 00:27:22 ----A---- C:\Windows\system32\amxread.dll
2009-04-13 22:51:07 ----D---- C:\Program Files\Microsoft Sync Framework
2009-04-13 22:37:25 ----D---- C:\Program Files\Common Files\Windows Live
2009-03-30 22:21:11 ----A---- C:\Windows\system32\mshtmled.dll
2009-03-30 22:21:10 ----A---- C:\Windows\system32\msls31.dll
2009-03-30 22:21:10 ----A---- C:\Windows\system32\mshtmler.dll
2009-03-30 22:21:10 ----A---- C:\Windows\system32\jsproxy.dll
2009-03-30 22:21:10 ----A---- C:\Windows\system32\ieui.dll
2009-03-30 22:21:10 ----A---- C:\Windows\system32\icardie.dll
2009-03-30 22:21:10 ----A---- C:\Windows\system32\corpol.dll
2009-03-30 22:21:10 ----A---- C:\Windows\system32\admparse.dll
2009-03-30 22:21:09 ----A---- C:\Windows\system32\imgutil.dll
2009-03-30 22:21:09 ----A---- C:\Windows\system32\iernonce.dll
2009-03-30 22:21:09 ----A---- C:\Windows\system32\iepeers.dll
2009-03-30 22:21:09 ----A---- C:\Windows\system32\ieakeng.dll
2009-03-30 22:21:09 ----A---- C:\Windows\system32\dxtrans.dll
2009-03-30 22:21:09 ----A---- C:\Windows\system32\dxtmsft.dll
2009-03-30 22:21:08 ----A---- C:\Windows\system32\WinFXDocObj.exe
2009-03-30 22:21:08 ----A---- C:\Windows\system32\wextract.exe
2009-03-30 22:21:08 ----A---- C:\Windows\system32\webcheck.dll
2009-03-30 22:21:08 ----A---- C:\Windows\system32\occache.dll
2009-03-30 22:21:08 ----A---- C:\Windows\system32\mstime.dll
2009-03-30 22:21:08 ----A---- C:\Windows\system32\msrating.dll
2009-03-30 22:21:08 ----A---- C:\Windows\system32\msfeedssync.exe
2009-03-30 22:21:08 ----A---- C:\Windows\system32\msfeedsbs.dll
2009-03-30 22:21:08 ----A---- C:\Windows\system32\licmgr10.dll
2009-03-30 22:21:08 ----A---- C:\Windows\system32\inseng.dll
2009-03-30 22:21:08 ----A---- C:\Windows\system32\iesetup.dll
2009-03-30 22:21:08 ----A---- C:\Windows\system32\ieakui.dll
2009-03-30 22:21:08 ----A---- C:\Windows\system32\ieaksie.dll
2009-03-30 22:21:07 ----A---- C:\Windows\system32\vbscript.dll
2009-03-30 22:21:07 ----A---- C:\Windows\system32\url.dll
2009-03-30 22:21:07 ----A---- C:\Windows\system32\pngfilt.dll
2009-03-30 22:21:07 ----A---- C:\Windows\system32\msfeeds.dll
2009-03-30 22:21:07 ----A---- C:\Windows\system32\jscript.dll
2009-03-30 22:21:07 ----A---- C:\Windows\system32\iedkcs32.dll
2009-03-30 22:21:07 ----A---- C:\Windows\system32\ieapfltr.dll
2009-03-30 22:21:07 ----A---- C:\Windows\system32\advpack.dll
2009-03-30 22:21:06 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2009-03-30 22:21:06 ----A---- C:\Windows\system32\SetDepNx.exe
2009-03-30 22:21:06 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2009-03-30 22:21:06 ----A---- C:\Windows\system32\PDMSetup.exe
2009-03-30 22:21:06 ----A---- C:\Windows\system32\mshta.exe
2009-03-30 22:21:06 ----A---- C:\Windows\system32\iexpress.exe
2009-03-30 22:21:06 ----A---- C:\Windows\system32\ieUnatt.exe
2009-03-30 22:21:06 ----A---- C:\Windows\system32\iesysprep.dll
2009-03-30 22:21:06 ----A---- C:\Windows\system32\iertutil.dll
2009-03-30 22:21:06 ----A---- C:\Windows\system32\ie4uinit.exe
2009-03-30 22:21:05 ----A---- C:\Windows\system32\wininet.dll
2009-03-30 22:21:05 ----A---- C:\Windows\system32\urlmon.dll
2009-03-30 22:21:04 ----A---- C:\Windows\system32\mshtml.dll
2009-03-30 22:21:04 ----A---- C:\Windows\system32\ieframe.dll
2009-03-30 00:27:19 ----D---- C:\ProgramData\Backup
2009-03-29 23:35:50 ----D---- C:\Users\FANIS\AppData\Roaming\Logs

======List of files/folders modified in the last 1 months======

2009-04-25 21:29:58 ----D---- C:\Windows\Temp
2009-04-25 21:26:14 ----D---- C:\Users\FANIS\AppData\Roaming\Skype
2009-04-25 21:25:46 ----D---- C:\Windows\system32\drivers
2009-04-25 21:24:01 ----D---- C:\Windows\System32
2009-04-25 20:43:32 ----D---- C:\Users\FANIS\AppData\Roaming\skypePM
2009-04-25 20:43:27 ----SHD---- C:\Windows\Installer
2009-04-25 20:41:20 ----D---- C:\Windows\tracing
2009-04-25 19:29:25 ----D---- C:\Program Files
2009-04-25 16:14:19 ----SHD---- C:\System Volume Information
2009-04-25 16:13:56 ----D---- C:\Program Files\Common Files
2009-04-25 15:10:03 ----D---- C:\Windows\Prefetch
2009-04-25 15:08:46 ----D---- C:\Windows\Minidump
2009-04-25 15:08:41 ----D---- C:\Windows
2009-04-24 19:53:03 ----SD---- C:\Windows\Downloaded Program Files
2009-04-24 09:40:19 ----HD---- C:\ProgramData
2009-04-23 23:31:44 ----D---- C:\Windows\inf
2009-04-23 23:31:44 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-04-22 23:42:12 ----D---- C:\Windows\system32\Macromed
2009-04-22 21:36:36 ----D---- C:\Windows\Debug
2009-04-19 07:40:11 ----D---- C:\Windows\system32\catroot2
2009-04-18 21:17:57 ----D---- C:\Windows\winsxs
2009-04-18 16:44:31 ----D---- C:\Program Files\MSN Messenger
2009-04-18 16:14:29 ----D---- C:\Windows\system32\catroot
2009-04-18 16:14:17 ----D---- C:\Program Files\Windows Mail
2009-04-18 15:32:51 ----HD---- C:\Program Files\InstallShield Installation Information
2009-04-18 15:32:51 ----D---- C:\Program Files\Panda Security
2009-04-18 15:04:16 ----D---- C:\Windows\Tasks
2009-04-18 13:04:42 ----D---- C:\ProgramData\HP
2009-04-18 11:12:18 ----D---- C:\Program Files\Google
2009-04-18 11:10:32 ----D---- C:\Windows\system32\Tasks
2009-04-16 23:26:06 ----SD---- C:\Users\FANIS\AppData\Roaming\Microsoft
2009-04-16 23:00:08 ----D---- C:\Users\FANIS\AppData\Roaming\uTorrent
2009-04-16 22:24:49 ----D---- C:\Program Files\RegCure
2009-04-16 22:16:49 ----D---- C:\Windows\system32\wbem
2009-04-16 22:16:48 ----D---- C:\Windows\system32\manifeststore
2009-04-16 22:16:48 ----D---- C:\Windows\AppPatch
2009-04-16 10:04:46 ----D---- C:\ProgramData\Microsoft Help
2009-04-16 00:34:58 ----D---- C:\Windows\system32\config
2009-04-16 00:34:34 ----D---- C:\Windows\system32\spool
2009-04-16 00:34:34 ----D---- C:\Windows\system32\restore
2009-04-16 00:34:34 ----D---- C:\Windows\system32\Msdtc
2009-04-16 00:34:34 ----D---- C:\Windows\system32\CodeIntegrity
2009-04-16 00:34:34 ----D---- C:\Windows\rescache
2009-04-16 00:34:33 ----RSD---- C:\Windows\assembly
2009-04-16 00:34:31 ----D---- C:\Users\FANIS\AppData\Roaming\vlc
2009-04-16 00:34:29 ----D---- C:\Users\FANIS\AppData\Roaming\HPAppData
2009-04-16 00:34:26 ----D---- C:\Program Files\Ricochet Xtreme
2009-04-16 00:34:21 ----D---- C:\Program Files\Microsoft Works
2009-04-16 00:34:17 ----D---- C:\Program Files\Common Files\Skype
2009-04-16 00:34:00 ----D---- C:\Windows\registration
2009-04-16 00:33:50 ----D---- C:\Windows\PolicyDefinitions
2009-04-16 00:33:50 ----D---- C:\Program Files\Internet Explorer
2009-04-15 20:13:57 ----D---- C:\Windows\Microsoft.NET
2009-04-15 09:08:45 ----DC---- C:\Windows\system32\DRVSTORE
2009-04-15 09:06:52 ----D---- C:\Program Files\Windows Live
2009-04-15 09:03:56 ----D---- C:\Program Files\Microsoft
2009-04-15 07:46:52 ----D---- C:\Program Files\HP
2009-04-13 22:50:55 ----SD---- C:\ProgramData\Microsoft
2009-04-12 13:31:40 ----D---- C:\Windows\system32\NDF
2009-04-10 21:27:46 ----D---- C:\dbTemp
2009-04-06 17:57:24 ----A---- C:\Windows\system32\mrt.exe
2009-04-01 20:12:30 ----D---- C:\Users\FANIS\AppData\Roaming\SPORE Creature Creator
2009-03-31 21:57:53 ----RD---- C:\Users
2009-03-31 00:13:00 ----D---- C:\Program Files\Veoh Networks
2009-03-30 22:24:02 ----D---- C:\Windows\system32\migration
2009-03-30 22:24:02 ----D---- C:\Windows\system32\en-US
2009-03-30 22:24:02 ----D---- C:\Windows\system32\el-GR
2009-03-30 00:33:36 ----A---- C:\Windows\win.ini
2009-03-29 23:41:19 ----D---- C:\ProgramData\Norton

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 APPFLT;App Filter Plugin; \??\C:\Windows\system32\Drivers\APPFLT.SYS [2008-06-25 73728]
R1 CLBStor;InstantBurn Storage Helper Driver; C:\Windows\system32\drivers\CLBStor.sys [2007-06-04 16048]
R1 DSAFLT;DSA Filter Plugin; \??\C:\Windows\system32\Drivers\DSAFLT.SYS [2008-06-18 52992]
R1 FNETMON;NetMon Filter Plugin; \??\C:\Windows\system32\Drivers\fnetmon.SYS [2008-03-28 22072]
R1 IDSFLT;Ids Filter Plugin; \??\C:\Windows\system32\Drivers\IDSFLT.SYS [2008-06-18 193792]
R1 NETFLTDI;Panda Net Driver [TDI Layer]; \??\C:\Windows\system32\Drivers\NETFLTDI.SYS [2008-07-11 158848]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2009-03-23 9968]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2008-11-02 56572]
R1 ShldDrv;Panda File Shield Driver; C:\Windows\System32\DRIVERS\ShlDrv51.sys [2008-03-04 41144]
R1 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys [2006-07-24 5632]
R1 WNMFLT;Wifi Monitor Filter Plugin; \??\C:\Windows\system32\Drivers\WNMFLT.SYS [2008-06-18 46720]
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B}; \??\C:\Program Files\CyberLink\PowerDVD\000.fcl [2008-05-16 61424]
R2 AmFSM;AmFSM; C:\Windows\system32\DRIVERS\amm8660.sys [2008-02-13 49208]
R2 CLBUDF;CyberLink InstantBurn UDF Filesystem; C:\Windows\system32\drivers\CLBUDF.sys [2007-06-04 162096]
R2 ComFiltr;Panda Anti-Dialer; \??\C:\Windows\system32\DRIVERS\COMFiltr.sys [2009-04-18 13880]
R2 PavProc;Panda Process Protection Driver; \??\C:\Windows\system32\DRIVERS\PavProc.sys [2008-02-07 179640]
R2 WMDrive;WMDrive; \??\C:\Windows\system32\drivers\WMDrive.sys [2009-01-24 37376]
R3 AvFlt;Antivirus Filter Driver; C:\Windows\system32\drivers\av5flt.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HdAudAddService;Πρόγραμμα οδήγησης λειτουργίας Microsoft 1.1 UAA για υπηρεσία High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\Windows\system32\DRIVERS\LVPr2Mon.sys [2008-12-16 25624]
R3 NETIMFLT01060034;PANDA NDIS IM Filter Miniport v1.6.0.34; C:\Windows\system32\DRIVERS\neti1634.sys [2008-06-26 197888]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-09-18 7379872]
R3 PavSRK.sys;PavSRK.sys; \??\C:\Windows\system32\PavSRK.sys []
R3 PavTPK.sys;PavTPK.sys; \??\C:\Windows\system32\PavTPK.sys []
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-01-25 106496]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\Windows\system32\drivers\WmBEnum.sys [2008-01-24 19336]
R3 WmFilter;Logitech Gaming HID Filter Driver; C:\Windows\system32\drivers\WmFilter.sys [2008-01-24 28168]
R3 WmVirHid;Logitech Virtual Hid Device Driver; C:\Windows\system32\drivers\WmVirHid.sys [2008-01-24 14728]
R3 WmXlCore;Logitech Translation Layer Driver; C:\Windows\system32\drivers\WmXlCore.sys [2008-01-24 48904]
S1 kuwlbzyh;kuwlbzyh; \??\C:\Windows\system32\drivers\kuwlbzyh.sys []
S3 avrlmig4;avrlmig4; C:\Windows\system32\drivers\avrlmig4.sys []
S3 CmBatt;Πρόγραμμα οδήγησης μπαταρίας μεθόδου ελέγχου ACPI της Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208]
S3 drmkaud;Αποπεριπλέκτης ήχου DRM πυρήνα της Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\Windows\system32\drivers\LVUSBSta.sys [2008-12-17 41752]
S3 MSKSSRV;Μεσολάβηση υπηρεσίας ροής της Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Μεσολάβηση ρολογιού ροής της Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Μεσολάβηση διαχείρισης ποιότητας ροής της Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Μετατροπέας Tee/Sink-to-Sink ροής της Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 PID_0928;Logitech QuickCam Express(PID_0928); C:\Windows\system32\DRIVERS\LV561AV.SYS [2008-12-17 495640]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:\Windows\system32\DRIVERS\ss_bus.sys [2007-05-02 83592]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:\Windows\system32\DRIVERS\ss_mdfl.sys [2007-05-02 15112]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:\Windows\system32\DRIVERS\ss_mdm.sys [2007-05-02 109704]
S3 usbvideo;Συσκευή βίντεο USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-21 11264]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 BcmSqlStartupSvc;Υπηρεσία εκκίνησης του Business Contact Manager SQL Server; C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-16 30312]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 Gwmsrv;Panda Goodware Cache Manager; C:\Windows\system32\svchost -k Panda []
R2 hpqddsvc;Υπηρεσία HP CUE DeviceDiscovery; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-06-27 79136]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2008-12-16 150040]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-09-18 196608]
R2 Panda Software Controller;Panda Software Controller; C:\Program Files\Panda Security\Panda Global Protection 2009\PsCtrls.exe [2008-07-16 181504]
R2 PAVFNSVR;Panda Function Service; C:\Program Files\Panda Security\Panda Global Protection 2009\PavFnSvr.exe [2008-07-10 169216]
R2 PavPrSrv;Panda Process Protection Service; C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe [2008-02-04 62768]
R2 PAVSRV;Panda On-Access Anti-Malware Service; C:\Program Files\Panda Security\Panda Global Protection 2009\pavsrvx86.exe [2008-07-04 290048]
R2 PremierOpinion;PremierOpinion; C:\Program Files\PremierOpinion\pmservice.exe [2009-03-30 45056]
R2 PSHost;Panda Host Service; c:\program files\panda security\panda global protection 2009\firewall\PSHOST.EXE [2008-06-12 226608]
R2 PSIMSVC;Panda IManager Service; C:\Program Files\Panda Security\Panda Global Protection 2009\PsImSvc.exe [2008-06-19 108288]
R2 PskSvcRetail;Panda PSK service; C:\Program Files\Panda Security\Panda Global Protection 2009\PskSvc.exe [2008-06-25 28928]
R2 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-11-24 239968]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-24 87904]
R2 TPSrv;Panda TPSrv; C:\Program Files\Panda Security\Panda Global Protection 2009\TPSrv.exe [2008-07-17 157440]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
R3 usnjsvc;Υπηρεσία ανάγνωσης χρονικού USN κοινόχρηστων φακέλων του Messenger; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S2 gupdate1c9bffd24bfdb1e;Google Update Service (gupdate1c9bffd24bfdb1e); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-04-18 133104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-22 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ); c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-11-24 29263712]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-11-24 45408]

-----------------EOF-----------------

by **patrik** » Mon Apr 27, 2009 11:10 am

I would check a few more.
If you have previously downloaded ComboFix, please delete that version now.
Download Combofix from here. Close any open browsers. Double click on combofix.exe and follow the prompts.

Post back with combofix log.

by **FUNBASKETFUN** » Mon Apr 27, 2009 9:07 pm

HELLO there,

When I tried to download combofix panda global antivirus delete it immediately as "very dangerous program".

Are you sure that i can use it safely?? what if it has more trojans in it?

pls advise.

FUNBASKETFUN

by **patrik** » Tue Apr 28, 2009 3:19 pm

When I tried to download combofix panda global antivirus delete it immediately as "very dangerous program".

This is false alert. Some security programs will incorrectly identify this tool as potentially or actually malicious due to some of it's components. Although these files can be used maliciously, they are an integral part of the fix and I recommend you disable your antivirus. Download and run Combofix again.

by **FUNBASKETFUN** » Thu Apr 30, 2009 7:54 pm

PLS FIND BELOW COMBO FIX LOG:

ComboFix 09-04-30.02 - FANIS 30/04/2009 22:36.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1253.30.1032.18.3070.1118 [GMT 3:00]
Running from: c:\users\FANIS\Downloads\ComboFix.exe
AV: Panda Global Protection 2009 *On-access scanning disabled* (Updated)
FW: Panda Personal Firewall 2009 *disabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\AutoRun.inf
c:\windows\Tasks\xvcfucfq.job
c:\windows\TEMP\logishrd\LVPrcInj02.dll

.
((((((((((((((((((((((((( Files Created from 2009-03-28 to 2009-04-30 )))))))))))))))))))))))))))))))
.

2009-04-27 13:11 . 2009-02-05 20:06 51792 ----a-w c:\windows\system32\drivers\aswMonFlt.sys
2009-04-25 17:51 . 2009-04-25 17:53 -------- d-----w C:\rsit
2009-04-25 16:29 . 2009-04-25 16:29 -------- d-----w c:\program files\CEDP Stealer 6.0 for Messenger
2009-04-25 13:13 . 2009-04-25 13:13 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-24 16:52 . 2009-04-24 16:52 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-24 16:52 . 2009-04-24 16:52 -------- d-----w c:\program files\Java
2009-04-24 06:40 . 2009-04-24 06:40 -------- d-----w c:\program files\SweetIM
2009-04-24 06:40 . 2009-04-24 06:40 -------- d-----w c:\programdata\SweetIM
2009-04-24 06:40 . 2009-04-24 06:40 -------- d-----w c:\users\All Users\SweetIM
2009-04-23 18:49 . 2009-04-23 18:49 -------- d-----w c:\users\FANIS\AppData\Roaming\Techno Design IP
2009-04-22 18:13 . 2009-04-22 18:13 -------- d-sh--w C:\found.000
2009-04-21 22:02 . 2009-04-21 22:02 -------- d-----w c:\program files\Trend Micro
2009-04-21 17:50 . 2009-04-21 17:50 -------- d-----w c:\users\FANIS\AppData\Roaming\True Sword
2009-04-21 17:46 . 2009-04-24 17:17 -------- d-----w c:\program files\True Sword 5
2009-04-18 21:43 . 2009-04-18 21:43 -------- d-----w c:\users\FANIS\AppData\Roaming\Malwarebytes
2009-04-18 21:43 . 2009-04-06 12:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-18 21:43 . 2009-04-06 12:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-18 21:43 . 2009-04-18 21:43 -------- d-----w c:\programdata\Malwarebytes
2009-04-18 21:43 . 2009-04-18 21:43 -------- d-----w c:\users\All Users\Malwarebytes
2009-04-18 21:43 . 2009-04-18 21:43 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-18 12:43 . 2009-04-18 12:43 -------- d-----w c:\users\FANIS\AppData\Local\Panda Security
2009-04-18 12:34 . 2009-04-18 12:34 13880 ----a-w c:\windows\system32\drivers\COMFiltr.sys
2009-04-18 12:34 . 2008-02-13 19:14 49208 ----a-w c:\windows\system32\drivers\amm8660.sys
2009-04-18 12:34 . 2009-04-18 12:34 261 ----a-w c:\windows\system32\PavCPL.dat
2009-04-18 12:34 . 2009-04-30 12:29 237680 ----a-w c:\windows\system32\drivers\APPFCONT.DAT
2009-04-18 12:34 . 2008-06-18 13:06 46720 ----a-w c:\windows\system32\drivers\wnmflt.sys
2009-04-18 12:34 . 2008-06-18 13:06 52992 ----a-w c:\windows\system32\drivers\dsaflt.sys
2009-04-18 12:34 . 2008-06-18 13:06 193792 ----a-w c:\windows\system32\drivers\idsflt.sys
2009-04-18 12:33 . 2008-03-28 08:25 22072 ----a-w c:\windows\system32\drivers\fnetmon.sys
2009-04-18 12:33 . 2008-06-25 12:42 73728 ----a-w c:\windows\system32\drivers\APPFLT.SYS
2009-04-18 12:33 . 2008-07-11 11:58 158848 ----a-w c:\windows\system32\drivers\NETFLTDI.SYS
2009-04-18 12:32 . 2003-10-22 15:23 446464 ----a-w c:\windows\system32\HHActiveX.dll
2009-04-18 12:32 . 2008-06-24 11:48 193280 ----a-w c:\windows\system32\TpUtil.dll
2009-04-18 12:32 . 2007-02-08 08:53 107568 ----a-w c:\windows\system32\SYSTOOLS.DLL
2009-04-18 12:32 . 2009-03-17 15:07 87296 ----a-w c:\windows\system32\PavLspHook.dll
2009-04-18 12:32 . 2008-06-18 15:03 55552 ----a-w c:\windows\system32\pavipc.dll
2009-04-18 12:32 . 2008-06-18 15:03 520448 ----a-w c:\windows\system32\PavSHook.dll
2009-04-18 12:32 . 2008-06-26 08:25 197888 ----a-w c:\windows\system32\drivers\neti1634.sys
2009-04-18 12:32 . 2009-04-18 12:32 -------- d-----w c:\windows\system32\PAV
2009-04-18 12:32 . 2009-04-18 12:32 -------- d-----w c:\users\FANIS\AppData\Roaming\Panda Security
2009-04-18 12:32 . 2009-04-18 12:32 -------- d-----w c:\programdata\Panda Security
2009-04-18 12:32 . 2009-04-18 12:32 -------- d-----w c:\users\All Users\Panda Security
2009-04-18 12:30 . 2008-06-19 14:24 28544 ----a-w c:\windows\system32\drivers\pavboot.sys
2009-04-18 12:30 . 2008-03-04 12:59 41144 ----a-w c:\windows\system32\drivers\ShlDrv51.sys
2009-04-18 12:30 . 2008-02-07 09:03 179640 ----a-w c:\windows\system32\drivers\PavProc.sys
2009-04-18 12:30 . 2009-04-18 12:30 -------- d-----w c:\program files\Common Files\Panda Security
2009-04-18 10:04 . 2009-04-18 10:04 -------- d-----w c:\programdata\HP Product Assistant
2009-04-18 10:04 . 2009-04-18 10:04 -------- d-----w c:\users\All Users\HP Product Assistant
2009-04-18 10:01 . 2009-04-18 10:07 156473 ----a-w c:\windows\HPHins15.dat
2009-04-16 19:57 . 2009-04-16 19:57 -------- d-----w c:\program files\CCleaner
2009-04-16 19:46 . 2009-04-16 19:46 -------- d-----w c:\programdata\SUPERAntiSpyware.com
2009-04-16 19:46 . 2009-04-16 19:46 -------- d-----w c:\users\All Users\SUPERAntiSpyware.com
2009-04-16 19:46 . 2009-04-25 13:14 -------- d-----w c:\program files\SUPERAntiSpyware
2009-04-16 19:46 . 2009-04-25 13:14 -------- d-----w c:\users\FANIS\AppData\Roaming\SUPERAntiSpyware.com
2009-04-16 19:31 . 2008-08-17 19:09 117760 ----a-w c:\windows\system32\hpzll64X.dll
2009-04-15 21:27 . 2009-02-13 08:49 1255936 ----a-w c:\windows\system32\lsasrv.dll
2009-04-15 21:27 . 2009-02-13 08:49 72704 ----a-w c:\windows\system32\secur32.dll
2009-04-15 21:27 . 2009-03-17 03:38 13824 ----a-w c:\windows\system32\apilogen.dll
2009-04-15 21:27 . 2009-03-17 03:38 24064 ----a-w c:\windows\system32\amxread.dll
2009-04-13 19:56 . 2009-04-15 06:32 -------- d-----w c:\users\FANIS\Tracing
2009-04-13 19:51 . 2009-04-13 19:51 -------- d-----w c:\program files\Microsoft Sync Framework
2009-04-13 19:37 . 2009-04-13 19:37 -------- d-----w c:\program files\Common Files\Windows Live

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-30 12:29 . 2009-04-18 12:34 237680 ----a-w c:\windows\system32\drivers\APPFCONT.DAT.bck
2009-04-30 12:24 . 2009-04-18 12:34 1132 ----a-w c:\windows\system32\drivers\APPFLTR.CFG.bck
2009-04-30 12:24 . 2009-04-18 12:34 1132 ----a-w c:\windows\system32\drivers\APPFLTR.CFG
2009-04-26 21:03 . 2008-01-21 05:39 599194 ----a-w c:\windows\system32\perfh008.dat
2009-04-26 21:03 . 2008-01-21 05:39 105834 ----a-w c:\windows\system32\perfc008.dat
2009-04-18 13:44 . 2008-07-30 08:13 -------- d-----w c:\program files\MSN Messenger
2009-04-18 13:14 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-04-18 12:34 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstor.dat
2009-04-18 12:34 . 2006-11-02 10:25 51200 ----a-w c:\windows\inf\infpub.dat
2009-04-18 12:34 . 2006-11-02 10:25 143360 ----a-w c:\windows\inf\infstrng.dat
2009-04-18 12:32 . 2008-12-27 22:07 -------- d-----w c:\program files\Panda Security
2009-04-18 12:32 . 2008-08-18 10:54 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-18 08:12 . 2008-12-17 21:42 -------- d-----w c:\program files\Google
2009-04-16 19:24 . 2009-03-01 21:08 -------- d-----w c:\program files\RegCure
2009-04-15 21:34 . 2009-01-01 12:02 -------- d-----w c:\program files\Ricochet Xtreme
2009-04-15 21:34 . 2009-02-26 19:51 -------- d-----w c:\program files\Microsoft Works
2009-04-15 21:34 . 2008-12-26 18:24 -------- d-----w c:\program files\Common Files\Skype
2009-04-15 06:06 . 2008-07-30 08:12 -------- d-----w c:\program files\Windows Live
2009-04-15 06:03 . 2009-02-24 23:13 -------- d-----w c:\program files\Microsoft
2009-04-15 04:46 . 2008-12-18 11:54 -------- d-----w c:\program files\HP
2009-04-09 15:39 . 2009-03-30 15:20 680 ----a-w c:\users\FANIS\AppData\Local\d3d9caps.dat
2009-03-30 21:13 . 2008-12-24 20:53 -------- d-----w c:\program files\Veoh Networks
2009-03-21 12:07 . 2009-03-21 12:07 -------- d-----w c:\program files\Common Files\xing shared
2009-03-21 12:07 . 2008-12-27 19:02 -------- d-----w c:\program files\Common Files\Real
2009-03-17 03:38 . 2009-04-15 21:27 40960 ----a-w c:\windows\AppPatch\apihex86.dll
2009-03-08 11:34 . 2009-03-30 19:21 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 11:34 . 2009-03-30 19:21 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 11:33 . 2009-03-30 19:21 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 11:33 . 2009-03-30 19:21 109056 ----a-w c:\windows\system32\iesysprep.dll
2009-03-08 11:33 . 2009-03-30 19:21 109568 ----a-w c:\windows\system32\PDMSetup.exe
2009-03-08 11:33 . 2009-03-30 19:21 132608 ----a-w c:\windows\system32\ieUnatt.exe
2009-03-08 11:33 . 2009-03-30 19:21 107520 ----a-w c:\windows\system32\RegisterIEPKEYs.exe
2009-03-08 11:33 . 2009-03-30 19:21 107008 ----a-w c:\windows\system32\SetIEInstalledDate.exe
2009-03-08 11:33 . 2009-03-30 19:21 103936 ----a-w c:\windows\system32\SetDepNx.exe
2009-03-08 11:33 . 2009-03-30 19:21 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 11:32 . 2009-03-30 19:21 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 11:32 . 2009-03-30 19:21 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 11:32 . 2009-03-30 19:21 66560 ----a-w c:\windows\system32\wextract.exe
2009-03-08 11:32 . 2009-03-30 19:21 169472 ----a-w c:\windows\system32\iexpress.exe
2009-03-08 11:31 . 2009-03-30 19:21 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 11:31 . 2009-03-30 19:21 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 11:31 . 2009-03-30 19:21 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 11:22 . 2009-03-30 19:21 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-07 19:30 . 2009-01-29 21:42 3160 ----a-w c:\windows\system32\ealregsnapshot1.reg
2009-03-07 19:15 . 2009-03-07 19:15 -------- d-----w c:\program files\EA Sports
2009-03-04 07:31 . 2009-03-04 07:31 -------- d-----w c:\program files\OTS_Software
2009-03-03 04:46 . 2009-04-15 21:28 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-15 21:28 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
2009-03-03 04:39 . 2009-04-15 21:28 183296 ----a-w c:\windows\system32\sdohlp.dll
2009-03-03 04:39 . 2009-04-15 21:28 551424 ----a-w c:\windows\system32\rpcss.dll
2009-03-03 04:39 . 2009-04-15 21:28 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-15 21:28 98304 ----a-w c:\windows\system32\iasrecst.dll
2009-03-03 04:37 . 2009-04-15 21:28 54784 ----a-w c:\windows\system32\iasads.dll
2009-03-03 04:37 . 2009-04-15 21:28 44032 ----a-w c:\windows\system32\iasdatastore.dll
2009-03-03 03:04 . 2009-04-15 21:28 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-15 21:28 17408 ----a-w c:\windows\system32\iashost.exe
2009-03-02 21:04 . 2009-02-22 11:41 -------- d-----w c:\program files\EA GAMES
2009-03-02 20:34 . 2009-03-02 17:53 -------- d-----w c:\program files\Electronic Arts
2009-02-26 20:21 . 2008-12-17 20:29 100256 ----a-w c:\users\FANIS\AppData\Local\GDIPFONTCACHEV1.DAT
2009-02-09 03:10 . 2009-03-11 18:46 2033152 ----a-w c:\windows\system32\win32k.sys
2008-01-21 02:43 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
2008-12-27 15:52 . 2008-12-27 15:52 8 --sha-r c:\windows\System32\1652F5EC3A.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3b419ee1-1fa8-47b9-9aec-6b60ac2e3fca}]
2009-03-19 18:02 1883672 ----a-w c:\program files\Torrents-Search-Engine\tbTor1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e41b29e5-88b5-40b1-903e-080e0f2c4b65}]
2008-08-20 21:03 1780248 ----a-w c:\program files\OTS_Software\tbOTS_.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2008-10-08 09:22 1172792 ----a-w c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3b419ee1-1fa8-47b9-9aec-6b60ac2e3fca}"= "c:\program files\Torrents-Search-Engine\tbTor1.dll" [2009-03-19 1883672]
"{e41b29e5-88b5-40b1-903e-080e0f2c4b65}"= "c:\program files\OTS_Software\tbOTS_.dll" [2008-08-20 1780248]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]

[HKEY_CLASSES_ROOT\clsid\{3b419ee1-1fa8-47b9-9aec-6b60ac2e3fca}]

[HKEY_CLASSES_ROOT\clsid\{e41b29e5-88b5-40b1-903e-080e0f2c4b65}]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3B419EE1-1FA8-47B9-9AEC-6B60AC2E3FCA}"= "c:\program files\Torrents-Search-Engine\tbTor1.dll" [2009-03-19 1883672]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]

[HKEY_CLASSES_ROOT\clsid\{3b419ee1-1fa8-47b9-9aec-6b60ac2e3fca}]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-22 39408]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2009-04-03 3558648]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-02-06 3325952]
"Google Update"="c:\users\FANIS\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-03-21 133104]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-03-23 1830128]
"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2008-01-21 2153472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"InstantBurn"="c:\progra~1\CYBERL~1\INSTAN~1\Win2K\IBurn.exe" [2007-06-04 599600]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2008-05-16 91432]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2008-05-14 87336]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2008-02-22 62760]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"wcmdmgr"="c:\windows\wt\updater\wcmdmgrl.exe" [2003-09-22 20480]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2008-04-04 88584]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-12-20 2656528]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-11-02 167936]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13580832]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 92704]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-21 198160]
"APVXDWIN"="c:\program files\Panda Security\Panda Global Protection 2009\APVXDWIN.EXE" [2008-12-03 869632]
"SCANINICIO"="c:\program files\Panda Security\Panda Global Protection 2009\Inicio.exe" [2008-07-07 50432]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-03-05 111928]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-24 148888]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 09:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{DDA9ED96-B000-4079-9232-FD77C40A8F24}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{0E967286-8965-492C-9B6A-C705538AC467}"= c:\program files\CyberLink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
"{72C873EE-450D-496A-95B7-4F224DC54488}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{0772D99B-1457-432F-91FA-EFC506534BAE}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{29A7FFBC-213F-4229-B0EE-38ED32EB8C07}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{7B7D38E6-7A7C-4B53-999B-84508B56CF67}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{B2B2EA7B-F8B2-4D91-A51B-041246B3555B}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{74B434D1-B9F1-4C6C-A0E2-05C09DF9DD8D}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{6C12DF74-9432-4ABA-8111-A6AC2F65F4A2}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{C1B73D2C-37E5-49E5-8DCC-BFA0D06AE1EF}c:\\program files\\roger wilco\\roger.exe"= UDP:c:\program files\roger wilco\roger.exe:roger
"UDP Query User{DA83CE61-FDB8-4AA8-9209-7A56FDDAEC84}c:\\program files\\roger wilco\\roger.exe"= TCP:c:\program files\roger wilco\roger.exe:roger
"{AEE3B0E9-CC83-41B3-B113-38F97BB412C7}"= UDP:c:\program files\GameSpy Arcade\Aphex.exe:GameSpy Arcade
"{849F4746-A35B-4628-B139-E880B6DE19D4}"= TCP:c:\program files\GameSpy Arcade\Aphex.exe:GameSpy Arcade
"{104B43BE-AAF7-4304-A4E9-8F416923A09A}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{A5F9789C-0B43-4A77-ACF8-0A00DB067C36}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{B4AA9D88-D6BF-4A4C-B4B2-BDBAFCF07092}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{4DAFFB77-3AFC-413D-AC6A-E390578B3FC8}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{A4298A50-604D-4330-853B-830D5B2C2968}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{F8CE72D9-2A86-4CE5-B2A3-3784B5312AD9}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{4332B6BC-8F50-4657-837A-DC8DC87ABAEC}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{E377B177-53AE-4219-8649-89AEC01310C2}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{9827EB6A-262F-4724-8E7B-D031826BE5E3}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"{8D389EEE-7565-4F75-B187-A39200317AE5}"= UDP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{2D1E47E5-9ABA-4C7B-AA24-8B44D1F2B7CD}"= TCP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{E2C941ED-A64D-4850-84FA-1E9069C4087E}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{D711C47B-9522-425D-9193-49EA5C7FD059}"= UDP:c:\windows\Temp\~osE0B0.tmp\ossproxy.exe:ossproxy.exe
"{BC8C52C3-EB62-41F2-9C29-DE7D34715B04}"= UDP:c:\program files\PremierOpinion\pmropn.exe:pmropn.exe
"{187AE422-DB9B-4E03-BFF3-A97E8E1690A7}"= TCP:c:\program files\PremierOpinion\pmropn.exe:pmropn.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 mhpn;mhpn; [x]
R0 uulmguni;uulmguni; [x]
R1 kuwlbzyh;kuwlbzyh; [x]
R2 gupdate1c9bffd24bfdb1e;Google Update Service (gupdate1c9bffd24bfdb1e);c:\program files\Google\Update\GoogleUpdate.exe [2009-04-18 133104]
R2 PremierOpinion;PremierOpinion; [x]
R3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-11-24 29263712]
S0 pavboot;Panda boot driver;c:\windows\system32\Drivers\pavboot.sys [2008-06-19 28544]
S1 APPFLT;App Filter Plugin;c:\windows\system32\Drivers\APPFLT.SYS [2008-06-25 73728]
S1 aswSP;avast! Self Protection; [x]
S1 CLBStor;InstantBurn Storage Helper Driver; [x]
S1 DSAFLT;DSA Filter Plugin;c:\windows\system32\Drivers\DSAFLT.SYS [2008-06-18 52992]
S1 FNETMON;NetMon Filter Plugin;c:\windows\system32\Drivers\fnetmon.SYS [2008-03-28 22072]
S1 IDSFLT;Ids Filter Plugin;c:\windows\system32\Drivers\IDSFLT.SYS [2008-06-18 193792]
S1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\Drivers\NETFLTDI.SYS [2008-07-11 11:58 158848]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-03-23 9968]
S1 ShldDrv;Panda File Shield Driver;c:\windows\system32\DRIVERS\ShlDrv51.sys [2008-03-04 41144]
S1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\Drivers\WNMFLT.SYS [2008-06-18 46720]
S2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};c:\program files\CyberLink\PowerDVD\000.fcl [2008-05-16 15:29 61424]
S2 AmFSM;AmFSM;c:\windows\system32\DRIVERS\amm8660.sys [2008-02-13 49208]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-02-05 51792]
S2 BcmSqlStartupSvc;Υπηρεσία εκκίνησης του Business Contact Manager SQL Server;c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-16 30312]
S2 CLBUDF;CyberLink InstantBurn UDF Filesystem; [x]
S2 ComFiltr;Panda Anti-Dialer;c:\windows\system32\DRIVERS\COMFiltr.sys [2009-04-18 13880]
S2 Gwmsrv;Panda Goodware Cache Manager; [x]
S2 PavProc;Panda Process Protection Driver;c:\windows\system32\DRIVERS\PavProc.sys [2008-02-07 179640]
S2 PskSvcRetail;Panda PSK service;c:\program files\Panda Security\Panda Global Protection 2009\PskSvc.exe [2008-06-25 28928]
S2 WMDrive;WMDrive;c:\windows\system32\drivers\WMDrive.sys [2009-01-24 37376]
S3 AvFlt;Antivirus Filter Driver; [x]
S3 NETIMFLT01060034;PANDA NDIS IM Filter Miniport v1.6.0.34;c:\windows\system32\DRIVERS\neti1634.sys [2008-06-26 197888]
S3 PavSRK.sys;PavSRK.sys; [x]
S3 PavTPK.sys;PavTPK.sys; [x]

--- Other Services/Drivers In Memory ---

*Deregistered* - AvFlt
*Deregistered* - PavSRK.sys
*Deregistered* - PavTPK.sys
*Deregistered* - sptd

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
panda REG_MULTI_SZ Gwmsrv

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-04-30 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-18 08:10]

2009-04-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-184900894-92464173-4099346740-1003.job
- c:\users\FANIS\AppData\Local\Google\Update\GoogleUpdate.exe [2009-03-21 15:03]

2009-04-30 c:\windows\Tasks\User_Feed_Synchronization-{783C9D9A-F3FC-451E-949D-131C83ECDEAC}.job
- c:\windows\system32\msfeedssync.exe [2009-03-30 11:31]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{E738F11F-B0F3-4E0D-A5CA-6ED7B0BD4F5D} - (no file)
HKCU-Run-msnmsgr - ~c:\program files\MSN Messenger\msnmsgr.exe

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.gr/
mStart Page = hxxp://home.sweetim.com
uInternet Settings,ProxyOverride = *.local
IE: E&ξαγωγή στο Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-30 22:44
Windows 6.0.6001 Service Pack 1 NTFS

detected NTDLL code modification:
ZwEnumerateKey, ZwClose, ZwEnumerateValueKey, ZwQueryValueKey, ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

c:\users\FANIS\AppData\Local\Temp\catchme.dll 53248 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_USERS\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_USERS\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_USERS\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_USERS\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_USERS\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(8864)
c:\program files\Panda Security\Panda Global Protection 2009\pavoepl.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\program files\SweetIM\Messenger\mgAdaptersProxy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\program files\Panda Security\Panda Global Protection 2009\TPSrv.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Panda Security\Panda Global Protection 2009\PsCtrlS.exe
c:\program files\Panda Security\Panda Global Protection 2009\PavFnSvr.exe
c:\program files\Common Files\Panda Security\PavShld\PavPrSrv.exe
c:\program files\Panda Security\Panda Global Protection 2009\pavsrvx86.exe
c:\program files\Panda Security\Panda Global Protection 2009\PsImSvc.exe
c:\program files\Panda Security\Panda Global Protection 2009\AVENGINE.EXE
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Panda Security\Panda Global Protection 2009\FIREWALL\PSHost.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\System32\conime.exe
c:\program files\CyberLink\InstantBurn\Win2K\IBurn.exe
c:\windows\System32\rundll32.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Alwil Software\Avast4\ashDisp.exe
c:\windows\ehome\ehmsas.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
c:\program files\Panda Security\Panda Global Protection 2009\SrvLoad.exe
c:\program files\Panda Security\Panda Global Protection 2009\PavBckPT.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\windows\System32\msiexec.exe
c:\program files\MSN Messenger\usnsvc.exe
.
**************************************************************************
.
Completion time: 2009-04-30 22:49 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-30 19:49

Pre-Run: 20 Κατάλογοι 212.469.071.872 διαθέσιμα byte
Post-Run: 20 Κατάλογοι 225.542.508.544 διαθέσιμα byte

408 --- E O F --- 2009-04-29 18:02

by **patrik** » Fri May 01, 2009 6:04 am

Open notepad, copy/paste the text in the code box below into notepad:

Code: Select all: Driver:: mhpn uulmguni kuwlbzyh PremierOpinion

Name the Notepad file CFScript and Save it to your desktop. Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

When finished, it will produce a report for you. Save the log to your desktop.

Please scan your computer with Kaspersky Online Scanner.

Post back with a scan report + combofix log.

by **FUNBASKETFUN** » Mon May 04, 2009 6:23 am

Hi,

I'll do that with combo fix and note pad.

I have already done a scan online with KASPERSKY and did NOT find anything.

Thanks

by **FUNBASKETFUN** » Mon May 04, 2009 7:50 pm

ComboFix 09-05-03.6 - FANIS 04/05/2009 22:35.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1253.30.1032.18.3070.1840 [GMT 3:00]
Running from: c:\users\FANIS\Desktop\ComboFix.exe
Command switches used :: c:\users\FANIS\Desktop\CFScript.txt
AV: Panda Global Protection 2009 *On-access scanning disabled* (Updated)
FW: Panda Personal Firewall 2009 *disabled*
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_kuwlbzyh
-------\Service_mhpn
-------\Service_PremierOpinion
-------\Service_uulmguni

((((((((((((((((((((((((( Files Created from 2009-04-04 to 2009-05-04 )))))))))))))))))))))))))))))))
.

2009-04-27 13:11 . 2009-02-05 20:06 51792 ----a-w c:\windows\system32\drivers\aswMonFlt.sys
2009-04-25 17:51 . 2009-04-25 17:53 -------- d-----w C:\rsit
2009-04-25 16:29 . 2009-04-25 16:29 -------- d-----w c:\program files\CEDP Stealer 6.0 for Messenger
2009-04-25 13:13 . 2009-04-25 13:13 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-24 16:52 . 2009-04-24 16:52 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-24 16:52 . 2009-04-24 16:52 -------- d-----w c:\program files\Java
2009-04-24 06:40 . 2009-04-24 06:40 -------- d-----w c:\program files\SweetIM
2009-04-24 06:40 . 2009-04-24 06:40 -------- d-----w c:\programdata\SweetIM
2009-04-24 06:40 . 2009-04-24 06:40 -------- d-----w c:\users\All Users\SweetIM
2009-04-23 18:49 . 2009-04-23 18:49 -------- d-----w c:\users\FANIS\AppData\Roaming\Techno Design IP
2009-04-22 18:13 . 2009-04-22 18:13 -------- d-sh--w C:\found.000
2009-04-21 22:02 . 2009-04-21 22:02 -------- d-----w c:\program files\Trend Micro
2009-04-21 17:50 . 2009-04-21 17:50 -------- d-----w c:\users\FANIS\AppData\Roaming\True Sword
2009-04-21 17:46 . 2009-04-24 17:17 -------- d-----w c:\program files\True Sword 5
2009-04-18 21:43 . 2009-04-18 21:43 -------- d-----w c:\users\FANIS\AppData\Roaming\Malwarebytes
2009-04-18 21:43 . 2009-04-06 12:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-18 21:43 . 2009-04-06 12:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-18 21:43 . 2009-04-18 21:43 -------- d-----w c:\programdata\Malwarebytes
2009-04-18 21:43 . 2009-04-18 21:43 -------- d-----w c:\users\All Users\Malwarebytes
2009-04-18 21:43 . 2009-04-18 21:43 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-18 12:43 . 2009-04-18 12:43 -------- d-----w c:\users\FANIS\AppData\Local\Panda Security
2009-04-18 12:34 . 2009-04-18 12:34 13880 ----a-w c:\windows\system32\drivers\COMFiltr.sys
2009-04-18 12:34 . 2008-02-13 19:14 49208 ----a-w c:\windows\system32\drivers\amm8660.sys
2009-04-18 12:34 . 2009-04-18 12:34 261 ----a-w c:\windows\system32\PavCPL.dat
2009-04-18 12:34 . 2009-05-04 19:41 233336 ----a-w c:\windows\system32\drivers\APPFCONT.DAT
2009-04-18 12:34 . 2008-06-18 13:06 46720 ----a-w c:\windows\system32\drivers\wnmflt.sys
2009-04-18 12:34 . 2008-06-18 13:06 52992 ----a-w c:\windows\system32\drivers\dsaflt.sys
2009-04-18 12:34 . 2008-06-18 13:06 193792 ----a-w c:\windows\system32\drivers\idsflt.sys
2009-04-18 12:33 . 2008-03-28 08:25 22072 ----a-w c:\windows\system32\drivers\fnetmon.sys
2009-04-18 12:33 . 2008-06-25 12:42 73728 ----a-w c:\windows\system32\drivers\APPFLT.SYS
2009-04-18 12:33 . 2008-07-11 11:58 158848 ----a-w c:\windows\system32\drivers\NETFLTDI.SYS
2009-04-18 12:32 . 2003-10-22 15:23 446464 ----a-w c:\windows\system32\HHActiveX.dll
2009-04-18 12:32 . 2008-06-24 11:48 193280 ----a-w c:\windows\system32\TpUtil.dll
2009-04-18 12:32 . 2007-02-08 08:53 107568 ----a-w c:\windows\system32\SYSTOOLS.DLL
2009-04-18 12:32 . 2009-03-17 15:07 87296 ----a-w c:\windows\system32\PavLspHook.dll
2009-04-18 12:32 . 2008-06-18 15:03 55552 ----a-w c:\windows\system32\pavipc.dll
2009-04-18 12:32 . 2008-06-18 15:03 520448 ----a-w c:\windows\system32\PavSHook.dll
2009-04-18 12:32 . 2008-06-26 08:25 197888 ----a-w c:\windows\system32\drivers\neti1634.sys
2009-04-18 12:32 . 2009-04-18 12:32 -------- d-----w c:\windows\system32\PAV
2009-04-18 12:32 . 2009-04-18 12:32 -------- d-----w c:\users\FANIS\AppData\Roaming\Panda Security
2009-04-18 12:32 . 2009-04-18 12:32 -------- d-----w c:\programdata\Panda Security
2009-04-18 12:32 . 2009-04-18 12:32 -------- d-----w c:\users\All Users\Panda Security
2009-04-18 12:30 . 2008-06-19 14:24 28544 ----a-w c:\windows\system32\drivers\pavboot.sys
2009-04-18 12:30 . 2008-03-04 12:59 41144 ----a-w c:\windows\system32\drivers\ShlDrv51.sys
2009-04-18 12:30 . 2008-02-07 09:03 179640 ----a-w c:\windows\system32\drivers\PavProc.sys
2009-04-18 12:30 . 2009-04-18 12:30 -------- d-----w c:\program files\Common Files\Panda Security
2009-04-18 10:04 . 2009-04-18 10:04 -------- d-----w c:\programdata\HP Product Assistant
2009-04-18 10:04 . 2009-04-18 10:04 -------- d-----w c:\users\All Users\HP Product Assistant
2009-04-18 10:01 . 2009-04-18 10:07 156473 ----a-w c:\windows\HPHins15.dat
2009-04-16 19:57 . 2009-04-16 19:57 -------- d-----w c:\program files\CCleaner
2009-04-16 19:46 . 2009-04-16 19:46 -------- d-----w c:\programdata\SUPERAntiSpyware.com
2009-04-16 19:46 . 2009-04-16 19:46 -------- d-----w c:\users\All Users\SUPERAntiSpyware.com
2009-04-16 19:46 . 2009-04-25 13:14 -------- d-----w c:\program files\SUPERAntiSpyware
2009-04-16 19:46 . 2009-04-25 13:14 -------- d-----w c:\users\FANIS\AppData\Roaming\SUPERAntiSpyware.com
2009-04-16 19:31 . 2008-08-17 19:09 117760 ----a-w c:\windows\system32\hpzll64X.dll
2009-04-15 21:27 . 2009-02-13 08:49 1255936 ----a-w c:\windows\system32\lsasrv.dll
2009-04-15 21:27 . 2009-02-13 08:49 72704 ----a-w c:\windows\system32\secur32.dll
2009-04-15 21:27 . 2009-03-17 03:38 13824 ----a-w c:\windows\system32\apilogen.dll
2009-04-15 21:27 . 2009-03-17 03:38 24064 ----a-w c:\windows\system32\amxread.dll
2009-04-13 19:56 . 2009-04-15 06:32 -------- d-----w c:\users\FANIS\Tracing
2009-04-13 19:51 . 2009-04-13 19:51 -------- d-----w c:\program files\Microsoft Sync Framework
2009-04-13 19:37 . 2009-04-13 19:37 -------- d-----w c:\program files\Common Files\Windows Live

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-04 19:41 . 2009-04-18 12:34 1132 ----a-w c:\windows\system32\drivers\APPFLTR.CFG.bck
2009-05-04 19:41 . 2009-04-18 12:34 1132 ----a-w c:\windows\system32\drivers\APPFLTR.CFG
2009-05-04 19:41 . 2009-04-18 12:34 233336 ----a-w c:\windows\system32\drivers\APPFCONT.DAT.bck
2009-04-26 21:03 . 2008-01-21 05:39 599194 ----a-w c:\windows\system32\perfh008.dat
2009-04-26 21:03 . 2008-01-21 05:39 105834 ----a-w c:\windows\system32\perfc008.dat
2009-04-18 13:44 . 2008-07-30 08:13 -------- d-----w c:\program files\MSN Messenger
2009-04-18 13:14 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-04-18 12:34 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstor.dat
2009-04-18 12:34 . 2006-11-02 10:25 51200 ----a-w c:\windows\inf\infpub.dat
2009-04-18 12:34 . 2006-11-02 10:25 143360 ----a-w c:\windows\inf\infstrng.dat
2009-04-18 12:32 . 2008-12-27 22:07 -------- d-----w c:\program files\Panda Security
2009-04-18 12:32 . 2008-08-18 10:54 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-18 08:12 . 2008-12-17 21:42 -------- d-----w c:\program files\Google
2009-04-16 19:24 . 2009-03-01 21:08 -------- d-----w c:\program files\RegCure
2009-04-15 21:34 . 2009-01-01 12:02 -------- d-----w c:\program files\Ricochet Xtreme
2009-04-15 21:34 . 2009-02-26 19:51 -------- d-----w c:\program files\Microsoft Works
2009-04-15 21:34 . 2008-12-26 18:24 -------- d-----w c:\program files\Common Files\Skype
2009-04-15 06:06 . 2008-07-30 08:12 -------- d-----w c:\program files\Windows Live
2009-04-15 06:03 . 2009-02-24 23:13 -------- d-----w c:\program files\Microsoft
2009-04-15 04:46 . 2008-12-18 11:54 -------- d-----w c:\program files\HP
2009-04-09 15:39 . 2009-03-30 15:20 680 ----a-w c:\users\FANIS\AppData\Local\d3d9caps.dat
2009-03-30 21:13 . 2008-12-24 20:53 -------- d-----w c:\program files\Veoh Networks
2009-03-21 12:07 . 2009-03-21 12:07 -------- d-----w c:\program files\Common Files\xing shared
2009-03-21 12:07 . 2008-12-27 19:02 -------- d-----w c:\program files\Common Files\Real
2009-03-08 11:34 . 2009-03-30 19:21 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 11:34 . 2009-03-30 19:21 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 11:33 . 2009-03-30 19:21 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 11:33 . 2009-03-30 19:21 109056 ----a-w c:\windows\system32\iesysprep.dll
2009-03-08 11:33 . 2009-03-30 19:21 109568 ----a-w c:\windows\system32\PDMSetup.exe
2009-03-08 11:33 . 2009-03-30 19:21 132608 ----a-w c:\windows\system32\ieUnatt.exe
2009-03-08 11:33 . 2009-03-30 19:21 107520 ----a-w c:\windows\system32\RegisterIEPKEYs.exe
2009-03-08 11:33 . 2009-03-30 19:21 107008 ----a-w c:\windows\system32\SetIEInstalledDate.exe
2009-03-08 11:33 . 2009-03-30 19:21 103936 ----a-w c:\windows\system32\SetDepNx.exe
2009-03-08 11:33 . 2009-03-30 19:21 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 11:32 . 2009-03-30 19:21 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 11:32 . 2009-03-30 19:21 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 11:32 . 2009-03-30 19:21 66560 ----a-w c:\windows\system32\wextract.exe
2009-03-08 11:32 . 2009-03-30 19:21 169472 ----a-w c:\windows\system32\iexpress.exe
2009-03-08 11:31 . 2009-03-30 19:21 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 11:31 . 2009-03-30 19:21 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 11:31 . 2009-03-30 19:21 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 11:22 . 2009-03-30 19:21 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-07 19:30 . 2009-01-29 21:42 3160 ----a-w c:\windows\system32\ealregsnapshot1.reg
2009-03-07 19:15 . 2009-03-07 19:15 -------- d-----w c:\program files\EA Sports
2009-03-03 04:46 . 2009-04-15 21:28 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-15 21:28 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
2009-03-03 04:39 . 2009-04-15 21:28 183296 ----a-w c:\windows\system32\sdohlp.dll
2009-03-03 04:39 . 2009-04-15 21:28 551424 ----a-w c:\windows\system32\rpcss.dll
2009-03-03 04:39 . 2009-04-15 21:28 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-15 21:28 98304 ----a-w c:\windows\system32\iasrecst.dll
2009-03-03 04:37 . 2009-04-15 21:28 54784 ----a-w c:\windows\system32\iasads.dll
2009-03-03 04:37 . 2009-04-15 21:28 44032 ----a-w c:\windows\system32\iasdatastore.dll
2009-03-03 03:04 . 2009-04-15 21:28 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-15 21:28 17408 ----a-w c:\windows\system32\iashost.exe
2009-02-26 20:21 . 2008-12-17 20:29 100256 ----a-w c:\users\FANIS\AppData\Local\GDIPFONTCACHEV1.DAT
2009-02-09 03:10 . 2009-03-11 18:46 2033152 ----a-w c:\windows\system32\win32k.sys
2008-01-21 02:43 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
2008-12-27 15:52 . 2008-12-27 15:52 8 --sha-r c:\windows\System32\1652F5EC3A.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-04-30_19.44.48 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2009-05-04 19:03 67658 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-12-18 11:36 . 2009-05-04 19:03 15786 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-184900894-92464173-4099346740-1003_UserData.bin
+ 2008-12-17 20:25 . 2009-05-04 19:41 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-12-17 20:25 . 2009-04-30 19:44 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-12-17 20:25 . 2009-05-04 19:41 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-12-17 20:25 . 2009-04-30 19:44 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-12-17 20:25 . 2009-05-04 19:41 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-12-17 20:25 . 2009-04-30 19:44 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-05-04 18:03 . 2009-05-04 18:04 3364 c:\windows\SoftwareDistribution\EventCache\{20B8B0AC-8123-4914-9C4B-4AC5C97AB58E}.bin
+ 2006-11-02 13:05 . 2009-05-04 19:03 127272 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-03-30 19:28 . 2009-05-04 11:04 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-03-30 19:28 . 2009-04-30 12:20 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3b419ee1-1fa8-47b9-9aec-6b60ac2e3fca}]
2009-03-19 18:02 1883672 ----a-w c:\program files\Torrents-Search-Engine\tbTor1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e41b29e5-88b5-40b1-903e-080e0f2c4b65}]
2008-08-20 21:03 1780248 ----a-w c:\program files\OTS_Software\tbOTS_.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2008-10-08 09:22 1172792 ----a-w c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3b419ee1-1fa8-47b9-9aec-6b60ac2e3fca}"= "c:\program files\Torrents-Search-Engine\tbTor1.dll" [2009-03-19 1883672]
"{e41b29e5-88b5-40b1-903e-080e0f2c4b65}"= "c:\program files\OTS_Software\tbOTS_.dll" [2008-08-20 1780248]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]

[HKEY_CLASSES_ROOT\clsid\{3b419ee1-1fa8-47b9-9aec-6b60ac2e3fca}]

[HKEY_CLASSES_ROOT\clsid\{e41b29e5-88b5-40b1-903e-080e0f2c4b65}]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3B419EE1-1FA8-47B9-9AEC-6B60AC2E3FCA}"= "c:\program files\Torrents-Search-Engine\tbTor1.dll" [2009-03-19 1883672]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]

[HKEY_CLASSES_ROOT\clsid\{3b419ee1-1fa8-47b9-9aec-6b60ac2e3fca}]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-22 39408]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2009-04-03 3558648]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-02-06 3325952]
"Google Update"="c:\users\FANIS\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-03-21 133104]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-03-23 1830128]
"msnmsgr"="~c:\program files\MSN Messenger\msnmsgr.exe" [BU]
"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2008-01-21 2153472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"InstantBurn"="c:\progra~1\CYBERL~1\INSTAN~1\Win2K\IBurn.exe" [2007-06-04 599600]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2008-05-16 91432]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2008-05-14 87336]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2008-02-22 62760]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"wcmdmgr"="c:\windows\wt\updater\wcmdmgrl.exe" [2003-09-22 20480]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2008-04-04 88584]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-12-20 2656528]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-11-02 167936]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13580832]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 92704]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-21 198160]
"APVXDWIN"="c:\program files\Panda Security\Panda Global Protection 2009\APVXDWIN.EXE" [2008-12-03 869632]
"SCANINICIO"="c:\program files\Panda Security\Panda Global Protection 2009\Inicio.exe" [2008-07-07 50432]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-03-05 111928]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-24 148888]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

c:\users\FANIS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
€§ζ©§©£ ¦ζ¤ ΅ „΅΅ε¤© «¦ OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 09:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{DDA9ED96-B000-4079-9232-FD77C40A8F24}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{0E967286-8965-492C-9B6A-C705538AC467}"= c:\program files\CyberLink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
"{72C873EE-450D-496A-95B7-4F224DC54488}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{0772D99B-1457-432F-91FA-EFC506534BAE}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{29A7FFBC-213F-4229-B0EE-38ED32EB8C07}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{7B7D38E6-7A7C-4B53-999B-84508B56CF67}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{B2B2EA7B-F8B2-4D91-A51B-041246B3555B}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{74B434D1-B9F1-4C6C-A0E2-05C09DF9DD8D}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{6C12DF74-9432-4ABA-8111-A6AC2F65F4A2}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{C1B73D2C-37E5-49E5-8DCC-BFA0D06AE1EF}c:\\program files\\roger wilco\\roger.exe"= UDP:c:\program files\roger wilco\roger.exe:roger
"UDP Query User{DA83CE61-FDB8-4AA8-9209-7A56FDDAEC84}c:\\program files\\roger wilco\\roger.exe"= TCP:c:\program files\roger wilco\roger.exe:roger
"{AEE3B0E9-CC83-41B3-B113-38F97BB412C7}"= UDP:c:\program files\GameSpy Arcade\Aphex.exe:GameSpy Arcade
"{849F4746-A35B-4628-B139-E880B6DE19D4}"= TCP:c:\program files\GameSpy Arcade\Aphex.exe:GameSpy Arcade
"{104B43BE-AAF7-4304-A4E9-8F416923A09A}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{A5F9789C-0B43-4A77-ACF8-0A00DB067C36}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{B4AA9D88-D6BF-4A4C-B4B2-BDBAFCF07092}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{4DAFFB77-3AFC-413D-AC6A-E390578B3FC8}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{A4298A50-604D-4330-853B-830D5B2C2968}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{F8CE72D9-2A86-4CE5-B2A3-3784B5312AD9}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{4332B6BC-8F50-4657-837A-DC8DC87ABAEC}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{E377B177-53AE-4219-8649-89AEC01310C2}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{9827EB6A-262F-4724-8E7B-D031826BE5E3}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"{8D389EEE-7565-4F75-B187-A39200317AE5}"= UDP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{2D1E47E5-9ABA-4C7B-AA24-8B44D1F2B7CD}"= TCP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{E2C941ED-A64D-4850-84FA-1E9069C4087E}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{D711C47B-9522-425D-9193-49EA5C7FD059}"= UDP:c:\windows\Temp\~osE0B0.tmp\ossproxy.exe:ossproxy.exe
"{BC8C52C3-EB62-41F2-9C29-DE7D34715B04}"= UDP:c:\program files\PremierOpinion\pmropn.exe:pmropn.exe
"{187AE422-DB9B-4E03-BFF3-A97E8E1690A7}"= TCP:c:\program files\PremierOpinion\pmropn.exe:pmropn.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R2 gupdate1c9bffd24bfdb1e;Google Update Service (gupdate1c9bffd24bfdb1e);c:\program files\Google\Update\GoogleUpdate.exe [2009-04-18 133104]
R3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-11-24 29263712]
S0 pavboot;Panda boot driver;c:\windows\system32\Drivers\pavboot.sys [2008-06-19 28544]
S1 APPFLT;App Filter Plugin;c:\windows\system32\Drivers\APPFLT.SYS [2008-06-25 73728]
S1 aswSP;avast! Self Protection; [x]
S1 CLBStor;InstantBurn Storage Helper Driver; [x]
S1 DSAFLT;DSA Filter Plugin;c:\windows\system32\Drivers\DSAFLT.SYS [2008-06-18 52992]
S1 FNETMON;NetMon Filter Plugin;c:\windows\system32\Drivers\fnetmon.SYS [2008-03-28 22072]
S1 IDSFLT;Ids Filter Plugin;c:\windows\system32\Drivers\IDSFLT.SYS [2008-06-18 193792]
S1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\Drivers\NETFLTDI.SYS [2008-07-11 11:58 158848]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-03-23 9968]
S1 ShldDrv;Panda File Shield Driver;c:\windows\system32\DRIVERS\ShlDrv51.sys [2008-03-04 41144]
S1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\Drivers\WNMFLT.SYS [2008-06-18 46720]
S2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};c:\program files\CyberLink\PowerDVD\000.fcl [2008-05-16 15:29 61424]
S2 AmFSM;AmFSM;c:\windows\system32\DRIVERS\amm8660.sys [2008-02-13 49208]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-02-05 51792]
S2 BcmSqlStartupSvc;Υπηρεσία εκκίνησης του Business Contact Manager SQL Server;c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-16 30312]
S2 CLBUDF;CyberLink InstantBurn UDF Filesystem; [x]
S2 ComFiltr;Panda Anti-Dialer;c:\windows\system32\DRIVERS\COMFiltr.sys [2009-04-18 13880]
S2 Gwmsrv;Panda Goodware Cache Manager; [x]
S2 PavProc;Panda Process Protection Driver;c:\windows\system32\DRIVERS\PavProc.sys [2008-02-07 179640]
S2 PskSvcRetail;Panda PSK service;c:\program files\Panda Security\Panda Global Protection 2009\PskSvc.exe [2008-06-25 28928]
S2 WMDrive;WMDrive;c:\windows\system32\drivers\WMDrive.sys [2009-01-24 37376]
S3 AvFlt;Antivirus Filter Driver; [x]
S3 NETIMFLT01060034;PANDA NDIS IM Filter Miniport v1.6.0.34;c:\windows\system32\DRIVERS\neti1634.sys [2008-06-26 197888]
S3 PavSRK.sys;PavSRK.sys; [x]
S3 PavTPK.sys;PavTPK.sys; [x]

--- Other Services/Drivers In Memory ---

*Deregistered* - AvFlt
*Deregistered* - PavSRK.sys
*Deregistered* - PavTPK.sys
*Deregistered* - sptd

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
panda REG_MULTI_SZ Gwmsrv

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-05-04 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-18 08:10]

2009-04-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-184900894-92464173-4099346740-1003.job
- c:\users\FANIS\AppData\Local\Google\Update\GoogleUpdate.exe [2009-03-21 15:03]

2009-05-04 c:\windows\Tasks\User_Feed_Synchronization-{783C9D9A-F3FC-451E-949D-131C83ECDEAC}.job
- c:\windows\system32\msfeedssync.exe [2009-03-30 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.gr/
mStart Page = hxxp://home.sweetim.com
uInternet Settings,ProxyOverride = *.local
IE: E&ξαγωγή στο Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-04 22:42
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(10204)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\program files\Panda Security\Panda Global Protection 2009\pavoepl.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\program files\Panda Security\Panda Global Protection 2009\TPSrv.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Panda Security\Panda Global Protection 2009\PsCtrlS.exe
c:\program files\Panda Security\Panda Global Protection 2009\PavFnSvr.exe
c:\program files\Common Files\Panda Security\PavShld\PavPrSrv.exe
c:\program files\Panda Security\Panda Global Protection 2009\pavsrvx86.exe
c:\program files\Panda Security\Panda Global Protection 2009\PsImSvc.exe
c:\program files\Panda Security\Panda Global Protection 2009\AVENGINE.EXE
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Panda Security\Panda Global Protection 2009\FIREWALL\PSHost.exe
c:\program files\Panda Security\Panda Global Protection 2009\SrvLoad.exe
c:\program files\Panda Security\Panda Global Protection 2009\PavBckPT.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\System32\conime.exe
c:\program files\CyberLink\InstantBurn\Win2K\IBurn.exe
c:\windows\System32\rundll32.exe
c:\program files\Alwil Software\Avast4\ashDisp.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\windows\System32\msiexec.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\MSN Messenger\usnsvc.exe
.
**************************************************************************
.
Completion time: 2009-05-04 22:46 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-04 19:46
ComboFix2.txt 2009-04-30 19:49

Pre-Run: 20 Κατάλογοι 210.286.956.544 διαθέσιμα byte
Post-Run: 20 Κατάλογοι 209.967.407.104 διαθέσιμα byte

404 --- E O F --- 2009-05-04 18:02

by **patrik** » Wed May 06, 2009 5:20 am

Combofix log look ok. How is your computer working now ?

by **FUNBASKETFUN** » Wed May 06, 2009 6:19 am

Computer still NOT ok.

Booting in safe mode first and then normally.

If I boot nornally 70% is throwing this blue screen "dumping memory to disc" and then rebooting in safe mode.

Last night I could open internet but google page could not open(unless there was a problem with their site -most unlikely).Also with veoh tv i couldnt open some tv series.
I need to check again today as now i am posting my reply from work.

ONLY SUPERANTISPYWARE & MALWAREBYTES seem to find the DNA CHANGER TROJAN .but could not delete them.
Unless THIS IS SOME TRICK TO BUY THEM!!! (faulse possitive)

IF THERE IS NO OTHER SOLUTION could you pls send me instructions for formating VISTA with partitioning.
I read in a magazine that i need to back up (apart from my files) drivers ALSO.
BUT I DONT KNOW HOW. or HOW TO RELOAD THEM AFTERWARDS.

Many thanks

My Anti Spyware

Dns changer trojan + win32.sober TROJAN(IN VISTA OS)

Dns changer trojan + win32.sober TROJAN(IN VISTA OS)

Re: Dns changer trojan + win32.sober TROJAN(IN VISTA OS)

Re: Dns changer trojan + win32.sober TROJAN(IN VISTA OS)

Re: Dns changer trojan + win32.sober TROJAN(IN VISTA OS)

Re: Dns changer trojan + win32.sober TROJAN(IN VISTA OS)

Re: Dns changer trojan + win32.sober TROJAN(IN VISTA OS)

Re: Dns changer trojan + win32.sober TROJAN(IN VISTA OS)

Re: Dns changer trojan + win32.sober TROJAN(IN VISTA OS)

Re: Dns changer trojan + win32.sober TROJAN(IN VISTA OS)

Re: Dns changer trojan + win32.sober TROJAN(IN VISTA OS)

Re: Dns changer trojan + win32.sober TROJAN(IN VISTA OS)

Re: Dns changer trojan + win32.sober TROJAN(IN VISTA OS)

Re: Dns changer trojan + win32.sober TROJAN(IN VISTA OS)

Re: Dns changer trojan + win32.sober TROJAN(IN VISTA OS)

Re: Dns changer trojan + win32.sober TROJAN(IN VISTA OS)

Who is online