Trojan:WinNT/Alureon.C
any info on how i can remove it?
Answer #1
I” help you remove it, please do the following:
Download HijackThis
http://download.bleepingcomputer.com/hijackthis/HJTInstall.exe

• Double Click on the saved file
• When it runs, make sure you save it to C:\Program Files\Trend Micro\HijackThis
  or

• If you would like to save it in another place change the directory
• When it has finished installing, hijackthis will automatically launch, then click on I accept
• Click on “Do a system scan and save a logfile” button
• When finished scanning it will produce a log, copy/paste the components of the log in your next post

**Do not use hijackthis’ “Analyze This” button as it has been known to give out false positives
Answer #2
Trojan:WinNT/Alureon.C
any info on how i can remove it?
It mostly likely its malware. get anti-malware and remove it, or get kaspersky and remove the trojan via kaspersky
Answer #3
Sophos identifies this as Mal/TDSS-B and gives the following advice:
Sophos Anti-Virus: Removal of TDSS family of trojans
The TDSS family of Trojans is a new type of malware commonly encountered following a successful installation of the FakeAV and Alureon malware families. Sophos provides detection and blocking of these malware families and of TDSS. However if TDSS manages to install itself successfully, for example on a computer without up-to-date and active Sophos Anti-Virus, it can be very hard to remove.
Once it installs, TDSS manages to corrupt all major anti-virus programs, including Sophos Anti-Virus. It also uses rootkit techniques to hide from the Windows file system.
http://www.sophos.com/support/knowledgebase/article/55430.html
best option is a complete system format and reinstall
Answer #4
formatting isn’t needed, all that he needs to do is post a HJT log, then I can go deeper into this situation.
Answer #5
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:14:41 πμ, on 28/4/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Crypto\AccessRunner ADSL\CnxDslTb.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Petros\Επιφάνεια εργασίας\ΠΡΟΓΡΑΜΜΑΤΑ\HDD Thermometer\HDD Thermometer.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\GATE\Επιφάνεια εργασίας\windows-kb890830-v2.9.exe
c:\5f959c5385a52bca400232f005861115\mrtstub.exe
C:\WINDOWS\system32\MRT.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.teimes.gr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Συνδέσεις
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [Συντόμευση σελίδας ιδιοτήτων του High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [CnxTrApp] rundll32.exe "C:\Program Files\Microcom\Microcom USB Network\CnxTrApp.dll",AppEntry -REG "Conexant\Conexant USB Network"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\Crypto\AccessRunner ADSL\CnxDslTb.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RSD_HDDThermo] C:\Documents and Settings\Petros\Επιφάνεια εργασίας\ΠΡΟΓΡΑΜΜΑΤΑ\HDD Thermometer\HDD Thermometer.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Σήμερα.lnk = C:\Program Files\Today\TODAY.EXE
O8 - Extra context menu item: E&ξαγωγή στο Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Λήψη όλων με το FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Λήψη με χρήση του FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Αποστολή στο OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Α&ποστολή στο OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

—
End of file – 9765 bytes
Please remember that ALL links must be coded, including, but not limited to, e-mail addresses, passwords, and internal links. Coded for you this time-Search.
Answer #6
TDSS-B is a rootkit that hooks system calls to hide its presence. hijackthis! isnt likely to show anything.
btw, what antivirus detected this?
Answer #7
TDSS-B is a rootkit that hooks system calls to hide its presence. hijackthis! isnt likely to show anything.
btw, what antivirus detected this?
microsoft malicious software removal tool. i found it afteri have been infected
Answer #8
Please do the following: Fix HijackThis entries:

• Launch HijackThis
• Click on the “Scan” button
• Put a “check” on all of the items below
  O2 – BHO: (no name) – {7E853D72-626A-48EC-A868-BA8D5E23E045} – (no file) O4 – HKLM\..\Run: [CnxTrApp] rundll32.exe “C:\Program Files\Microcom\Microcom USB Network\CnxTrApp.dll”,AppEntry -REG “Conexant\Conexant USB Network”

• Close all browsers, open windows, etc..
• Click on the “Fix Checked” button
• When the fixing has finished, close hijackthis

Download ComboFix from one of these locations:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
• Double click on ComboFix.exe & follow the prompts.
• As part of it’s process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it’s strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it’s malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply with a fresh HijackThis log.
Answer #9
Instead of trying to remove just one why not scan your computer using Kaspersky Anti-Virus.
Answer #10
ComboFix 08-07-29.1 – gate 2009-06-15 12:56:06.1 – NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1253.1.1032.18.549 [GMT 3:00]
Running from: C:\Documents and Settings\gate\Επιφάνεια εργασίας\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
– REDUCED FUNCTIONALITY MODE –
.
((((((((((((((((((((((((( Files Created from 2009-05-15 to 2009-06-15 )))))))))))))))))))))))))))))))
.
2009-06-15 12:42 . 2009-06-15 12:42<DIR>d–hs—-C:\WINDOWS\system32\config\systemprofile\IETldCache
2009-06-15 12:41 . 2009-06-15 12:41<DIR>d–hs—-C:\Documents and Settings\gate\IETldCache
2009-06-15 12:35 . 2009-06-15 12:35<DIR>d——–C:\WINDOWS\ie8updates
2009-06-15 12:35 . 2009-05-01 00:14246,272—–c—C:\WINDOWS\system32\dllcache\ieproxy.dll
2009-06-15 12:35 . 2009-05-12 08:11102,912—–c—C:\WINDOWS\system32\dllcache\iecompat.dll
2009-06-15 12:35 . 2009-05-01 00:1412,800—–c—C:\WINDOWS\system32\dllcache\xpshims.dll
2009-06-15 12:33 . 2009-06-15 12:34<DIR>d–h-c—C:\WINDOWS\ie8
2009-06-15 03:02 . 2009-06-15 12:351,374–a——C:\WINDOWS\imsins.BAK
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-15 09:42———d—–wC:\Documents and Settings\gate\Application Data\HDD Thermometer
2009-06-15 09:1960,559,595—-a-wC:\WINDOWS\Internet Logs\vsmon_2nd_2009_05_30_18_30_42_full.dmp.zip
2009-06-15 01:00———d—–wC:\Program Files\FlashGet
2009-06-15 00:07———d—–wC:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-05-30 15:313,865,088—-a-wC:\WINDOWS\Internet Logs\xDB10.tmp
2009-05-13 05:04915,456—-a-wC:\WINDOWS\system32\wininet.dll
2009-05-07 15:32348,672—-a-wC:\WINDOWS\system32\localspl.dll
2009-04-27 16:42———d—–wC:\Program Files\Seagate
2009-04-27 16:41———d—–wC:\Program Files\Common Files\Wise Installation Wizard
2009-04-27 13:40———d—–wC:\Program Files\Classic PhoneTools
2009-04-27 13:39———d–h–wC:\Program Files\InstallShield Installation Information
2009-04-27 13:37———d—–wC:\Documents and Settings\All Users\Application Data\Spybot – Search & Destroy
2009-04-25 13:294,096—-a-wC:\WINDOWS\system32\ftp_non_crp.exe
2009-04-25 07:5435,328—-a-wC:\WINDOWS\system32\prnet.tmp
2009-04-19 19:471,847,424—-a-wC:\WINDOWS\system32\win32k.sys
2009-04-15 14:52585,216—-a-wC:\WINDOWS\system32\rpcrt4.dll
2009-04-14 01:033,702,784—-a-wC:\WINDOWS\Internet Logs\xDBF.tmp
2009-04-06 08:5087,608—-a-wC:\Documents and Settings\gate\Application Data\inst.exe
2009-04-06 08:5047,360—-a-wC:\Documents and Settings\gate\Application Data\pcouffin.sys
2009-04-05 23:503,536,896—-a-wC:\WINDOWS\Internet Logs\xDBE.tmp
2009-04-05 18:1481,920—-a-wC:\Documents and Settings\gate\Application Data\ezpinst.exe
2009-03-18 18:187,465,692—-a-wC:\WINDOWS\Internet Logs\tvDebug.zip
2009-03-08 18:0422,328—-a-wC:\Documents and Settings\gate\Application Data\PnkBstrK.sys
2007-06-13 13:2222,040—h–wC:\Documents and Settings\gate\Application Data\wmp2.dat
2008-12-11 17:1632,768–sha-wC:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008121120081212\index.dat
2008-10-07 20:2022,827,040–sha-wC:\WINDOWS\system32\drivers\fidbox.dat
2008-03-22 14:240–sha-wC:\WINDOWS\wmp\wmp.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=”C:\WINDOWS\system32\ctfmon.exe” [2008-04-14 19:30 15360]
“RSD_HDDThermo”=”C:\Documents and Settings\gate\Επιφάνεια εργασίας\ΠΡΟΓΡΑΜΜΑΤΑ\HDD Thermometer\HDD Thermometer.exe” [2004-05-05 22:23 212480]
“BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}”=”C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe” [2007-05-16 10:27 153136]
“Yahoo! Pager”=”C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE” [2007-08-30 17:43 4670704]
“MSMSGS”=”C:\Program Files\Messenger\msmsgs.exe” [2008-04-14 19:30 1695232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“ATIPTA”=”C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe” [2004-11-11 22:10 344064]
“avgnt”=”C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe” [2008-07-18 22:55 266497]
“CnxTrApp”=”C:\Program Files\Microcom\Microcom USB Network\CnxTrApp.dll” [2004-08-07 03:09 247296]
“SunJavaUpdateSched”=”C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe” [2008-06-10 04:27 144784]
“NeroFilterCheck”=”C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe” [2007-03-01 16:57 153136]
“GrooveMonitor”=”C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe” [2007-08-24 07:00 33648]
“HP Software Update”=”C:\Program Files\HP\HP Software Update\HPWuSchd2.exe” [2004-02-12 14:38 49152]
“HP Component Manager”=”C:\Program Files\HP\hpcoretech\hpcmpmgr.exe” [2004-05-12 16:18 241664]
“Zone Labs Client”=”C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe” [2005-11-15 01:51 755472]
“DAEMON Tools”=”C:\Program Files\DAEMON Tools\daemon.exe” [2005-11-09 01:00 128920]
“CnxDslTaskBar”=”C:\Program Files\Crypto\AccessRunner ADSL\CnxDslTb.exe” [2004-04-22 11:04 462848]
“TkBellExe”=”C:\Program Files\Common Files\Real\Update_OB\realsched.exe” [2009-02-21 20:40 198160]
“Συντόμευση σελίδας ιδιοτήτων του High Definition Audio”=”HDAudPropShortcut.exe” [2004-03-17 16:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
“SoundMan”=”SOUNDMAN.EXE” [2004-09-23 22:27 77824 C:\WINDOWS\SoundMan.exe]
“AlcWzrd”=”ALCWZRD.EXE” [2004-09-24 21:06 2559488 C:\WINDOWS\ALCWZRD.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=”C:\WINDOWS\system32\CTFMON.EXE” [2008-04-14 19:30 15360]
C:\Documents and Settings\All Users\Start Menu\���š�α��˜�˜\�΅΅ε�ž�ž\
Adobe Reader Speed Launch.lnk – C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 05:44:06 29696]
�γ�œ�˜.lnk – C:\Program Files\Today\TODAY.EXE [2000-12-31 01:09:06 346624]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
“HonorAutoRunSetting”= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
“VIDC.YV12″= yv12vfw.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Προγράμματα^Εκκίνηση^HP Digital Imaging Monitor.lnk]
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Προγράμματα^Εκκίνηση^WinZip Quick Pick.lnk]
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Προγράμματα^Εκκίνηση^Γρήγορη εκκίνηση HP Image Zone.lnk]
backup=C:\WINDOWS\pss\Γρήγορη εκκίνηση HP Image Zone.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
——— 2008-04-14 19:30 1695232 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
–a—— 2007-08-30 17:43 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
“DisableMonitoring”=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
“EnableFirewall”= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\\system32\\sessmgr.exe”=
“%windir%\\Network Diagnostic\\xpnetdiag.exe”=
“C:\\WINDOWS\\system32\\dpvsetup.exe”=
“C:\\WINDOWS\\system32\\rundll32.exe”=
“C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE”=
“C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE”=
“C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE”=
“C:\\Program Files\\Messenger\\msmsgs.exe”=
“C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe”=
“C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe”=
“C:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe”=
“C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe”=
“C:\\Program Files\\Windows Live\\Messenger\\livecall.exe”=
“C:\\WINDOWS\\system32\\PnkBstrA.exe”=
“C:\\WINDOWS\\system32\\PnkBstrB.exe”=
S3 CnxEtP;Crypto F200 USB ADSL WAN Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys [2003-09-12 05:26]
S3 CnxEtU;Crypto F200 USB ADSL Interface Device Driver;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys [2003-09-12 05:26]
S3 CnxTgN;Crypto F200 USB ADSL WAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgN.sys [2003-10-29 10:02]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
“C:\WINDOWS\system32\rundll32.exe” “C:\WINDOWS\system32\iedkcs32.dll”,BrandIEActiveSetup SIGNUP
.
.
——- Supplementary Scan ——-
.
R0 -: HKCU-Main,Start Page = hxxp://www.teimes.gr/
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
O8 -: E&ξαγωγή στο Microsoft Excel – C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 -: Λήψη όλων με το FlashGet – C:\Program Files\FlashGet\jc_all.htm
O8 -: Λήψη με χρήση του FlashGet – C:\Program Files\FlashGet\jc_link.htm
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista – rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-15 12:56:54
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes … scanning hidden autostart entries …
scanning hidden files … scan completed successfully
hidden files: **************************************************************************
.
Completion time: 2009-06-15 12:58:00
ComboFix-quarantined-files.txt 2009-06-15 09:57:57
Pre-Run: 11 Κατάλογοι 31,630,946,304 διαθέσιμα byte
Post-Run: 15 Κατάλογοι 31,727,263,744 διαθέσιμα byte
145— E O F —2009-06-15 09:35:56

what software am i suppose to use to read these? what software for an android device and my PC?
Answer #1
I believe that you can get a kindle app.
Answer #2
Use google
http://blog.kowalczyk.info/articles/epub-ebook-reader-viewer-for-windows.html
Answer #3
Try Cool Reader. I use that on my Android device and it works fine (I’ve only tried ePUB, by the way).
https://play.google.com/store/apps/details?id=org.coolreader&hl=en
Alternate readers on Android include FBReader, Aldiko, Moon+ Reader and Kindle.
There’s also a PC version of Cool Reader if you’d like.
http://sourceforge.net/projects/crengine/
Alternate desktop readers are SumatraPDF and the more versatile Calibre.
Answer #4
open the file (or change the extension to zip or rar) with winrar/7-zip/winzip and extract then you can read the html/xml files with your browser
Answer #5
For PC Sumatra pdf is the best imo:
http://blog.kowalczyk.info/software/sumatrapdf/free-pdf-reader.html
Answer #6
else you can convert the file to PDF using Calibre and read it on your device using Aldiko

Does anyone know how to download ads that appear often before videos to your hard drive?
Answer #1
IDM and Jdownloader 2 let you download youtube videos, so I presume they would download the adds if wanted/needed. I dont have adds enabled to test for you though..
Answer #2
Thanks!
Answer #3
Ads most likely are on a differnt stream as you don’t get them when you download YT videos.

Is it possible to use a PC mic as mic in Mario Party 7 on Dolphin emulator? Or is there some other way to be able to play/use the mic games in Mario Party 7 on Dolphin emulator with a mic (either Nintendo mic or PC mic)? I mean, without choosing the “play with controller instead of mic” or “use no mic” options.
Answer #1
hard to find searched google and found the problem with 6/7 mario party but most of the forums asking for help were from 2008-2009 and all the replies were “we are working on a fix” “we are close to complete” ..but apparently it does support the mic are you setting it up in your game keyboard configuration? it could be something from your end
Answer #2
I don’t think so. I don’t get it (the last 2 sentences).
Answer #3
how are you playing the games…there is a option in dolphin where you can choose what is A what is B what is Start what is SELECT etc…there should be a option in there for mic
Answer #4
im playing with keyboard and keyboard to play mic games. i dont see it

Hi
Most of Games are not working with me specially the latest one.
i have checked my MoD and it is 3.30 Kernal which i think there is a new version.
can somebody help me in this
Answer #1
Moving -
#3.3 Topics must be submitted to the relevant forums. Please read the forum descriptions before posting.
Answer #2
note that my PSP is 1001 version
Answer #3
do you still have the 1.5 kernel or is the not a custom firmware?
Answer #4
To play newer games you should have Dark Alex’s Custom firmware 5.00 or better for good results.

I can’t seem to install Mass Effect 3 Citadel DLC-RELOADED it gives me some error about read-only files, i get options to Abort, Retry (it asks to do with ever file in ME3) or Ignore (dlc dont work if i click this).
Fix:
select all files that are located in “…\Mass Effect 3\BIOGame\CookedPCConsole”>right click>properties and unckeck read-only
Answer #1
kobe, post your error message here
Answer #2
after installing the Citadel DLC by RELOADED ive been getting this error Unable to authorize the listed DLC
Please log in to the alliance network with the account used to purchase the DLC’s
ME3: content patch 2 DLC module
ME3: content patch DLC module
citadel base package
citadel omega
leviathan
firefight pack
all my ME3.exe files are being blocked. i only started getting this error after installing the new Citadel DLC. is anyone else getting this problem ?
Answer #3
I just realized that i only need to select all files that are located in “…\Mass Effect 3\BIOGame\CookedPCConsole”>right click>properties and uncheck read-only, after a did that i could install DLC without any problems. Hope this helps someone if having same problem as i did.
Sup Tooth thanks for trying to help but i guess i beat you to it , oh and i bet you are playing it right now and that’s why you did not upload it… SHORE LEAVE TIME
Answer #4
after installing the Citadel DLC by RELOADED ive been getting this error Unable to authorize the listed DLC
Please log in to the alliance network with the account used to purchase the DLC's
ME3: content patch 2 DLC module
ME3: content patch DLC module
citadel base package
citadel omega
leviathan
firefight pack
all my ME3.exe files are being blocked. i only started getting this error after installing the new Citadel DLC. is anyone else getting this problem ?
you install citadel, did you use the crack files last? Does not look like it.
i bet you are playing it right now and that's why you did not upload it... SHORE LEAVE TIME I finally got to posting it in the topic Kobe, so you work on a “ship”?

Ok i need somebody to tell me if i can jailbreak my ipod touch, what to use and if there is a risk i have ipod touch 2nd generation and i already have official version of 3.0 i faily noob to this ipod stuff so plz help
Answer #1
go to modmyi.com the will have everything you need to get your Ipod tocuh jailbroken, and if they don’t will direct you somewhere that does.
Answer #2
http://www.google.com?t=2802051&highlight=
there are good tuts on what to do here with everything you need
or for just directions (also on the page)
http://www.google.com/notebook/public/17901218059398367178/BDRYq3goQpqmmu6Ek
*easy to do and no risks. If you do brick it you can always just restore it to normal in itunes
Answer #3
thanks guys!!!

well im thinking of making myself a pc
and i did some research and all
is this a good cpu for a pc that will be used for just a mid range gaming and internet and just normal work.
http://processorfinder.intel.com/details.aspx?sSpec=SLAY7
plz help
Answer #1
Yeah its nice Core Duo is best for gaming, but if you intend to buy it off intel try to go for cheaper prices like off newegg maybe you can find a better one ^^ for less the price
Answer #2
pffft pentium dual cores arent good for gaming. May as well get a C2D E8600. Better yet a gaming quad
Answer #3
get the e7200. it’s 50% more ($120) but it’s a better budget processor
Answer #4
get an e6300 its a cheap core 2 duo…im guessing your on a tight budget?
its only a 1.86ghz stock but it has a better fsb
and its such a simple cpu to overclock you can easily have it at 2.3ghz on stock cooling
also if your building a new pc from scracth give me a budget and ill reccomend you a few parts

I’m looking to share a substantial amount of content, but my upload speed isn’t the greatest in the world (6 MB). I was wondering how you powersharers keep on top of your links with backups and multi-hosts?
I was thinking of maybe using a Windows VPS as a file dump (not forward-facing), then Remote Desktop Connect into the machine to upload from a high-speed server connection? (I’m not sure how I would do this on a UNIX machine through SSH to file sharing websites without ftp support).
Pros:
1) All my files would be backed up there for quick re-uploading if the links get taken down.
2) I can upload once (to the VPS) and spread everwhere:
Through the RDC, I can upload to multiple filesharing websites quickly with the servers bandwidth.
Problems:
1) Costly. 2) I’m pretty sure the bursts of upload bandwidth would be noticed by a server administrator. If they see pirated content dumped on their servers, it will get shut down quick-sharp.
I’m not sure how you all work with backups and multiple file hosts, so any information is appreciated!
Answer #1
Maybe a program like plowshare could help. I used it to upload files from my seed box to. Various cyberlockers
Answer #2
Maybe a program like plowshare could help. I used it to upload files from my seed box to. Various cyberlockers
This looks brilliant, tackles a lot of the problems I mentioned. Never heard of it before.
Legend, thank you very much!
Answer #3

I was thinking of maybe using a Windows VPS as a file dump (not forward-facing), then Remote Desktop Connect into the machine to upload from a high-speed server connection?
It’d be easier to just use the host’s remote upload feature to do this. I'm not sure how I would do this on a UNIX machine through SSH to file sharing websites without ftp support
Your not gonna have a problem. First of, You also get SFTP access with SSH (FTP over SSH) which can used for file transfers, Second of, Just like with a Windows-Based server, You’ll be able
to install any program you want, So setting up FTP wouldn’t be an issue. However, It can be challenging if you don’t have prior experience.
2) I'm pretty sure the bursts of upload bandwidth would be noticed by a server administrator. If they see pirated content dumped on their servers, it will get shut down quick-sharp.
As long as you don’t exceed your monthly bandwidth limit you’ll be fine. And admins rarely check on the content (unless someone reports it of course)
I'm not sure how you all work with backups and multiple file hosts, so any information is appreciated!
Keep in mind that when a file is blacklisted on a host, It’s blacklisted by it’s unique MD5 hash, So you cannot re-upload without changing it first! You’ll have to re-compress it with a different password in order to achieve this goal.

So I really want to try Windows 10.The thing is I have a KMS Activated Windows 8.1 and what I have learned is that I cannot clean install Windows 10 because it asks for a key.
So what I have to do is upgrade from 8.1 to 10 and then activate it to get my free legit key and then use that key to clean install 10.Is this the procedure I am to follow?
Answer #1
I believe this is the wrong section to post this not sure.
However to answer your question you have to have a genuine copy of windows 7, 8 or 8.1 activated with Microsoft.
If you meet this requirement and your windows version is fully updated you will get the option to update to windows 10 for free.
Once that is done you have to extract the new key from windows and use that for clean installs as the old one will no longer be valid at least not for windows 10.
Please refrain from mini-modding -
#1.2 We'd like to encourage and thank members to use the report button but not add their own criticism.

Answer #2
yeah sorry wrong forum.Mod please move it to off topic
they said Win10 will be free for pirates also
Answer #3
#3.3 Topics must be submitted to the relevant forums. Please read the forum descriptions before posting.
Topic moved from Apps to Helpdesk.
Answer #4
From what I have read by searching Google you have to upgrade your Windows 8.1 to Windows 10. When it is upgraded your OS will have a new Windows 10 key and that key can be used to do a fresh install of Windows 10 on another partition/disk. After upgrading use something like Magic Jellybean Key Finder to find your new Windows 10 product key.
It might be worth writing down your Windows 8.1 key before you upgrade just in case you need it.
You can download the free version of the Magic Jellybean Key Finder here:
https://www.magicaljellybean.com/keyfinder/
Answer #5
[quote=””]So I really want to try Windows 10.The thing is I have a KMS Activated Windows 8.1 and what I have learned is that I cannot clean install Windows 10 because it asks for a key.
quote]
It wont ask for a key if you are KMS activated