Author Topic: TROJAN.RANSOM (Read 29676 times)

elisabeth77 · « **on:** September 07, 2012, 11:29:59 PM »

HI HOPE TEAM !

THANK YOU FOR THE ACCEPTANCE!
As you can think i have issues with my pc!

i 'have run Malware - Antimalware bytes and every time i receive the same error

hkcu\software\Microsoft\windows\currentversion\windows\load

it is a Trojan.ransom

i have seen a same topic from mp1975 on august 25th 2012 helped by super Dave.

so , i have already run SUPERAntiSpyware free edition and now i am running the malware bytes again. Do i have to download the malware bytes again or can i run the version i already have on my computer?

please help me through .......

thanks in advance!!!!!!!!!!

elisabeth77 · « **Reply #1 on:** September 07, 2012, 11:31:58 PM »

here is the summary from super antispyware

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/08/2012 at 01:49 AM

Application Version : 5.5.1016

Core Rules Database Version : 9192
Trace Rules Database Version: 7004

Scan type : Complete Scan
Total Scan Time : 02:00:27

Operating System Information
Windows Vista Home Premium 32-bit (Build 6.00.6000)
UAC On - Limited User (Administrator User)

Memory items scanned : 926
Memory threats detected : 0
Registry items scanned : 35424
Registry threats detected : 27
File items scanned : 126367
File threats detected : 50

Browser Hijacker.Deskbar
   HKCR\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}
   HKCR\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}\1.0
   HKCR\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}\1.0\0
   HKCR\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}\1.0\0\win32
   HKCR\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}\1.0\FLAGS
   HKCR\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}\1.0\HELPDIR
   HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
   HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid
   HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid32
   HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib
   HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib#Version
   HKCR\Interface\{9EBB289A-2D7B-465B-825F-1530B813E95A}
   HKCR\Interface\{9EBB289A-2D7B-465B-825F-1530B813E95A}\ProxyStubClsid
   HKCR\Interface\{9EBB289A-2D7B-465B-825F-1530B813E95A}\ProxyStubClsid32
   HKCR\Interface\{9EBB289A-2D7B-465B-825F-1530B813E95A}\TypeLib
   HKCR\Interface\{9EBB289A-2D7B-465B-825F-1530B813E95A}\TypeLib#Version
   HKCR\Interface\{CD5C92AE-97B0-4BC3-BA65-BA0308D543BF}
   HKCR\Interface\{CD5C92AE-97B0-4BC3-BA65-BA0308D543BF}\ProxyStubClsid
   HKCR\Interface\{CD5C92AE-97B0-4BC3-BA65-BA0308D543BF}\ProxyStubClsid32
   HKCR\Interface\{CD5C92AE-97B0-4BC3-BA65-BA0308D543BF}\TypeLib
   HKCR\Interface\{CD5C92AE-97B0-4BC3-BA65-BA0308D543BF}\TypeLib#Version
   HKCR\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
   HKCR\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}\ProxyStubClsid
   HKCR\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}\ProxyStubClsid32
   HKCR\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}\TypeLib
   HKCR\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}\TypeLib#Version

Adware.Tracking Cookie
   C:\USERS\DIMITRIS\AppData\Roaming\Microsoft\Windows\Cookies\Low\dimitris@adultfriendfinder[1].txt [ Cookie:dimitris@*adult URL*/ ]
   C:\USERS\DIMITRIS\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\USERS\DIMITRIS\AppData\Roaming\Microsoft\Windows\Cookies\Low\dimitris@trafficholder[1].txt [ Cookie:[email protected]/cgi-bin/traffic/ ]
   C:\USERS\DIMITRIS\AppData\Roaming\Microsoft\Windows\Cookies\Low\dimitris@mature-porn-movie[2].txt [ Cookie:[email protected]/ ]
   C:\USERS\DIMITRIS\AppData\Roaming\Microsoft\Windows\Cookies\Low\dimitris@yadro[1].txt [ *Blocked Russian URL*/ ]
   C:\USERS\DIMITRIS\AppData\Roaming\Microsoft\Windows\Cookies\Low\dimitris@exoclick[2].txt [ Cookie:[email protected]/ ]
   C:\USERS\DIMITRIS\AppData\Roaming\Microsoft\Windows\Cookies\Low\dimitris@toplist[2].txt [ Cookie:[email protected]/ ]
   C:\USERS\DIMITRIS\AppData\Roaming\Microsoft\Windows\Cookies\Low\dimitris@statcounter[1].txt [ Cookie:[email protected]/ ]
   C:\USERS\DIMITRIS\AppData\Roaming\Microsoft\Windows\Cookies\Low\dimitris@toplist[4].txt [ Cookie:[email protected]/ ]
   C:\USERS\DIMITRIS\AppData\Roaming\Microsoft\Windows\Cookies\Low\dimitris@sextracker[1].txt [ Cookie:[email protected]/ ]
   C:\USERS\DIMITRIS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /COUNTER13.SEXTRACKER ]
   C:\USERS\DIMITRIS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\DIMITRIS@TOPLIST[1].TXT [ /TOPLIST ]
   *Blocked Russian URL* [ C:\USERS\DIMITRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SDHPVDUI.DEFAULT\COOKIES.SQLITE ]
   *Blocked Russian URL* [ C:\USERS\DIMITRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SDHPVDUI.DEFAULT\COOKIES.SQLITE ]
   .doubleclick.net [ C:\USERS\DIMITRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SDHPVDUI.DEFAULT\COOKIES.SQLITE ]
   .imrworldwide.com [ C:\USERS\DIMITRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SDHPVDUI.DEFAULT\COOKIES.SQLITE ]
   .imrworldwide.com [ C:\USERS\DIMITRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SDHPVDUI.DEFAULT\COOKIES.SQLITE ]
   in.getclicky.com [ C:\USERS\DIMITRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SDHPVDUI.DEFAULT\COOKIES.SQLITE ]
   network.clickbanner.gr [ C:\USERS\DIMITRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SDHPVDUI.DEFAULT\COOKIES.SQLITE ]
   ad.yieldmanager.com [ C:\USERS\DIMITRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SDHPVDUI.DEFAULT\COOKIES.SQLITE ]
   ad.yieldmanager.com [ C:\USERS\DIMITRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SDHPVDUI.DEFAULT\COOKIES.SQLITE ]
   ad.yieldmanager.com [ C:\USERS\DIMITRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SDHPVDUI.DEFAULT\COOKIES.SQLITE ]
   ad.yieldmanager.com [ C:\USERS\DIMITRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SDHPVDUI.DEFAULT\COOKIES.SQLITE ]
   www.googleadservices.com [ C:\USERS\DIMITRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SDHPVDUI.DEFAULT\COOKIES.SQLITE ]
   .atdmt.com [ C:\USERS\DIMITRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SDHPVDUI.DEFAULT\COOKIES.SQLITE ]
   .h.atdmt.com [ C:\USERS\DIMITRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SDHPVDUI.DEFAULT\COOKIES.SQLITE ]
   .h.atdmt.com [ C:\USERS\DIMITRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SDHPVDUI.DEFAULT\COOKIES.SQLITE ]
   .atdmt.com [ C:\USERS\DIMITRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SDHPVDUI.DEFAULT\COOKIES.SQLITE ]
   .atdmt.com [ C:\USERS\DIMITRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SDHPVDUI.DEFAULT\COOKIES.SQLITE ]
   .h.atdmt.com [ C:\USERS\DIMITRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SDHPVDUI.DEFAULT\COOKIES.SQLITE ]
   .h.atdmt.com [ C:\USERS\DIMITRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SDHPVDUI.DEFAULT\COOKIES.SQLITE ]
   .apmebf.com [ C:\USERS\DIMITRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SDHPVDUI.DEFAULT\COOKIES.SQLITE ]
   .apmebf.com [ C:\USERS\DIMITRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SDHPVDUI.DEFAULT\COOKIES.SQLITE ]
   .pathfinder.gr [ C:\USERS\DIMITRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SDHPVDUI.DEFAULT\COOKIES.SQLITE ]
   .lexicon.pathfinder.gr [ C:\USERS\DIMITRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SDHPVDUI.DEFAULT\COOKIES.SQLITE ]
   .lexicon.pathfinder.gr [ C:\USERS\DIMITRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SDHPVDUI.DEFAULT\COOKIES.SQLITE ]
   .lexicon.pathfinder.gr [ C:\USERS\DIMITRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SDHPVDUI.DEFAULT\COOKIES.SQLITE ]
   .doubleclick.net [ C:\USERS\DIMITRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SDHPVDUI.DEFAULT\COOKIES.SQLITE ]
   .kaspersky.122.2o7.net [ C:\USERS\DIMITRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SDHPVDUI.DEFAULT\COOKIES.SQLITE ]
   .histats.com [ C:\USERS\DIMITRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SDHPVDUI.DEFAULT\COOKIES.SQLITE ]
   .histats.com [ C:\USERS\DIMITRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SDHPVDUI.DEFAULT\COOKIES.SQLITE ]
   .kontera.com [ C:\USERS\DIMITRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SDHPVDUI.DEFAULT\COOKIES.SQLITE ]
   .mmstat.com [ C:\USERS\DIMITRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SDHPVDUI.DEFAULT\COOKIES.SQLITE ]
   .cnzz.mmstat.com [ C:\USERS\DIMITRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SDHPVDUI.DEFAULT\COOKIES.SQLITE ]
   .oracle.112.2o7.net [ C:\USERS\DIMITRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SDHPVDUI.DEFAULT\COOKIES.SQLITE ]
   .adserver.adtechus.com [ C:\USERS\DIMITRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SDHPVDUI.DEFAULT\COOKIES.SQLITE ]
   7.rotator.wigetmedia.com [ C:\USERS\DIMITRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SDHPVDUI.DEFAULT\COOKIES.SQLITE ]
   ad.yieldmanager.com [ C:\USERS\DIMITRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SDHPVDUI.DEFAULT\COOKIES.SQLITE ]
   ad.yieldmanager.com [ C:\USERS\DIMITRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SDHPVDUI.DEFAULT\COOKIES.SQLITE ]
   ad.yieldmanager.com [ C:\USERS\DIMITRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SDHPVDUI.DEFAULT\COOKIES.SQLITE ]

PUP.BabylonToolbar
   HKU\S-1-5-21-1896998450-3613239171-3286227423-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}

elisabeth77 · « **Reply #2 on:** September 08, 2012, 01:08:34 AM »

and here are the results of malware - Antimalware bytes

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Data base version : v2012.09.08.02

Windows Vista x86 NTFS
Internet Explorer 7.0.6000.16982
Dimitris :: DIMITRIS-PC [administrator]

8/9/2012 7:54:33 πμ
mbam-log-2012-09-08 (09-47-56).txt

scan type: Full Scan (C:\|L:\|)
Activate scan options: Ram | Startup | Register | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 322922
Time elapsed: 1 hour, 38 minutes, 14 seconds

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Ransom) -> Data: C:\Users\Dimitris\LOCALS~1\Temp\ahmthhvvu.scr -> No action.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

elisabeth77 · « **Reply #3 on:** September 08, 2012, 02:03:51 AM »

here comes the results of Security Check by screen317

Results of screen317's Security Check version 0.99.50
Windows Vista x86 (UAC is enabled)
Out of date service pack!![/b]
Internet Explorer 7 Out of date!
``````````````Antivirus/Firewall Check:``````````````[/u]
WMI entry may not exist for antivirus; attempting automatic update.
Avira successfully updated!
`````````Anti-malware/Other Utilities Check:`````````[/u]
MVPS Hosts File
SUPERAntiSpyware
Trojan Remover 6.8.4
Malwarebytes Anti-Malware έκδοση 1.62.0.1300
CCleaner
Java 7 Update 7
Adobe Flash Player 11.1.102.55
Adobe Reader 8 Adobe Reader out of Date!
Mozilla Firefox 8.0 Firefox out of Date!
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
````````Process Check: objlist.exe by Laurent````````[/u]
Windows Defender MSASCui.exe
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
Windows Defender MSASCui.exe
`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````[/u]

SuperDave · « **Reply #4 on:** September 08, 2012, 12:15:24 PM »

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
Please try running MBAM again and, this time, clean the infection.

Go to Microsoft Windows Update and get all critical updates including the latest Service Pack and IE 9.

Please download AdwCleaner by Xplode onto your Desktop.

Double click on AdwCleaner.exe to run the tool.
Click on Search.
A logfile will automatically open after the scan has finished.
Please post the content of that logfile in your reply.
You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.

elisabeth77 · « **Reply #5 on:** September 08, 2012, 04:47:31 PM »

Dear Dave ,

thank you for your help!

here are the results of Adwcleaner.

i am looking forward for your instructions!!!

# AdwCleaner v2.000 - Logfile created 09/09/2012 at 01:41:34
# Updated 30/08/2012 by Xplode
# Operating system : Windows Vista (TM) Home Premium (32 bits)
# User : Dimitris - DIMITRIS-PC
# Boot Mode : Normal
# Running from : C:\Users\Dimitris\Downloads\adwcleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

File Found : C:\Program Files\Mozilla FireFox\Components\AskSearch.js
File Found : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
File Found : C:\user.js
File Found : C:\Users\Dimitris\AppData\Roaming\Mozilla\Firefox\Profiles\sdhpvdui.default\searchplugins\Conduit.xml
Folder Found : C:\Program Files\Conduit
Folder Found : C:\Program Files\FreeMake
Folder Found : C:\Program Files\TorrentReactor.Net
Folder Found : C:\Program Files\Winamp Toolbar
Folder Found : C:\ProgramData\FreeMake
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeMake
Folder Found : C:\ProgramData\Winamp Toolbar
Folder Found : C:\Users\Dimitris\AppData\Local\Conduit
Folder Found : C:\Users\Dimitris\AppData\Local\Winamp Toolbar
Folder Found : C:\Users\Dimitris\AppData\LocalLow\BabylonToolbar
Folder Found : C:\Users\Dimitris\AppData\LocalLow\Conduit
Folder Found : C:\Users\Dimitris\AppData\LocalLow\facemoods.com
Folder Found : C:\Users\Dimitris\AppData\LocalLow\FreeMake
Folder Found : C:\Users\Dimitris\AppData\LocalLow\PriceGong
Folder Found : C:\Users\Dimitris\AppData\LocalLow\TorrentReactor.Net
Folder Found : C:\Users\Dimitris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeMake
Folder Found : C:\Users\Dimitris\AppData\Roaming\Mozilla\Firefox\Profiles\sdhpvdui.default\CT3214568
Folder Found : C:\Users\Dimitris\AppData\Roaming\Mozilla\Firefox\Profiles\sdhpvdui.default\extensions\{adca5064-9e30-43fe-9856-58b07a3149fe}
Folder Found : C:\Users\Dimitris\AppData\Roaming\Mozilla\Firefox\Profiles\sdhpvdui.default\extensions\[email protected]
Folder Found : C:\Users\Dimitris\AppData\Roaming\Mozilla\Firefox\Profiles\sdhpvdui.default\Smartbar
Folder Found : C:\Users\Dimitris\Documents\FreeMake

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\Freemake
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AppDataLow\Software\TorrentReactor.Net
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\BrowserCompanion
Key Found : HKCU\Software\Freemake
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\facemoods
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FreeMake Toolbar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\TorrentReactor.Net Toolbar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Winamp Toolbar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{04CEFF5B-A46D-4417-8018-43A059BDF9A6}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64182481-4F71-486B-A045-B233BD0DA8FC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9A4D1490-F317-4D7C-A2FA-5A0FE233331F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ADCA5064-9E30-43FE-9856-58B07A3149FE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B23920F4-4C2F-412B-9450-1D7028D5454E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Found : HKCU\Software\Winamp Toolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\winamptbServer.exe
Key Found : HKLM\SOFTWARE\Classes\b
Key Found : HKLM\SOFTWARE\Classes\CLSID\{04CEFF5B-A46D-4417-8018-43A059BDF9A6}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6EF4E91D-DDD5-4478-BCA7-DA04435934C0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{801FD5AC-90F0-4FE9-A8A3-AA98A3B4F6AD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{841FD004-57A2-4B49-BBDB-5897394619DB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9A4D1490-F317-4D7C-A2FA-5A0FE233331F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{ADCA5064-9E30-43FE-9856-58B07A3149FE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B23920F4-4C2F-412B-9450-1D7028D5454E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B38D6EDE-390B-4620-8365-29E16459EBDA}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BB468DEB-B219-4BAE-BA7E-A8000B6AF0A3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F20F11FD-203E-45A9-B7BB-AFC1B4FEA7A6}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FE178B09-C8AA-4734-804D-1849BCCA0C29}
Key Found : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
Key Found : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
Key Found : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{0F54B66A-21CF-4548-AE59-A6B83EE6676F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{51A971CA-D36E-4D13-A799-2CF0A491D04D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{56FBEA9F-EF93-4318-B75F-A96FC7C7BD7B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{78B3C85E-44FF-4DC8-B3AD-156F39DC75E5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{841FD004-57A2-4B49-BBDB-5897394619DB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E1164984-B567-47BD-A7FF-240C2594404A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E19FDA06-5BDF-43C2-B794-BCD8A4C2051F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FAB076F5-E4DD-4EA4-AFEE-F18BF972B057}
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT1561457
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3214568
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{538CD77C-BFDD-49B0-9562-77419CAB89D1}
Key Found : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
Key Found : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
Key Found : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch
Key Found : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch.1
Key Found : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand
Key Found : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand.1
Key Found : HKLM\SOFTWARE\Classes\WinampTb.Downloader
Key Found : HKLM\SOFTWARE\Classes\WinampTb.Downloader.1
Key Found : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo
Key Found : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo.1
Key Found : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams
Key Found : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams.1
Key Found : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper
Key Found : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper.1
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\Freemake
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\clbfjfbnelcflpgpklppgplejolacbej
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ibgfbdggapddbjjbopabhlhianklajie
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{12911484-55A2-4151-9A28-E08DF7015DBC}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{81EFB41B-2381-4EC1-B366-BB93AECD9F1B}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{04CEFF5B-A46D-4417-8018-43A059BDF9A6}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9A4D1490-F317-4D7C-A2FA-5A0FE233331F}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FreeMake Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TorrentReactor.Net Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Winamp Toolbar
Key Found : HKLM\Software\TorrentReactor.Net
Key Found : HKLM\Software\Winamp Toolbar
Key Found : HKU\S-1-5-21-1896998450-3613239171-3286227423-1002\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKU\S-1-5-21-1896998450-3613239171-3286227423-1002\Software\Microsoft\Internet Explorer\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}
Key Found : HKU\S-1-5-21-1896998450-3613239171-3286227423-1002\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKU\S-1-5-21-1896998450-3613239171-3286227423-1002\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
Key Found : HKU\S-1-5-21-1896998450-3613239171-3286227423-1002\Software\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{1BB22D38-A411-4B13-A746-C2A4F4EC7344}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{3041D03E-FD4B-44E0-B742-2D9B88305F98}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{ADCA5064-9E30-43FE-9856-58B07A3149FE}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{B23920F4-4C2F-412B-9450-1D7028D5454E}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{ADCA5064-9E30-43FE-9856-58B07A3149FE}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{1BB22D38-A411-4B13-A746-C2A4F4EC7344}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{ADCA5064-9E30-43FE-9856-58B07A3149FE}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B23920F4-4C2F-412B-9450-1D7028D5454E}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{ADCA5064-9E30-43FE-9856-58B07A3149FE}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{B23920F4-4C2F-412B-9450-1D7028D5454E}]

***** [Internet Browsers] *****

-\\ Internet Explorer v7.0.6000.16982

[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?babsrc=NT_ss&mntrId=c85f62db0000000000000019db405218&tlver=1.4.19.19&affID=19404

-\\ Mozilla Firefox v15.0.1 (el)

Profile name : default
File : C:\Users\Dimitris\AppData\Roaming\Mozilla\Firefox\Profiles\sdhpvdui.default\prefs.js

Found : user_pref("CT3214568.1000082.isPlayDisplay", "true");
Found : user_pref("CT3214568.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]
Found : user_pref("CT3214568.1000234.TWC_TMP_city", "ATHENS");
Found : user_pref("CT3214568.1000234.TWC_TMP_country", "GR");
Found : user_pref("CT3214568.1000234.TWC_locId", "GRXX0004");
Found : user_pref("CT3214568.1000234.TWC_location", "Athens, Greece");
Found : user_pref("CT3214568.1000234.TWC_region", "OT");
Found : user_pref("CT3214568.1000234.TWC_temp_dis", "c");
Found : user_pref("CT3214568.1000234.TWC_wind_dis", "kmh");
Found : user_pref("CT3214568.1000234.weatherData", "{\"icon\":\"33.png\",\"temperature\":\"24°C\",\"temperat[...]
Found : user_pref("CT3214568.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3214568.ENABLE_RETURN_WEB_SEARCH_ON_T HE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Found : user_pref("CT3214568.FirstTime", "true");
Found : user_pref("CT3214568.FirstTimeFF3", "true");
Found : user_pref("CT3214568.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT321[...]
Found : user_pref("CT3214568.UserID", "UN61010824010489033");
Found : user_pref("CT3214568.addressBarTakeOverEnabledInHi dden", "true");
Found : user_pref("CT3214568.autoDisableScopes", -1);
Found : user_pref("CT3214568.browser.search.defaultthis.en gineName", true);
Found : user_pref("CT3214568.cb_experience_000", "4");
Found : user_pref("CT3214568.cb_firstuse0100", "1");
Found : user_pref("CT3214568.cbcountry_001", "GR");
Found : user_pref("CT3214568.cbfirsttime", "Mon Aug 06 2012 21:50:24 GMT+0300");
Found : user_pref("CT3214568.defaultSearch", "true");
Found : user_pref("CT3214568.embeddedsData", "[{\"appId\":\"10000002\",\"apiPermissions\":{\"crossDomainAjax[...]
Found : user_pref("CT3214568.enableAlerts", "always");
Found : user_pref("CT3214568.enableSearchFromAddressBar", "true");
Found : user_pref("CT3214568.firstTimeDialogOpened", "true");
Found : user_pref("CT3214568.fixPageNotFoundError", "true");
Found : user_pref("CT3214568.fixPageNotFoundErrorInHidden", "true");
Found : user_pref("CT3214568.fixUrls", true);
Found : user_pref("CT3214568.hxxp___www_socialgrowthtechno logies_com_couponbuddy_v001.APP_WIN_FEA TURES", "op[...]
Found : user_pref("CT3214568.installId", "ConduitNSISIntegration");
Found : user_pref("CT3214568.installType", "ConduitNSISIntegration");
Found : user_pref("CT3214568.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3214568.isNewTabEnabled", true);
Found : user_pref("CT3214568.isPerformedSmartBarTransition", "true");
Found : user_pref("CT3214568.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Found : user_pref("CT3214568.keyword", true);
Found : user_pref("CT3214568.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxps[...]
Found : user_pref("CT3214568.openThankYouPage", "false");
Found : user_pref("CT3214568.openUninstallPage", "true");
Found : user_pref("CT3214568.search.searchAppId", "10000002");
Found : user_pref("CT3214568.search.searchCount", "1");
Found : user_pref("CT3214568.searchInNewTabEnabledInHidden", "true");
Found : user_pref("CT3214568.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3214568.serviceLayer_service_login_is FirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Found : user_pref("CT3214568.serviceLayer_service_login_lo ginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Found : user_pref("CT3214568.serviceLayer_service_toolbarG rouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Found : user_pref("CT3214568.serviceLayer_service_toolbarG rouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Found : user_pref("CT3214568.serviceLayer_service_toolbarG rouping_activeToolbarName", "{\"dataType\":\"strin[...]
Found : user_pref("CT3214568.serviceLayer_service_toolbarG rouping_invoked", "{\"dataType\":\"string\",\"data[...]
Found : user_pref("CT3214568.serviceLayer_service_usage_to olbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Found : user_pref("CT3214568.serviceLayer_services_appTrac kingFirstTime_lastUpdate", "1346307154067");
Found : user_pref("CT3214568.serviceLayer_services_appTrac king_lastUpdate", "1345412499281");
Found : user_pref("CT3214568.serviceLayer_services_appsMet adata_lastUpdate", "1347091181087");
Found : user_pref("CT3214568.serviceLayer_services_gottenA ppsContextMenu_lastUpdate", "1346069587037");
Found : user_pref("CT3214568.serviceLayer_services_login_1 0.10.20.14_lastUpdate", "1346083862574");
Found : user_pref("CT3214568.serviceLayer_services_login_1 0.10.27.6_lastUpdate", "1347119996540");
Found : user_pref("CT3214568.serviceLayer_services_optimiz er_lastUpdate", "1346351036616");
Found : user_pref("CT3214568.serviceLayer_services_otherAp psContextMenu_lastUpdate", "1346069587073");
Found : user_pref("CT3214568.serviceLayer_services_searchA PI_lastUpdate", "1347091181259");
Found : user_pref("CT3214568.serviceLayer_services_service Map_lastUpdate", "1347091181067");
Found : user_pref("CT3214568.serviceLayer_services_toolbar ContextMenu_lastUpdate", "1346069586698");
Found : user_pref("CT3214568.serviceLayer_services_toolbar Settings_lastUpdate", "1347115618965");
Found : user_pref("CT3214568.serviceLayer_services_transla tion_lastUpdate", "1347091181457");
Found : user_pref("CT3214568.settingsINI", true);
Found : user_pref("CT3214568.shouldFirstTimeDialog", "false");
Found : user_pref("CT3214568.smartbar.CTID", "CT3214568");
Found : user_pref("CT3214568.smartbar.Uninstall", "0");
Found : user_pref("CT3214568.smartbar.homepage", true);
Found : user_pref("CT3214568.smartbar.toolbarName", "FreemakeTB ");
Found : user_pref("CT3214568.toolbarBornServerTime", "6-8-2012");
Found : user_pref("CT3214568.toolbarCurrentServerTime", "8-9-2012");
Found : user_pref("CT3214568.url_history0001", "hxxp://www.google.gr/url?sa=t&rct=j&q=%CF%87%CF%81%CF%85%CF%[...]
Found : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3214568&SearchSource=1[...]
Found : user_pref("Smartbar.ConduitSearchEngineList", "FreeMake Customized Web Search");
Found : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3214568[...]
Found : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.babylon.com/?babsrc=adbartrp&affID[...]
Found : user_pref("Smartbar.keywordURLSelectedCTID", "CT3214568");
Found : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Found : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
Found : user_pref("browser.search.order.1", "Search the web (Babylon)");
Found : user_pref("browser.search.selectedEngine", "FreeMake Customized Web Search");
Found : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3214568&SearchSource=13");
Found : user_pref("extensions.BabylonToolbar.admin", false);
Found : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Found : user_pref("extensions.BabylonToolbar.babExt", "");
Found : user_pref("extensions.BabylonToolbar.babTrack", "affID=101363");
Found : user_pref("extensions.BabylonToolbar.bbDpng", 6);
Found : user_pref("extensions.BabylonToolbar.dfltSrch", false);
Found : user_pref("extensions.BabylonToolbar.hmpg", false);
Found : user_pref("extensions.BabylonToolbar.id", "c85f62db0000000000000019db405218");
Found : user_pref("extensions.BabylonToolbar.instlDay", "15379");
Found : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Found : user_pref("extensions.BabylonToolbar.lastDP", 6);
Found : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.1721:21:09");
Found : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "8.0");
Found : user_pref("extensions.BabylonToolbar.newTab", false);
Found : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb");
Found : user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
Found : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Found : user_pref("extensions.BabylonToolbar.propectorlck", 69576808);
Found : user_pref("extensions.BabylonToolbar.prtkDS", 1);
Found : user_pref("extensions.BabylonToolbar.prtkHmpg", 1);
Found : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Found : user_pref("extensions.BabylonToolbar.ptch_0717", true);
Found : user_pref("extensions.BabylonToolbar.smplGrp", "none");
Found : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Found : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Found : user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17");
Found : user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.1721:21:09");
Found : user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17");
Found : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Found : user_pref("extensions.BabylonToolbar_i.babExt", "");
Found : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=101363");
Found : user_pref("extensions.BabylonToolbar_i.hardId", "c85f62db0000000000000019db405218");
Found : user_pref("extensions.BabylonToolbar_i.id", "c85f62db0000000000000019db405218");
Found : user_pref("extensions.BabylonToolbar_i.instlDay", "15379");
Found : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Found : user_pref("extensions.BabylonToolbar_i.newTab", false);
Found : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Found : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Found : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Found : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Found : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1721:21:09");
Found : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Found : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3214568&SearchSource=2&q=[...]

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Dimitris\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found [l.424] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT3214568&SearchSource=48&sspv=CHOB18" ]
Found [l.426] : homepage = "hxxp://search.conduit.com/?ctid=CT3214568&SearchSource=48&sspv=CHOB18",

*************************

AdwCleaner[R1].txt - [23395 octets] - [09/09/2012 01:41:34]

########## EOF - C:\AdwCleaner[R1].txt - [23456 octets] ##########

elisabeth77 · « **Reply #6 on:** September 08, 2012, 04:53:06 PM »

Dave,

adw cleaner ask me if i want to delete items found! should i click delete option or not!!

thanks again!!!

elisabeth77 · « **Reply #7 on:** September 09, 2012, 12:26:53 PM »

dear Dave,

i run all the updates on my pc and run again security check . here are the results!
Results of screen317's Security Check version 0.99.50
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````[/u]
Avira Desktop
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````[/u]
MVPS Hosts File
SUPERAntiSpyware
Trojan Remover 6.8.4
Malwarebytes Anti-Malware έκδοση 1.62.0.1300
CCleaner
Java 7 Update 7
Adobe Flash Player 11.1.102.55
Adobe Reader 8 Adobe Reader out of Date!
Mozilla Firefox (15.0.1)
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
````````Process Check: objlist.exe by Laurent````````[/u]
Windows Defender MSASCui.exe
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
Windows Defender MSASCui.exe
`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````[/u]

the results of adwcleaner too!

# AdwCleaner v2.000 - Logfile created 09/09/2012 at 21:17:52
# Updated 30/08/2012 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# User : Dimitris - DIMITRIS-PC
# Boot Mode : Normal
# Running from : C:\Users\Dimitris\Downloads\adwcleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

File Found : C:\Program Files\Mozilla FireFox\Components\AskSearch.js
File Found : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
File Found : C:\user.js
File Found : C:\Users\Dimitris\AppData\Roaming\Mozilla\Firefox\Profiles\sdhpvdui.default\searchplugins\Conduit.xml
Folder Found : C:\Program Files\Conduit
Folder Found : C:\Program Files\FreeMake
Folder Found : C:\Program Files\TorrentReactor.Net
Folder Found : C:\Program Files\Winamp Toolbar
Folder Found : C:\ProgramData\FreeMake
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeMake
Folder Found : C:\ProgramData\Winamp Toolbar
Folder Found : C:\Users\Dimitris\AppData\Local\Conduit
Folder Found : C:\Users\Dimitris\AppData\Local\Winamp Toolbar
Folder Found : C:\Users\Dimitris\AppData\LocalLow\BabylonToolbar
Folder Found : C:\Users\Dimitris\AppData\LocalLow\Conduit
Folder Found : C:\Users\Dimitris\AppData\LocalLow\facemoods.com
Folder Found : C:\Users\Dimitris\AppData\LocalLow\FreeMake
Folder Found : C:\Users\Dimitris\AppData\LocalLow\PriceGong
Folder Found : C:\Users\Dimitris\AppData\LocalLow\TorrentReactor.Net
Folder Found : C:\Users\Dimitris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeMake
Folder Found : C:\Users\Dimitris\AppData\Roaming\Mozilla\Firefox\Profiles\sdhpvdui.default\CT3214568
Folder Found : C:\Users\Dimitris\AppData\Roaming\Mozilla\Firefox\Profiles\sdhpvdui.default\extensions\{adca5064-9e30-43fe-9856-58b07a3149fe}
Folder Found : C:\Users\Dimitris\AppData\Roaming\Mozilla\Firefox\Profiles\sdhpvdui.default\extensions\[email protected]
Folder Found : C:\Users\Dimitris\AppData\Roaming\Mozilla\Firefox\Profiles\sdhpvdui.default\Smartbar
Folder Found : C:\Users\Dimitris\Documents\FreeMake

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\Freemake
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AppDataLow\Software\TorrentReactor.Net
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\BrowserCompanion
Key Found : HKCU\Software\Freemake
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\facemoods
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FreeMake Toolbar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\TorrentReactor.Net Toolbar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Winamp Toolbar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{ADCA5064-9E30-43FE-9856-58B07A3149FE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B23920F4-4C2F-412B-9450-1D7028D5454E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{04CEFF5B-A46D-4417-8018-43A059BDF9A6}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9A4D1490-F317-4D7C-A2FA-5A0FE233331F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ADCA5064-9E30-43FE-9856-58B07A3149FE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B23920F4-4C2F-412B-9450-1D7028D5454E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Key Found : HKCU\Software\Winamp Toolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\winamptbServer.exe
Key Found : HKLM\SOFTWARE\Classes\b
Key Found : HKLM\SOFTWARE\Classes\CLSID\{04CEFF5B-A46D-4417-8018-43A059BDF9A6}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6EF4E91D-DDD5-4478-BCA7-DA04435934C0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{801FD5AC-90F0-4FE9-A8A3-AA98A3B4F6AD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{841FD004-57A2-4B49-BBDB-5897394619DB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9A4D1490-F317-4D7C-A2FA-5A0FE233331F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{ADCA5064-9E30-43FE-9856-58B07A3149FE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B23920F4-4C2F-412B-9450-1D7028D5454E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B38D6EDE-390B-4620-8365-29E16459EBDA}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BB468DEB-B219-4BAE-BA7E-A8000B6AF0A3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F20F11FD-203E-45A9-B7BB-AFC1B4FEA7A6}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FE178B09-C8AA-4734-804D-1849BCCA0C29}
Key Found : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
Key Found : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
Key Found : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{0F54B66A-21CF-4548-AE59-A6B83EE6676F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{51A971CA-D36E-4D13-A799-2CF0A491D04D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{56FBEA9F-EF93-4318-B75F-A96FC7C7BD7B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{78B3C85E-44FF-4DC8-B3AD-156F39DC75E5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{841FD004-57A2-4B49-BBDB-5897394619DB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E1164984-B567-47BD-A7FF-240C2594404A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E19FDA06-5BDF-43C2-B794-BCD8A4C2051F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FAB076F5-E4DD-4EA4-AFEE-F18BF972B057}
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT1561457
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3214568
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{538CD77C-BFDD-49B0-9562-77419CAB89D1}
Key Found : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
Key Found : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
Key Found : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch
Key Found : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch.1
Key Found : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand
Key Found : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand.1
Key Found : HKLM\SOFTWARE\Classes\WinampTb.Downloader
Key Found : HKLM\SOFTWARE\Classes\WinampTb.Downloader.1
Key Found : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo
Key Found : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo.1
Key Found : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams
Key Found : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams.1
Key Found : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper
Key Found : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper.1
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\Freemake
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\clbfjfbnelcflpgpklppgplejolacbej
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ibgfbdggapddbjjbopabhlhianklajie
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{12911484-55A2-4151-9A28-E08DF7015DBC}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{81EFB41B-2381-4EC1-B366-BB93AECD9F1B}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{04CEFF5B-A46D-4417-8018-43A059BDF9A6}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9A4D1490-F317-4D7C-A2FA-5A0FE233331F}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FreeMake Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TorrentReactor.Net Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Winamp Toolbar
Key Found : HKLM\Software\TorrentReactor.Net
Key Found : HKLM\Software\Winamp Toolbar
Key Found : HKU\S-1-5-21-1896998450-3613239171-3286227423-1002\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKU\S-1-5-21-1896998450-3613239171-3286227423-1002\Software\Microsoft\Internet Explorer\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}
Key Found : HKU\S-1-5-21-1896998450-3613239171-3286227423-1002\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKU\S-1-5-21-1896998450-3613239171-3286227423-1002\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
Key Found : HKU\S-1-5-21-1896998450-3613239171-3286227423-1002\Software\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{1BB22D38-A411-4B13-A746-C2A4F4EC7344}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{3041D03E-FD4B-44E0-B742-2D9B88305F98}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{ADCA5064-9E30-43FE-9856-58B07A3149FE}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{B23920F4-4C2F-412B-9450-1D7028D5454E}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{ADCA5064-9E30-43FE-9856-58B07A3149FE}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{1BB22D38-A411-4B13-A746-C2A4F4EC7344}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{ADCA5064-9E30-43FE-9856-58B07A3149FE}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B23920F4-4C2F-412B-9450-1D7028D5454E}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{ADCA5064-9E30-43FE-9856-58B07A3149FE}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{B23920F4-4C2F-412B-9450-1D7028D5454E}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v15.0.1 (el)

Profile name : default
File : C:\Users\Dimitris\AppData\Roaming\Mozilla\Firefox\Profiles\sdhpvdui.default\prefs.js

Found : user_pref("CT3214568.1000082.isPlayDisplay", "true");
Found : user_pref("CT3214568.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]
Found : user_pref("CT3214568.1000234.TWC_TMP_city", "ATHENS");
Found : user_pref("CT3214568.1000234.TWC_TMP_country", "GR");
Found : user_pref("CT3214568.1000234.TWC_locId", "GRXX0004");
Found : user_pref("CT3214568.1000234.TWC_location", "Athens, Greece");
Found : user_pref("CT3214568.1000234.TWC_region", "OT");
Found : user_pref("CT3214568.1000234.TWC_temp_dis", "c");
Found : user_pref("CT3214568.1000234.TWC_wind_dis", "kmh");
Found : user_pref("CT3214568.1000234.weatherData", "{\"icon\":\"33.png\",\"temperature\":\"24°C\",\"temperat[...]
Found : user_pref("CT3214568.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3214568.ENABLE_RETURN_WEB_SEARCH_ON_T HE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Found : user_pref("CT3214568.FirstTime", "true");
Found : user_pref("CT3214568.FirstTimeFF3", "true");
Found : user_pref("CT3214568.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT321[...]
Found : user_pref("CT3214568.UserID", "UN61010824010489033");
Found : user_pref("CT3214568.addressBarTakeOverEnabledInHi dden", "true");
Found : user_pref("CT3214568.autoDisableScopes", -1);
Found : user_pref("CT3214568.browser.search.defaultthis.en gineName", true);
Found : user_pref("CT3214568.cb_experience_000", "4");
Found : user_pref("CT3214568.cb_firstuse0100", "1");
Found : user_pref("CT3214568.cbcountry_001", "GR");
Found : user_pref("CT3214568.cbfirsttime", "Mon Aug 06 2012 21:50:24 GMT+0300");
Found : user_pref("CT3214568.defaultSearch", "true");
Found : user_pref("CT3214568.embeddedsData", "[{\"appId\":\"10000002\",\"apiPermissions\":{\"crossDomainAjax[...]
Found : user_pref("CT3214568.enableAlerts", "always");
Found : user_pref("CT3214568.enableSearchFromAddressBar", "true");
Found : user_pref("CT3214568.firstTimeDialogOpened", "true");
Found : user_pref("CT3214568.fixPageNotFoundError", "true");
Found : user_pref("CT3214568.fixPageNotFoundErrorInHidden", "true");
Found : user_pref("CT3214568.fixUrls", true);
Found : user_pref("CT3214568.hxxp___www_socialgrowthtechno logies_com_couponbuddy_v001.APP_WIN_FEA TURES", "op[...]
Found : user_pref("CT3214568.installId", "ConduitNSISIntegration");
Found : user_pref("CT3214568.installType", "ConduitNSISIntegration");
Found : user_pref("CT3214568.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3214568.isNewTabEnabled", true);
Found : user_pref("CT3214568.isPerformedSmartBarTransition", "true");
Found : user_pref("CT3214568.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Found : user_pref("CT3214568.keyword", true);
Found : user_pref("CT3214568.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%[...]
Found : user_pref("CT3214568.openThankYouPage", "false");
Found : user_pref("CT3214568.openUninstallPage", "true");
Found : user_pref("CT3214568.search.searchAppId", "10000002");
Found : user_pref("CT3214568.search.searchCount", "1");
Found : user_pref("CT3214568.searchInNewTabEnabledInHidden", "true");
Found : user_pref("CT3214568.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3214568.serviceLayer_service_login_is FirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Found : user_pref("CT3214568.serviceLayer_service_login_lo ginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Found : user_pref("CT3214568.serviceLayer_service_toolbarG rouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Found : user_pref("CT3214568.serviceLayer_service_toolbarG rouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Found : user_pref("CT3214568.serviceLayer_service_toolbarG rouping_activeToolbarName", "{\"dataType\":\"strin[...]
Found : user_pref("CT3214568.serviceLayer_service_toolbarG rouping_invoked", "{\"dataType\":\"string\",\"data[...]
Found : user_pref("CT3214568.serviceLayer_service_usage_to olbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Found : user_pref("CT3214568.serviceLayer_services_appTrac kingFirstTime_lastUpdate", "1347171157638");
Found : user_pref("CT3214568.serviceLayer_services_appTrac king_lastUpdate", "1345412499281");
Found : user_pref("CT3214568.serviceLayer_services_appsMet adata_lastUpdate", "1347177593886");
Found : user_pref("CT3214568.serviceLayer_services_gottenA ppsContextMenu_lastUpdate", "1346069587037");
Found : user_pref("CT3214568.serviceLayer_services_login_1 0.10.20.14_lastUpdate", "1346083862574");
Found : user_pref("CT3214568.serviceLayer_services_login_1 0.10.27.6_lastUpdate", "1347202856160");
Found : user_pref("CT3214568.serviceLayer_services_optimiz er_lastUpdate", "1346351036616");
Found : user_pref("CT3214568.serviceLayer_services_otherAp psContextMenu_lastUpdate", "1346069587073");
Found : user_pref("CT3214568.serviceLayer_services_searchA PI_lastUpdate", "1347177595344");
Found : user_pref("CT3214568.serviceLayer_services_service Map_lastUpdate", "1347177593841");
Found : user_pref("CT3214568.serviceLayer_services_toolbar ContextMenu_lastUpdate", "1346069586698");
Found : user_pref("CT3214568.serviceLayer_services_toolbar Settings_lastUpdate", "1347210058336");
Found : user_pref("CT3214568.serviceLayer_services_transla tion_lastUpdate", "1347177594426");
Found : user_pref("CT3214568.settingsINI", true);
Found : user_pref("CT3214568.shouldFirstTimeDialog", "false");
Found : user_pref("CT3214568.smartbar.CTID", "CT3214568");
Found : user_pref("CT3214568.smartbar.Uninstall", "0");
Found : user_pref("CT3214568.smartbar.homepage", true);
Found : user_pref("CT3214568.smartbar.toolbarName", "FreemakeTB ");
Found : user_pref("CT3214568.toolbarBornServerTime", "6-8-2012");
Found : user_pref("CT3214568.toolbarCurrentServerTime", "9-9-2012");
Found : user_pref("CT3214568.url_history0001", "hxxp://www.tacticalshop.gr/airsoft-umarex-co2-heckler-koch-p[...]
Found : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3214568&SearchSource=1[...]
Found : user_pref("Smartbar.ConduitSearchEngineList", "FreeMake Customized Web Search");
Found : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3214568[...]
Found : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.babylon.com/?babsrc=adbartrp&affID[...]
Found : user_pref("Smartbar.keywordURLSelectedCTID", "CT3214568");
Found : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Found : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
Found : user_pref("browser.search.order.1", "Search the web (Babylon)");
Found : user_pref("browser.search.selectedEngine", "FreeMake Customized Web Search");
Found : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3214568&SearchSource=13");
Found : user_pref("extensions.BabylonToolbar.admin", false);
Found : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Found : user_pref("extensions.BabylonToolbar.babExt", "");
Found : user_pref("extensions.BabylonToolbar.babTrack", "affID=101363");
Found : user_pref("extensions.BabylonToolbar.bbDpng", 6);
Found : user_pref("extensions.BabylonToolbar.dfltSrch", false);
Found : user_pref("extensions.BabylonToolbar.hmpg", false);
Found : user_pref("extensions.BabylonToolbar.id", "c85f62db0000000000000019db405218");
Found : user_pref("extensions.BabylonToolbar.instlDay", "15379");
Found : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Found : user_pref("extensions.BabylonToolbar.lastDP", 6);
Found : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.1721:21:09");
Found : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "8.0");
Found : user_pref("extensions.BabylonToolbar.newTab", false);
Found : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb");
Found : user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
Found : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Found : user_pref("extensions.BabylonToolbar.propectorlck", 69576808);
Found : user_pref("extensions.BabylonToolbar.prtkDS", 1);
Found : user_pref("extensions.BabylonToolbar.prtkHmpg", 1);
Found : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Found : user_pref("extensions.BabylonToolbar.ptch_0717", true);
Found : user_pref("extensions.BabylonToolbar.smplGrp", "none");
Found : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Found : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Found : user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17");
Found : user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.1721:21:09");
Found : user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17");
Found : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Found : user_pref("extensions.BabylonToolbar_i.babExt", "");
Found : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=101363");
Found : user_pref("extensions.BabylonToolbar_i.hardId", "c85f62db0000000000000019db405218");
Found : user_pref("extensions.BabylonToolbar_i.id", "c85f62db0000000000000019db405218");
Found : user_pref("extensions.BabylonToolbar_i.instlDay", "15379");
Found : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Found : user_pref("extensions.BabylonToolbar_i.newTab", false);
Found : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Found : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Found : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Found : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Found : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1721:21:09");
Found : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Found : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3214568&SearchSource=2&q=[...]

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Dimitris\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found [l.424] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT3214568&SearchSource=48&sspv=CHOB18" ]
Found [l.426] : homepage = "hxxp://search.conduit.com/?ctid=CT3214568&SearchSource=48&sspv=CHOB18",

*************************

AdwCleaner[R1].txt - [23526 octets] - [09/09/2012 01:41:34]
AdwCleaner[R2].txt - [23587 octets] - [09/09/2012 01:49:27]
AdwCleaner[R3].txt - [23648 octets] - [09/09/2012 01:49:46]
AdwCleaner[R4].txt - [22906 octets] - [09/09/2012 21:17:52]

########## EOF - C:\AdwCleaner[R4].txt - [22967 octets] ##########

mbam keeps findind the same virus and cannot destroy it after reboot!
i have also deleted screensaver because at first mbam showed the file of screensaver as infected.

I am looking forward for your instructions , telling me what else needed to be with the pc.

thanks in advance ! you are number 1!

SuperDave · « **Reply #8 on:** September 09, 2012, 05:35:57 PM »

Remove the Adware:

Please close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Delete.
Confirm each time with OK
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile in your reply.
You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

************************************************************************
Download Combofix from any of the links below, and save it to your DESKTOP.

Link 1
Link 2
Link 3

To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

Close any open windows and double click ComboFix.exe to run it.

You will see the following image:

Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

elisabeth77 · « **Reply #9 on:** September 09, 2012, 10:06:17 PM »

dear Dave step 1 done!

# AdwCleaner v2.000 - Logfile created 09/10/2012 at 06:57:33
# Updated 30/08/2012 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# User : Dimitris - DIMITRIS-PC
# Boot Mode : Normal
# Running from : C:\Users\Dimitris\Downloads\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

File Deleted : C:\Program Files\Mozilla FireFox\Components\AskSearch.js
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\user.js
File Deleted : C:\Users\Dimitris\AppData\Roaming\Mozilla\Firefox\Profiles\sdhpvdui.default\searchplugins\Conduit.xml
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\FreeMake
Folder Deleted : C:\Program Files\TorrentReactor.Net
Folder Deleted : C:\Program Files\Winamp Toolbar
Folder Deleted : C:\ProgramData\FreeMake
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeMake
Folder Deleted : C:\ProgramData\Winamp Toolbar
Folder Deleted : C:\Users\Dimitris\AppData\Local\Conduit
Folder Deleted : C:\Users\Dimitris\AppData\Local\Winamp Toolbar
Folder Deleted : C:\Users\Dimitris\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Dimitris\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Dimitris\AppData\LocalLow\facemoods.com
Folder Deleted : C:\Users\Dimitris\AppData\LocalLow\FreeMake
Folder Deleted : C:\Users\Dimitris\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Dimitris\AppData\LocalLow\TorrentReactor.Net
Folder Deleted : C:\Users\Dimitris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeMake
Folder Deleted : C:\Users\Dimitris\AppData\Roaming\Mozilla\Firefox\Profiles\sdhpvdui.default\CT3214568
Folder Deleted : C:\Users\Dimitris\AppData\Roaming\Mozilla\Firefox\Profiles\sdhpvdui.default\extensions\{adca5064-9e30-43fe-9856-58b07a3149fe}
Folder Deleted : C:\Users\Dimitris\AppData\Roaming\Mozilla\Firefox\Profiles\sdhpvdui.default\extensions\[email protected]
Folder Deleted : C:\Users\Dimitris\AppData\Roaming\Mozilla\Firefox\Profiles\sdhpvdui.default\Smartbar
Folder Deleted : C:\Users\Dimitris\Documents\FreeMake

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Freemake
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\TorrentReactor.Net
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\BrowserCompanion
Key Deleted : HKCU\Software\Freemake
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\facemoods
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FreeMake Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\TorrentReactor.Net Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Winamp Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{ADCA5064-9E30-43FE-9856-58B07A3149FE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B23920F4-4C2F-412B-9450-1D7028D5454E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{04CEFF5B-A46D-4417-8018-43A059BDF9A6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9A4D1490-F317-4D7C-A2FA-5A0FE233331F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ADCA5064-9E30-43FE-9856-58B07A3149FE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B23920F4-4C2F-412B-9450-1D7028D5454E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Key Deleted : HKCU\Software\Winamp Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\winamptbServer.exe
Key Deleted : HKLM\SOFTWARE\Classes\b
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{04CEFF5B-A46D-4417-8018-43A059BDF9A6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6EF4E91D-DDD5-4478-BCA7-DA04435934C0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{801FD5AC-90F0-4FE9-A8A3-AA98A3B4F6AD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{841FD004-57A2-4B49-BBDB-5897394619DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9A4D1490-F317-4D7C-A2FA-5A0FE233331F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADCA5064-9E30-43FE-9856-58B07A3149FE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B23920F4-4C2F-412B-9450-1D7028D5454E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B38D6EDE-390B-4620-8365-29E16459EBDA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BB468DEB-B219-4BAE-BA7E-A8000B6AF0A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F20F11FD-203E-45A9-B7BB-AFC1B4FEA7A6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE178B09-C8AA-4734-804D-1849BCCA0C29}
Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0F54B66A-21CF-4548-AE59-A6B83EE6676F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{51A971CA-D36E-4D13-A799-2CF0A491D04D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{56FBEA9F-EF93-4318-B75F-A96FC7C7BD7B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{78B3C85E-44FF-4DC8-B3AD-156F39DC75E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{841FD004-57A2-4B49-BBDB-5897394619DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1164984-B567-47BD-A7FF-240C2594404A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E19FDA06-5BDF-43C2-B794-BCD8A4C2051F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FAB076F5-E4DD-4EA4-AFEE-F18BF972B057}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1561457
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3214568
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{538CD77C-BFDD-49B0-9562-77419CAB89D1}
Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch.1
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand.1
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.Downloader
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.Downloader.1
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo.1
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams.1
Key Deleted : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper
Key Deleted : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Freemake
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\clbfjfbnelcflpgpklppgplejolacbej
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ibgfbdggapddbjjbopabhlhianklajie
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{12911484-55A2-4151-9A28-E08DF7015DBC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{81EFB41B-2381-4EC1-B366-BB93AECD9F1B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{04CEFF5B-A46D-4417-8018-43A059BDF9A6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9A4D1490-F317-4D7C-A2FA-5A0FE233331F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FreeMake Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TorrentReactor.Net Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Winamp Toolbar
Key Deleted : HKLM\Software\TorrentReactor.Net
Key Deleted : HKLM\Software\Winamp Toolbar
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{1BB22D38-A411-4B13-A746-C2A4F4EC7344}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{3041D03E-FD4B-44E0-B742-2D9B88305F98}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{ADCA5064-9E30-43FE-9856-58B07A3149FE}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{B23920F4-4C2F-412B-9450-1D7028D5454E}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{ADCA5064-9E30-43FE-9856-58B07A3149FE}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{1BB22D38-A411-4B13-A746-C2A4F4EC7344}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{ADCA5064-9E30-43FE-9856-58B07A3149FE}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B23920F4-4C2F-412B-9450-1D7028D5454E}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{ADCA5064-9E30-43FE-9856-58B07A3149FE}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{B23920F4-4C2F-412B-9450-1D7028D5454E}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v15.0.1 (el)

Profile name : default
File : C:\Users\Dimitris\AppData\Roaming\Mozilla\Firefox\Profiles\sdhpvdui.default\prefs.js

C:\Users\Dimitris\AppData\Roaming\Mozilla\Firefox\Profiles\sdhpvdui.default\user.js ... Deleted !

Deleted : user_pref("CT3214568.1000082.isPlayDisplay", "true");
Deleted : user_pref("CT3214568.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]
Deleted : user_pref("CT3214568.1000234.TWC_TMP_city", "ATHENS");
Deleted : user_pref("CT3214568.1000234.TWC_TMP_country", "GR");
Deleted : user_pref("CT3214568.1000234.TWC_locId", "GRXX0004");
Deleted : user_pref("CT3214568.1000234.TWC_location", "Athens, Greece");
Deleted : user_pref("CT3214568.1000234.TWC_region", "OT");
Deleted : user_pref("CT3214568.1000234.TWC_temp_dis", "c");
Deleted : user_pref("CT3214568.1000234.TWC_wind_dis", "kmh");
Deleted : user_pref("CT3214568.1000234.weatherData", "{\"icon\":\"33.png\",\"temperature\":\"24°C\",\"temperat[...]
Deleted : user_pref("CT3214568.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3214568.ENABLE_RETURN_WEB_SEARCH_ON_T HE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Deleted : user_pref("CT3214568.FirstTime", "true");
Deleted : user_pref("CT3214568.FirstTimeFF3", "true");
Deleted : user_pref("CT3214568.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT321[...]
Deleted : user_pref("CT3214568.UserID", "UN61010824010489033");
Deleted : user_pref("CT3214568.addressBarTakeOverEnabledInHi dden", "true");
Deleted : user_pref("CT3214568.autoDisableScopes", -1);
Deleted : user_pref("CT3214568.browser.search.defaultthis.en gineName", true);
Deleted : user_pref("CT3214568.cb_experience_000", "4");
Deleted : user_pref("CT3214568.cb_firstuse0100", "1");
Deleted : user_pref("CT3214568.cbcountry_001", "GR");
Deleted : user_pref("CT3214568.cbfirsttime", "Mon Aug 06 2012 21:50:24 GMT+0300");
Deleted : user_pref("CT3214568.defaultSearch", "true");
Deleted : user_pref("CT3214568.embeddedsData", "[{\"appId\":\"10000002\",\"apiPermissions\":{\"crossDomainAjax[...]
Deleted : user_pref("CT3214568.enableAlerts", "always");
Deleted : user_pref("CT3214568.enableSearchFromAddressBar", "true");
Deleted : user_pref("CT3214568.firstTimeDialogOpened", "true");
Deleted : user_pref("CT3214568.fixPageNotFoundError", "true");
Deleted : user_pref("CT3214568.fixPageNotFoundErrorInHidden", "true");
Deleted : user_pref("CT3214568.fixUrls", true);
Deleted : user_pref("CT3214568.hxxp___www_socialgrowthtechno logies_com_couponbuddy_v001.APP_WIN_FEA TURES", "op[...]
Deleted : user_pref("CT3214568.installId", "ConduitNSISIntegration");
Deleted : user_pref("CT3214568.installType", "ConduitNSISIntegration");
Deleted : user_pref("CT3214568.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3214568.isNewTabEnabled", true);
Deleted : user_pref("CT3214568.isPerformedSmartBarTransition", "true");
Deleted : user_pref("CT3214568.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Deleted : user_pref("CT3214568.keyword", true);
Deleted : user_pref("CT3214568.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%[...]
Deleted : user_pref("CT3214568.openThankYouPage", "false");
Deleted : user_pref("CT3214568.openUninstallPage", "true");
Deleted : user_pref("CT3214568.search.searchAppId", "10000002");
Deleted : user_pref("CT3214568.search.searchCount", "1");
Deleted : user_pref("CT3214568.searchInNewTabEnabledInHidden", "true");
Deleted : user_pref("CT3214568.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3214568.serviceLayer_service_login_is FirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Deleted : user_pref("CT3214568.serviceLayer_service_login_lo ginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Deleted : user_pref("CT3214568.serviceLayer_service_toolbarG rouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Deleted : user_pref("CT3214568.serviceLayer_service_toolbarG rouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3214568.serviceLayer_service_toolbarG rouping_activeToolbarName", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3214568.serviceLayer_service_toolbarG rouping_invoked", "{\"dataType\":\"string\",\"data[...]
Deleted : user_pref("CT3214568.serviceLayer_service_usage_to olbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Deleted : user_pref("CT3214568.serviceLayer_services_appTrac kingFirstTime_lastUpdate", "1347171157638");
Deleted : user_pref("CT3214568.serviceLayer_services_appTrac king_lastUpdate", "1345412499281");
Deleted : user_pref("CT3214568.serviceLayer_services_appsMet adata_lastUpdate", "1347177593886");
Deleted : user_pref("CT3214568.serviceLayer_services_gottenA ppsContextMenu_lastUpdate", "1346069587037");
Deleted : user_pref("CT3214568.serviceLayer_services_login_1 0.10.20.14_lastUpdate", "1346083862574");
Deleted : user_pref("CT3214568.serviceLayer_services_login_1 0.10.27.6_lastUpdate", "1347246069173");
Deleted : user_pref("CT3214568.serviceLayer_services_optimiz er_lastUpdate", "1346351036616");
Deleted : user_pref("CT3214568.serviceLayer_services_otherAp psContextMenu_lastUpdate", "1346069587073");
Deleted : user_pref("CT3214568.serviceLayer_services_searchA PI_lastUpdate", "1347177595344");
Deleted : user_pref("CT3214568.serviceLayer_services_service Map_lastUpdate", "1347177593841");
Deleted : user_pref("CT3214568.serviceLayer_services_toolbar ContextMenu_lastUpdate", "1346069586698");
Deleted : user_pref("CT3214568.serviceLayer_services_toolbar Settings_lastUpdate", "1347246095080");
Deleted : user_pref("CT3214568.serviceLayer_services_transla tion_lastUpdate", "1347177594426");
Deleted : user_pref("CT3214568.settingsINI", true);
Deleted : user_pref("CT3214568.shouldFirstTimeDialog", "false");
Deleted : user_pref("CT3214568.smartbar.CTID", "CT3214568");
Deleted : user_pref("CT3214568.smartbar.Uninstall", "0");
Deleted : user_pref("CT3214568.smartbar.homepage", true);
Deleted : user_pref("CT3214568.smartbar.toolbarName", "FreemakeTB ");
Deleted : user_pref("CT3214568.toolbarBornServerTime", "6-8-2012");
Deleted : user_pref("CT3214568.toolbarCurrentServerTime", "10-9-2012");
Deleted : user_pref("CT3214568.url_history0001", "hxxp://www.facebook.com/photo.php?fbid=103428316469655&set=a[...]
Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3214568&SearchSource=1[...]
Deleted : user_pref("Smartbar.ConduitSearchEngineList", "FreeMake Customized Web Search");
Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3214568[...]
Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.babylon.com/?babsrc=adbartrp&affID[...]
Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3214568");
Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Deleted : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)");
Deleted : user_pref("browser.search.selectedEngine", "FreeMake Customized Web Search");
Deleted : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3214568&SearchSource=13");
Deleted : user_pref("extensions.BabylonToolbar.admin", false);
Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar.babTrack", "affID=101363");
Deleted : user_pref("extensions.BabylonToolbar.bbDpng", 6);
Deleted : user_pref("extensions.BabylonToolbar.dfltSrch", false);
Deleted : user_pref("extensions.BabylonToolbar.hmpg", false);
Deleted : user_pref("extensions.BabylonToolbar.id", "c85f62db0000000000000019db405218");
Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15379");
Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar.lastDP", 6);
Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.1721:21:09");
Deleted : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "8.0");
Deleted : user_pref("extensions.BabylonToolbar.newTab", false);
Deleted : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb");
Deleted : user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar.propectorlck", 69576808);
Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 1);
Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 1);
Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar.ptch_0717", true);
Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.1721:21:09");
Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=101363");
Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "c85f62db0000000000000019db405218");
Deleted : user_pref("extensions.BabylonToolbar_i.id", "c85f62db0000000000000019db405218");
Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15379");
Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar_i.newTab", false);
Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1721:21:09");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3214568&SearchSource=2&q=[...]

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Dimitris\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.424] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT3214568&SearchSource=48&sspv=CHOB18" ]
Deleted [l.426] : homepage = "hxxp://search.conduit.com/?ctid=CT3214568&SearchSource=48&sspv=CHOB18",

*************************

AdwCleaner[R1].txt - [23526 octets] - [09/09/2012 01:41:34]
AdwCleaner[R2].txt - [23587 octets] - [09/09/2012 01:49:27]
AdwCleaner[R3].txt - [23648 octets] - [09/09/2012 01:49:46]
AdwCleaner[R4].txt - [23037 octets] - [09/09/2012 21:17:52]
AdwCleaner[S1].txt - [23257 octets] - [10/09/2012 06:57:33]

########## EOF - C:\AdwCleaner[S1].txt - [23318 octets] ##########

you will have to give me time for the next step!

thanks again!!!

elisabeth77 · « **Reply #10 on:** September 10, 2012, 01:02:52 PM »

Super Dave,

i finally have the results of combofix

ComboFix 12-09-10.03 - Dimitris 10/09/2012 21:00:50.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1253.30.1032.18.2046.1203 [GMT 3:00]
Running from: c:\users\Dimitris\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Dimitris\AppData\Roaming\inst.exe
c:\users\Dimitris\AppData\Roaming\screensaver_Beach.scr
c:\users\Dimitris\AppData\Roaming\vso_ts_preview.xml
c:\users\Dimitris\family_tree_builder_1198.exe
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\WinRAR
c:\windows\WinRAR\uninstall.exe
.
Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_RKHIT
-------\Service_RkHit
.
.
((((((((((((((((((((((((( Files Created from 2012-08-10 to 2012-09-10 )))))))))))))))))))))))))))))))
.
.
2012-09-10 18:09 . 2012-09-10 18:09   --------   d-----w-   c:\users\Default\AppData\Local\temp
2012-09-09 17:30 . 2012-09-09 17:30   --------   d-----w-   c:\windows\el
2012-09-09 17:29 . 2010-09-22 21:21   39272   ----a-w-   c:\windows\system32\drivers\fssfltr.sys
2012-09-09 17:14 . 2012-03-01 14:46   219648   ----a-w-   c:\windows\system32\d3d10_1core.dll
2012-09-09 17:14 . 2012-02-29 14:08   1172480   ----a-w-   c:\windows\system32\d3d10warp.dll
2012-09-09 17:14 . 2012-02-29 13:44   683008   ----a-w-   c:\windows\system32\d2d1.dll
2012-09-09 17:14 . 2012-02-29 13:41   1069056   ----a-w-   c:\windows\system32\DWrite.dll
2012-09-09 17:14 . 2012-03-01 14:46   160768   ----a-w-   c:\windows\system32\d3d10_1.dll
2012-09-09 16:07 . 2012-09-09 16:07   --------   d-----w-   c:\program files\Windows Portable Devices
2012-09-09 13:35 . 2012-09-09 13:35   469256   ----a-w-   c:\program files\Common Files\Windows Live\.cache\f722c6881cd8e8f2c\InstallManager_WLE_WLE.exe
2012-09-09 13:34 . 2012-09-09 13:34   15712   ----a-w-   c:\program files\Common Files\Windows Live\.cache\e37d5c061cd8e8f20\MeshBetaRemover.exe
2012-09-09 13:34 . 2012-09-09 13:34   94040   ----a-w-   c:\program files\Common Files\Windows Live\.cache\d056e4a81cd8e8f18\DSETUP.dll
2012-09-09 13:34 . 2012-09-09 13:34   525656   ----a-w-   c:\program files\Common Files\Windows Live\.cache\d056e4a81cd8e8f18\DXSETUP.exe
2012-09-09 13:34 . 2012-09-09 13:34   1691480   ----a-w-   c:\program files\Common Files\Windows Live\.cache\d056e4a81cd8e8f18\dsetup32.dll
2012-09-09 13:34 . 2012-09-09 13:34   94040   ----a-w-   c:\program files\Common Files\Windows Live\.cache\cf42f0fc1cd8e8f17\DSETUP.dll
2012-09-09 13:34 . 2012-09-09 13:34   525656   ----a-w-   c:\program files\Common Files\Windows Live\.cache\cf42f0fc1cd8e8f17\DXSETUP.exe
2012-09-09 13:34 . 2012-09-09 13:34   1691480   ----a-w-   c:\program files\Common Files\Windows Live\.cache\cf42f0fc1cd8e8f17\dsetup32.dll
2012-09-09 13:32 . 2012-09-10 12:00   --------   d-----w-   c:\users\Dimitris\AppData\Local\Windows Live
2012-09-09 13:21 . 2009-10-01 01:02   31232   ----a-w-   c:\windows\system32\BthMtpContextHandler.dll
2012-09-09 13:21 . 2009-10-01 01:01   40448   ----a-w-   c:\windows\system32\drivers\WpdUsb.sys
2012-09-09 13:21 . 2009-10-01 01:01   839168   ----a-w-   c:\windows\system32\drivers\UMDF\WpdMtpDr.dll
2012-09-09 13:09 . 2012-02-29 15:09   157696   ----a-w-   c:\windows\system32\imagehlp.dll
2012-09-09 13:09 . 2012-02-29 13:32   12800   ----a-w-   c:\windows\system32\drivers\fs_rec.sys
2012-09-09 12:38 . 2012-09-09 12:38   486400   ----a-w-   c:\windows\system32\d3d10level9.dll
2012-09-09 12:38 . 2012-09-09 12:38   478720   ----a-w-   c:\windows\system32\dxgi.dll
2012-09-09 12:38 . 2012-09-09 12:38   189952   ----a-w-   c:\windows\system32\d3d10core.dll
2012-09-09 12:38 . 2012-09-09 12:38   1029120   ----a-w-   c:\windows\system32\d3d10.dll
2012-09-09 12:38 . 2012-09-09 12:38   638336   ----a-w-   c:\windows\system32\drivers\dxgkrnl.sys
2012-09-09 12:38 . 2012-09-09 12:38   37376   ----a-w-   c:\windows\system32\cdd.dll
2012-09-09 12:37 . 2012-09-09 12:37   519680   ----a-w-   c:\windows\system32\d3d11.dll
2012-09-09 12:37 . 2012-09-09 12:37   252928   ----a-w-   c:\windows\system32\dxdiag.exe
2012-09-09 12:37 . 2012-09-09 12:37   195584   ----a-w-   c:\windows\system32\dxdiagn.dll
2012-09-09 12:02 . 2011-03-02 15:44   86528   ----a-w-   c:\windows\system32\dnsrslvr.dll
2012-09-09 12:02 . 2009-05-04 09:59   25088   ----a-w-   c:\windows\system32\dnscacheugc.exe
2012-09-09 12:01 . 2010-08-26 16:34   1696256   ----a-w-   c:\windows\system32\gameux.dll
2012-09-09 12:01 . 2011-03-03 15:40   28672   ----a-w-   c:\windows\system32\Apphlpdm.dll
2012-09-09 12:01 . 2011-03-03 13:35   4240384   ----a-w-   c:\windows\system32\GameUXLegacyGDFs.dll
2012-09-09 12:01 . 2011-02-22 13:33   797696   ----a-w-   c:\windows\system32\FntCache.dll
2012-09-09 11:59 . 2012-04-23 16:00   984064   ----a-w-   c:\windows\system32\crypt32.dll
2012-09-09 11:59 . 2012-04-23 16:00   98304   ----a-w-   c:\windows\system32\cryptnet.dll
2012-09-09 11:59 . 2012-04-23 16:00   133120   ----a-w-   c:\windows\system32\cryptsvc.dll
2012-09-09 11:59 . 2010-12-28 15:53   253952   ----a-w-   c:\program files\Common Files\System\ado\msadox.dll
2012-09-09 11:59 . 2010-12-28 15:53   241664   ----a-w-   c:\program files\Common Files\System\ado\msadomd.dll
2012-09-09 11:59 . 2010-12-28 15:53   57344   ----a-w-   c:\program files\Common Files\System\msadc\msadcs.dll
2012-09-09 11:59 . 2010-12-28 15:53   180224   ----a-w-   c:\program files\Common Files\System\msadc\msadco.dll
2012-09-09 11:59 . 2010-09-13 13:56   168960   ----a-w-   c:\program files\Windows Media Player\wmplayer.exe
2012-09-09 11:58 . 2011-07-06 15:31   214016   ----a-w-   c:\windows\system32\drivers\mrxsmb10.sys
2012-09-09 11:58 . 2011-04-29 13:24   79872   ----a-w-   c:\windows\system32\drivers\mrxsmb20.sys
2012-09-09 11:58 . 2011-04-29 13:24   106496   ----a-w-   c:\windows\system32\drivers\mrxsmb.sys
2012-09-09 11:58 . 2010-01-29 15:40   1616384   ----a-w-   c:\program files\Windows Mail\msoe.dll
2012-09-09 11:58 . 2010-08-31 15:44   531968   ----a-w-   c:\windows\system32\comctl32.dll
2012-09-09 11:58 . 2011-04-14 14:59   75264   ----a-w-   c:\windows\system32\drivers\dfsc.sys
2012-09-09 11:58 . 2011-05-02 17:16   739328   ----a-w-   c:\windows\system32\inetcomm.dll
2012-09-09 11:56 . 2011-09-30 15:57   707584   ----a-w-   c:\program files\Common Files\System\wab32.dll
2012-09-09 11:56 . 2012-06-05 16:47   708608   ----a-w-   c:\program files\Common Files\System\ado\msado15.dll
2012-09-09 11:55 . 2012-03-30 12:39   905600   ----a-w-   c:\windows\system32\drivers\tcpip.sys
2012-09-09 11:55 . 2011-02-18 14:03   305152   ----a-w-   c:\windows\system32\drivers\srv.sys
2012-09-09 11:55 . 2012-06-04 15:26   440704   ----a-w-   c:\windows\system32\drivers\ksecdd.sys
2012-09-09 11:55 . 2010-05-27 20:08   81920   ----a-w-   c:\windows\system32\iccvid.dll
2012-09-09 11:55 . 2010-06-17 18:08   10926592   ----a-w-   c:\program files\Movie Maker\MOVIEMK.dll
2012-09-09 11:55 . 2010-06-17 16:16   150016   ----a-w-   c:\program files\Movie Maker\MOVIEMK.exe
2012-09-09 11:55 . 2011-02-22 13:23   69632   ----a-w-   c:\windows\system32\drivers\bowser.sys
2012-09-09 11:55 . 2011-04-29 13:25   146432   ----a-w-   c:\windows\system32\drivers\srv2.sys
2012-09-09 11:55 . 2011-04-29 13:25   102400   ----a-w-   c:\windows\system32\drivers\srvnet.sys
2012-09-09 11:55 . 2012-05-01 14:03   180736   ----a-w-   c:\windows\system32\drivers\rdpwd.sys
2012-09-09 11:55 . 2011-10-25 15:56   49152   ----a-w-   c:\windows\system32\csrsrv.dll
2012-09-09 11:54 . 2011-10-14 16:02   429056   ----a-w-   c:\windows\system32\EncDec.dll
2012-09-09 11:54 . 2010-10-12 13:41   66048   ----a-w-   c:\program files\Windows Mail\wabmig.exe
2012-09-09 11:54 . 2010-10-12 13:41   515584   ----a-w-   c:\program files\Windows Mail\wab.exe
2012-09-09 11:54 . 2010-10-12 15:53   33280   ----a-w-   c:\program files\Windows Mail\wabfind.dll
2012-09-09 11:54 . 2010-04-05 17:01   67072   ----a-w-   c:\windows\system32\asycfilt.dll
2012-09-09 11:54 . 2011-04-21 13:58   273408   ----a-w-   c:\windows\system32\drivers\afd.sys
2012-09-09 10:29 . 2012-09-09 10:31   --------   d-----w-   c:\windows\system32\ca-ES
2012-09-09 10:29 . 2012-09-09 10:30   --------   d-----w-   c:\windows\system32\eu-ES
2012-09-09 10:05 . 2009-04-10 20:27   57856   ----a-w-   c:\windows\system32\compcln.exe
2012-09-09 10:02 . 2009-04-10 20:28   153600   ----a-w-   c:\program files\Common Files\Microsoft Shared\ink\rtscom.dll
2012-09-09 10:02 . 2009-04-10 18:46   33280   ----a-w-   c:\windows\system32\drivers\RNDISMP.sys
2012-09-09 10:02 . 2009-04-10 18:45   113664   ----a-w-   c:\windows\system32\drivers\rmcast.sys
2012-09-09 10:02 . 2009-04-10 20:32   149480   ----a-w-   c:\windows\system32\drivers\pci.sys
2012-09-09 10:02 . 2009-04-10 20:32   43496   ----a-w-   c:\windows\system32\drivers\pciidex.sys
2012-09-09 10:02 . 2009-04-10 18:45   72192   ----a-w-   c:\windows\system32\drivers\pacer.sys
2012-09-09 10:02 . 2009-04-10 18:42   167936   ----a-w-   c:\windows\system32\drivers\portcls.sys
2012-09-09 10:02 . 2009-04-10 20:32   1083880   ----a-w-   c:\windows\system32\drivers\ntfs.sys
2012-09-09 10:02 . 2009-04-10 18:14   35328   ----a-w-   c:\windows\system32\drivers\npfs.sys
2012-09-09 10:02 . 2009-04-10 20:28   172544   ----a-w-   c:\windows\system32\wbem\ntevt.dll
2012-09-09 10:02 . 2009-04-10 18:43   62208   ----a-w-   c:\windows\system32\drivers\ohci1394.sys
2012-09-09 10:00 . 2009-04-10 18:38   17408   ----a-w-   c:\windows\system32\drivers\kbdhid.sys
2012-09-09 09:10 . 2012-09-09 09:10   --------   d-----w-   C:\PerfLogs
2012-09-09 08:23 . 2008-01-18 23:53   53248   ----a-w-   c:\program files\Common Files\Microsoft Shared\ink\el\Microsoft.Ink.Resources.dll
2012-09-09 08:16 . 2008-01-18 18:50   18944   ----a-w-   c:\windows\system32\drivers\mcd.sys
2012-09-09 08:15 . 2008-01-18 20:34   36352   ----a-w-   c:\windows\system32\esentprf.dll
2012-09-09 08:14 . 2008-01-18 20:33   168448   ----a-w-   c:\program files\Windows Mail\WindowsMailGadget.exe
2012-09-09 07:51 . 2012-09-09 07:51   --------   d-----w-   c:\windows\system32\EventProviders
2012-09-08 23:06 . 2012-09-08 23:06   --------   d-----w-   c:\users\Dimitris\Updater
2012-09-08 23:06 . 2012-09-08 23:06   --------   d-----w-   c:\program files\Common Files\Skype
2012-09-08 23:06 . 2012-09-08 23:06   --------   d-----w-   c:\users\Dimitris\Phone
2012-09-08 09:32 . 2012-09-06 01:24   770384   ----a-w-   c:\program files\Mozilla Firefox\msvcr100.dll
2012-09-08 09:32 . 2012-09-06 01:24   421200   ----a-w-   c:\program files\Mozilla Firefox\msvcp100.dll
2012-09-08 09:32 . 2012-09-06 01:24   73696   ----a-w-   c:\program files\Mozilla Firefox\breakpadinjector.dll
2012-09-08 08:53 . 2012-09-08 23:55   --------   d-----w-   c:\program files\Mozilla Maintenance Service
2012-09-08 08:53 . 2012-09-06 01:25   68576   ----a-w-   c:\program files\Mozilla Firefox\mozglue.dll
2012-09-08 08:53 . 2012-09-06 01:25   192600   ----a-w-   c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-09-08 08:53 . 2012-09-06 01:25   114144   ----a-w-   c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-09-08 08:53 . 2012-09-06 01:25   2288608   ----a-w-   c:\program files\Mozilla Firefox\gkmedias.dll
2012-09-08 08:37 . 2012-08-27 22:50   7022536   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{F5EFB401-AF3E-4D2F-8F9B-B5ED446098BE}\mpengine.dll
2012-09-08 05:01 . 2012-09-08 05:01   --------   d-----w-   c:\program files\Java
2012-09-07 20:40 . 2012-09-07 20:40   --------   d-----w-   c:\users\Dimitris\AppData\Roaming\SUPERAntiSpyware.com
2012-09-07 20:40 . 2012-09-07 20:40   --------   d-----w-   c:\program files\SUPERAntiSpyware
2012-09-07 20:40 . 2012-09-07 20:40   --------   d-----w-   c:\programdata\SUPERAntiSpyware.com
2012-09-07 18:31 . 2012-09-07 18:31   --------   d-----w-   c:\users\Dimitris\AppData\Roaming\Simply Super Software
2012-09-07 18:30 . 2012-09-07 19:40   --------   d-----w-   c:\program files\Trojan Remover
2012-09-07 18:30 . 2012-09-07 18:30   --------   d-----w-   c:\programdata\Simply Super Software
2012-09-06 21:32 . 2012-09-06 22:28   --------   d-----w-   C:\sh4ldr
2012-09-06 21:32 . 2012-09-06 21:32   --------   d-----w-   c:\program files\Enigma Software Group
2012-09-06 21:30 . 2012-09-06 22:28   --------   d-----w-   c:\windows\ADAFC0B4FC1545D9BAB3BC7A8829D0C4.TMP
2012-09-06 21:30 . 2012-09-06 21:30   --------   d-----w-   c:\program files\Common Files\Wise Installation Wizard
2012-08-18 11:45 . 2012-08-18 11:45   --------   d-----w-   c:\users\Dimitris\AppData\Roaming\Unity
2012-08-15 07:27 . 2012-08-15 07:27   --------   d-----w-   c:\program files\Common Files\Java
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-09 17:24 . 2010-06-24 08:33   19720   ----a-w-   c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-09-09 12:39 . 2012-09-09 12:39   76800   ----a-w-   c:\windows\system32\SetIEInstalledDate.exe
2012-09-09 12:39 . 2012-09-09 12:39   74752   ----a-w-   c:\windows\system32\RegisterIEPKEYs.exe
2012-09-09 12:39 . 2012-09-09 12:39   48640   ----a-w-   c:\windows\system32\mshtmler.dll
2012-09-09 12:39 . 2012-09-09 12:39   161792   ----a-w-   c:\windows\system32\msls31.dll
2012-09-09 12:39 . 2012-09-09 12:39   1129472   ----a-w-   c:\windows\system32\wininet.dll
2012-09-09 12:39 . 2012-09-09 12:39   63488   ----a-w-   c:\windows\system32\tdc.ocx
2012-09-09 12:39 . 2012-09-09 12:39   420864   ----a-w-   c:\windows\system32\vbscript.dll
2012-09-09 12:39 . 2012-09-09 12:39   23552   ----a-w-   c:\windows\system32\licmgr10.dll
2012-09-09 12:39 . 2012-09-09 12:39   152064   ----a-w-   c:\windows\system32\wextract.exe
2012-09-09 12:39 . 2012-09-09 12:39   2382848   ----a-w-   c:\windows\system32\mshtml.tlb
2012-09-09 12:39 . 2012-09-09 12:39   1800704   ----a-w-   c:\windows\system32\jscript9.dll
2012-09-09 12:39 . 2012-09-09 12:39   11776   ----a-w-   c:\windows\system32\mshta.exe
2012-09-09 12:38 . 2012-09-09 12:38   98816   ----a-w-   c:\windows\system32\mfps.dll
2012-09-09 12:38 . 2012-09-09 12:38   979456   ----a-w-   c:\windows\system32\MFH264Dec.dll
2012-09-09 12:38 . 2012-09-09 12:38   357376   ----a-w-   c:\windows\system32\MFHEAACdec.dll
2012-09-09 12:38 . 2012-09-09 12:38   302592   ----a-w-   c:\windows\system32\mfmp4src.dll
2012-09-09 12:38 . 2012-09-09 12:38   2873344   ----a-w-   c:\windows\system32\mf.dll
2012-09-09 12:38 . 2012-09-09 12:38   261632   ----a-w-   c:\windows\system32\mfreadwrite.dll
2012-09-09 12:38 . 2012-09-09 12:38   209920   ----a-w-   c:\windows\system32\mfplat.dll
2012-09-09 12:38 . 2012-09-09 12:38   586240   ----a-w-   c:\windows\system32\stobject.dll
2012-09-09 12:38 . 2012-09-09 12:38   135680   ----a-w-   c:\windows\system32\XpsRasterService.dll
2012-09-09 12:38 . 2012-09-09 12:38   847360   ----a-w-   c:\windows\system32\OpcServices.dll
2012-09-09 12:38 . 2012-09-09 12:38   667648   ----a-w-   c:\windows\system32\printfilterpipelinesvc.exe
2012-09-09 12:38 . 2012-09-09 12:38   26112   ----a-w-   c:\windows\system32\printfilterpipelineprxy.dll
2012-09-09 12:38 . 2012-09-09 12:38   258048   ----a-w-   c:\windows\system32\winspool.drv
2012-09-09 12:38 . 2012-09-09 12:38   1554432   ----a-w-   c:\windows\system32\xpsservices.dll
2012-09-09 12:37 . 2012-09-09 12:37   4096   ----a-w-   c:\windows\system32\drivers\el-GR\dxgkrnl.sys.mui
2012-09-09 12:37 . 2012-09-09 12:37   974848   ----a-w-   c:\windows\system32\WindowsCodecs.dll
2012-09-09 12:37 . 2012-09-09 12:37   369664   ----a-w-   c:\windows\system32\WMPhoto.dll
2012-09-09 12:37 . 2012-09-09 12:37   321024   ----a-w-   c:\windows\system32\PhotoMetadataHandler.dll
2012-09-09 12:37 . 2012-09-09 12:37   189440   ----a-w-   c:\windows\system32\WindowsCodecsExt.dll
2012-09-09 08:54 . 2006-11-02 10:32   101888   ----a-w-   c:\windows\system32\ifxcardm.dll
2012-09-09 08:54 . 2006-11-02 10:32   82432   ----a-w-   c:\windows\system32\axaltocm.dll
2012-09-08 05:02 . 2012-09-08 05:02   93672   ----a-w-   c:\windows\system32\WindowsAccessBridge.dll
2012-09-08 05:01 . 2012-08-15 07:26   821736   ----a-w-   c:\windows\system32\npDeployJava1.dll
2012-09-08 05:01 . 2011-12-24 11:17   746984   ----a-w-   c:\windows\system32\deployJava1.dll
2012-08-08 15:20 . 2012-08-08 15:20   22328   ----a-w-   c:\windows\system32\drivers\PnkBstrK.sys
2012-08-08 15:20 . 2012-08-08 15:20   22328   ----a-w-   c:\users\Dimitris\AppData\Roaming\PnkBstrK.sys
2012-08-08 15:20 . 2012-08-08 15:20   103736   ----a-w-   c:\windows\system32\PnkBstrB.exe
2012-08-08 15:20 . 2012-08-08 15:20   66872   ----a-w-   c:\windows\system32\PnkBstrA.exe
2012-08-06 18:56 . 2012-08-06 18:56   1130824   ----a-w-   c:\windows\system32\dfshim.dll
2012-08-06 18:56 . 2012-08-06 18:56   99176   ----a-w-   c:\windows\system32\PresentationHostProxy.dll
2012-08-06 18:56 . 2012-08-06 18:56   49472   ----a-w-   c:\windows\system32\netfxperf.dll
2012-08-06 18:56 . 2012-08-06 18:56   297808   ----a-w-   c:\windows\system32\mscoree.dll
2012-08-06 18:56 . 2012-08-06 18:56   295264   ----a-w-   c:\windows\system32\PresentationHost.exe
2012-07-04 14:02 . 2012-09-09 12:43   2047488   ----a-w-   c:\windows\system32\win32k.sys
2012-07-03 10:46 . 2012-03-12 12:38   22344   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-06-15 13:39 . 2012-09-07 18:30   169744   ----a-w-   c:\windows\system32\ztvunrar36.dll
2012-06-15 13:35 . 2012-09-07 18:30   185616   ----a-w-   c:\windows\system32\ztvunrar39.dll
2012-06-15 13:33 . 2012-09-07 18:30   605968   ----a-w-   c:\windows\system32\ztv7z.dll
2012-06-15 13:33 . 2012-09-07 18:30   77072   ----a-w-   c:\windows\system32\ztvcabinet.dll
2012-09-06 01:26 . 2011-11-11 15:38   266720   ----a-w-   c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
"SmpcSys"="c:\program files\Packard Bell\SetUpMyPC\SmpSys.exe" [2006-10-23 1092152]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-07-27 288048]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-08-03 39408]
"DMQ_4053"="c:\program files\Switcher\DMQ_4053\SwitchUSB.exe" [2011-06-09 1589248]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]
"Facebook Update"="c:\users\Dimitris\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-10-09 729088]
"RtHDVCpl"="RtHDVCpl.exe" [2007-01-09 4186112]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-07-11 90112]
"toolbar_eula_launcher"="c:\program files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-01-10 18944]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2007-08-07 200704]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-01-13 37888]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-01-12 49208]
"MobileConnect"="c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2009-08-14 2332160]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"DiscWizardMonitor.exe"="c:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe" [2009-10-16 1325936]
"AcronisTimounterMonitor"="c:\program files\Seagate\DiscWizard\TimounterMonitor.exe" [2009-10-16 904840]
"Seagate Scheduler2 Service"="c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe" [2009-10-16 136544]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2012-08-27 3165456]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-27 843712]
.
c:\users\Dimitris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe

.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12   REG_MULTI_SZ     Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt   REG_MULTI_SZ     hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation   REG_MULTI_SZ     FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1896998450-3613239171-3286227423-1002Core.job
- c:\users\Dimitris\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-23 20:58]
.
2012-09-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1896998450-3613239171-3286227423-1002UA.job
- c:\users\Dimitris\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-23 20:58]
.
2012-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-10 15:50]
.
2012-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-10 15:50]
.
2012-09-10 c:\windows\Tasks\Recovery DVD Creator.job
- c:\program files\Packard Bell\SetupMyPc\MCDCheck.exe [2007-03-28 16:34]
.
2012-09-10 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 9c20379f-c01a-469c-ae8e-95513123dd98.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2012-09-09 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task c8493ab5-dc05-4021-b82d-2f06beb643a7.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Settings,ProxyOverride = local
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Ε&ξαγωγή στο Microsoft Excel - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Dimitris\AppData\Roaming\Mozilla\Firefox\Profiles\sdhpvdui.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Freemake Video Converter_is1 - c:\program files\Freemake\Freemake Video Converter\Uninstall\unins000.exe
AddRemove-WinRAR - c:\windows\WinRAR\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-10 21:15
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1896998450-3613239171-3286227423-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*zžvΎZ¦^Γ–Œš]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-1896998450-3613239171-3286227423-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*zžvΎZ¦^Γ–Œš\OpenWithList]
@Class="Shell"
"a"="Corel PaintShop Pro.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-1896998450-3613239171-3286227423-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*zHwΎZε^vΩό]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-1896998450-3613239171-3286227423-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*zHwΎZε^vΩό\OpenWithList]
@Class="Shell"
"a"="Corel PaintShop Pro.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-1896998450-3613239171-3286227423-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*ώzαuzαuΎZ]„[Ο~]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-1896998450-3613239171-3286227423-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*ώzαuzαuΎZ]„[Ο~\OpenWithList]
@Class="Shell"
"a"="Corel PaintShop Pro.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-1896998450-3613239171-3286227423-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*ώzvzvΎZ/^νΛEj]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-1896998450-3613239171-3286227423-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*ώzvzvΎZ/^νΛEj\OpenWithList]
@Class="Shell"
"a"="Corel PaintShop Pro.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-1896998450-3613239171-3286227423-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*ώzvzvΎZ/^mΜEj]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-1896998450-3613239171-3286227423-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*ώzvzvΎZ/^mΜEj\OpenWithList]
@Class="Shell"
"a"="Corel PaintShop Pro.exe"
"MRUList"="a"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(1004)
c:\windows\system32\relog_ap.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Microsoft\BingBar\7.1.361.0\BBSvc.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Common Files\Seagate\Schedule2\schedul2.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\System32\PAStiSvc.exe
c:\program files\TeamViewer\Version7\TeamViewer_Service.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conime.exe
.
**************************************************************************
.
Completion time: 2012-09-10 21:21:42 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-10 18:21
.
Pre-Run: 13 Κατάλογοι 147.524.255.744 διαθέσιμα byte
Post-Run: 17 Κατάλογοι 147.589.591.040 διαθέσιμα byte
.
- - End Of File - - 9CF3B08E6A408C67B52145B35D59DEE8

i am waiting for your reply!

i am so grateful to you!!!

SuperDave · « **Reply #11 on:** September 10, 2012, 04:44:56 PM »

Please download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives

On completion of the scan click save log, save it to your desktop and post in your next reply
********************************************************************
Please download RootRepeal from GooglePages.com.

Extract the program file to your Desktop.
Run the program RootRepeal.exe and go to the Report tab and click on the Scan button.
Select ALL of the checkboxes and then click OK and it will start scanning your system.
If you have multiple drives you only need to check the C: drive or the one Windows is installed on.
When done, click on Save Report
Save it to the Desktop.
Please copy/paste the contents of the report in your next reply.

Please remove any e-mail address in the RootRepeal report (if present).

elisabeth77 · « **Reply #12 on:** September 11, 2012, 08:24:24 AM »

hello again!

these are the results of aswMBR!

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-11 17:18:58
-----------------------------
17:18:58.350 OS Version: Windows 6.0.6002 Service Pack 2
17:18:58.350 Number of processors: 2 586 0xF06
17:18:58.350 ComputerName: DIMITRIS-PC UserName: Dimitris
17:20:12.928 Initialize success
17:21:01.725 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
17:21:01.741 Disk 0 Vendor: ST3250820AS 3.AAD Size: 238475MB BusType: 3
17:21:01.757 Disk 0 MBR read successfully
17:21:01.772 Disk 0 MBR scan
17:21:01.772 Disk 0 Windows VISTA default MBR code
17:21:01.788 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 8192 MB offset 2048
17:21:01.819 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 230281 MB offset 16779264
17:21:01.850 Disk 0 scanning sectors +488394752
17:21:02.022 Disk 0 scanning C:\Windows\system32\drivers
17:21:11.694 Service scanning
17:21:31.257 Modules scanning
17:21:50.444 Disk 0 trace - called modules:
17:21:50.475 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS viaide.sys
17:21:50.475 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8560c0f0]
17:21:50.491 3 CLASSPNP.SYS[881a88b3] -> nt!IofCallDriver -> [0x84e31a70]
17:21:50.491 5 acpi.sys[8269a6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x84e23b98]
17:21:50.491 Scan finished successfully
17:22:21.819 Disk 0 MBR has been saved successfully to "C:\Users\Dimitris\Desktop\MBR.dat"
17:22:21.819 The log file has been saved successfully to "C:\Users\Dimitris\Desktop\aswMBR.txt"

elisabeth77 · « **Reply #13 on:** September 11, 2012, 10:05:42 AM »

dear Dave !

a question!

how long takes for the rootrepeal to finish scan? it is over 1/2 an hour and doesn't finish yet! is there something wrong?

thanks again!!!

elisabeth77 · « **Reply #14 on:** September 11, 2012, 12:08:10 PM »

dear dave i can't run rootrepeal. it starts scan but after about 7-8 minutes stops at a particular file and closes automatically.

what should i do? sould i try run it in safe mode?

please help me!!!

thank you very much!!!

elisabeth77 · « **Reply #15 on:** September 11, 2012, 01:53:48 PM »

tried safe mode too! nothing .

some crash reports only is all i 've got.

ROOTREPEAL CRASH REPORT
-------------------------
Windows Version: Windows Vista SP2
Exception Code: 0xc0000005
Exception Address: 0x004bed8c
Attempt to write to address: 0x00000000

ROOTREPEAL CRASH REPORT
-------------------------
Windows Version: Windows Vista SP2
Exception Code: 0xc0000005
Exception Address: 0x77377267
Attempt to read from address: 0xfffffff9

ROOTREPEAL CRASH REPORT
-------------------------
Windows Version: Windows Vista SP2
Exception Code: 0xc0000005
Exception Address: 0x0040ab12
Attempt to write to address: 0x00000004

thanks again!!!

i 'll be patiently waiting for your reply!!!

SuperDave · « **Reply #16 on:** September 11, 2012, 05:48:48 PM »

Ok, let's try this one.

SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.

Double click Sysprot.exe to start the program.
Click on the Log tab.
In the Write to log box select the following items.

Process << Selected
Kernel Modules << Selected
SSDT << Selected
Kernel Hooks << Selected
IRP Hooks << NOT Selected
Ports << NOT Selected
Hidden Files << Selected

At the bottom of the page

Hidden Objects Only << Selected

Click on the Create Log button on the bottom right.
After a few seconds a new window should appear.
Select Scan Root Drive. Click on the Start button.
When it is complete a new window will appear to indicate that the scan is finished.
The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.

elisabeth77 · « **Reply #17 on:** September 11, 2012, 10:32:51 PM »

super dave failed to start service syspot antirootkit needs to be run with admin priviliges!

elisabeth77 · « **Reply #18 on:** September 12, 2012, 01:08:46 AM »

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \SystemRoot\System32\Drivers\dump_dumpata.sys
Service Name: ---
Module Base: 8D676000
Module End: 8D681000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: 8D681000
Module End: 8D689000
Hidden: Yes

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwCreateSection
Address: 8A3657DE
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwRequestWaitReplyPort
Address: 8A3657E8
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwSetContextThread
Address: 8A3657E3
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwSetSecurityObject
Address: 8A3657ED
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwSystemDebugControl
Address: 8A3657F2
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwTerminateProcess
Address: 8D35D640
Driver Base: 8D353000
Driver End: 8D375000
Driver Name: \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\Qoobox\BackEnv\AppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cache.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cookies.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Desktop.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Favorites.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\History.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalAppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalSettings.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Music.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\NetHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Personal.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Pictures.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\PrintHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Programs.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Recent.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SendTo.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SetPath.bat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartMenu.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartUp.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SysPath.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Templates.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\VikPev00
Status: Access denied

Object: C:\Users\Dimitris\AppData\Roaming\SecuROM\UserData\

χ?πρ

??
Status: Hidden

Object: C:\Users\Dimitris\AppData\Roaming\SecuROM\UserData\

χ?πρ

??
Status: Hidden

Object: C:\Users\Dimitris\Desktop\ΣΟΦΙΑ\?anaooUoaeo Aei?ecoco-1.doc
Status: Hidden

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl
Status: Access denied

elisabeth77 · « **Reply #19 on:** September 13, 2012, 08:13:46 AM »

dear dave!

what should we do next?

thanks for your big help!!!

elisabeth!!!

SuperDave · « **Reply #20 on:** September 13, 2012, 04:26:00 PM »

Please give me an update on how your computer is running.

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the

button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on to download the ESET Smart Installer. Save it to your desktop.
Double click on the icon on your desktop.

•Check

•Click the

button.
•Accept any security warnings from your browser.
•Check

•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push

•Push

, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the

button.
•Push

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

elisabeth77 · « **Reply #21 on:** September 13, 2012, 09:43:49 PM »

super Dave,

my pc run much better , the internet is faster and doesn't stuck all the time

elisabeth77 · « **Reply #22 on:** September 14, 2012, 07:51:34 AM »

Dear Dave eventually,

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=71aa893efe25c04f892814b685722d93
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-03-08 12:03:41
# local_time=2012-03-08 02:03:41 )
# country="Greece"
# lang=1033
# osver=6.0.6000 NT
# compatibility_mode=1792 16777175 100 0 80501 80501 0 0
# compatibility_mode=5892 16776573 100 100 245490 168734441 0 0
# compatibility_mode=8192 67108863 100 0 144 144 0 0
# scanned=150751
# found=2
# cleaned=0
# scan_time=6508
C:\ProgramData\Spybot - Search & Destroy\Recovery\FastBrowserSearchToolbar33.zip   Win32/Bagle.gen.zip worm (unable to clean)   00000000000000000000000000000000   I
C:\ProgramData\Spybot - Search & Destroy\Recovery\FastBrowserSearchToolbar91.zip   Win32/Bagle.gen.zip worm (unable to clean)   00000000000000000000000000000000   I
# version=7
# iexplore.exe=7.00.6000.16386 (vista_rtm.061101-2205)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=71aa893efe25c04f892814b685722d93
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-03-12 02:51:23
# local_time=2012-03-12 04:51:23 )
# country="Greece"
# lang=1033
# osver=6.0.6000 NT
# compatibility_mode=1792 16777175 100 0 434372 434372 0 0
# compatibility_mode=5892 16776573 100 100 599361 169088312 0 0
# compatibility_mode=8192 67108863 100 0 354015 354015 0 0
# scanned=128954
# found=1
# cleaned=0
# scan_time=8311
${Memory}   a variant of Win32/Spy.Zbot.AAN trojan   00000000000000000000000000000000   I
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=71aa893efe25c04f892814b685722d93
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-03-13 12:08:31
# local_time=2012-03-13 02:08:31 )
# country="Greece"
# lang=1033
# osver=6.0.6000 NT
# compatibility_mode=1792 16777175 100 0 517360 517360 0 0
# compatibility_mode=5892 16776573 100 100 86396 169171300 0 0
# compatibility_mode=8192 67108863 100 0 437003 437003 0 0
# scanned=37555
# found=0
# cleaned=0
# scan_time=1952
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=71aa893efe25c04f892814b685722d93
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-09-14 06:13:06
# local_time=2012-09-14 09:13:06 )
# country="Greece"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1792 16777215 100 0 16477017 16477017 0 0
# compatibility_mode=5892 16776574 100 100 244209 185127357 0 0
# compatibility_mode=8192 67108863 100 0 16396660 16396660 0 0
# scanned=172081
# found=3
# cleaned=3
# scan_time=8556
C:\Users\Dimitris\AppData\Local\Mozilla\Firefox\Profiles\sdhpvdui.default\Cache\B\FD\1C0A1d01   HTML/Iframe.B.Gen virus (deleted - quarantined)   00000000000000000000000000000000   C
C:\Users\Dimitris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\189fd7d2-1cd1a852   multiple threats (deleted - quarantined)   00000000000000000000000000000000   C
C:\Users\Dimitris\Downloads\SpywareCease_Setup.exe   multiple threats (cleaned by deleting - quarantined)   00000000000000000000000000000000   C

elisabeth77 · « **Reply #23 on:** September 14, 2012, 10:57:10 AM »

dear Dave,

i 'm really sorry but i skiped by mistake the step of exporting the list of threats found. is there somehing we can do?or doen't matter anymore?

SuperDave · « **Reply #24 on:** September 14, 2012, 04:58:10 PM »

Quote from: elisabeth77 on September 14, 2012, 10:57:10 AM

dear Dave,

i 'm really sorry but i skiped by mistake the step of exporting the list of threats found. is there somehing we can do?or doen't matter anymore?

That's ok. How's your computer running now?

elisabeth77 · « **Reply #25 on:** September 14, 2012, 10:38:52 PM »

I don't have problem running any of my pc programmes.
th problem i had with the pc was the slow internet and that stucked all the time and needed reboot.

now, the internet is faster and doesn't stuck all the time(i reboot once a day).it sometimes stucks for 1-2 seconds , and after it works fine. But this, may be caused by the internet connection. how can i assure that?

i also wanted to ask you , where i can download free and safe screensaver (because now i don't have one) and i need your advice about my antivirus Avira free edition .what should i have on my pc to prevent or to eliminate other future threats?

sorry, for my wearing questions!!!

Thanks again!!

i 'll be waitning for your directions!!!

SuperDave · « **Reply #26 on:** September 15, 2012, 01:28:50 PM »

Quote

But this, may be caused by the internet connection. how can i assure that?

We can take a look at this by running this tool

Please download MiniToolBox to Desktop and run it.

Checkmark the following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
List content of Hosts
List IP Configuration
Lst Last 10 Event Viewer Errors
List Users, Partitions and Memory Size
[/b]
Click Go and copy/paste the log (Result.txt) into your next post.
************************************************************

Quote

i also wanted to ask you , where i can download free and safe screensaver (because now i don't have one) and i need your advice about my antivirus Avira free edition .what should i have on my pc to prevent or to eliminate other future threats?

You can take a look in this site. Everything there is trustworthy.

elisabeth77 · « **Reply #27 on:** September 15, 2012, 02:50:58 PM »

Dear Dave ,

the results of minitoolbox!

MiniToolBox by Farbar Version: 23-07-2012
Ran by Dimitris (administrator) on 15-09-2012 at 23:40:42
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

ηŸ£ ©ž §˜¨˜£β«¨ΰ¤ IP «ΰ¤ Windows

β«¬®œ ž œ΅΅˜Ÿα¨ ©ž «ž £¤γ£ž cache €¤αΆ¬©ž DNS.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

VIA Rhine II compatible adapter Fast Ethernet = local connection (Connected)

# ----------------------------------
# ηŸ£ ©ž §˜¨˜£β«¨ΰ¤ IPv4
# ----------------------------------
pushd interface ipv4

reset
set global dhcpmediasense=disabled

popd
# ’βΆ¦ ¨ηŸ£ ©ž §˜¨˜£β«¨ΰ¤ IPv4

ηŸ£ ©ž §˜¨˜£β«¨ΰ¤ IP «ΰ¤ Windows

ξ¤¦£˜ ΅œ¤«¨΅¦η ¬§¦Ά¦š ©«γ . . . . : Dimitris-PC
„§εŸž£˜ ΅η¨ ¦¬ DNS . . . . . . . :
’η§¦ ΅ζ£™¦¬. . . . . . . . . . . : “™¨ › ΅ζ
„¤œ¨š¦§¦εž©ž ›¨¦£¦Άζšž©ž IP. . . : ξ®
„¤œ¨š¦§¦εž©ž £œ©¦Άα™ž©ž WINS . . : ξ®
Šε©«˜ ˜¤˜γ«ž©ž œ§ Ÿž£α«ΰ¤ DNS . : lan

¨¦©˜¨£¦šβ˜ Ethernet ’¦§ ΅γ ©η¤›œ©ž:

„§εŸž£˜ DNS ©¬š΅œ΅¨ £β¤ž ©η¤›œ©ž: lan
œ¨ š¨˜γ . . . . . . . . . . . . : VIA Rhine II ©¬£™˜«ζ §¨¦©˜¨£¦šβ˜ Fast Ethernet
”¬© ΅γ › œηŸ¬¤©ž. . . . . . . . . : 00-19-DB-40-52-18
„¤œ¨š¦§¦εž©ž DHCP. . . . . . . . : Œ˜
€¬«ζ£˜«ž ¨ηŸ£ ©ž œ¤œ¨šγ . . . . . : Œ˜
ƒ œηŸ¬¤©ž IPv6 «¦§ ΅γ ©η¤›œ©ž . : fe80::5b:e83f:bb36:f46%8(¨¦« £ι£œ¤¦)
ƒ œηŸ¬¤©ž IPv4. . . . . . . . . . : 192.168.1.64(¨¦« £ι£œ¤¦)
‹α©΅˜ ¬§¦› ΅«η¦¬. . . . . . . . . : 255.255.255.0
λ¤˜¨¥ž œ΅£ε©Ÿΰ©ž. . . . . . . . : ‘α™™˜«¦, 15 ‘œ§«œ£™¨ε¦¬ 2012 10:57:41 ££
Šγ¥ž œ΅£ε©Ÿΰ©ž . . . . . . . . . : ‰¬¨ ˜΅γ, 16 ‘œ§«œ£™¨ε¦¬ 2012 10:57:41 ££
¨¦œ§ Άœš£β¤ž §ηΆž . . . . . . . : 192.168.1.254
ƒ ˜΅¦£ ©«γ DHCP . . . . . . . . : 192.168.1.254
DHCPv6 IAID . . . . . . . . . . . : 201333211
DUID ¬§¦Ά¦š ©«γ-§œΆα«ž DHCPv6 . . : 00-01-00-01-11-FB-5A-5E-00-19-DB-40-52-18
ƒ ˜΅¦£ ©«β DNS . . . . . . . . . : 192.168.1.254
NetBIOS ©œ Tcpip. . . . . . . . . : „¤œ¨š¦§¦ ž£β¤¦

¨¦©˜¨£¦šβ˜ › ¦®β«œ¬©ž ‘η¤›œ©ž «¦§ ΅¦η › ΅«η¦¬*:

‰˜«α©«˜©ž £β©¦¬ . . . . . . . . . : λ®œ ˜§¦©¬¤›œŸœε
„§εŸž£˜ DNS ©¬š΅œ΅¨ £β¤ž ©η¤›œ©ž: lan
œ¨ š¨˜γ . . . . . . . . . . . . : ¨¦©˜¨£¦šβ˜ Microsoft ISATAP
”¬© ΅γ › œηŸ¬¤©ž. . . . . . . . . : 00-00-00-00-00-00-00-E0
„¤œ¨š¦§¦εž©ž DHCP. . . . . . .. . : ξ®
€¬«ζ£˜«ž ¨ηŸ£ ©ž œ¤œ¨šγ . . . . . : Œ˜

¨¦©˜¨£¦šβ˜ › ¦®β«œ¬©ž ‘η¤›œ©ž «¦§ ΅¦η › ΅«η¦¬* 6:

„§εŸž£˜ DNS ©¬š΅œ΅¨ £β¤ž ©η¤›œ©ž:
œ¨ š¨˜γ . . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
”¬© ΅γ › œηŸ¬¤©ž. . . . . . . . . : 02-00-54-55-4E-01
„¤œ¨š¦§¦εž©ž DHCP. . . . . . .. . : ξ®
€¬«ζ£˜«ž ¨ηŸ£ ©ž œ¤œ¨šγ . . . . . : Œ˜
ƒ œηŸ¬¤©ž IPv6. . . . . . . . . . : 2001:0:5ef5:79fd:8d2:22f0:d109:1320(¨¦« £ι£œ¤¦)
ƒ œηŸ¬¤©ž IPv6 «¦§ ΅γ ©η¤›œ©ž . : fe80::8d2:22f0:d109:1320%9(¨¦« £ι£œ¤¦)
¨¦œ§ Άœš£β¤ž §ηΆž . . . . . . . : ::
NetBIOS ©œ Tcpip. . . . . . . . . : €§œ¤œ¨š¦§¦ ž£β¤¦
servers: dsldevice.lan
Address: 192.168.1.254

DNS request timed out.
timeout was 2 seconds.
name: google.com
Address: 2a00:1450:4001:c01::65

„΅«œΆœε«˜ ž Άœ «¦¬¨šε˜ Ping ©«¦ google.com [209.85.148.138] £œ 32 byte ›œ›¦£β¤ΰ¤:

€§α¤«ž©ž ˜§ζ: 209.85.148.138: bytes=32 ®¨ζ¤¦=84ms TTL=57

€§α¤«ž©ž ˜§ζ: 209.85.148.138: bytes=32 ®¨ζ¤¦=83ms TTL=57

‘«˜« ©« ΅α ©«¦ ®œε˜ Ping š ˜ 209.85.148.138:

˜΅β«˜: €§œ©«˜Ά£β¤˜ = 2, ŠžŸβ¤«˜ = 2, €§¦Άœ©Ÿβ¤«˜ = 0 (˜§ιΆœ ˜ 0%),

ΆγŸ¦ › ˜›¨¦£ι¤ ˜§¦©«¦Άγ ΅˜ œ§ ©«¨¦γ ΅˜«α §¨¦©βšš ©ž ©œ ® Ά ¦©«α «¦¬

›œ¬«œ¨¦Άβ§«¦¬:

„Άα® ©«¦ = 83ms, ‹βš ©«¦ = 84ms, ‹β©¦ ζ¨¦ = 83ms

servers: dsldevice.lan
Address: 192.168.1.254

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.

„΅«œΆœε«˜ ž Άœ «¦¬¨šε˜ Ping ©«¦ yahoo.com [72.30.38.140] £œ 32 byte ›œ›¦£β¤ΰ¤:

€§α¤«ž©ž ˜§ζ: 72.30.38.140: bytes=32 ®¨ζ¤¦=426ms TTL=53

€§α¤«ž©ž ˜§ζ: 72.30.38.140: bytes=32 ®¨ζ¤¦=263ms TTL=53

‘«˜« ©« ΅α ©«¦ ®œε˜ Ping š ˜ 72.30.38.140:

˜΅β«˜: €§œ©«˜Ά£β¤˜ = 2, ŠžŸβ¤«˜ = 2, €§¦Άœ©Ÿβ¤«˜ = 0 (˜§ιΆœ ˜ 0%),

ΆγŸ¦ › ˜›¨¦£ι¤ ˜§¦©«¦Άγ ΅˜ œ§ ©«¨¦γ ΅˜«α §¨¦©βšš ©ž ©œ ® Ά ¦©«α «¦¬

›œ¬«œ¨¦Άβ§«¦¬:

„Άα® ©«¦ = 263ms, ‹βš ©«¦ = 426ms, ‹β©¦ ζ¨¦ = 344ms

servers: dsldevice.lan
Address: 192.168.1.254

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.

„΅«œΆœε«˜ ž Άœ «¦¬¨šε˜ Ping ©«¦ bleepingcomputer.com [208.43.87.2] £œ 32 byte ›œ›¦£β¤ΰ¤:

€§α¤«ž©ž ˜§ζ: 208.43.87.2: ƒœ¤ œε¤˜ ›¬¤˜«γ ž §¨ζ©™˜©ž ©«¦¤ ΅œ¤«¨ ΅ζ ¬§¦Ά¦š ©«γ §¨¦¦¨ ©£¦η.

€§α¤«ž©ž ˜§ζ: 208.43.87.2: ƒœ¤ œε¤˜ ›¬¤˜«γ ž §¨ζ©™˜©ž ©«¦¤ ΅œ¤«¨ ΅ζ ¬§¦Ά¦š ©«γ §¨¦¦¨ ©£¦η.

‘«˜« ©« ΅α ©«¦ ®œε˜ Ping š ˜ 208.43.87.2:

˜΅β«˜: €§œ©«˜Ά£β¤˜ = 2, ŠžŸβ¤«˜ = 2, €§¦Άœ©Ÿβ¤«˜ = 0 (˜§ιΆœ ˜ 0%),

„΅«œΆœε«˜ ž Άœ «¦¬¨šε˜ Ping ©«¦ 127.0.0.1 £œ 32 byte ›œ›¦£β¤ΰ¤:

€§α¤«ž©ž ˜§ζ: 127.0.0.1: bytes=32 ®¨ζ¤¦<1ms TTL=128

€§α¤«ž©ž ˜§ζ: 127.0.0.1: bytes=32 ®¨ζ¤¦<1ms TTL=128

‘«˜« ©« ΅α ©«¦ ®œε˜ Ping š ˜ 127.0.0.1:

˜΅β«˜: €§œ©«˜Ά£β¤˜ = 2, ŠžŸβ¤«˜ = 2, €§¦Άœ©Ÿβ¤«˜ = 0 (˜§ιΆœ ˜ 0%),

ΆγŸ¦ › ˜›¨¦£ι¤ ˜§¦©«¦Άγ ΅˜ œ§ ©«¨¦γ ΅˜«α §¨¦©βšš ©ž ©œ ® Ά ¦©«α «¦¬

›œ¬«œ¨¦Άβ§«¦¬:

„Άα® ©«¦ = 0ms, ‹βš ©«¦ = 0ms, ‹β©¦ ζ¨¦ = 0ms

===========================================================================
Šε©«˜ › ˜©¬¤›β©œΰ¤
8 ...00 19 db 40 52 18 ...... VIA Rhine II 1 ........................... Software Loopback Interface 1
13 ...00 00 00 00 00 00 00 e0 9 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 ε¤˜΅˜ › ˜›¨¦£ι¤
===========================================================================
„¤œ¨šβ › ˜›¨¦£β:
ƒ œηŸ¬¤©ž › ΅«η¦¬ ‹α©΅˜ › ΅«η¦¬ ηΆž ƒ ˜©η¤›œ©ž ‹β«¨¦
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.64 20
127.0.0.0 255.0.0.0 ‹œ ©η¤›œ©ž 127.0.0.1 306
127.0.0.1 255.255.255.255 ‹œ ©η¤›œ©ž 127.0.0.1 306
127.255.255.255 255.255.255.255 ‹œ ©η¤›œ©ž 127.0.0.1 306
192.168.1.0 255.255.255.0 ‹œ ©η¤›œ©ž 192.168.1.64 276
192.168.1.64 255.255.255.255 ‹œ ©η¤›œ©ž 192.168.1.64 276
192.168.1.255 255.255.255.255 ‹œ ©η¤›œ©ž 192.168.1.64 276
224.0.0.0 240.0.0.0 ‹œ ©η¤›œ©ž 127.0.0.1 306
224.0.0.0 240.0.0.0 ‹œ ©η¤›œ©ž 192.168.1.64 276
255.255.255.255 255.255.255.255 ‹œ ©η¤›œ©ž 127.0.0.1 306
255.255.255.255 255.255.255.255 ‹œ ©η¤›œ©ž 192.168.1.64 276
===========================================================================
‘¬¤œ®œε › ˜›¨¦£β:
‰˜£ε˜

IPv6 ε¤˜΅˜ › ˜›¨¦£ι¤
===========================================================================
„¤œ¨šβ › ˜›¨¦£β:
ƒ œηŸ¬¤©ž › ΅«η¦¬ £œ«¨ ΅γ If ηΆž
9 18 ::/0 ‹œ ©η¤›œ©ž
1 306 ::1/128 ‹œ ©η¤›œ©ž
9 18 2001::/32 ‹œ ©η¤›œ©ž
9 266 2001:0:5ef5:79fd:8d2:22f0:d109:1320/128
‹œ ©η¤›œ©ž
8 276 fe80::/64 ‹œ ©η¤›œ©ž
9 266 fe80::/64 ‹œ ©η¤›œ©ž
8 276 fe80::5b:e83f:bb36:f46/128
‹œ ©η¤›œ©ž
9 266 fe80::8d2:22f0:d109:1320/128
‹œ ©η¤›œ©ž
1 306 ff00::/8 ‹œ ©η¤›œ©ž
9 266 ff00::/8 ‹œ ©η¤›œ©ž
8 276 ff00::/8 ‹œ ©η¤›œ©ž
===========================================================================
‘¬¤œ®œε › ˜›¨¦£β:
‰˜£ε˜

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/15/2012 10:51:08 PM) (Source: VMCService) (User: )
Description: conflictManagerTypeValue

Error: (09/15/2012 06:11:42 PM) (Source: VMCService) (User: )
Description: GetProcessOwner

Error: (09/15/2012 02:13:53 PM) (Source: VMCService) (User: )
Description: conflictManagerTypeValue

Error: (09/15/2012 02:11:53 PM) (Source: VMCService) (User: )
Description: GetProcessOwner

Error: (09/15/2012 07:08:36 AM) (Source: VMCService) (User: )
Description: conflictManagerTypeValue

Error: (09/15/2012 00:10:06 AM) (Source: VMCService) (User: )
Description: GetProcessOwner

Error: (09/14/2012 09:33:31 PM) (Source: VMCService) (User: )
Description: conflictManagerTypeValue

Error: (09/14/2012 09:31:17 PM) (Source: VMCService) (User: )
Description: GetProcessOwner

Error: (09/14/2012 02:14:26 PM) (Source: VMCService) (User: )
Description: conflictManagerTypeValue

Error: (09/14/2012 02:12:06 PM) (Source: VMCService) (User: )
Description: GetProcessOwner

System errors:
=============
Error: (09/14/2012 09:56:58 PM) (Source: Service Control Manager) (User: )
Description: Windows Search%%1053

Error: (09/14/2012 09:56:58 PM) (Source: Service Control Manager) (User: )
Description: 30000Windows Search

Error: (09/14/2012 09:56:58 PM) (Source: Service Control Manager) (User: )
Description: Windows Search%%1053

Error: (09/14/2012 09:56:58 PM) (Source: Service Control Manager) (User: )
Description: 30000Windows Search

Error: (09/14/2012 09:56:58 PM) (Source: DCOM) (User: )
Description: 1053WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (09/12/2012 06:28:20 PM) (Source: EventLog) (User: )
Description: the previous end of operating system in 5:25:18 μμ σε 12/9/2012 was not expected.

Error: (09/12/2012 07:14:49 AM) (Source: DCOM) (User: )
Description: 1068netprofm{A47979D2-C419-11D9-A5B4-001185AD2B89}

Error: (09/12/2012 07:14:49 AM) (Source: DCOM) (User: )
Description: 1068netman{BA126AD1-2166-11D1-B1D0-00805FC1270E}

Error: (09/12/2012 07:14:44 AM) (Source: DCOM) (User: )
Description: 1068fdPHost{145B4335-FE2A-4927-A040-7C35AD3180EF}

Error: (09/12/2012 07:14:41 AM) (Source: DCOM) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}

Microsoft Office Sessions:
=========================

========================= Memory info: ===================================

Percentage of memory in use: 47%
Total physical RAM: 2045.76 MB
Available physical RAM: 1068.23 MB
Total Pagefile: 4346.54 MB
Available Pagefile: 3110.07 MB
Total Virtual: 2047.88 MB
Available Virtual: 1933.22 MB

========================= Partitions: =====================================

1 Drive c: (HDD) (Fixed) (Total:224.88 GB) (Free:125.27 GB) NTFS

========================= Users: ========================================

Š¦š˜¨ ˜©£¦ε User š ˜ \\DIMITRIS-PC

Administrator ASPNET Dimitris
Guest
† œ¤«¦Άγ ¦Ά¦΅Άž¨ιŸž΅œ £œ œ§ «¬®ε˜.

**** End of log ****

thank you very much for all your help

i'm really grateful to you!!!

SuperDave · « **Reply #28 on:** September 15, 2012, 04:23:14 PM »

Your internet speed is quite fast. in the meantime let's do some cleanup.

To uninstall ComboFix

Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
In the field, type in ComboFix /uninstall

(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

Then, press Enter, or click OK.
This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.

**********************************************************
Click Start> Computer> right click the C Drive and choose Properties> enter
Click Disk Cleanup from there.

Click OK on the Disk Cleanup Screen.
Click Yes on the Confirmation screen.

This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
*****************************************************
Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

elisabeth77 · « **Reply #29 on:** September 16, 2012, 02:11:49 PM »

Dear Dave, you have been enormus help with my pc issues!

I 'd like to thank you once again!!!

One two more things to ask if you have the time please!

1) I cannot unistal combofix. i did what you 've written and it is still there. with the command it starts scanning th pc again , not unistall.

2) i downloaded spyboot and wot on my pc.

3) what am i keeping on my pc from all the programmes now?
i will keep avira (as antivirus protection), spyboot (for malwares) .
what about malware bytes , superantispyware and the other tools as sysprot and rootrepeal?

*note: when i clicked the immunization in spyboot (avira blocked me the entrance in host files and spyboot gave a message that some files maybe blocked from my antivirus and because of that spyboot couldn't immunize the hosts file).

thanks again!!!you are number 1!

SuperDave · « **Reply #30 on:** September 16, 2012, 04:20:04 PM »

Quote

1) I cannot unistal combofix. i did what you 've written and it is still there. with the command it starts scanning th pc again , not unistall.

Download this program and run it Uninstall ComboFix .It will remove ComboFix for you

To set a new Restore Point.

Click Start button , click Control Panel, click System and Maintenance, and then clicking System. In the left pane, click System Protection. If you are prompted for an administrator password or confirmation, type the password or provide confirmation. To turn off System Protection for a hard disk, clear the check box next to the disk, and then click OK. Reboot to Normal Mode.
Click the Start button , click Control Panel, click System and Maintenance, and then click System.
In the left pane, click System Protection. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.
To turn on System Protection for a hard disk, select the check box next to the disk, and then click OK.
This will give you a new, clean Restore Point.
*************************************************************

Quote

what am i keeping on my pc from all the programmes now?
i will keep avira (as antivirus protection), spyboot (for malwares) .
what about malware bytes , superantispyware and the other tools as sysprot and rootrepeal?

You can keep MBAM Adwcleaner and SAS, if you have room. Update them and run them on a regular basis. All the rest of those programs can go.

Quote

note: when i clicked the immunization in spyboot (avira blocked me the entrance in host files and spyboot gave a message that some files maybe blocked from my antivirus and because of that spyboot couldn't immunize the hosts file).

That's ok. You can possibly change the settings in your AV to allow those files.

Quote

thanks again!!!you are number 1

You're welcome. That's what my wife says but she holds up her second finger when she says it.lol. I will lock this thread. If you need it re-opened, please send me a pm.

Computer Hope Forum

News:

Author Topic: TROJAN.RANSOM (Read 29676 times)

elisabeth77

elisabeth77

elisabeth77

elisabeth77

SuperDave

elisabeth77

elisabeth77

elisabeth77

SuperDave

elisabeth77

elisabeth77

SuperDave

elisabeth77

elisabeth77

elisabeth77

elisabeth77

SuperDave

elisabeth77

elisabeth77

elisabeth77

SuperDave

elisabeth77

elisabeth77

elisabeth77

SuperDave

elisabeth77

SuperDave

elisabeth77

SuperDave

elisabeth77

SuperDave