Solved win32.backdoor.ciadoor problem!

[Resolved]win32.backdoor.ciadoor problem!

Hi!!! Newbie here!!!
My problem is relevant with the one described here:

http://www.windowsbbs.com/showthread.php?p=341329#post341329

But..... although Ad-aware finds it, there has been no other problems (like deactivation of task manager or regedit) except maybe that my pc has slowed down.... I also tried to remove it, but it was back... I've ran HijackThis (after "removing" the trojan with ad-aware) and didn't find anything relevant with scvhost. I also searched system32 and then WINDOWS and then My documents, but didn't find scvhost.exe either.... I really don't know what to do, it's the first time something like that comes up and I have no experience regarding viruses and spyware etc.

Any help is deeply appreciated....


Here's my Hijack log:

Logfile of HijackThis v1.99.1
Scan saved at 5:39:34 μμ, on 11/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Power Manager\PM.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Crypto\AccessRunner ADSL\CnxDslTb.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\WINDOWS\V0250Mon.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Webshots\WebshotsTray.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\hijackthis_199\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Συνδέσεις
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {E14DCE67-8FB7-4721-8149-179BAA4D792C} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe "
O4 - HKLM\..\Run: [PowerManager] C:\Program Files\Power Manager\PM.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\Crypto\AccessRunner ADSL\CnxDslTb.exe "
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [V0250Mon.exe] C:\WINDOWS\V0250Mon.exe
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe "
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Live! Cam Manager] C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe "
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O8 - Extra context menu item: Ε&ξαγωγή στο Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Έρευνα - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

 

Thank you for your quick response So, I downloaded these two programs... Here's the main.txt:



Deckard's System Scanner v20071014.68
Run by demo on 2007-12-11 18:57:16
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
51: 2007-12-11 16:57:22 UTC - RP248 - Deckard's System Scanner Restore Point
50: 2007-12-06 20:20:52 UTC - RP247 - Σημείο ελέγχου συστήματος
49: 2007-12-02 17:34:53 UTC - RP246 - Σημείο ελέγχου συστήματος
48: 2007-11-30 19:43:03 UTC - RP245 - Σημείο ελέγχου συστήματος
47: 2007-11-28 17:00:30 UTC - RP244 - Σημείο ελέγχου συστήματος


-- First Restore Point --
1: 2007-09-08 22:43:11 UTC - RP198 - Σημείο ελέγχου συστήματος


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as demo.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:59:17 μμ, on 11/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Crypto\AccessRunner ADSL\CnxDslTb.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\WINDOWS\V0250Mon.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\demo\Επιφάνεια εργασίας\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\demo.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Συνδέσεις
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {E14DCE67-8FB7-4721-8149-179BAA4D792C} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe "
O4 - HKLM\..\Run: [PowerManager] C:\Program Files\Power Manager\PM.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\Crypto\AccessRunner ADSL\CnxDslTb.exe "
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [V0250Mon.exe] C:\WINDOWS\V0250Mon.exe
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe "
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Live! Cam Manager] C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe "
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O8 - Extra context menu item: Ε&ξαγωγή στο Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Έρευνα - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

--
End of file - 9042 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 Teefer (Teefer for NT) - c:\windows\system32\drivers\teefer.sys <Not Verified; Sygate Technologies, Inc.; Sygate Teefer Driver>
R1 wpsdrvnt - c:\windows\system32\drivers\wpsdrvnt.sys <Not Verified; Sygate Technologies, Inc.; wpsdrvnt>
R3 CnxEtP (Crypto F200 USB ADSL WAN Adapter Filter Driver) - c:\windows\system32\drivers\cnxetp.sys <Not Verified; Conexant; Conexant USB ADSL Modem>
R3 CnxEtU (Crypto F200 USB ADSL Interface Device Driver) - c:\windows\system32\drivers\cnxetu.sys <Not Verified; Conexant; Conexant USB ADSL Modem>
R3 CnxTgN (Crypto F200 USB ADSL WAN Adapter Driver) - c:\windows\system32\drivers\cnxtgn.sys <Not Verified; Conexant Systems Inc.; Conexant AccessRunner ADSL>

S2 npkcrypt - c:\fun files\games\maplestory\npkcrypt.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R3 NMIndexingService - "c:\program files\common files\ahead\lib\nmindexingservice.exe" <Not Verified; Nero AG; Nero Home>

S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe
S4 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2007-11-11 and 2007-12-11 -----------------------------

2007-12-11 18:40:02 0 d-------- C:\Program Files\Trend Micro
2007-12-11 15:36:23 0 d-------- C:\hijackthis_199
2007-12-08 23:24:38 0 d-------- C:\Program Files\Microsoft Games
2007-12-06 20:14:51 0 d-------- C:\Documents and Settings\demo\Application Data\Aveyond II
2007-12-06 20:13:50 0 d-------- C:\Program Files\Aveyond 2
2007-11-24 15:00:13 0 d-------- C:\Program Files\Lavasoft
2007-11-24 15:00:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-24 14:34:36 0 d-------- C:\Program Files\Spyware Doctor
2007-11-24 14:34:36 0 d-------- C:\Documents and Settings\demo\Application Data\PC Tools
2007-11-20 19:47:11 0 d-------- C:\Program Files\Western Digital Technologies


-- Find3M Report ---------------------------------------------------------------

2007-12-11 15:01:07 0 d-------- C:\Documents and Settings\demo\Application Data\AVG7
2007-12-07 09:42:01 0 d-------- C:\Documents and Settings\demo\Application Data\uTorrent
2007-11-24 14:58:36 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-24 14:36:43 506234 --a------ C:\WINDOWS\system32\perfh008.dat
2007-11-24 14:36:43 86116 --a------ C:\WINDOWS\system32\perfc008.dat
2007-11-08 22:08:39 0 d-------- C:\Program Files\Monkey's Audio
2007-10-31 00:57:08 0 d-------- C:\Program Files\Winamp


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E14DCE67-8FB7-4721-8149-179BAA4D792C}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [14/03/2007 02:43 §£]
"PowerManager "= "C:\Program Files\Power Manager\PM.exe" [30/03/2005 03:07 ££]
"IgfxTray "= "C:\WINDOWS\system32\igfxtray.exe" [08/02/2005 04:36 §£]
"HotKeysCmds "= "C:\WINDOWS\system32\hkcmd.exe" [08/02/2005 04:32 §£]
"SoundMan "= "SOUNDMAN.EXE" [20/01/2005 02:04 ££ C:\WINDOWS\SOUNDMAN.EXE]
"AGRSMMSG "= "AGRSMMSG.exe" [22/07/2004 07:38 §£ C:\WINDOWS\AGRSMMSG.exe]
"Apoint "= "C:\Program Files\Apoint2K\Apoint.exe" [05/12/2003 07:22 §£]
"NeroFilterCheck "= "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [12/01/2006 03:40 ££]
"CnxDslTaskBar "= "C:\Program Files\Crypto\AccessRunner ADSL\CnxDslTb.exe" [22/04/2004 10:04 §£]
"AVG7_CC "= "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [02/11/2007 08:51 §£]
"SmcService "= "C:\PROGRA~1\Sygate\SPF\smc.exe" [30/06/2004 04:56 ££]
"TkBellExe "= "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [25/01/2007 10:03 ££]
"AVFX Engine "= "C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [09/06/2006 01:11 §£]
"V0250Mon.exe "= "C:\WINDOWS\V0250Mon.exe" [07/06/2006 07:00 ££]
"CTRegRun "= "C:\WINDOWS\CTRegRun.EXE" [10/10/1999 07:00 ££]
"SsAAD.exe "= "C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [07/01/2006 02:36 §£]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2} "= "C:\Program Files\Google\Gmail Notifier\gnotify.exe" [15/07/2005 11:48 ££]
"Adobe Reader Speed Launcher "= "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/05/2007 02:06 §£]
"QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [11/08/2007 07:59 ££]
"SDTray "= "C:\Program Files\Spyware Doctor\SDTrayApp.exe" [02/11/2007 05:24 ££]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE "= "C:\WINDOWS\system32\ctfmon.exe" [07/09/2004 02:00 ££]
"Creative Live! Cam Manager "= "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [31/05/2006 04:00 ££]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} "= "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [15/01/2007 04:14 ££]

C:\Documents and Settings\demo\Start Menu\¨¦Å¡¨α££Ëœ«Ëœ\„΅΅ε¤Å¾©Å¾\
Webshots.lnk - C:\Program Files\Webshots\WebshotsTray.exe [9/1/2007 6:22:59 ££]

C:\Documents and Settings\All Users\Start Menu\¨¦Å¡¨α££Ëœ«Ëœ\„΅΅ε¤Å¾©Å¾\
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [11/8/2007 8:00:20 ££]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice "




-- End of Deckard's System Scanner: finished at 2007-12-11 19:00:06 ------------

 

Hi SmeLLiTSa
Welcome to Windowsbbs.

Having p2p file sharing apps such as Limewire, BitTorrent, uTorrent etc.. is almost like inviting malware into your computer. There is absolutely no way for you to know which of the hundreds of thousands of users you are sharing files with are infected or not.
I strongly recommend removing any P2P applications.



I'm not really seeing anything in those logs, So lets do this.

Please go HERE to run Panda's ActiveScan

• Once you are on the Panda site click the Scan your PC button
• A new window will open...click the Check Now button
• Enter your Country
• Enter your State/Province
• Enter your e-mail address and click send
• Select either Home User or Company
• Click the big Scan Now button
• If it wants to install an ActiveX component allow it
• It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
• When download is complete, click on My Computer to start the scan
• When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

Thanks
Geri

 

Hi!!!
Thanks for the interest, I really appreciate it!!
I do have uTorrent (haven't used it the last 3-4 days though), but I don't know when or how I cought the trojan... I only recently (a week or so ago) installed ad-aware and found the trojan with the first scan.... Shame on me...
Anyway, here's the report:



Incident Status Location

Adware:adware/wupd Not disinfected Windows Registry
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\demo\Application Data\Mozilla\Firefox\Profiles\ihlz5o5e.default\cookies.txt[.toplist.cz/]
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\demo\Application Data\Mozilla\Firefox\Profiles\ihlz5o5e.default\cookies.txt[.888.com/]
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\demo\Cookies\demo@888[2].txt




When I did the above scan, I had already scanned my PC 2 times with Ad-aware (once before and once after getting connected to the internet) without finding the trojan. I thought it was odd. After the Panda Scan, I scanned with Ad-aware for the third time and I found and "removed" the trojan. But I also visited a bunch of websites (yahoo, facebook, a forum etc). Anyway, I just re-did the Panda scan and I got the same results (I think):



Incident Status Location

Adware:adware/wupd Not disinfected Windows Registry
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\demo\Application Data\Mozilla\Firefox\Profiles\ihlz5o5e.default\cookies.txt[.toplist.cz/]
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\demo\Application Data\Mozilla\Firefox\Profiles\ihlz5o5e.default\cookies.txt[.888.com/]
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\demo\Cookies\demo@888[2].txt

 

Hi SmeLLiTSa
OK, Well it's just not showing up.

Can you give me a file path for it?
Open AdAware and look in the quarantine section for a file path.

Thanks
Geri

 

Hi!!!!!!!
I have a question..... I went to Ad-aware, but at quarantine&ignore there is nothing.... I usually just remove the trojan, I don't quarantine it first.... But I just ran another scan and found the trojan (again) so, should I quarantine it and then remove it or just quarantine it??
Oh, and another question.... I also installed Ad-watch, and it found some events at the regshield and it says it is regchange.... what does that mean?? it's found 24 so far.....
And another one.... at the reports I posted above, what is the first "threat" that came up? Something about a windows registry.... I have no idea what that means...
Thanx for all the help, and sorry for all the questions.....
Oh, and I must admit that it bothered me that there were no "symptoms" of the trojan, like the other member of the forum..... Don't know if it's a good thing or not....





I took a look at the log of ad-aware.... by path, do u mean that:

Infections Found
===========================
Family Id: 806 Name: Win32.Backdoor.CiaDoor Category: Malware TAI:8
Item Id: 300031910 Value: Root: HKU Path: S-1-5-21-1644491937-839522115-1343024091-1004\software\microsoft\windows\currentversion\ext\stats\{e14dce67-8fb7-4721-8149-179baa4d792c}

 

Hi SmeLLiTSa

It's safest to quaranitne anything it finds first. then after a couple days of using your computer and there is no problems or error messages, then go in and delete/remove them.
They are no threat when in a quarantine folder.

I wish I could help you out here, but I have never used Ad-Watch, I'll see if I can find someone that uses it and have them post in here.

It is AdWare, displays advertisements, If I can locate a registry path for it we'll delete it.

OK. Now lets do this.

Open "NotePad" Copy the contents of the quote box below to the blank NotePad.
Click "File" > "Save as "
In the "Save In" box at the top click the down arrow and select DeskTop

In the "File name" type in: fix.reg
In the "Save As Type" select: All Files
Once saved, Go to your desktop double click "fix.reg file" and let it merge with the registry.

Code:

REGEDIT4

[-HKEY_CURRENT_USER\S-1-5-21-1644491937-839522115-1343024091-1004\software\microsoft\windows\currentversion\ext\stats\{e14dce67-8fb7-4721-8149-179baa4d792c}]

Let me know if Ad-Aware still shows it, and I'll see if I can't find a path for the adware.

Thanks
Geri

 

Hi! I did what you said, I rebooted my pc, but it still shows it.....

Infections Found
===========================
Family Id: 806 Name: Win32.Backdoor.CiaDoor Category: Malware TAI:8
Item Id: 300031910 Value: Root: HKU Path: S-1-5-21-1644491937-839522115-1343024091-1004\software\microsoft\windows\currentversion\ext\stats\{e14dce67-8fb7-4721-8149-179baa4d792c}


I quarantined it as well....

 

Hi
OK lets try it this way.
Delete the first file you made from your desktop.

Open "NotePad" Copy the contents of the quote box below to the blank NotePad.
Click "File" > "Save as "
In the "Save In" box at the top click the down arrow and select DeskTop

In the "File name" type in: fix.reg
In the "Save As Type" select: All Files
Once saved, Go to your desktop double click "fix.reg file" and let it merge with the registry.

Code:

REGEDIT4

[-HKEY_USER\S-1-5-21-1644491937-839522115-1343024091-1004\software\microsoft\windows\currentversion\ext\stats\{e14dce67-8fb7-4721-8149-179baa4d792c}]

Let me know.
Geri

 

Nope.... still finds it....
Thanks so much for all your concern and help....
Here's the log:


Infections Found
===========================
Family Id: 806 Name: Win32.Backdoor.CiaDoor Category: Malware TAI:8
Item Id: 300031910 Value: Root: HKU Path: S-1-5-21-1644491937-839522115-1343024091-1004\software\microsoft\windows\currentversion\ext\stats\{e14dce67-8fb7-4721-8149-179baa4d792c}

 

Hi SmeLLiTSa
Ok, Here's what we're gonna do.

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
• Instead of Windows loading as normal, the Advanced Options Menu should appear;
• Select the first option, to run Windows in Safe Mode, then press Enter.
• Choose your usual account.

• Open the extracted SDFix folder and double click RunThis.bat to start the script.
• Type Y to begin the cleanup process.
• It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
• When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
• Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
  (Report.txt will also be copied to Clipboard ready for posting back on the forum).
• Finally paste the contents of the C:\Report.txt

Please re-open HiJackThis and scan only. Check the boxes next to all the entries listed below.

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {E14DCE67-8FB7-4721-8149-179BAA4D792C} - (no file)

Now close all windows other than HiJackThis, then click Fix Checked.

Close HJT.

Please reboot your computer.

Post the SDFix log and a new HJT log.
Also check to see if it still shows up on a Ad-Aware scan.

Now about Ad-Watch, here is what TeMerc had to say.
It's a pretty powerful\annoying real time monitor. I've noticed in the latest versions, 2007, that many users are totally disabling it. It does do a nice job, but a little too intrusive at times and confusing. It will ask about every little change to the system.

Also Please do this. so I can see a uninstall list.

To get an Uninstall List from HijackThis:

• Open HijackThis, click Config, click Misc Tools
• Click "Open Uninstall Manager "
• Click "Save List" (generates uninstall_list.txt)
• Click Save, copy and paste the results in your next post.

Thanks
Geri

 

Hello..... So.... I did all that... but it still comes up at the Ad-aware scan.... ARGHHHH!!!!!!!

So, here's the SDFix report:


SDFix: Version 1.118

Run by demo on ?¨ 14/12/2007 at 04:19 ££

Microsoft Windows XP [e?›¦©z 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

No Trojan Files Found





Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-14 16:25:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

IPC error: 2 Aai a?iae aoiao? c aynaoc oio eaeineoiYiio an?a?io a?u oi oyoocia.
scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions]
"\xa0\3\x391\3\x38f\3\x393\3\xb1\3\x391\3\x38c\3\x38f\3\xb3\3\xad\3\xb1\3\x392\3 ?\x384\3\x389\3\x38a\3\x394\3\x39d\3\x38f\3\x395\3 ?1?3?9?4? "=str(7): "1\0 "
"\x2018\3\x393\3\x39d\3\xb3\3\x397\3\x391\3\x38f\3\xbd\3\x38f\3\x392\3 ?\x390\3\x391\3\x38f\3\x393\3\xb1\3\x391\3\x38c\3\x38f\3\xb3\3\xad\3\xb1\3\x392\3 ?R?A?S? "=str(7): "1\0 "
"\x2018\3\x390\3\xb5\3\x395\3\x388\3\xb5\3\x2015\3\xb1\3\x392\3 ?\x390\3\xb1\3\x391\3\xac\3\xbb\3\xbb\3\xb7\3\xbb\3\xb7\3 "=str(7): "1\0 "
"\xa0\3\xb1\3\x38a\3\xad\3\x394\3\x38f\3 ?\x397\3\x391\3\x38f\3\xbd\3\x38f\3\x384\3\x389\3\xb1\3\xb3\3\x391\3\xac\3\x38c\3\x38c\3\xb1\3\x394\3\x38f\3\x392\3 ?M?i?n?i?p?o?r?t? "=str(7): "1\0002\0003\0 "
"\xa3\3\x39d\3\xbd\3\x384\3\xb5\3\x393\3\xb7\3 ?\x394\3\xb7\3\xbb\3\xb5\3\x39c\3\x391\3\xb1\3\x393\3\xb7\3\x392\3/?\xb2\3\x2015\3\xbd\3\x394\3\xb5\3\x38f\3 ?\x394\3\xb7\3\x392\3 ?M?i?c?r?o?s?o?f?t? "=str(7): "1\0 "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\\xa5\3\x390\3\xb7\3\x391\3\xb5\3\x393\3\x2015\3\xb1\3 ]
"EventMessageFile "=str(2): "%SystemRoot%\System32\NTMSEVT.DLL "
"TypesSupported "=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions]
"\xa0\3\x391\3\x38f\3\x393\3\xb1\3\x391\3\x38c\3\x38f\3\xb3\3\xad\3\xb1\3\x392\3 ?\x384\3\x389\3\x38a\3\x394\3\x39d\3\x38f\3\x395\3 ?1?3?9?4? "=str(7): "1\0 "
"\x2018\3\x393\3\x39d\3\xb3\3\x397\3\x391\3\x38f\3\xbd\3\x38f\3\x392\3 ?\x390\3\x391\3\x38f\3\x393\3\xb1\3\x391\3\x38c\3\x38f\3\xb3\3\xad\3\xb1\3\x392\3 ?R?A?S? "=str(7): "1\0 "
"\x2018\3\x390\3\xb5\3\x395\3\x388\3\xb5\3\x2015\3\xb1\3\x392\3 ?\x390\3\xb1\3\x391\3\xac\3\xbb\3\xbb\3\xb7\3\xbb\3\xb7\3 "=str(7): "1\0 "
"\xa0\3\xb1\3\x38a\3\xad\3\x394\3\x38f\3 ?\x397\3\x391\3\x38f\3\xbd\3\x38f\3\x384\3\x389\3\xb1\3\xb3\3\x391\3\xac\3\x38c\3\x38c\3\xb1\3\x394\3\x38f\3\x392\3 ?M?i?n?i?p?o?r?t? "=str(7): "1\0002\0003\0 "
"\xa3\3\x39d\3\xbd\3\x384\3\xb5\3\x393\3\xb7\3 ?\x394\3\xb7\3\xbb\3\xb5\3\x39c\3\x391\3\xb1\3\x393\3\xb7\3\x392\3/?\xb2\3\x2015\3\xbd\3\x394\3\xb5\3\x38f\3 ?\x394\3\xb7\3\x392\3 ?M?i?c?r?o?s?o?f?t? "=str(7): "1\0 "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\\xa5\3\x390\3\xb7\3\x391\3\xb5\3\x393\3\x2015\3\xb1\3 ]
"EventMessageFile "=str(2): "%SystemRoot%\System32\NTMSEVT.DLL "
"TypesSupported "=dword:00000007

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes]
"\xa0\3\x391\3\x38f\3\xb5\3\x390\3\x389\3\xbb\3\xb5\3\xb3\3\x38c\3\xad\3\xbd\3\xb1\3 ?W?i?n?d?o?w?s? "=" ",,,,,,,,,,,,," "
"\x9a\3\x389\3\xbd\3\x38f\3\x39d\3\x38c\3\xb5\3\xbd\3\xb1\3 ?W?i?n?d?o?w?s? "=" "C:\WINDOWS\Cursors\rainbow.ani,,C:\WINDOWS\Cursors\appstart.ani,C:\WINDOWS\Cursors\hourglas.ani,C:\WINDOWS\Cursors\cross.cur,,,,C:\WINDOWS\Cursors\sizens.ani,C:\WINDOWS\Cursors\sizewe.ani,C:\WINDOWS\Cursors\sizenwse.ani,C:\WINDOWS\Cursors\sizenesw.ani,," "
"\x2020\3\x393\3\x390\3\x391\3\x38f\3 ?3?\x201d\3 "=" "C:\WINDOWS\Cursors\3dwarro.cur,,C:\WINDOWS\Cursors\appstar3.ani,C:\WINDOWS\Cursors\hourgla3.ani,C:\WINDOWS\Cursors\cross.cur,,,C:\WINDOWS\Cursors\3dwno.cur,C:\WINDOWS\Cursors\3dwns.cur,C:\WINDOWS\Cursors\3dwwe.cur,C:\WINDOWS\Cursors\3dwnwse.cur,C:\WINDOWS\Cursors\3dwnesw.cur,C:\WINDOWS\Cursors\3dwmove.cur," "
"\xa7\3\xad\3\x391\3\x389\3\xb1\3 ?1? "=" "C:\WINDOWS\Cursors\harrow.cur,,C:\WINDOWS\Cursors\handapst.ani,C:\WINDOWS\Cursors\hand.ani,C:\WINDOWS\Cursors\hcross.cur,C:\WINDOWS\Cursors\hibeam.cur,,C:\WINDOWS\Cursors\hnodrop.cur,C:\WINDOWS\Cursors\hns.cur,C:\WINDOWS\Cursors\hwe.cur,C:\WINDOWS\Cursors\hnwse.cur,C:\WINDOWS\Cursors\hnesw.cur,C:\WINDOWS\Cursors\hmove.cur," "
"\xa7\3\xad\3\x391\3\x389\3\xb1\3 ?2? "=" "C:\WINDOWS\Cursors\harrow.cur,,C:\WINDOWS\Cursors\handapst.ani,C:\WINDOWS\Cursors\handwait.ani,C:\WINDOWS\Cursors\hcross.cur,C:\WINDOWS\Cursors\hibeam.cur,,C:\WINDOWS\Cursors\handno.ani,C:\WINDOWS\Cursors\handns.ani,C:\WINDOWS\Cursors\handwe.ani,C:\WINDOWS\Cursors\handnwse.ani,C:\WINDOWS\Cursors\handnesw.ani,C:\WINDOWS\Cursors\hmove.cur," "
"\x201d\3\xb5\3\x389\3\xbd\3\x39c\3\x393\3\xb1\3\x395\3\x391\3\x38f\3\x392\3 "=" "C:\WINDOWS\Cursors\3dgarro.cur,,C:\WINDOWS\Cursors\dinosaur.ani,C:\WINDOWS\Cursors\dinosau2.ani,C:\WINDOWS\Cursors\cross.cur,,,C:\WINDOWS\Cursors\banana.ani,C:\WINDOWS\Cursors\3dsns.cur,C:\WINDOWS\Cursors\3dgwe.cur,C:\WINDOWS\Cursors\3dsnwse.cur,C:\WINDOWS\Cursors\3dgnesw.cur,C:\WINDOWS\Cursors\3dsmove.cur," "
"\xa0\3\x391\3\x38f\3\xb7\3\xb3\3\x38f\3\x39d\3\x38c\3\xb5\3\xbd\3\x38f\3 ?\x38c\3\x38f\3\xbd\3\x394\3\xad\3\xbb\3\x38f\3 "=" "C:\WINDOWS\Cursors\harrow.cur,,C:\WINDOWS\Cursors\horse.ani,C:\WINDOWS\Cursors\barber.ani,C:\WINDOWS\Cursors\hcross.cur,C:\WINDOWS\Cursors\hibeam.cur,,C:\WINDOWS\Cursors\coin.ani,C:\WINDOWS\Cursors\3dgns.cur,C:\WINDOWS\Cursors\3dgwe.cur,C:\WINDOWS\Cursors\3dgnwse.cur,C:\WINDOWS\Cursors\3dgnesw.cur,C:\WINDOWS\Cursors\3dgmove.cur," "
"\xa3\3\x39d\3\xbd\3\x388\3\xb5\3\x393\3\xb7\3 "=" "C:\WINDOWS\Cursors\harrow.cur,,C:\WINDOWS\Cursors\drum.ani,C:\WINDOWS\Cursors\metronom.ani,C:\WINDOWS\Cursors\hcross.cur,C:\WINDOWS\Cursors\hibeam.cur,,C:\WINDOWS\Cursors\piano.ani,C:\WINDOWS\Cursors\hns.cur,C:\WINDOWS\Cursors\hwe.cur,C:\WINDOWS\Cursors\hnwse.cur,C:\WINDOWS\Cursors\hnesw.cur,C:\WINDOWS\Cursors\hmove.cur," "
"\x9c\3\xb5\3\xb3\3\xad\3\x388\3\x395\3\xbd\3\x393\3\xb7\3 "=" "C:\WINDOWS\Cursors\larrow.cur,,C:\WINDOWS\Cursors\lappstrt.cur,C:\WINDOWS\Cursors\lwait.cur,C:\WINDOWS\Cursors\lcross.cur,C:\WINDOWS\Cursors\libeam.cur,,C:\WINDOWS\Cursors\lnodrop.cur,C:\WINDOWS\Cursors\lns.cur,C:\WINDOWS\Cursors\lwe.cur,C:\WINDOWS\Cursors\lnwse.cur,C:\WINDOWS\Cursors\lnesw.cur,C:\WINDOWS\Cursors\lmove.cur," "
"\xa0\3\xb1\3\x391\3\xb1\3\xbb\3\xbb\3\xb1\3\xb3\3\xad\3\x392\3 "=" "C:\WINDOWS\Cursors\fillitup.ani,,C:\WINDOWS\Cursors\raindrop.ani,C:\WINDOWS\Cursors\counter.ani,C:\WINDOWS\Cursors\cross.cur,,,C:\WINDOWS\Cursors\wagtail.ani,C:\WINDOWS\Cursors\sizens.ani,C:\WINDOWS\Cursors\sizewe.ani,C:\WINDOWS\Cursors\sizenwse.ani,C:\WINDOWS\Cursors\sizenesw.ani," "
"\x9c\3\x390\3\x391\3\x38f\3\x39d\3\x394\3\xb6\3\x389\3\xbd\3\x38f\3 ?3?\x201d\3 "=" "C:\WINDOWS\Cursors\3dgarro.cur,,C:\WINDOWS\Cursors\appstar2.ani,C:\WINDOWS\Cursors\hourgla2.ani,C:\WINDOWS\Cursors\cross.cur,,,C:\WINDOWS\Cursors\3dgno.cur,C:\WINDOWS\Cursors\3dgns.cur,C:\WINDOWS\Cursors\3dgwe.cur,C:\WINDOWS\Cursors\3dgnwse.cur,C:\WINDOWS\Cursors\3dgnesw.cur,C:\WINDOWS\Cursors\3dgmove.cur," "
"\x9c\3\xb1\3\x39d\3\x391\3\xb1\3 ?W?i?n?d?o?w?s? ? "= "C:\WINDOWS\cursors\arrow_r.cur,C:\WINDOWS\cursors\help_r.cur,C:\WINDOWS\cursors\wait_r.cur,C:\WINDOWS\cursors\busy_r.cur,C:\WINDOWS\cursors\cross_r.cur,C:\WINDOWS\cursors\beam_r.cur,C:\WINDOWS\cursors\pen_r.cur,C:\WINDOWS\cursors\no_r.cur,C:\WINDOWS\cursors\size4_r.cur,C:\WINDOWS\cursors\size3_r.cur,C:\WINDOWS\cursors\size2_r.cur,C:\WINDOWS\cursors\size1_r.cur,C:\WINDOWS\cursors\move_r.cur,C:\WINDOWS\cursors\up_r.cur "
"\x9c\3\xb1\3\x39d\3\x391\3\xb1\3 ?W?i?n?d?o?w?s? ?(?\x38c\3\xb5\3\xb3\3\xac\3\xbb\3\xb1\3)? "= "C:\WINDOWS\cursors\arrow_rm.cur,C:\WINDOWS\cursors\help_rm.cur,C:\WINDOWS\cursors\wait_rm.cur,C:\WINDOWS\cursors\busy_rm.cur,C:\WINDOWS\cursors\cross_rm.cur,C:\WINDOWS\cursors\beam_rm.cur,C:\WINDOWS\cursors\pen_rm.cur,C:\WINDOWS\cursors\no_rm.cur,C:\WINDOWS\cursors\size4_rm.cur,C:\WINDOWS\cursors\size3_rm.cur,C:\WINDOWS\cursors\size2_rm.cur,C:\WINDOWS\cursors\size1_rm.cur,C:\WINDOWS\cursors\move_rm.cur,C:\WINDOWS\cursors\up_rm.cur "
"\x9c\3\xb1\3\x39d\3\x391\3\xb1\3 ?W?i?n?d?o?w?s? ?(?\x390\3\x38f\3\xbb\3\x39d\3 ?\x38c\3\xb5\3\xb3\3\xac\3\xbb\3\xb1\3)? "= "C:\WINDOWS\cursors\arrow_rl.cur,C:\WINDOWS\cursors\help_rl.cur,C:\WINDOWS\cursors\wait_rl.cur,C:\WINDOWS\cursors\busy_rl.cur,C:\WINDOWS\cursors\cross_rl.cur,C:\WINDOWS\cursors\beam_rl.cur,C:\WINDOWS\cursors\pen_rl.cur,C:\WINDOWS\cursors\no_rl.cur,C:\WINDOWS\cursors\size4_rl.cur,C:\WINDOWS\cursors\size3_rl.cur,C:\WINDOWS\cursors\size2_rl.cur,C:\WINDOWS\cursors\size1_rl.cur,C:\WINDOWS\cursors\move_rl.cur,C:\WINDOWS\cursors\up_rl.cur "
"\x2018\3\xbd\3\x394\3\xb5\3\x393\3\x394\3\x391\3\xb1\3\x38c\3\x38c\3\xad\3\xbd\3\xb1\3 ?W?i?n?d?o?w?s? "= "C:\WINDOWS\cursors\arrow_i.cur,C:\WINDOWS\cursors\help_i.cur,C:\WINDOWS\cursors\wait_i.cur,C:\WINDOWS\cursors\busy_i.cur,C:\WINDOWS\cursors\cross_i.cur,C:\WINDOWS\cursors\beam_i.cur,C:\WINDOWS\cursors\pen_i.cur,C:\WINDOWS\cursors\no_i.cur,C:\WINDOWS\cursors\size4_i.cur,C:\WINDOWS\cursors\size3_i.cur,C:\WINDOWS\cursors\size2_i.cur,C:\WINDOWS\cursors\size1_i.cur,C:\WINDOWS\cursors\move_i.cur,C:\WINDOWS\cursors\up_i.cur "
"\x2018\3\xbd\3\x394\3\xb5\3\x393\3\x394\3\x391\3\xb1\3\x38c\3\x38c\3\xad\3\xbd\3\xb1\3 ?W?i?n?d?o?w?s? ?(?\x38c\3\xb5\3\xb3\3\xac\3\xbb\3\xb1\3)? "= "C:\WINDOWS\cursors\arrow_im.cur,C:\WINDOWS\cursors\help_im.cur,C:\WINDOWS\cursors\wait_im.cur,C:\WINDOWS\cursors\busy_im.cur,C:\WINDOWS\cursors\cross_im.cur,C:\WINDOWS\cursors\beam_im.cur,C:\WINDOWS\cursors\pen_im.cur,C:\WINDOWS\cursors\no_im.cur,C:\WINDOWS\cursors\size4_im.cur,C:\WINDOWS\cursors\size3_im.cur,C:\WINDOWS\cursors\size2_im.cur,C:\WINDOWS\cursors\size1_im.cur,C:\WINDOWS\cursors\move_im.cur,C:\WINDOWS\cursors\up_im.cur "
"\x2018\3\xbd\3\x394\3\xb5\3\x393\3\x394\3\x391\3\xb1\3\x38c\3\x38c\3\xad\3\xbd\3\xb1\3 ?W?i?n?d?o?w?s? ?(?\x390\3\x38f\3\xbb\3\x39d\3 ?\x38c\3\xb5\3\xb3\3\xac\3\xbb\3\xb1\3)? "= "C:\WINDOWS\cursors\arrow_il.cur,C:\WINDOWS\cursors\help_il.cur,C:\WINDOWS\cursors\wait_il.cur,C:\WINDOWS\cursors\busy_il.cur,C:\WINDOWS\cursors\cross_il.cur,C:\WINDOWS\cursors\beam_il.cur,C:\WINDOWS\cursors\pen_il.cur,C:\WINDOWS\cursors\no_il.cur,C:\WINDOWS\cursors\size4_il.cur,C:\WINDOWS\cursors\size3_il.cur,C:\WINDOWS\cursors\size2_il.cur,C:\WINDOWS\cursors\size1_il.cur,C:\WINDOWS\cursors\move_il.cur,C:\WINDOWS\cursors\up_il.cur "
"\xa4\3\x395\3\x390\3\x389\3\x38a\3\xac\3 ?W?i?n?d?o?w?s? ?(?\x38c\3\xb5\3\xb3\3\xac\3\xbb\3\xb1\3)? "= "C:\WINDOWS\cursors\arrow_m.cur,C:\WINDOWS\cursors\help_m.cur,C:\WINDOWS\cursors\wait_m.cur,C:\WINDOWS\cursors\busy_m.cur,C:\WINDOWS\cursors\cross_m.cur,C:\WINDOWS\cursors\beam_m.cur,C:\WINDOWS\cursors\pen_m.cur,C:\WINDOWS\cursors\no_m.cur,C:\WINDOWS\cursors\size4_m.cur,C:\WINDOWS\cursors\size3_m.cur,C:\WINDOWS\cursors\size2_m.cur,C:\WINDOWS\cursors\size1_m.cur,C:\WINDOWS\cursors\move_m.cur,C:\WINDOWS\cursors\up_m.cur "
"\xa4\3\x395\3\x390\3\x389\3\x38a\3\xac\3 ?W?i?n?d?o?w?s? ?(?\x390\3\x38f\3\xbb\3\x39d\3 ?\x38c\3\xb5\3\xb3\3\xac\3\xbb\3\xb1\3)? "= "C:\WINDOWS\cursors\arrow_l.cur,C:\WINDOWS\cursors\help_l.cur,C:\WINDOWS\cursors\wait_l.cur,C:\WINDOWS\cursors\busy_l.cur,C:\WINDOWS\cursors\cross_l.cur,C:\WINDOWS\cursors\beam_l.cur,C:\WINDOWS\cursors\pen_l.cur,C:\WINDOWS\cursors\no_l.cur,C:\WINDOWS\cursors\size4_l.cur,C:\WINDOWS\cursors\size3_l.cur,C:\WINDOWS\cursors\size2_l.cur,C:\WINDOWS\cursors\size1_l.cur,C:\WINDOWS\cursors\move_l.cur,C:\WINDOWS\cursors\up_l.cur "
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\\x9a\3\xb1\3\x394\3\xac\3\x391\3\xb3\3\xb7\3\x393\3\xb7\3 ]
@= "{67cf8cbd-e5c0-44f7-9de5-e1d599d626d8} "
"Description "= "\x391\x3c5\x3c4\x3ac \x3c4\x3b1 \x3b1\x3c1\x3c7\x3b5\x3af\x3b1 \x3b5\x3af\x3bd\x3b1\x3b9 \x3b1\x3c0\x3b1\x3c1\x3b1\x3af\x3c4\x3b7\x3c4\x3b1, \x3b5\x3ac\x3bd \x3b8\x3ad\x3bb\x3b5\x3c4\x3b5 \x3bd\x3b1 \x3ba\x3b1\x3c4\x3b1\x3c1\x3b3\x3ae\x3c3\x3b5\x3c4\x3b5 \x3c4\x3b7\x3bd \x3b5\x3b3\x3ba\x3b1\x3c4\x3ac\x3c3\x3c4\x3b1\x3c3\x3b7 \x3b1\x3c5\x3c4\x3ae\x3c2 \x3c4\x3b7\x3c2 \x3ad\x3ba\x3b4\x3bf\x3c3\x3b7\x3c2 \x3c4\x3c9\x3bd Windows \x3ba\x3b1\x3b9 \x3bd\x3b1 \x3b5\x3c0\x3b9\x3c3\x3c4\x3c1\x3ad\x3c8\x3b5\x3c4\x3b5 \x3c3\x3c4\x3bf \x3c0\x3c1\x3bf\x3b7\x3b3\x3bf\x3cd\x3bc\x3b5\x3bd\x3bf \x3bb\x3b5\x3b9\x3c4\x3bf\x3c5\x3c1\x3b3\x3b9\x3ba\x3cc \x3c3\x3b1\x3c2 \x3c3\x3cd\x3c3\x3c4\x3b7\x3bc\x3b1. "
"Display "= "\x391\x3bd\x3c4\x3af\x3b3\x3c1\x3b1\x3c6\x3b1 \x3b1\x3c3\x3c6\x3b1\x3bb\x3b5\x3af\x3b1\x3c2 \x3b3\x3b9\x3b1 \x3c0\x3c1\x3bf\x3b7\x3b3\x3bf\x3cd\x3bc\x3b5\x3bd\x3bf \x3bb\x3b5\x3b9\x3c4\x3bf\x3c5\x3c1\x3b3\x3b9\x3ba\x3cc \x3c3\x3cd\x3c3\x3c4\x3b7\x3bc\x3b1 "
"IconPath "=str(2): "%SystemRoot%\system32\osuninst.EXE,0 "
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Volume Control\Realtek AC97 Audio\\x88\3\xbd\3\x394\3\xb1\3\x393\3\xb7\3 ]
"LineStates "=hex:00,00,00,00,88,03,bd,03,c4,03,b1,03,c3,03,b7,03,20,00,ae,03,c7,..
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\\xa3\3\x395\3\xbd\3\x384\3\xad\3\x393\3\xb5\3\x389\3\x392\3]
"Order "=hex:08,00,00,00,02,00,00,00,9c,01,00,00,01,00,00,00,04,00,00,00,56,..
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Microsoft Office\\x2022\3\x391\3\xb3\3\xb1\3\xbb\3\xb5\3\x2015\3\xb1\3 ]
"Order "=hex:08,00,00,00,02,00,00,00,68,06,00,00,01,00,00,00,09,00,00,00,b8,..
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Nero 7 Demo\\x2018\3\xbd\3\xb1\3\x390\3\xb1\3\x391\3\xb1\3\xb3\3\x399\3\xb3\3\xae\3]
"Order "=hex:08,00,00,00,02,00,00,00,90,00,00,00,01,00,00,00,01,00,00,00,84,..
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Nero 7 Demo\\x384\3\xb5\3\x384\3\x38f\3\x38c\3\xad\3\xbd\3\xb1\3]
"Order "=hex:08,00,00,00,02,00,00,00,9c,01,00,00,01,00,00,00,03,00,00,00,84,..
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Nero 7 Demo\\x2022\3\xb3\3\x397\3\xb5\3\x389\3\x391\3\x2015\3\x384\3\x389\3\xb1\3]
"Order "=hex:08,00,00,00,02,00,00,00,74,0a,00,00,01,00,00,00,0f,00,00,00,b0,..
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Yahoo!\\x2019\3\x38f\3\xb7\3\x388\3\xae\3\x38c\3\xb1\3\x394\3\xb1\3]
"Order "=hex:08,00,00,00,02,00,00,00,7c,01,00,00,01,00,00,00,03,00,00,00,82,..
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Yahoo!\\xa0\3\xb1\3\x389\3\x397\3\xbd\3\x2015\3\x384\3\x389\3\xb1\3]
"Order "=hex:08,00,00,00,02,00,00,00,ca,02,00,00,01,00,00,00,06,00,00,00,7e,..
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\\x2019\3\x38f\3\xb7\3\x388\3\xae\3\x38c\3\xb1\3\x394\3\xb1\3]
"Order "=hex:08,00,00,00,02,00,00,00,de,0b,00,00,01,00,00,00,12,00,00,00,2c,..

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\\x2019\3\x38f\3\xb7\3\x388\3\xae\3\x38c\3\xb1\3\x394\3\xb1\3\\x201c\3\x389\3\xb1\3 ]
"Order "=hex:08,00,00,00,02,00,00,00,d0,02,00,00,01,00,00,00,04,00,00,00,c0,..

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\\x2019\3\x38f\3\xb7\3\x388\3\xae\3\x38c\3\xb1\3\x394\3\xb1\3\\x201d\3\x389\3\xb1\3\x393\3\x38a\3\xad\3\x384\3\xb1\3\x393\3\xb7\3]
"Order "=hex:08,00,00,00,02,00,00,00,c0,01,00,00,01,00,00,00,03,00,00,00,92,..

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\\x2019\3\x38f\3\xb7\3\x388\3\xae\3\x38c\3\xb1\3\x394\3\xb1\3\\x2022\3\x390\3\x389\3\x38a\3\x38f\3\x389\3\xbd\3\x399\3\xbd\3\x2015\3\xb5\3\x392\3]
"Order "=hex:08,00,00,00,02,00,00,00,a0,04,00,00,01,00,00,00,06,00,00,00,98,..

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\\x2019\3\x38f\3\xb7\3\x388\3\xae\3\x38c\3\xb1\3\x394\3\xb1\3\\x2022\3\x391\3\xb3\3\xb1\3\xbb\3\xb5\3\x2015\3\xb1\3 ]
"Order "=hex:08,00,00,00,02,00,00,00,92,05,00,00,01,00,00,00,08,00,00,00,a4,..
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\\x2022\3\x38a\3\x38a\3\x2015\3\xbd\3\xb7\3\x393\3\xb7\3]
"Order "=hex:08,00,00,00,02,00,00,00,0c,01,00,00,01,00,00,00,02,00,00,00,86,..
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\\xa0\3\xb1\3\x389\3\x397\3\xbd\3\x2015\3\x384\3\x389\3\xb1\3]
"Order "=hex:08,00,00,00,02,00,00,00,6c,0a,00,00,01,00,00,00,11,00,00,00,c2,..
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\GrpConv\MapGroups]
"\xa0\3\xb1\3\x389\3\x397\3\xbd\3\x2015\3\x384\3\x389\3\xb1\3 "= "\x392\x3bf\x3b7\x3b8\x3ae\x3bc\x3b1\x3c4\x3b1\\x3a0\x3b1\x3b9\x3c7\x3bd\x3af\x3b4\x3b9\x3b1 "

scanning hidden files ...

C:\Documents and Settings\demo\Local Settings\Application Data\Microsoft\Messenger\smellitsa@hotmail.com\SharingMetadata\eirini_kaboom@hotmail.com\DFSR\Staging\CS{68B23EA9-38FC-5D1A-D7AD-528CEEA82306}\01\12-{68B23EA9-38FC-5D1A-D7AD-528CEEA82306}-v1-{06C61207-4C8A-4EC5-B1CA-E8840851F0C4}-v12-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\demo\Local Settings\Application Data\Microsoft\Messenger\smellitsa@hotmail.com\SharingMetadata\eirini_kaboom@hotmail.com\DFSR\Staging\CS{68B23EA9-38FC-5D1A-D7AD-528CEEA82306}\14\14-{06C61207-4C8A-4EC5-B1CA-E8840851F0C4}-v14-{06C61207-4C8A-4EC5-B1CA-E8840851F0C4}-v14-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 54084 bytes hidden from API
C:\Documents and Settings\demo\Local Settings\Application Data\Microsoft\Messenger\smellitsa@hotmail.com\SharingMetadata\eirini_kaboom@hotmail.com\DFSR\Staging\CS{68B23EA9-38FC-5D1A-D7AD-528CEEA82306}\14\14-{06C61207-4C8A-4EC5-B1CA-E8840851F0C4}-v14-{06C61207-4C8A-4EC5-B1CA-E8840851F0C4}-v14-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 3864 bytes hidden from API
C:\Documents and Settings\demo\Local Settings\Application Data\Microsoft\Messenger\smellitsa@hotmail.com\SharingMetadata\eirini_kaboom@hotmail.com\DFSR\Staging\CS{68B23EA9-38FC-5D1A-D7AD-528CEEA82306}\14\14-{06C61207-4C8A-4EC5-B1CA-E8840851F0C4}-v14-{06C61207-4C8A-4EC5-B1CA-E8840851F0C4}-v14-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 6016 bytes hidden from API
C:\Documents and Settings\demo\Local Settings\Application Data\Microsoft\Messenger\smellitsa@hotmail.com\SharingMetadata\eirini_kaboom@hotmail.com\DFSR\Staging\CS{68B23EA9-38FC-5D1A-D7AD-528CEEA82306}\15\15-{06C61207-4C8A-4EC5-B1CA-E8840851F0C4}-v15-{06C61207-4C8A-4EC5-B1CA-E8840851F0C4}-v15-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 60186 bytes hidden from API
C:\Documents and Settings\demo\Local Settings\Application Data\Microsoft\Messenger\smellitsa@hotmail.com\SharingMetadata\eirini_kaboom@hotmail.com\DFSR\Staging\CS{68B23EA9-38FC-5D1A-D7AD-528CEEA82306}\15\15-{06C61207-4C8A-4EC5-B1CA-E8840851F0C4}-v15-{06C61207-4C8A-4EC5-B1CA-E8840851F0C4}-v15-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 4332 bytes hidden from API
C:\Documents and Settings\demo\Local Settings\Application Data\Microsoft\Messenger\smellitsa@hotmail.com\SharingMetadata\eirini_kaboom@hotmail.com\DFSR\Staging\CS{68B23EA9-38FC-5D1A-D7AD-528CEEA82306}\15\15-{06C61207-4C8A-4EC5-B1CA-E8840851F0C4}-v15-{06C61207-4C8A-4EC5-B1CA-E8840851F0C4}-v15-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 6784 bytes hidden from API
C:\Documents and Settings\demo\Local Settings\Application Data\Microsoft\Messenger\smellitsa@hotmail.com\SharingMetadata\eirini_kaboom@hotmail.com\DFSR\Staging\CS{68B23EA9-38FC-5D1A-D7AD-528CEEA82306}\16\16-{06C61207-4C8A-4EC5-B1CA-E8840851F0C4}-v16-{06C61207-4C8A-4EC5-B1CA-E8840851F0C4}-v16-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 45516 bytes hidden from API
C:\Documents and Settings\demo\Local Settings\Application Data\Microsoft\Messenger\smellitsa@hotmail.com\SharingMetadata\eirini_kaboom@hotmail.com\DFSR\Staging\CS{68B23EA9-38FC-5D1A-D7AD-528CEEA82306}\16\16-{06C61207-4C8A-4EC5-B1CA-E8840851F0C4}-v16-{06C61207-4C8A-4EC5-B1CA-E8840851F0C4}-v16-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 3270 bytes hidden from API
C:\Documents and Settings\demo\Local Settings\Application Data\Microsoft\Messenger\smellitsa@hotmail.com\SharingMetadata\eirini_kaboom@hotmail.com\DFSR\Staging\CS{68B23EA9-38FC-5D1A-D7AD-528CEEA82306}\16\16-{06C61207-4C8A-4EC5-B1CA-E8840851F0C4}-v16-{06C61207-4C8A-4EC5-B1CA-E8840851F0C4}-v16-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 5072 bytes hidden from API
C:\Documents and Settings\demo\Local Settings\Application Data\Microsoft\Messenger\smellitsa@hotmail.com\SharingMetadata\eirini_kaboom@hotmail.com\DFSR\Staging\CS{68B23EA9-38FC-5D1A-D7AD-528CEEA82306}\17\17-{06C61207-4C8A-4EC5-B1CA-E8840851F0C4}-v17-{06C61207-4C8A-4EC5-B1CA-E8840851F0C4}-v17-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 46974 bytes hidden from API
C:\Documents and Settings\demo\Local Settings\Application Data\Microsoft\Messenger\smellitsa@hotmail.com\SharingMetadata\eirini_kaboom@hotmail.com\DFSR\Staging\CS{68B23EA9-38FC-5D1A-D7AD-528CEEA82306}\17\17-{06C61207-4C8A-4EC5-B1CA-E8840851F0C4}-v17-{06C61207-4C8A-4EC5-B1CA-E8840851F0C4}-v17-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 3288 bytes hidden from API
C:\Documents and Settings\demo\Local Settings\Application Data\Microsoft\Messenger\smellitsa@hotmail.com\SharingMetadata\eirini_kaboom@hotmail.com\DFSR\Staging\CS{68B23EA9-38FC-5D1A-D7AD-528CEEA82306}\17\17-{06C61207-4C8A-4EC5-B1CA-E8840851F0C4}-v17-{06C61207-4C8A-4EC5-B1CA-E8840851F0C4}-v17-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 5272 bytes hidden from API
C:\Documents and Settings\demo\Local Settings\Application Data\Microsoft\Messenger\smellitsa@hotmail.com\SharingMetadata\eirini_kaboom@hotmail.com\DFSR\Staging\CS{68B23EA9-38FC-5D1A-D7AD-528CEEA82306}\18\18-{06C61207-4C8A-4EC5-B1CA-E8840851F0C4}-v18-{06C61207-4C8A-4EC5-B1CA-E8840851F0C4}-v18-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 49512 bytes hidden from API
C:\Documents and Settings\demo\Local Settings\Application Data\Microsoft\Messenger\smellitsa@hotmail.com\SharingMetadata\eirini_kaboom@hotmail.com\DFSR\Staging\CS{68B23EA9-38FC-5D1A-D7AD-528CEEA82306}\18\18-{06C61207-4C8A-4EC5-B1CA-E8840851F0C4}-v18-{06C61207-4C8A-4EC5-B1CA-E8840851F0C4}-v18-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 3594 bytes hidden from API
C:\Documents and Settings\demo\Local Settings\Application Data\Microsoft\Messenger\smellitsa@hotmail.com\SharingMetadata\eirini_kaboom@hotmail.com\DFSR\Staging\CS{68B23EA9-38FC-5D1A-D7AD-528CEEA82306}\18\18-{06C61207-4C8A-4EC5-B1CA-E8840851F0C4}-v18-{06C61207-4C8A-4EC5-B1CA-E8840851F0C4}-v18-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 5576 bytes hidden from API
C:\Documents and Settings\demo\Local Settings\Application Data\Microsoft\Messenger\smellitsa@hotmail.com\SharingMetadata\eirini_kaboom@hotmail.com\DFSR\Staging\CS{68B23EA9-38FC-5D1A-D7AD-528CEEA82306}\39\139-{670EAE82-1C5D-4113-BC4A-12D273983D03}-v139-{670EAE82-1C5D-4113-BC4A-12D273983D03}-v139-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8960 bytes hidden from API
C:\Documents and Settings\demo\Local Settings\Application Data\Microsoft\Messenger\smellitsa@hotmail.com\SharingMetadata\eirini_kaboom@hotmail.com\DFSR\Staging\CS{68B23EA9-38FC-5D1A-D7AD-528CEEA82306}\59\159-{670EAE82-1C5D-4113-BC4A-12D273983D03}-v159-{670EAE82-1C5D-4113-BC4A-12D273983D03}-v159-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 4736 bytes hidden from API
C:\Documents and Settings\demo\Local Settings\Application Data\Microsoft\Messenger\smellitsa@hotmail.com\SharingMetadata\giannisnaxos@hotmail.com\DFSR\Staging\CS{54909FDB-EDE1-01A1-F3B8-8FE5B20ED619}\01\23-{54909FDB-EDE1-01A1-F3B8-8FE5B20ED619}-v1-{06C61207-4C8A-4EC5-B1CA-E8840851F0C4}-v23-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\demo\Local Settings\Application Data\Microsoft\Messenger\smellitsa@hotmail.com\SharingMetadata\giannisnaxos@hotmail.com\DFSR\Staging\CS{54909FDB-EDE1-01A1-F3B8-8FE5B20ED619}\24\24-{06C61207-4C8A-4EC5-B1CA-E8840851F0C4}-v24-{06C61207-4C8A-4EC5-B1CA-E8840851F0C4}-v24-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 6600 bytes hidden from API
C:\Documents and Settings\demo\Local Settings\Application Data\Microsoft\Messenger\smellitsa@hotmail.com\SharingMetadata\giannisnaxos@hotmail.com\DFSR\Staging\CS{54909FDB-EDE1-01A1-F3B8-8FE5B20ED619}\24\24-{06C61207-4C8A-4EC5-B1CA-E8840851F0C4}-v24-{06C61207-4C8A-4EC5-B1CA-E8840851F0C4}-v24-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 760 bytes hidden from API
C:\Documents and Settings\demo\Local Settings\Application Data\Microsoft\Messenger\smellitsa@hotmail.com\SharingMetadata\giannisnaxos@hotmail.com\DFSR\Staging\CS{54909FDB-EDE1-01A1-F3B8-8FE5B20ED619}\25\25-{06C61207-4C8A-4EC5-B1CA-E8840851F0C4}-v25-{06C61207-4C8A-4EC5-B1CA-E8840851F0C4}-v25-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 7464 bytes hidden from API
C:\Documents and Settings\demo\Local Settings\Application Data\Microsoft\Messenger\smellitsa@hotmail.com\SharingMetadata\giannisnaxos@hotmail.com\DFSR\Staging\CS{54909FDB-EDE1-01A1-F3B8-8FE5B20ED619}\25\25-{06C61207-4C8A-4EC5-B1CA-E8840851F0C4}-v25-{06C61207-4C8A-4EC5-B1CA-E8840851F0C4}-v25-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 840 bytes hidden from API
C:\Documents and Settings\demo\Local Settings\Application Data\Microsoft\Messenger\smellitsa@hotmail.com\SharingMetadata\giannisnaxos@hotmail.com\DFSR\Staging\CS{54909FDB-EDE1-01A1-F3B8-8FE5B20ED619}\26\26-{06C61207-4C8A-4EC5-B1CA-E8840851F0C4}-v26-{06C61207-4C8A-4EC5-B1CA-E8840851F0C4}-v26-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 7302 bytes hidden from API
C:\Documents and Settings\demo\Local Settings\Application Data\Microsoft\Messenger\smellitsa@hotmail.com\SharingMetadata\giannisnaxos@hotmail.com\DFSR\Staging\CS{54909FDB-EDE1-01A1-F3B8-8FE5B20ED619}\26\26-{06C61207-4C8A-4EC5-B1CA-E8840851F0C4}-v26-{06C61207-4C8A-4EC5-B1CA-E8840851F0C4}-v26-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 816 bytes hidden from API
C:\Documents and Settings\demo\Local Settings\Application Data\Microsoft\Messenger\smellitsa@hotmail.com\SharingMetadata\kokkinoskoufitsa13@hotmail.com\DFSR\Staging\CS{01D47B1D-31A2-FE81-A077-A15B71273A1E}\01\19-{01D47B1D-31A2-FE81-A077-A15B71273A1E}-v1-{06C61207-4C8A-4EC5-B1CA-E8840851F0C4}-v19-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\demo\Local Settings\Application Data\Microsoft\Messenger\smellitsa@hotmail.com\SharingMetadata\kokkinoskoufitsa13@hotmail.com\DFSR\Staging\CS{01D47B1D-31A2-FE81-A077-A15B71273A1E}\20\20-{06C61207-4C8A-4EC5-B1CA-E8840851F0C4}-v20-{06C61207-4C8A-4EC5-B1CA-E8840851F0C4}-v20-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 47172 bytes hidden from API
C:\Documents and Settings\demo\Local Settings\Application Data\Microsoft\Messenger\smellitsa@hotmail.com\SharingMetadata\kokkinoskoufitsa13@hotmail.com\DFSR\Staging\CS{01D47B1D-31A2-FE81-A077-A15B71273A1E}\20\20-{06C61207-4C8A-4EC5-B1CA-E8840851F0C4}-v20-{06C61207-4C8A-4EC5-B1CA-E8840851F0C4}-v20-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 3396 bytes hidden from API
C:\Documents and Settings\demo\Local Settings\Application Data\Microsoft\Messenger\smellitsa@hotmail.com\SharingMetadata\kokkinoskoufitsa13@hotmail.com\DFSR\Staging\CS{01D47B1D-31A2-FE81-A077-A15B71273A1E}\20\20-{06C61207-4C8A-4EC5-B1CA-E8840851F0C4}-v20-{06C61207-4C8A-4EC5-B1CA-E8840851F0C4}-v20-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 5208 bytes hidden from API
C:\Documents and Settings\demo\Local Settings\Application Data\Microsoft\Messenger\smellitsa@hotmail.com\SharingMetadata\kokkinoskoufitsa13@hotmail.com\DFSR\Staging\CS{01D47B1D-31A2-FE81-A077-A15B71273A1E}\56\56-{54635F6B-07BA-4302-B9A2-A3E29A47D7D7}-v56-{54635F6B-07BA-4302-B9A2-A3E29A47D7D7}-v56-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 60204 bytes hidden from API
C:\Documents and Settings\demo\Local Settings\Application Data\Microsoft\Messenger\smellitsa@hotmail.com\SharingMetadata\kokkinoskoufitsa13@hotmail.com\DFSR\Staging\CS{01D47B1D-31A2-FE81-A077-A15B71273A1E}\56\56-{54635F6B-07BA-4302-B9A2-A3E29A47D7D7}-v56-{54635F6B-07BA-4302-B9A2-A3E29A47D7D7}-v56-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 4278 bytes hidden from API
C:\Documents and Settings\demo\Local Settings\Application Data\Microsoft\Messenger\smellitsa@hotmail.com\SharingMetadata\kokkinoskoufitsa13@hotmail.com\DFSR\Staging\CS{01D47B1D-31A2-FE81-A077-A15B71273A1E}\56\56-{54635F6B-07BA-4302-B9A2-A3E29A47D7D7}-v56-{54635F6B-07BA-4302-B9A2-A3E29A47D7D7}-v56-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 6760 bytes hidden from API
C:\Documents and Settings\demo\Local Settings\Application Data\Microsoft\Messenger\smellitsa@hotmail.com\SharingMetadata\kokkinoskoufitsa13@hotmail.com\DFSR\Staging\CS{01D47B1D-31A2-FE81-A077-A15B71273A1E}\57\57-{54635F6B-07BA-4302-B9A2-A3E29A47D7D7}-v57-{54635F6B-07BA-4302-B9A2-A3E29A47D7D7}-v57-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 29874 bytes hidden from API
C:\Documents and Settings\demo\Local Settings\Application Data\Microsoft\Messenger\smellitsa@hotmail.com\SharingMetadata\kokkinoskoufitsa13@hotmail.com\DFSR\Staging\CS{01D47B1D-31A2-FE81-A077-A15B71273A1E}\57\57-{54635F6B-07BA-4302-B9A2-A3E29A47D7D7}-v57-{54635F6B-07BA-4302-B9A2-A3E29A47D7D7}-v57-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 3360 bytes hidden from API
C:\Documents and Settings\demo\Local Settings\Application Data\Microsoft\Messenger\smellitsa@hotmail.com\SharingMetadata\kokkinoskoufitsa13@hotmail.com\DFSR\Staging\CS{01D47B1D-31A2-FE81-A077-A15B71273A1E}\58\58-{54635F6B-07BA-4302-B9A2-A3E29A47D7D7}-v58-{54635F6B-07BA-4302-B9A2-A3E29A47D7D7}-v58-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 39990 bytes hidden from API
C:\Documents and Settings\demo\Local Settings\Application Data\Microsoft\Messenger\smellitsa@hotmail.com\SharingMetadata\kokkinoskoufitsa13@hotmail.com\DFSR\Staging\CS{01D47B1D-31A2-FE81-A077-A15B71273A1E}\58\58-{54635F6B-07BA-4302-B9A2-A3E29A47D7D7}-v58-{54635F6B-07BA-4302-B9A2-A3E29A47D7D7}-v58-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 2910 bytes hidden from API
C:\Documents and Settings\demo\Local Settings\Application Data\Microsoft\Messenger\smellitsa@hotmail.com\SharingMetadata\kokkinoskoufitsa13@hotmail.com\DFSR\Staging\CS{01D47B1D-31A2-FE81-A077-A15B71273A1E}\58\58-{54635F6B-07BA-4302-B9A2-A3E29A47D7D7}-v58-{54635F6B-07BA-4302-B9A2-A3E29A47D7D7}-v58-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 4432 bytes hidden from API
C:\Documents and Settings\demo\Local Settings\Application Data\Microsoft\Messenger\smellitsa@hotmail.com\SharingMetadata\kokkinoskoufitsa13@hotmail.com\DFSR\Staging\CS{01D47B1D-31A2-FE81-A077-A15B71273A1E}\59\59-{54635F6B-07BA-4302-B9A2-A3E29A47D7D7}-v59-{54635F6B-07BA-4302-B9A2-A3E29A47D7D7}-v59-Partial.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1496 bytes hidden from API
C:\Documents and Settings\demo\Local Settings\Application Data\Microsoft\Messenger\smellitsa@hotmail.com\SharingMetadata\kwstas_xasapis@hotmail.com\DFSR\Staging\CS{650FCB0A-64DB-669B-873C-BBE6883313A9}\01\13-{650FCB0A-64DB-669B-873C-BBE6883313A9}-v1-{06C61207-4C8A-4EC5-B1CA-E8840851F0C4}-v13-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 39


Remaining Services:
------------------

 

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe "= "%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe "= "C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe:*:Enabled:avginet.exe "
"C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe "= "C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe:*:Enabled:avgamsvr.exe "
"C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe "= "C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe:*:Enabled:avgcc.exe "
"C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe "= "C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe:*:Enabled:avgemc.exe "
"C:\\Program Files\\MSN Messenger\\msncall.exe "= "C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) "
"C:\\Program Files\\uTorrent\\utorrent.exe "= "C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:?Torrent "
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE "= "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer "
"C:\\Program Files\\TVUPlayer\\TVUPlayer.exe "= "C:\\Program Files\\TVUPlayer\\TVUPlayer.exe:*:Enabled:TVU Player Component "
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "= "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger "
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe "= "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server "
"C:\\Program Files\\Mozilla Firefox\\firefox.exe "= "C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox "
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe "= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 "
"C:\\Program Files\\MSN Messenger\\livecall.exe "= "C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) "
"C:\\Program Files\\SightSpeed\\SightSpeed.exe "= "C:\\Program Files\\SightSpeed\\SightSpeed.exe:*:Enabled:SightSpeed "
"C:\\Program Files\\Windows Media Player\\wmplayer.exe "= "C:\\Program Files\\Windows Media Player\\wmplayer.exe:*:Enabled:Windows Media Player "
"C:\\Program Files\\Bonjour\\mDNSResponder.exe "= "C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe "= "%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\\Program Files\\MSN Messenger\\msncall.exe "= "C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) "
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe "= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 "
"C:\\Program Files\\MSN Messenger\\livecall.exe "= "C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) "

Remaining Files:
---------------


Files with Hidden Attributes:

Thu 6 Dec 2007 23,552 A..H. --- "C:\Program Files\Aveyond 2\Game\game.exe "

Finished!

 

Here's the Hijackthis report:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:43:09 μμ, on 14/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Power Manager\PM.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Crypto\AccessRunner ADSL\CnxDslTb.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\WINDOWS\V0250Mon.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Webshots\WebshotsTray.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Συνδέσεις
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe "
O4 - HKLM\..\Run: [PowerManager] C:\Program Files\Power Manager\PM.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\Crypto\AccessRunner ADSL\CnxDslTb.exe "
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [V0250Mon.exe] C:\WINDOWS\V0250Mon.exe
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Live! Cam Manager] C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe "
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O8 - Extra context menu item: Ε&ξαγωγή στο Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Έρευνα - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5E3E6121-11E1-42AE-BD1D-E93D983DE85F}: NameServer = 194.219.227.1 193.92.150.3
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

--
End of file - 8680 bytes


By the way... I only found only two of the three files you told me to fix.... I didn't find

O2 - BHO: (no name) - {E14DCE67-8FB7-4721-8149-179BAA4D792C} - (no file)

 

Here's the uninstal list:

µTorrent
5 Clicks
Ad-Aware 2007
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 9 ActiveX
Adobe Flash Player Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Photoshop CS3
Adobe Reader 8.1.0
Adobe Setup
Adobe Shockwave Player
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Advanced Video FX Engine
Agere Systems AC'97 Modem
ALPS Touch Pad Driver
ArcSoft Panorama Maker 3
Aveyond 2
AVG Free Edition
Combined Community Codec Pack 2007-02-22
Creative Live! Cam Center
Creative Live! Cam Manager
Creative Live! Cam Notebook Pro Driver (1.02.06.0627)
Creative Live! Cam Notebook Pro User's Guide (English)
Creative Photo Calendar
Creative Photo Manager
Creative Software AutoUpdate
Creative System Information
Crypto F200 USB ADSL WAN Adapter
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
DVD Shrink 3.2
getPlus(R)_dll
Google Gmail Notifier
HijackThis 2.0.2
Intel(R) Graphics Media Accelerator Driver for Mobile
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 6
Java(TM) SE Runtime Environment 6 Update 1
Messenger Plus! Live
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Greek Language Pack
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Age of Empires II
Microsoft Age of Empires II: The Conquerors Expansion
Microsoft Office Professional Edition 2003
Monkey's Audio
Mozilla Firefox (2.0.0.11)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
Nero 6 Demo
Nero 7
Nikon FotoShare
Nikon Message Center
OpenMG Limited Patch 4.4-06-13-19-01
OpenMG Secure Module 4.4.00
Panda ActiveScan
PDF Settings
PictureProject
Power Manager 1.8.6
PowerDVD
QuickTime
RealArcade
RealPlayer
Realtek AC'97 Audio
Sandlot Games Client Services 1.2.2
Security Update for Microsoft .NET Framework 2.0 (KB928365)
SightSpeed (remove only)
SonicStage 3.4
Sony Ericsson PC Suite
Sygate Personal Firewall Pro
Texas Instruments PCIxx21/x515 drivers.
VideoLAN VLC media player 0.8.6a
WD Diagnostics
Webshots!
WildTangent Web Driver
Winamp (remove only)
Windows Live Messenger
Windows Media Format Runtime
WinRAR archiver
WinZip
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Ενημερωμένη έκδοση ασφαλείας για Windows XP (KB923689)
Ενημερωμένη έκδοση ασφαλείας για Windows XP (KB941569)
Ενημερωμένη έκδοση ασφαλείας για το Windows Media Player (KB911564)
Ενημερωμένη έκδοση ασφαλείας για το Windows Media Player 6.4 (KB925398)
Ενημερωμένη έκδοση ασφαλείας για το Windows Media Player 9 (KB917734)
Ενημερωμένη έκδοση ασφαλείας για το Windows Media Player 9 (KB936782)
Ενημέρωση ασφαλείας για Windows XP (KB899587)
Ενημέρωση ασφαλείας για Windows XP (KB905414)
Ενημέρωση ασφαλείας για Windows XP (KB908519)
Ενημέρωση ασφαλείας για Windows XP (KB911562)
Ενημέρωση ασφαλείας για Windows XP (KB912919)
Ενημέρωση ασφαλείας για Windows XP (KB913580)
Ενημέρωση ασφαλείας για Windows XP (KB914388)
Ενημέρωση ασφαλείας για Windows XP (KB914389)
Ενημέρωση ασφαλείας για Windows XP (KB917344)
Ενημέρωση ασφαλείας για Windows XP (KB917422)
Ενημέρωση ασφαλείας για Windows XP (KB917953)
Ενημέρωση ασφαλείας για Windows XP (KB918118)
Ενημέρωση ασφαλείας για Windows XP (KB918439)
Ενημέρωση ασφαλείας για Windows XP (KB919007)
Ενημέρωση ασφαλείας για Windows XP (KB920213)
Ενημέρωση ασφαλείας για Windows XP (KB920670)
Ενημέρωση ασφαλείας για Windows XP (KB920683)
Ενημέρωση ασφαλείας για Windows XP (KB920685)
Ενημέρωση ασφαλείας για Windows XP (KB921398)
Ενημέρωση ασφαλείας για Windows XP (KB921503)
Ενημέρωση ασφαλείας για Windows XP (KB922616)
Ενημέρωση ασφαλείας για Windows XP (KB922819)
Ενημέρωση ασφαλείας για Windows XP (KB923191)
Ενημέρωση ασφαλείας για Windows XP (KB923414)
Ενημέρωση ασφαλείας για Windows XP (KB923694)
Ενημέρωση ασφαλείας για Windows XP (KB923789)
Ενημέρωση ασφαλείας για Windows XP (KB923980)
Ενημέρωση ασφαλείας για Windows XP (KB924191)
Ενημέρωση ασφαλείας για Windows XP (KB924270)
Ενημέρωση ασφαλείας για Windows XP (KB924496)
Ενημέρωση ασφαλείας για Windows XP (KB924667)
Ενημέρωση ασφαλείας για Windows XP (KB925454)
Ενημέρωση ασφαλείας για Windows XP (KB925902)
Ενημέρωση ασφαλείας για Windows XP (KB926255)
Ενημέρωση ασφαλείας για Windows XP (KB926436)
Ενημέρωση ασφαλείας για Windows XP (KB927779)
Ενημέρωση ασφαλείας για Windows XP (KB927802)
Ενημέρωση ασφαλείας για Windows XP (KB928090)
Ενημέρωση ασφαλείας για Windows XP (KB928255)
Ενημέρωση ασφαλείας για Windows XP (KB928843)
Ενημέρωση ασφαλείας για Windows XP (KB929123)
Ενημέρωση ασφαλείας για Windows XP (KB929969)
Ενημέρωση ασφαλείας για Windows XP (KB930178)
Ενημέρωση ασφαλείας για Windows XP (KB931261)
Ενημέρωση ασφαλείας για Windows XP (KB931768)
Ενημέρωση ασφαλείας για Windows XP (KB931784)
Ενημέρωση ασφαλείας για Windows XP (KB932168)
Ενημέρωση ασφαλείας για Windows XP (KB933566)
Ενημέρωση ασφαλείας για Windows XP (KB933729)
Ενημέρωση ασφαλείας για Windows XP (KB935839)
Ενημέρωση ασφαλείας για Windows XP (KB935840)
Ενημέρωση ασφαλείας για Windows XP (KB936021)
Ενημέρωση ασφαλείας για Windows XP (KB937143)
Ενημέρωση ασφαλείας για Windows XP (KB938127)
Ενημέρωση ασφαλείας για Windows XP (KB938829)
Ενημέρωση ασφαλείας για Windows XP (KB939653)
Ενημέρωση ασφαλείας για Windows XP (KB941202)
Ενημέρωση ασφαλείας για Windows XP (KB941568)
Ενημέρωση ασφαλείας για Windows XP (KB942615)
Ενημέρωση ασφαλείας για Windows XP (KB943460)
Ενημέρωση ασφαλείας για Windows XP (KB944653)
Ενημέρωση για Windows XP (KB898461)
Ενημέρωση για Windows XP (KB900485)
Ενημέρωση για Windows XP (KB908531)
Ενημέρωση για Windows XP (KB910437)
Ενημέρωση για Windows XP (KB911280)
Ενημέρωση για Windows XP (KB916595)
Ενημέρωση για Windows XP (KB920872)
Ενημέρωση για Windows XP (KB922582)
Ενημέρωση για Windows XP (KB927891)
Ενημέρωση για Windows XP (KB929338)
Ενημέρωση για Windows XP (KB930916)
Ενημέρωση για Windows XP (KB931836)
Ενημέρωση για Windows XP (KB933360)
Ενημέρωση για Windows XP (KB936357)
Ενημέρωση για Windows XP (KB938828)
Ενημέρωση για Windows XP (KB942763)
Ενημέρωση για Windows XP (KB942840)



Some things at the report are in greek, so I'll try to translate them here:
The first bunch means: Updated security edition for Windows XP
The second: Updated security edition for Windows Media Player
The third: Security update for Windows XP
And the last one: Update for Windows XP

I really hope that I translated it somewhat correctly.... I don't know why the SDFix didn't find the trojan, or why I didn't find the other file at HJT..... Anyway, thanx for all the help, I really appreciate it! Thank you so much!!

 

Hi SmeLLiTSa

Open Ad-Aware. Tell me what version you are using.

Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 6
Messenger Plus
WildTangent Web Driver <<If you don't play the games.

Thanks
Geri

 

Hi Geri!!
Weirdest thing today, I scaned and rescaned and then rebooted and rescaned my pc, but Ad-Aware didn't find it!!! YAY!!!!!
Anyway, I did find these programs and removed them just to be sure though I really love Messenger Plus! Live....
My Ad-Aware 2007 version is 7.0.2.5
I'll keep rescanning my computer and if I find the trojan, I'll post!!!
I don't know what it was that worked, but in any case, THANK YOU!!!!!! You're my hero (or heroine....)!!!

 

Hi SmeLLiTSa

Patchou has brought in C2Media as a sponsor and is now bundling their lop.com software into Messenger Plus. For those of you who have never heard of it, lop.com software is classified as a trojan by antivirus vendors and as a browser hijacker by antispyware vendors.
http://www.spywareinfo.com/newsletter/archives/june-2003/3.php

LOP
http://research.sunbelt-software.com/threatdisplay.aspx?name=C2.Lop&threatid=8144

SDFix, even though it did not see any trojan files, it probably removed the registry entry.

I strongly suggest you remove µTorrent, You are inviting trouble and infections.

Let me know if things are running OK and you have no move warnings and then we'll clean up.

Thanks
Geri

 

Hiiiii!!!!!!
I've been scanning my pc all the time these past two days and YAY!!! no sign of the trojan
My cousin sent me a previous version of msn plus, but I haven't installed it yet...
Besides Ad-Aware, should I have another program for spyware and real-time protection? Or is it ok if I just scan my computer daily??
Thanks SOOOOOOOOOOOOOOOOOOOOOOOOOO much for all the help, I really appreciate it!! I love my pc and I was too anxious during this period... It was like having a friend ill.... so, once again, THANK YOU!!!!!!!!!!!!!