Computer Hope
Software => Computer viruses and spyware => Virus and spyware removal => Topic started by: elisabeth77 on September 07, 2012, 11:29:59 PM
-
HI HOPE TEAM !
THANK YOU FOR THE ACCEPTANCE!
As you can think i have issues with my pc!
i 'have run Malware - Antimalware bytes and every time i receive the same error
hkcu\software\Microsoft\windows\currentversion\windows\load
it is a Trojan.ransom
i have seen a same topic from mp1975 on august 25th 2012 helped by super Dave.
so , i have already run SUPERAntiSpyware free edition and now i am running the malware bytes again. Do i have to download the malware bytes again or can i run the version i already have on my computer?
please help me through .......
thanks in advance!!!!!!!!!!
-
here is the summary from super antispyware
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 09/08/2012 at 01:49 AM
Application Version : 5.5.1016
Core Rules Database Version : 9192
Trace Rules Database Version: 7004
Scan type : Complete Scan
Total Scan Time : 02:00:27
Operating System Information
Windows Vista Home Premium 32-bit (Build 6.00.6000)
UAC On - Limited User (Administrator User)
Memory items scanned : 926
Memory threats detected : 0
Registry items scanned : 35424
Registry threats detected : 27
File items scanned : 126367
File threats detected : 50
Browser Hijacker.Deskbar
HKCR\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}
HKCR\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}\1.0
HKCR\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}\1.0\0
HKCR\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}\1.0\0\win32
HKCR\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}\1.0\FLAGS
HKCR\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}\1.0\HELPDIR
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid32
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib#Version
HKCR\Interface\{9EBB289A-2D7B-465B-825F-1530B813E95A}
HKCR\Interface\{9EBB289A-2D7B-465B-825F-1530B813E95A}\ProxyStubClsid
HKCR\Interface\{9EBB289A-2D7B-465B-825F-1530B813E95A}\ProxyStubClsid32
HKCR\Interface\{9EBB289A-2D7B-465B-825F-1530B813E95A}\TypeLib
HKCR\Interface\{9EBB289A-2D7B-465B-825F-1530B813E95A}\TypeLib#Version
HKCR\Interface\{CD5C92AE-97B0-4BC3-BA65-BA0308D543BF}
HKCR\Interface\{CD5C92AE-97B0-4BC3-BA65-BA0308D543BF}\ProxyStubClsid
HKCR\Interface\{CD5C92AE-97B0-4BC3-BA65-BA0308D543BF}\ProxyStubClsid32
HKCR\Interface\{CD5C92AE-97B0-4BC3-BA65-BA0308D543BF}\TypeLib
HKCR\Interface\{CD5C92AE-97B0-4BC3-BA65-BA0308D543BF}\TypeLib#Version
HKCR\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
HKCR\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}\ProxyStubClsid
HKCR\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}\ProxyStubClsid32
HKCR\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}\TypeLib
HKCR\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}\TypeLib#Version
Adware.Tracking Cookie
C:\USERS\DIMITRIS\AppData\Roaming\Microsoft\Windows\Cookies\Low\dimitris@adultfriendfinder[1].txt [ Cookie:dimitris@*adult URL*/ ]
C:\USERS\DIMITRIS\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
C:\USERS\DIMITRIS\AppData\Roaming\Microsoft\Windows\Cookies\Low\dimitris@trafficholder[1].txt [ Cookie:[email protected]/cgi-bin/traffic/ ]
C:\USERS\DIMITRIS\AppData\Roaming\Microsoft\Windows\Cookies\Low\dimitris@mature-porn-movie[2].txt [ Cookie:[email protected]/ ]
C:\USERS\DIMITRIS\AppData\Roaming\Microsoft\Windows\Cookies\Low\dimitris@yadro[1].txt [ *Blocked Russian URL*/ ]
C:\USERS\DIMITRIS\AppData\Roaming\Microsoft\Windows\Cookies\Low\dimitris@exoclick[2].txt [ Cookie:[email protected]/ ]
C:\USERS\DIMITRIS\AppData\Roaming\Microsoft\Windows\Cookies\Low\dimitris@toplist[2].txt [ Cookie:[email protected]/ ]
C:\USERS\DIMITRIS\AppData\Roaming\Microsoft\Windows\Cookies\Low\dimitris@statcounter[1].txt [ Cookie:[email protected]/ ]
C:\USERS\DIMITRIS\AppData\Roaming\Microsoft\Windows\Cookies\Low\dimitris@toplist[4].txt [ Cookie:[email protected]/ ]
C:\USERS\DIMITRIS\AppData\Roaming\Microsoft\Windows\Cookies\Low\dimitris@sextracker[1].txt [ Cookie:[email protected]/ ]
C:\USERS\DIMITRIS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /COUNTER13.SEXTRACKER ]
C:\USERS\DIMITRIS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\DIMITRIS@TOPLIST[1].TXT [ /TOPLIST ]
*Blocked Russian URL* [ C:\USERS\DIMITRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SDHPVDUI.DEFAULT\COOKIES.SQLITE ]
*Blocked Russian URL* [ C:\USERS\DIMITRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SDHPVDUI.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\DIMITRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SDHPVDUI.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\DIMITRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SDHPVDUI.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\DIMITRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SDHPVDUI.DEFAULT\COOKIES.SQLITE ]
in.getclicky.com [ C:\USERS\DIMITRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SDHPVDUI.DEFAULT\COOKIES.SQLITE ]
network.clickbanner.gr [ C:\USERS\DIMITRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SDHPVDUI.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\DIMITRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SDHPVDUI.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\DIMITRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SDHPVDUI.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\DIMITRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SDHPVDUI.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\DIMITRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SDHPVDUI.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\DIMITRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SDHPVDUI.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\DIMITRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SDHPVDUI.DEFAULT\COOKIES.SQLITE ]
.h.atdmt.com [ C:\USERS\DIMITRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SDHPVDUI.DEFAULT\COOKIES.SQLITE ]
.h.atdmt.com [ C:\USERS\DIMITRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SDHPVDUI.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\DIMITRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SDHPVDUI.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\DIMITRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SDHPVDUI.DEFAULT\COOKIES.SQLITE ]
.h.atdmt.com [ C:\USERS\DIMITRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SDHPVDUI.DEFAULT\COOKIES.SQLITE ]
.h.atdmt.com [ C:\USERS\DIMITRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SDHPVDUI.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\USERS\DIMITRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SDHPVDUI.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\USERS\DIMITRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SDHPVDUI.DEFAULT\COOKIES.SQLITE ]
.pathfinder.gr [ C:\USERS\DIMITRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SDHPVDUI.DEFAULT\COOKIES.SQLITE ]
.lexicon.pathfinder.gr [ C:\USERS\DIMITRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SDHPVDUI.DEFAULT\COOKIES.SQLITE ]
.lexicon.pathfinder.gr [ C:\USERS\DIMITRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SDHPVDUI.DEFAULT\COOKIES.SQLITE ]
.lexicon.pathfinder.gr [ C:\USERS\DIMITRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SDHPVDUI.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\DIMITRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SDHPVDUI.DEFAULT\COOKIES.SQLITE ]
.kaspersky.122.2o7.net [ C:\USERS\DIMITRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SDHPVDUI.DEFAULT\COOKIES.SQLITE ]
.histats.com [ C:\USERS\DIMITRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SDHPVDUI.DEFAULT\COOKIES.SQLITE ]
.histats.com [ C:\USERS\DIMITRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SDHPVDUI.DEFAULT\COOKIES.SQLITE ]
.kontera.com [ C:\USERS\DIMITRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SDHPVDUI.DEFAULT\COOKIES.SQLITE ]
.mmstat.com [ C:\USERS\DIMITRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SDHPVDUI.DEFAULT\COOKIES.SQLITE ]
.cnzz.mmstat.com [ C:\USERS\DIMITRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SDHPVDUI.DEFAULT\COOKIES.SQLITE ]
.oracle.112.2o7.net [ C:\USERS\DIMITRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SDHPVDUI.DEFAULT\COOKIES.SQLITE ]
.adserver.adtechus.com [ C:\USERS\DIMITRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SDHPVDUI.DEFAULT\COOKIES.SQLITE ]
7.rotator.wigetmedia.com [ C:\USERS\DIMITRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SDHPVDUI.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\DIMITRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SDHPVDUI.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\DIMITRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SDHPVDUI.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\DIMITRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SDHPVDUI.DEFAULT\COOKIES.SQLITE ]
PUP.BabylonToolbar
HKU\S-1-5-21-1896998450-3613239171-3286227423-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
-
and here are the results of malware - Antimalware bytes
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Data base version : v2012.09.08.02
Windows Vista x86 NTFS
Internet Explorer 7.0.6000.16982
Dimitris :: DIMITRIS-PC [administrator]
8/9/2012 7:54:33 πμ
mbam-log-2012-09-08 (09-47-56).txt
scan type: Full Scan (C:\|L:\|)
Activate scan options: Ram | Startup | Register | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 322922
Time elapsed: 1 hour, 38 minutes, 14 seconds
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Ransom) -> Data: C:\Users\Dimitris\LOCALS~1\Temp\ahmthhvvu.scr -> No action.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
-
here comes the results of Security Check by screen317
Results of screen317's Security Check version 0.99.50
Windows Vista x86 (UAC is enabled)
Out of date service pack!! (http://support.microsoft.com/kb/935791)[/b]
Internet Explorer 7 Out of date!
``````````````Antivirus/Firewall Check:``````````````[/u]
WMI entry may not exist for antivirus; attempting automatic update.
Avira successfully updated!
`````````Anti-malware/Other Utilities Check:`````````[/u]
MVPS Hosts File
SUPERAntiSpyware
Trojan Remover 6.8.4
Malwarebytes Anti-Malware έκδοση 1.62.0.1300
CCleaner
Java 7 Update 7
Adobe Flash Player 11.1.102.55
Adobe Reader 8 Adobe Reader out of Date!
Mozilla Firefox 8.0 Firefox out of Date!
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
````````Process Check: objlist.exe by Laurent````````[/u]
Windows Defender MSASCui.exe
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
Windows Defender MSASCui.exe
`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````[/u]
-
Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.
1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.
If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
Please try running MBAM again and, this time, clean the infection.
Go to Microsoft Windows Update (http://windowsupdate.microsoft.com/) and get all critical updates including the latest Service Pack and IE 9.
Please download AdwCleaner (http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner)by Xplode onto your Desktop.
- Double click on AdwCleaner.exe to run the tool.
- Click on Search.
- A logfile will automatically open after the scan has finished.
- Please post the content of that logfile in your reply.
- You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.
-
Dear Dave ,
thank you for your help!
here are the results of Adwcleaner.
i am looking forward for your instructions!!!
# AdwCleaner v2.000 - Logfile created 09/09/2012 at 01:41:34
# Updated 30/08/2012 by Xplode
# Operating system : Windows Vista (TM) Home Premium (32 bits)
# User : Dimitris - DIMITRIS-PC
# Boot Mode : Normal
# Running from : C:\Users\Dimitris\Downloads\adwcleaner.exe
# Option [Search]
***** [Services] *****
***** [Files / Folders] *****
File Found : C:\Program Files\Mozilla FireFox\Components\AskSearch.js
File Found : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
File Found : C:\user.js
File Found : C:\Users\Dimitris\AppData\Roaming\Mozilla\Firefox\Profiles\sdhpvdui.default\searchplugins\Conduit.xml
Folder Found : C:\Program Files\Conduit
Folder Found : C:\Program Files\FreeMake
Folder Found : C:\Program Files\TorrentReactor.Net
Folder Found : C:\Program Files\Winamp Toolbar
Folder Found : C:\ProgramData\FreeMake
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeMake
Folder Found : C:\ProgramData\Winamp Toolbar
Folder Found : C:\Users\Dimitris\AppData\Local\Conduit
Folder Found : C:\Users\Dimitris\AppData\Local\Winamp Toolbar
Folder Found : C:\Users\Dimitris\AppData\LocalLow\BabylonToolbar
Folder Found : C:\Users\Dimitris\AppData\LocalLow\Conduit
Folder Found : C:\Users\Dimitris\AppData\LocalLow\facemoods.com
Folder Found : C:\Users\Dimitris\AppData\LocalLow\FreeMake
Folder Found : C:\Users\Dimitris\AppData\LocalLow\PriceGong
Folder Found : C:\Users\Dimitris\AppData\LocalLow\TorrentReactor.Net
Folder Found : C:\Users\Dimitris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeMake
Folder Found : C:\Users\Dimitris\AppData\Roaming\Mozilla\Firefox\Profiles\sdhpvdui.default\CT3214568
Folder Found : C:\Users\Dimitris\AppData\Roaming\Mozilla\Firefox\Profiles\sdhpvdui.default\extensions\{adca5064-9e30-43fe-9856-58b07a3149fe}
Folder Found : C:\Users\Dimitris\AppData\Roaming\Mozilla\Firefox\Profiles\sdhpvdui.default\extensions\[email protected]
Folder Found : C:\Users\Dimitris\AppData\Roaming\Mozilla\Firefox\Profiles\sdhpvdui.default\Smartbar
Folder Found : C:\Users\Dimitris\Documents\FreeMake
***** [Registry] *****
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\Freemake
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AppDataLow\Software\TorrentReactor.Net
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\BrowserCompanion
Key Found : HKCU\Software\Freemake
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\facemoods
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FreeMake Toolbar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\TorrentReactor.Net Toolbar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Winamp Toolbar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{04CEFF5B-A46D-4417-8018-43A059BDF9A6}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64182481-4F71-486B-A045-B233BD0DA8FC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9A4D1490-F317-4D7C-A2FA-5A0FE233331F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ADCA5064-9E30-43FE-9856-58B07A3149FE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B23920F4-4C2F-412B-9450-1D7028D5454E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Found : HKCU\Software\Winamp Toolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\winamptbServer.exe
Key Found : HKLM\SOFTWARE\Classes\b
Key Found : HKLM\SOFTWARE\Classes\CLSID\{04CEFF5B-A46D-4417-8018-43A059BDF9A6}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6EF4E91D-DDD5-4478-BCA7-DA04435934C0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{801FD5AC-90F0-4FE9-A8A3-AA98A3B4F6AD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{841FD004-57A2-4B49-BBDB-5897394619DB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9A4D1490-F317-4D7C-A2FA-5A0FE233331F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{ADCA5064-9E30-43FE-9856-58B07A3149FE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B23920F4-4C2F-412B-9450-1D7028D5454E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B38D6EDE-390B-4620-8365-29E16459EBDA}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BB468DEB-B219-4BAE-BA7E-A8000B6AF0A3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F20F11FD-203E-45A9-B7BB-AFC1B4FEA7A6}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FE178B09-C8AA-4734-804D-1849BCCA0C29}
Key Found : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
Key Found : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
Key Found : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{0F54B66A-21CF-4548-AE59-A6B83EE6676F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{51A971CA-D36E-4D13-A799-2CF0A491D04D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{56FBEA9F-EF93-4318-B75F-A96FC7C7BD7B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{78B3C85E-44FF-4DC8-B3AD-156F39DC75E5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{841FD004-57A2-4B49-BBDB-5897394619DB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E1164984-B567-47BD-A7FF-240C2594404A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E19FDA06-5BDF-43C2-B794-BCD8A4C2051F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FAB076F5-E4DD-4EA4-AFEE-F18BF972B057}
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT1561457
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3214568
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{538CD77C-BFDD-49B0-9562-77419CAB89D1}
Key Found : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
Key Found : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
Key Found : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch
Key Found : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch.1
Key Found : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand
Key Found : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand.1
Key Found : HKLM\SOFTWARE\Classes\WinampTb.Downloader
Key Found : HKLM\SOFTWARE\Classes\WinampTb.Downloader.1
Key Found : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo
Key Found : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo.1
Key Found : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams
Key Found : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams.1
Key Found : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper
Key Found : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper.1
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\Freemake
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\clbfjfbnelcflpgpklppgplejolacbej
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ibgfbdggapddbjjbopabhlhianklajie
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{12911484-55A2-4151-9A28-E08DF7015DBC}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{81EFB41B-2381-4EC1-B366-BB93AECD9F1B}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{04CEFF5B-A46D-4417-8018-43A059BDF9A6}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9A4D1490-F317-4D7C-A2FA-5A0FE233331F}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FreeMake Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TorrentReactor.Net Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Winamp Toolbar
Key Found : HKLM\Software\TorrentReactor.Net
Key Found : HKLM\Software\Winamp Toolbar
Key Found : HKU\S-1-5-21-1896998450-3613239171-3286227423-1002\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKU\S-1-5-21-1896998450-3613239171-3286227423-1002\Software\Microsoft\Internet Explorer\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}
Key Found : HKU\S-1-5-21-1896998450-3613239171-3286227423-1002\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKU\S-1-5-21-1896998450-3613239171-3286227423-1002\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
Key Found : HKU\S-1-5-21-1896998450-3613239171-3286227423-1002\Software\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{1BB22D38-A411-4B13-A746-C2A4F4EC7344}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{3041D03E-FD4B-44E0-B742-2D9B88305F98}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{ADCA5064-9E30-43FE-9856-58B07A3149FE}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{B23920F4-4C2F-412B-9450-1D7028D5454E}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{ADCA5064-9E30-43FE-9856-58B07A3149FE}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{1BB22D38-A411-4B13-A746-C2A4F4EC7344}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{ADCA5064-9E30-43FE-9856-58B07A3149FE}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B23920F4-4C2F-412B-9450-1D7028D5454E}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{ADCA5064-9E30-43FE-9856-58B07A3149FE}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{B23920F4-4C2F-412B-9450-1D7028D5454E}]
***** [Internet Browsers] *****
-\\ Internet Explorer v7.0.6000.16982
[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?babsrc=NT_ss&mntrId=c85f62db0000000000000019db405218&tlver=1.4.19.19&affID=19404
-\\ Mozilla Firefox v15.0.1 (el)
Profile name : default
File : C:\Users\Dimitris\AppData\Roaming\Mozilla\Firefox\Profiles\sdhpvdui.default\prefs.js
Found : user_pref("CT3214568.1000082.isPlayDisplay", "true");
Found : user_pref("CT3214568.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]
Found : user_pref("CT3214568.1000234.TWC_TMP_city", "ATHENS");
Found : user_pref("CT3214568.1000234.TWC_TMP_country", "GR");
Found : user_pref("CT3214568.1000234.TWC_locId", "GRXX0004");
Found : user_pref("CT3214568.1000234.TWC_location", "Athens, Greece");
Found : user_pref("CT3214568.1000234.TWC_region", "OT");
Found : user_pref("CT3214568.1000234.TWC_temp_dis", "c");
Found : user_pref("CT3214568.1000234.TWC_wind_dis", "kmh");
Found : user_pref("CT3214568.1000234.weatherData", "{\"icon\":\"33.png\",\"temperature\":\"24°C\",\"temperat[...]
Found : user_pref("CT3214568.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3214568.ENABLE_RETURN_WEB_SEARCH_ON_T HE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Found : user_pref("CT3214568.FirstTime", "true");
Found : user_pref("CT3214568.FirstTimeFF3", "true");
Found : user_pref("CT3214568.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT321[...]
Found : user_pref("CT3214568.UserID", "UN61010824010489033");
Found : user_pref("CT3214568.addressBarTakeOverEnabledInHi dden", "true");
Found : user_pref("CT3214568.autoDisableScopes", -1);
Found : user_pref("CT3214568.browser.search.defaultthis.en gineName", true);
Found : user_pref("CT3214568.cb_experience_000", "4");
Found : user_pref("CT3214568.cb_firstuse0100", "1");
Found : user_pref("CT3214568.cbcountry_001", "GR");
Found : user_pref("CT3214568.cbfirsttime", "Mon Aug 06 2012 21:50:24 GMT+0300");
Found : user_pref("CT3214568.defaultSearch", "true");
Found : user_pref("CT3214568.embeddedsData", "[{\"appId\":\"10000002\",\"apiPermissions\":{\"crossDomainAjax[...]
Found : user_pref("CT3214568.enableAlerts", "always");
Found : user_pref("CT3214568.enableSearchFromAddressBar", "true");
Found : user_pref("CT3214568.firstTimeDialogOpened", "true");
Found : user_pref("CT3214568.fixPageNotFoundError", "true");
Found : user_pref("CT3214568.fixPageNotFoundErrorInHidden", "true");
Found : user_pref("CT3214568.fixUrls", true);
Found : user_pref("CT3214568.hxxp___www_socialgrowthtechno logies_com_couponbuddy_v001.APP_WIN_FEA TURES", "op[...]
Found : user_pref("CT3214568.installId", "ConduitNSISIntegration");
Found : user_pref("CT3214568.installType", "ConduitNSISIntegration");
Found : user_pref("CT3214568.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3214568.isNewTabEnabled", true);
Found : user_pref("CT3214568.isPerformedSmartBarTransition", "true");
Found : user_pref("CT3214568.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Found : user_pref("CT3214568.keyword", true);
Found : user_pref("CT3214568.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxps[...]
Found : user_pref("CT3214568.openThankYouPage", "false");
Found : user_pref("CT3214568.openUninstallPage", "true");
Found : user_pref("CT3214568.search.searchAppId", "10000002");
Found : user_pref("CT3214568.search.searchCount", "1");
Found : user_pref("CT3214568.searchInNewTabEnabledInHidden", "true");
Found : user_pref("CT3214568.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3214568.serviceLayer_service_login_is FirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Found : user_pref("CT3214568.serviceLayer_service_login_lo ginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Found : user_pref("CT3214568.serviceLayer_service_toolbarG rouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Found : user_pref("CT3214568.serviceLayer_service_toolbarG rouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Found : user_pref("CT3214568.serviceLayer_service_toolbarG rouping_activeToolbarName", "{\"dataType\":\"strin[...]
Found : user_pref("CT3214568.serviceLayer_service_toolbarG rouping_invoked", "{\"dataType\":\"string\",\"data[...]
Found : user_pref("CT3214568.serviceLayer_service_usage_to olbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Found : user_pref("CT3214568.serviceLayer_services_appTrac kingFirstTime_lastUpdate", "1346307154067");
Found : user_pref("CT3214568.serviceLayer_services_appTrac king_lastUpdate", "1345412499281");
Found : user_pref("CT3214568.serviceLayer_services_appsMet adata_lastUpdate", "1347091181087");
Found : user_pref("CT3214568.serviceLayer_services_gottenA ppsContextMenu_lastUpdate", "1346069587037");
Found : user_pref("CT3214568.serviceLayer_services_login_1 0.10.20.14_lastUpdate", "1346083862574");
Found : user_pref("CT3214568.serviceLayer_services_login_1 0.10.27.6_lastUpdate", "1347119996540");
Found : user_pref("CT3214568.serviceLayer_services_optimiz er_lastUpdate", "1346351036616");
Found : user_pref("CT3214568.serviceLayer_services_otherAp psContextMenu_lastUpdate", "1346069587073");
Found : user_pref("CT3214568.serviceLayer_services_searchA PI_lastUpdate", "1347091181259");
Found : user_pref("CT3214568.serviceLayer_services_service Map_lastUpdate", "1347091181067");
Found : user_pref("CT3214568.serviceLayer_services_toolbar ContextMenu_lastUpdate", "1346069586698");
Found : user_pref("CT3214568.serviceLayer_services_toolbar Settings_lastUpdate", "1347115618965");
Found : user_pref("CT3214568.serviceLayer_services_transla tion_lastUpdate", "1347091181457");
Found : user_pref("CT3214568.settingsINI", true);
Found : user_pref("CT3214568.shouldFirstTimeDialog", "false");
Found : user_pref("CT3214568.smartbar.CTID", "CT3214568");
Found : user_pref("CT3214568.smartbar.Uninstall", "0");
Found : user_pref("CT3214568.smartbar.homepage", true);
Found : user_pref("CT3214568.smartbar.toolbarName", "FreemakeTB ");
Found : user_pref("CT3214568.toolbarBornServerTime", "6-8-2012");
Found : user_pref("CT3214568.toolbarCurrentServerTime", "8-9-2012");
Found : user_pref("CT3214568.url_history0001", "hxxp://www.google.gr/url?sa=t&rct=j&q=%CF%87%CF%81%CF%85%CF%[...]
Found : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3214568&SearchSource=1[...]
Found : user_pref("Smartbar.ConduitSearchEngineList", "FreeMake Customized Web Search");
Found : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3214568[...]
Found : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.babylon.com/?babsrc=adbartrp&affID[...]
Found : user_pref("Smartbar.keywordURLSelectedCTID", "CT3214568");
Found : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Found : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
Found : user_pref("browser.search.order.1", "Search the web (Babylon)");
Found : user_pref("browser.search.selectedEngine", "FreeMake Customized Web Search");
Found : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3214568&SearchSource=13");
Found : user_pref("extensions.BabylonToolbar.admin", false);
Found : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Found : user_pref("extensions.BabylonToolbar.babExt", "");
Found : user_pref("extensions.BabylonToolbar.babTrack", "affID=101363");
Found : user_pref("extensions.BabylonToolbar.bbDpng", 6);
Found : user_pref("extensions.BabylonToolbar.dfltSrch", false);
Found : user_pref("extensions.BabylonToolbar.hmpg", false);
Found : user_pref("extensions.BabylonToolbar.id", "c85f62db0000000000000019db405218");
Found : user_pref("extensions.BabylonToolbar.instlDay", "15379");
Found : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Found : user_pref("extensions.BabylonToolbar.lastDP", 6);
Found : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.1721:21:09");
Found : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "8.0");
Found : user_pref("extensions.BabylonToolbar.newTab", false);
Found : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb");
Found : user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
Found : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Found : user_pref("extensions.BabylonToolbar.propectorlck", 69576808);
Found : user_pref("extensions.BabylonToolbar.prtkDS", 1);
Found : user_pref("extensions.BabylonToolbar.prtkHmpg", 1);
Found : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Found : user_pref("extensions.BabylonToolbar.ptch_0717", true);
Found : user_pref("extensions.BabylonToolbar.smplGrp", "none");
Found : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Found : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Found : user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17");
Found : user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.1721:21:09");
Found : user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17");
Found : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Found : user_pref("extensions.BabylonToolbar_i.babExt", "");
Found : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=101363");
Found : user_pref("extensions.BabylonToolbar_i.hardId", "c85f62db0000000000000019db405218");
Found : user_pref("extensions.BabylonToolbar_i.id", "c85f62db0000000000000019db405218");
Found : user_pref("extensions.BabylonToolbar_i.instlDay", "15379");
Found : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Found : user_pref("extensions.BabylonToolbar_i.newTab", false);
Found : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Found : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Found : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Found : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Found : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1721:21:09");
Found : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Found : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3214568&SearchSource=2&q=[...]
-\\ Google Chrome v [Unable to get version]
File : C:\Users\Dimitris\AppData\Local\Google\Chrome\User Data\Default\Preferences
Found [l.424] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT3214568&SearchSource=48&sspv=CHOB18" ]
Found [l.426] : homepage = "hxxp://search.conduit.com/?ctid=CT3214568&SearchSource=48&sspv=CHOB18",
*************************
AdwCleaner[R1].txt - [23395 octets] - [09/09/2012 01:41:34]
########## EOF - C:\AdwCleaner[R1].txt - [23456 octets] ##########
-
Dave,
adw cleaner ask me if i want to delete items found! should i click delete option or not!!
thanks again!!!
-
dear Dave,
i run all the updates on my pc and run again security check . here are the results!
Results of screen317's Security Check version 0.99.50
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````[/u]
Avira Desktop
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````[/u]
MVPS Hosts File
SUPERAntiSpyware
Trojan Remover 6.8.4
Malwarebytes Anti-Malware έκδοση 1.62.0.1300
CCleaner
Java 7 Update 7
Adobe Flash Player 11.1.102.55
Adobe Reader 8 Adobe Reader out of Date!
Mozilla Firefox (15.0.1)
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
````````Process Check: objlist.exe by Laurent````````[/u]
Windows Defender MSASCui.exe
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
Windows Defender MSASCui.exe
`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````[/u]
the results of adwcleaner too!
# AdwCleaner v2.000 - Logfile created 09/09/2012 at 21:17:52
# Updated 30/08/2012 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# User : Dimitris - DIMITRIS-PC
# Boot Mode : Normal
# Running from : C:\Users\Dimitris\Downloads\adwcleaner.exe
# Option [Search]
***** [Services] *****
***** [Files / Folders] *****
File Found : C:\Program Files\Mozilla FireFox\Components\AskSearch.js
File Found : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
File Found : C:\user.js
File Found : C:\Users\Dimitris\AppData\Roaming\Mozilla\Firefox\Profiles\sdhpvdui.default\searchplugins\Conduit.xml
Folder Found : C:\Program Files\Conduit
Folder Found : C:\Program Files\FreeMake
Folder Found : C:\Program Files\TorrentReactor.Net
Folder Found : C:\Program Files\Winamp Toolbar
Folder Found : C:\ProgramData\FreeMake
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeMake
Folder Found : C:\ProgramData\Winamp Toolbar
Folder Found : C:\Users\Dimitris\AppData\Local\Conduit
Folder Found : C:\Users\Dimitris\AppData\Local\Winamp Toolbar
Folder Found : C:\Users\Dimitris\AppData\LocalLow\BabylonToolbar
Folder Found : C:\Users\Dimitris\AppData\LocalLow\Conduit
Folder Found : C:\Users\Dimitris\AppData\LocalLow\facemoods.com
Folder Found : C:\Users\Dimitris\AppData\LocalLow\FreeMake
Folder Found : C:\Users\Dimitris\AppData\LocalLow\PriceGong
Folder Found : C:\Users\Dimitris\AppData\LocalLow\TorrentReactor.Net
Folder Found : C:\Users\Dimitris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeMake
Folder Found : C:\Users\Dimitris\AppData\Roaming\Mozilla\Firefox\Profiles\sdhpvdui.default\CT3214568
Folder Found : C:\Users\Dimitris\AppData\Roaming\Mozilla\Firefox\Profiles\sdhpvdui.default\extensions\{adca5064-9e30-43fe-9856-58b07a3149fe}
Folder Found : C:\Users\Dimitris\AppData\Roaming\Mozilla\Firefox\Profiles\sdhpvdui.default\extensions\[email protected]
Folder Found : C:\Users\Dimitris\AppData\Roaming\Mozilla\Firefox\Profiles\sdhpvdui.default\Smartbar
Folder Found : C:\Users\Dimitris\Documents\FreeMake
***** [Registry] *****
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\Freemake
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AppDataLow\Software\TorrentReactor.Net
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\BrowserCompanion
Key Found : HKCU\Software\Freemake
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\facemoods
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FreeMake Toolbar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\TorrentReactor.Net Toolbar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Winamp Toolbar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{ADCA5064-9E30-43FE-9856-58B07A3149FE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B23920F4-4C2F-412B-9450-1D7028D5454E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{04CEFF5B-A46D-4417-8018-43A059BDF9A6}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9A4D1490-F317-4D7C-A2FA-5A0FE233331F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ADCA5064-9E30-43FE-9856-58B07A3149FE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B23920F4-4C2F-412B-9450-1D7028D5454E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Key Found : HKCU\Software\Winamp Toolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\winamptbServer.exe
Key Found : HKLM\SOFTWARE\Classes\b
Key Found : HKLM\SOFTWARE\Classes\CLSID\{04CEFF5B-A46D-4417-8018-43A059BDF9A6}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6EF4E91D-DDD5-4478-BCA7-DA04435934C0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{801FD5AC-90F0-4FE9-A8A3-AA98A3B4F6AD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{841FD004-57A2-4B49-BBDB-5897394619DB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9A4D1490-F317-4D7C-A2FA-5A0FE233331F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{ADCA5064-9E30-43FE-9856-58B07A3149FE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B23920F4-4C2F-412B-9450-1D7028D5454E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B38D6EDE-390B-4620-8365-29E16459EBDA}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BB468DEB-B219-4BAE-BA7E-A8000B6AF0A3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F20F11FD-203E-45A9-B7BB-AFC1B4FEA7A6}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FE178B09-C8AA-4734-804D-1849BCCA0C29}
Key Found : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
Key Found : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
Key Found : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{0F54B66A-21CF-4548-AE59-A6B83EE6676F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{51A971CA-D36E-4D13-A799-2CF0A491D04D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{56FBEA9F-EF93-4318-B75F-A96FC7C7BD7B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{78B3C85E-44FF-4DC8-B3AD-156F39DC75E5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{841FD004-57A2-4B49-BBDB-5897394619DB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E1164984-B567-47BD-A7FF-240C2594404A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E19FDA06-5BDF-43C2-B794-BCD8A4C2051F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FAB076F5-E4DD-4EA4-AFEE-F18BF972B057}
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT1561457
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3214568
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{538CD77C-BFDD-49B0-9562-77419CAB89D1}
Key Found : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
Key Found : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
Key Found : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch
Key Found : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch.1
Key Found : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand
Key Found : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand.1
Key Found : HKLM\SOFTWARE\Classes\WinampTb.Downloader
Key Found : HKLM\SOFTWARE\Classes\WinampTb.Downloader.1
Key Found : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo
Key Found : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo.1
Key Found : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams
Key Found : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams.1
Key Found : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper
Key Found : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper.1
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\Freemake
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\clbfjfbnelcflpgpklppgplejolacbej
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ibgfbdggapddbjjbopabhlhianklajie
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{12911484-55A2-4151-9A28-E08DF7015DBC}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{81EFB41B-2381-4EC1-B366-BB93AECD9F1B}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{04CEFF5B-A46D-4417-8018-43A059BDF9A6}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9A4D1490-F317-4D7C-A2FA-5A0FE233331F}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FreeMake Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TorrentReactor.Net Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Winamp Toolbar
Key Found : HKLM\Software\TorrentReactor.Net
Key Found : HKLM\Software\Winamp Toolbar
Key Found : HKU\S-1-5-21-1896998450-3613239171-3286227423-1002\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKU\S-1-5-21-1896998450-3613239171-3286227423-1002\Software\Microsoft\Internet Explorer\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}
Key Found : HKU\S-1-5-21-1896998450-3613239171-3286227423-1002\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKU\S-1-5-21-1896998450-3613239171-3286227423-1002\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
Key Found : HKU\S-1-5-21-1896998450-3613239171-3286227423-1002\Software\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{1BB22D38-A411-4B13-A746-C2A4F4EC7344}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{3041D03E-FD4B-44E0-B742-2D9B88305F98}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{ADCA5064-9E30-43FE-9856-58B07A3149FE}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{B23920F4-4C2F-412B-9450-1D7028D5454E}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{ADCA5064-9E30-43FE-9856-58B07A3149FE}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{1BB22D38-A411-4B13-A746-C2A4F4EC7344}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{ADCA5064-9E30-43FE-9856-58B07A3149FE}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B23920F4-4C2F-412B-9450-1D7028D5454E}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{ADCA5064-9E30-43FE-9856-58B07A3149FE}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{B23920F4-4C2F-412B-9450-1D7028D5454E}]
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Registry is clean.
-\\ Mozilla Firefox v15.0.1 (el)
Profile name : default
File : C:\Users\Dimitris\AppData\Roaming\Mozilla\Firefox\Profiles\sdhpvdui.default\prefs.js
Found : user_pref("CT3214568.1000082.isPlayDisplay", "true");
Found : user_pref("CT3214568.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]
Found : user_pref("CT3214568.1000234.TWC_TMP_city", "ATHENS");
Found : user_pref("CT3214568.1000234.TWC_TMP_country", "GR");
Found : user_pref("CT3214568.1000234.TWC_locId", "GRXX0004");
Found : user_pref("CT3214568.1000234.TWC_location", "Athens, Greece");
Found : user_pref("CT3214568.1000234.TWC_region", "OT");
Found : user_pref("CT3214568.1000234.TWC_temp_dis", "c");
Found : user_pref("CT3214568.1000234.TWC_wind_dis", "kmh");
Found : user_pref("CT3214568.1000234.weatherData", "{\"icon\":\"33.png\",\"temperature\":\"24°C\",\"temperat[...]
Found : user_pref("CT3214568.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3214568.ENABLE_RETURN_WEB_SEARCH_ON_T HE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Found : user_pref("CT3214568.FirstTime", "true");
Found : user_pref("CT3214568.FirstTimeFF3", "true");
Found : user_pref("CT3214568.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT321[...]
Found : user_pref("CT3214568.UserID", "UN61010824010489033");
Found : user_pref("CT3214568.addressBarTakeOverEnabledInHi dden", "true");
Found : user_pref("CT3214568.autoDisableScopes", -1);
Found : user_pref("CT3214568.browser.search.defaultthis.en gineName", true);
Found : user_pref("CT3214568.cb_experience_000", "4");
Found : user_pref("CT3214568.cb_firstuse0100", "1");
Found : user_pref("CT3214568.cbcountry_001", "GR");
Found : user_pref("CT3214568.cbfirsttime", "Mon Aug 06 2012 21:50:24 GMT+0300");
Found : user_pref("CT3214568.defaultSearch", "true");
Found : user_pref("CT3214568.embeddedsData", "[{\"appId\":\"10000002\",\"apiPermissions\":{\"crossDomainAjax[...]
Found : user_pref("CT3214568.enableAlerts", "always");
Found : user_pref("CT3214568.enableSearchFromAddressBar", "true");
Found : user_pref("CT3214568.firstTimeDialogOpened", "true");
Found : user_pref("CT3214568.fixPageNotFoundError", "true");
Found : user_pref("CT3214568.fixPageNotFoundErrorInHidden", "true");
Found : user_pref("CT3214568.fixUrls", true);
Found : user_pref("CT3214568.hxxp___www_socialgrowthtechno logies_com_couponbuddy_v001.APP_WIN_FEA TURES", "op[...]
Found : user_pref("CT3214568.installId", "ConduitNSISIntegration");
Found : user_pref("CT3214568.installType", "ConduitNSISIntegration");
Found : user_pref("CT3214568.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3214568.isNewTabEnabled", true);
Found : user_pref("CT3214568.isPerformedSmartBarTransition", "true");
Found : user_pref("CT3214568.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Found : user_pref("CT3214568.keyword", true);
Found : user_pref("CT3214568.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%[...]
Found : user_pref("CT3214568.openThankYouPage", "false");
Found : user_pref("CT3214568.openUninstallPage", "true");
Found : user_pref("CT3214568.search.searchAppId", "10000002");
Found : user_pref("CT3214568.search.searchCount", "1");
Found : user_pref("CT3214568.searchInNewTabEnabledInHidden", "true");
Found : user_pref("CT3214568.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3214568.serviceLayer_service_login_is FirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Found : user_pref("CT3214568.serviceLayer_service_login_lo ginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Found : user_pref("CT3214568.serviceLayer_service_toolbarG rouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Found : user_pref("CT3214568.serviceLayer_service_toolbarG rouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Found : user_pref("CT3214568.serviceLayer_service_toolbarG rouping_activeToolbarName", "{\"dataType\":\"strin[...]
Found : user_pref("CT3214568.serviceLayer_service_toolbarG rouping_invoked", "{\"dataType\":\"string\",\"data[...]
Found : user_pref("CT3214568.serviceLayer_service_usage_to olbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Found : user_pref("CT3214568.serviceLayer_services_appTrac kingFirstTime_lastUpdate", "1347171157638");
Found : user_pref("CT3214568.serviceLayer_services_appTrac king_lastUpdate", "1345412499281");
Found : user_pref("CT3214568.serviceLayer_services_appsMet adata_lastUpdate", "1347177593886");
Found : user_pref("CT3214568.serviceLayer_services_gottenA ppsContextMenu_lastUpdate", "1346069587037");
Found : user_pref("CT3214568.serviceLayer_services_login_1 0.10.20.14_lastUpdate", "1346083862574");
Found : user_pref("CT3214568.serviceLayer_services_login_1 0.10.27.6_lastUpdate", "1347202856160");
Found : user_pref("CT3214568.serviceLayer_services_optimiz er_lastUpdate", "1346351036616");
Found : user_pref("CT3214568.serviceLayer_services_otherAp psContextMenu_lastUpdate", "1346069587073");
Found : user_pref("CT3214568.serviceLayer_services_searchA PI_lastUpdate", "1347177595344");
Found : user_pref("CT3214568.serviceLayer_services_service Map_lastUpdate", "1347177593841");
Found : user_pref("CT3214568.serviceLayer_services_toolbar ContextMenu_lastUpdate", "1346069586698");
Found : user_pref("CT3214568.serviceLayer_services_toolbar Settings_lastUpdate", "1347210058336");
Found : user_pref("CT3214568.serviceLayer_services_transla tion_lastUpdate", "1347177594426");
Found : user_pref("CT3214568.settingsINI", true);
Found : user_pref("CT3214568.shouldFirstTimeDialog", "false");
Found : user_pref("CT3214568.smartbar.CTID", "CT3214568");
Found : user_pref("CT3214568.smartbar.Uninstall", "0");
Found : user_pref("CT3214568.smartbar.homepage", true);
Found : user_pref("CT3214568.smartbar.toolbarName", "FreemakeTB ");
Found : user_pref("CT3214568.toolbarBornServerTime", "6-8-2012");
Found : user_pref("CT3214568.toolbarCurrentServerTime", "9-9-2012");
Found : user_pref("CT3214568.url_history0001", "hxxp://www.tacticalshop.gr/airsoft-umarex-co2-heckler-koch-p[...]
Found : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3214568&SearchSource=1[...]
Found : user_pref("Smartbar.ConduitSearchEngineList", "FreeMake Customized Web Search");
Found : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3214568[...]
Found : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.babylon.com/?babsrc=adbartrp&affID[...]
Found : user_pref("Smartbar.keywordURLSelectedCTID", "CT3214568");
Found : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Found : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
Found : user_pref("browser.search.order.1", "Search the web (Babylon)");
Found : user_pref("browser.search.selectedEngine", "FreeMake Customized Web Search");
Found : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3214568&SearchSource=13");
Found : user_pref("extensions.BabylonToolbar.admin", false);
Found : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Found : user_pref("extensions.BabylonToolbar.babExt", "");
Found : user_pref("extensions.BabylonToolbar.babTrack", "affID=101363");
Found : user_pref("extensions.BabylonToolbar.bbDpng", 6);
Found : user_pref("extensions.BabylonToolbar.dfltSrch", false);
Found : user_pref("extensions.BabylonToolbar.hmpg", false);
Found : user_pref("extensions.BabylonToolbar.id", "c85f62db0000000000000019db405218");
Found : user_pref("extensions.BabylonToolbar.instlDay", "15379");
Found : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Found : user_pref("extensions.BabylonToolbar.lastDP", 6);
Found : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.1721:21:09");
Found : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "8.0");
Found : user_pref("extensions.BabylonToolbar.newTab", false);
Found : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb");
Found : user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
Found : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Found : user_pref("extensions.BabylonToolbar.propectorlck", 69576808);
Found : user_pref("extensions.BabylonToolbar.prtkDS", 1);
Found : user_pref("extensions.BabylonToolbar.prtkHmpg", 1);
Found : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Found : user_pref("extensions.BabylonToolbar.ptch_0717", true);
Found : user_pref("extensions.BabylonToolbar.smplGrp", "none");
Found : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Found : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Found : user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17");
Found : user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.1721:21:09");
Found : user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17");
Found : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Found : user_pref("extensions.BabylonToolbar_i.babExt", "");
Found : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=101363");
Found : user_pref("extensions.BabylonToolbar_i.hardId", "c85f62db0000000000000019db405218");
Found : user_pref("extensions.BabylonToolbar_i.id", "c85f62db0000000000000019db405218");
Found : user_pref("extensions.BabylonToolbar_i.instlDay", "15379");
Found : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Found : user_pref("extensions.BabylonToolbar_i.newTab", false);
Found : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Found : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Found : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Found : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Found : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1721:21:09");
Found : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Found : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3214568&SearchSource=2&q=[...]
-\\ Google Chrome v [Unable to get version]
File : C:\Users\Dimitris\AppData\Local\Google\Chrome\User Data\Default\Preferences
Found [l.424] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT3214568&SearchSource=48&sspv=CHOB18" ]
Found [l.426] : homepage = "hxxp://search.conduit.com/?ctid=CT3214568&SearchSource=48&sspv=CHOB18",
*************************
AdwCleaner[R1].txt - [23526 octets] - [09/09/2012 01:41:34]
AdwCleaner[R2].txt - [23587 octets] - [09/09/2012 01:49:27]
AdwCleaner[R3].txt - [23648 octets] - [09/09/2012 01:49:46]
AdwCleaner[R4].txt - [22906 octets] - [09/09/2012 21:17:52]
########## EOF - C:\AdwCleaner[R4].txt - [22967 octets] ##########
mbam keeps findind the same virus and cannot destroy it after reboot!
i have also deleted screensaver because at first mbam showed the file of screensaver as infected.
I am looking forward for your instructions , telling me what else needed to be with the pc.
thanks in advance ! you are number 1!
-
Remove the Adware:
- Please close all open programs and internet browsers.
- Double click on adwcleaner.exe to run the tool.
- Click on Delete.
- Confirm each time with OK
- Your computer will be rebooted automatically. A text file will open after the restart.
- Please post the content of that logfile in your reply.
- You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.
************************************************************************
Download Combofix from any of the links below, and save it to your DESKTOP.
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
Link 3 (http://subs.geekstogo.com/ComboFix.exe)
To prevent your anti-virus application interfering with ComboFix we need to disable it. See here (http://www.pchelpforum.com/anti-virus/110194-how-disable-your-security-applications-4.html) for a tutorial regarding how to do so if you are unsure.
- Close any open windows and double click ComboFix.exe to run it.
You will see the following image:
(http://i424.photobucket.com/albums/pp322/digistar/NSIS_disclaimer_ENG.png)
Click I Agree to start the program.
ComboFix will then extract the necessary files and you will see this:
(http://i424.photobucket.com/albums/pp322/digistar/NSIS_extraction.png)
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7
It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
If you did not have it installed, you will see the prompt below. Choose YES.
(http://i424.photobucket.com/albums/pp322/digistar/RcAuto1.gif)
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
(http://i424.photobucket.com/albums/pp322/digistar/whatnext.png)
Click on Yes, to continue scanning for malware.
When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.
Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.
-
dear Dave step 1 done!
# AdwCleaner v2.000 - Logfile created 09/10/2012 at 06:57:33
# Updated 30/08/2012 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# User : Dimitris - DIMITRIS-PC
# Boot Mode : Normal
# Running from : C:\Users\Dimitris\Downloads\adwcleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
File Deleted : C:\Program Files\Mozilla FireFox\Components\AskSearch.js
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\user.js
File Deleted : C:\Users\Dimitris\AppData\Roaming\Mozilla\Firefox\Profiles\sdhpvdui.default\searchplugins\Conduit.xml
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\FreeMake
Folder Deleted : C:\Program Files\TorrentReactor.Net
Folder Deleted : C:\Program Files\Winamp Toolbar
Folder Deleted : C:\ProgramData\FreeMake
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeMake
Folder Deleted : C:\ProgramData\Winamp Toolbar
Folder Deleted : C:\Users\Dimitris\AppData\Local\Conduit
Folder Deleted : C:\Users\Dimitris\AppData\Local\Winamp Toolbar
Folder Deleted : C:\Users\Dimitris\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Dimitris\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Dimitris\AppData\LocalLow\facemoods.com
Folder Deleted : C:\Users\Dimitris\AppData\LocalLow\FreeMake
Folder Deleted : C:\Users\Dimitris\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Dimitris\AppData\LocalLow\TorrentReactor.Net
Folder Deleted : C:\Users\Dimitris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeMake
Folder Deleted : C:\Users\Dimitris\AppData\Roaming\Mozilla\Firefox\Profiles\sdhpvdui.default\CT3214568
Folder Deleted : C:\Users\Dimitris\AppData\Roaming\Mozilla\Firefox\Profiles\sdhpvdui.default\extensions\{adca5064-9e30-43fe-9856-58b07a3149fe}
Folder Deleted : C:\Users\Dimitris\AppData\Roaming\Mozilla\Firefox\Profiles\sdhpvdui.default\extensions\[email protected]
Folder Deleted : C:\Users\Dimitris\AppData\Roaming\Mozilla\Firefox\Profiles\sdhpvdui.default\Smartbar
Folder Deleted : C:\Users\Dimitris\Documents\FreeMake
***** [Registry] *****
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Freemake
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\TorrentReactor.Net
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\BrowserCompanion
Key Deleted : HKCU\Software\Freemake
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\facemoods
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FreeMake Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\TorrentReactor.Net Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Winamp Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{ADCA5064-9E30-43FE-9856-58B07A3149FE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B23920F4-4C2F-412B-9450-1D7028D5454E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{04CEFF5B-A46D-4417-8018-43A059BDF9A6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9A4D1490-F317-4D7C-A2FA-5A0FE233331F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ADCA5064-9E30-43FE-9856-58B07A3149FE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B23920F4-4C2F-412B-9450-1D7028D5454E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Key Deleted : HKCU\Software\Winamp Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\winamptbServer.exe
Key Deleted : HKLM\SOFTWARE\Classes\b
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{04CEFF5B-A46D-4417-8018-43A059BDF9A6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6EF4E91D-DDD5-4478-BCA7-DA04435934C0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{801FD5AC-90F0-4FE9-A8A3-AA98A3B4F6AD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{841FD004-57A2-4B49-BBDB-5897394619DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9A4D1490-F317-4D7C-A2FA-5A0FE233331F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADCA5064-9E30-43FE-9856-58B07A3149FE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B23920F4-4C2F-412B-9450-1D7028D5454E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B38D6EDE-390B-4620-8365-29E16459EBDA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BB468DEB-B219-4BAE-BA7E-A8000B6AF0A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F20F11FD-203E-45A9-B7BB-AFC1B4FEA7A6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE178B09-C8AA-4734-804D-1849BCCA0C29}
Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0F54B66A-21CF-4548-AE59-A6B83EE6676F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{51A971CA-D36E-4D13-A799-2CF0A491D04D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{56FBEA9F-EF93-4318-B75F-A96FC7C7BD7B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{78B3C85E-44FF-4DC8-B3AD-156F39DC75E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{841FD004-57A2-4B49-BBDB-5897394619DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1164984-B567-47BD-A7FF-240C2594404A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E19FDA06-5BDF-43C2-B794-BCD8A4C2051F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FAB076F5-E4DD-4EA4-AFEE-F18BF972B057}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1561457
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3214568
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{538CD77C-BFDD-49B0-9562-77419CAB89D1}
Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch.1
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand.1
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.Downloader
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.Downloader.1
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo.1
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams.1
Key Deleted : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper
Key Deleted : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Freemake
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\clbfjfbnelcflpgpklppgplejolacbej
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ibgfbdggapddbjjbopabhlhianklajie
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{12911484-55A2-4151-9A28-E08DF7015DBC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{81EFB41B-2381-4EC1-B366-BB93AECD9F1B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{04CEFF5B-A46D-4417-8018-43A059BDF9A6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9A4D1490-F317-4D7C-A2FA-5A0FE233331F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FreeMake Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TorrentReactor.Net Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Winamp Toolbar
Key Deleted : HKLM\Software\TorrentReactor.Net
Key Deleted : HKLM\Software\Winamp Toolbar
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{1BB22D38-A411-4B13-A746-C2A4F4EC7344}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{3041D03E-FD4B-44E0-B742-2D9B88305F98}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{ADCA5064-9E30-43FE-9856-58B07A3149FE}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{B23920F4-4C2F-412B-9450-1D7028D5454E}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{ADCA5064-9E30-43FE-9856-58B07A3149FE}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{1BB22D38-A411-4B13-A746-C2A4F4EC7344}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{ADCA5064-9E30-43FE-9856-58B07A3149FE}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B23920F4-4C2F-412B-9450-1D7028D5454E}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{ADCA5064-9E30-43FE-9856-58B07A3149FE}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{B23920F4-4C2F-412B-9450-1D7028D5454E}]
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
-\\ Mozilla Firefox v15.0.1 (el)
Profile name : default
File : C:\Users\Dimitris\AppData\Roaming\Mozilla\Firefox\Profiles\sdhpvdui.default\prefs.js
C:\Users\Dimitris\AppData\Roaming\Mozilla\Firefox\Profiles\sdhpvdui.default\user.js ... Deleted !
Deleted : user_pref("CT3214568.1000082.isPlayDisplay", "true");
Deleted : user_pref("CT3214568.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]
Deleted : user_pref("CT3214568.1000234.TWC_TMP_city", "ATHENS");
Deleted : user_pref("CT3214568.1000234.TWC_TMP_country", "GR");
Deleted : user_pref("CT3214568.1000234.TWC_locId", "GRXX0004");
Deleted : user_pref("CT3214568.1000234.TWC_location", "Athens, Greece");
Deleted : user_pref("CT3214568.1000234.TWC_region", "OT");
Deleted : user_pref("CT3214568.1000234.TWC_temp_dis", "c");
Deleted : user_pref("CT3214568.1000234.TWC_wind_dis", "kmh");
Deleted : user_pref("CT3214568.1000234.weatherData", "{\"icon\":\"33.png\",\"temperature\":\"24°C\",\"temperat[...]
Deleted : user_pref("CT3214568.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3214568.ENABLE_RETURN_WEB_SEARCH_ON_T HE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Deleted : user_pref("CT3214568.FirstTime", "true");
Deleted : user_pref("CT3214568.FirstTimeFF3", "true");
Deleted : user_pref("CT3214568.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT321[...]
Deleted : user_pref("CT3214568.UserID", "UN61010824010489033");
Deleted : user_pref("CT3214568.addressBarTakeOverEnabledInHi dden", "true");
Deleted : user_pref("CT3214568.autoDisableScopes", -1);
Deleted : user_pref("CT3214568.browser.search.defaultthis.en gineName", true);
Deleted : user_pref("CT3214568.cb_experience_000", "4");
Deleted : user_pref("CT3214568.cb_firstuse0100", "1");
Deleted : user_pref("CT3214568.cbcountry_001", "GR");
Deleted : user_pref("CT3214568.cbfirsttime", "Mon Aug 06 2012 21:50:24 GMT+0300");
Deleted : user_pref("CT3214568.defaultSearch", "true");
Deleted : user_pref("CT3214568.embeddedsData", "[{\"appId\":\"10000002\",\"apiPermissions\":{\"crossDomainAjax[...]
Deleted : user_pref("CT3214568.enableAlerts", "always");
Deleted : user_pref("CT3214568.enableSearchFromAddressBar", "true");
Deleted : user_pref("CT3214568.firstTimeDialogOpened", "true");
Deleted : user_pref("CT3214568.fixPageNotFoundError", "true");
Deleted : user_pref("CT3214568.fixPageNotFoundErrorInHidden", "true");
Deleted : user_pref("CT3214568.fixUrls", true);
Deleted : user_pref("CT3214568.hxxp___www_socialgrowthtechno logies_com_couponbuddy_v001.APP_WIN_FEA TURES", "op[...]
Deleted : user_pref("CT3214568.installId", "ConduitNSISIntegration");
Deleted : user_pref("CT3214568.installType", "ConduitNSISIntegration");
Deleted : user_pref("CT3214568.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3214568.isNewTabEnabled", true);
Deleted : user_pref("CT3214568.isPerformedSmartBarTransition", "true");
Deleted : user_pref("CT3214568.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Deleted : user_pref("CT3214568.keyword", true);
Deleted : user_pref("CT3214568.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%[...]
Deleted : user_pref("CT3214568.openThankYouPage", "false");
Deleted : user_pref("CT3214568.openUninstallPage", "true");
Deleted : user_pref("CT3214568.search.searchAppId", "10000002");
Deleted : user_pref("CT3214568.search.searchCount", "1");
Deleted : user_pref("CT3214568.searchInNewTabEnabledInHidden", "true");
Deleted : user_pref("CT3214568.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3214568.serviceLayer_service_login_is FirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Deleted : user_pref("CT3214568.serviceLayer_service_login_lo ginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Deleted : user_pref("CT3214568.serviceLayer_service_toolbarG rouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Deleted : user_pref("CT3214568.serviceLayer_service_toolbarG rouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3214568.serviceLayer_service_toolbarG rouping_activeToolbarName", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3214568.serviceLayer_service_toolbarG rouping_invoked", "{\"dataType\":\"string\",\"data[...]
Deleted : user_pref("CT3214568.serviceLayer_service_usage_to olbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Deleted : user_pref("CT3214568.serviceLayer_services_appTrac kingFirstTime_lastUpdate", "1347171157638");
Deleted : user_pref("CT3214568.serviceLayer_services_appTrac king_lastUpdate", "1345412499281");
Deleted : user_pref("CT3214568.serviceLayer_services_appsMet adata_lastUpdate", "1347177593886");
Deleted : user_pref("CT3214568.serviceLayer_services_gottenA ppsContextMenu_lastUpdate", "1346069587037");
Deleted : user_pref("CT3214568.serviceLayer_services_login_1 0.10.20.14_lastUpdate", "1346083862574");
Deleted : user_pref("CT3214568.serviceLayer_services_login_1 0.10.27.6_lastUpdate", "1347246069173");
Deleted : user_pref("CT3214568.serviceLayer_services_optimiz er_lastUpdate", "1346351036616");
Deleted : user_pref("CT3214568.serviceLayer_services_otherAp psContextMenu_lastUpdate", "1346069587073");
Deleted : user_pref("CT3214568.serviceLayer_services_searchA PI_lastUpdate", "1347177595344");
Deleted : user_pref("CT3214568.serviceLayer_services_service Map_lastUpdate", "1347177593841");
Deleted : user_pref("CT3214568.serviceLayer_services_toolbar ContextMenu_lastUpdate", "1346069586698");
Deleted : user_pref("CT3214568.serviceLayer_services_toolbar Settings_lastUpdate", "1347246095080");
Deleted : user_pref("CT3214568.serviceLayer_services_transla tion_lastUpdate", "1347177594426");
Deleted : user_pref("CT3214568.settingsINI", true);
Deleted : user_pref("CT3214568.shouldFirstTimeDialog", "false");
Deleted : user_pref("CT3214568.smartbar.CTID", "CT3214568");
Deleted : user_pref("CT3214568.smartbar.Uninstall", "0");
Deleted : user_pref("CT3214568.smartbar.homepage", true);
Deleted : user_pref("CT3214568.smartbar.toolbarName", "FreemakeTB ");
Deleted : user_pref("CT3214568.toolbarBornServerTime", "6-8-2012");
Deleted : user_pref("CT3214568.toolbarCurrentServerTime", "10-9-2012");
Deleted : user_pref("CT3214568.url_history0001", "hxxp://www.facebook.com/photo.php?fbid=103428316469655&set=a[...]
Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3214568&SearchSource=1[...]
Deleted : user_pref("Smartbar.ConduitSearchEngineList", "FreeMake Customized Web Search");
Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3214568[...]
Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.babylon.com/?babsrc=adbartrp&affID[...]
Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3214568");
Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Deleted : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)");
Deleted : user_pref("browser.search.selectedEngine", "FreeMake Customized Web Search");
Deleted : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3214568&SearchSource=13");
Deleted : user_pref("extensions.BabylonToolbar.admin", false);
Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar.babTrack", "affID=101363");
Deleted : user_pref("extensions.BabylonToolbar.bbDpng", 6);
Deleted : user_pref("extensions.BabylonToolbar.dfltSrch", false);
Deleted : user_pref("extensions.BabylonToolbar.hmpg", false);
Deleted : user_pref("extensions.BabylonToolbar.id", "c85f62db0000000000000019db405218");
Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15379");
Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar.lastDP", 6);
Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.1721:21:09");
Deleted : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "8.0");
Deleted : user_pref("extensions.BabylonToolbar.newTab", false);
Deleted : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb");
Deleted : user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar.propectorlck", 69576808);
Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 1);
Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 1);
Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar.ptch_0717", true);
Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.1721:21:09");
Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=101363");
Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "c85f62db0000000000000019db405218");
Deleted : user_pref("extensions.BabylonToolbar_i.id", "c85f62db0000000000000019db405218");
Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15379");
Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar_i.newTab", false);
Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1721:21:09");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3214568&SearchSource=2&q=[...]
-\\ Google Chrome v [Unable to get version]
File : C:\Users\Dimitris\AppData\Local\Google\Chrome\User Data\Default\Preferences
Deleted [l.424] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT3214568&SearchSource=48&sspv=CHOB18" ]
Deleted [l.426] : homepage = "hxxp://search.conduit.com/?ctid=CT3214568&SearchSource=48&sspv=CHOB18",
*************************
AdwCleaner[R1].txt - [23526 octets] - [09/09/2012 01:41:34]
AdwCleaner[R2].txt - [23587 octets] - [09/09/2012 01:49:27]
AdwCleaner[R3].txt - [23648 octets] - [09/09/2012 01:49:46]
AdwCleaner[R4].txt - [23037 octets] - [09/09/2012 21:17:52]
AdwCleaner[S1].txt - [23257 octets] - [10/09/2012 06:57:33]
########## EOF - C:\AdwCleaner[S1].txt - [23318 octets] ##########
you will have to give me time for the next step!
thanks again!!!
-
Super Dave,
i finally have the results of combofix
ComboFix 12-09-10.03 - Dimitris 10/09/2012 21:00:50.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1253.30.1032.18.2046.1203 [GMT 3:00]
Running from: c:\users\Dimitris\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Dimitris\AppData\Roaming\inst.exe
c:\users\Dimitris\AppData\Roaming\screensaver_Beach.scr
c:\users\Dimitris\AppData\Roaming\vso_ts_preview.xml
c:\users\Dimitris\family_tree_builder_1198.exe
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\WinRAR
c:\windows\WinRAR\uninstall.exe
.
Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_RKHIT
-------\Service_RkHit
.
.
((((((((((((((((((((((((( Files Created from 2012-08-10 to 2012-09-10 )))))))))))))))))))))))))))))))
.
.
2012-09-10 18:09 . 2012-09-10 18:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-09 17:30 . 2012-09-09 17:30 -------- d-----w- c:\windows\el
2012-09-09 17:29 . 2010-09-22 21:21 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2012-09-09 17:14 . 2012-03-01 14:46 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-09-09 17:14 . 2012-02-29 14:08 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-09-09 17:14 . 2012-02-29 13:44 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-09-09 17:14 . 2012-02-29 13:41 1069056 ----a-w- c:\windows\system32\DWrite.dll
2012-09-09 17:14 . 2012-03-01 14:46 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-09-09 16:07 . 2012-09-09 16:07 -------- d-----w- c:\program files\Windows Portable Devices
2012-09-09 13:35 . 2012-09-09 13:35 469256 ----a-w- c:\program files\Common Files\Windows Live\.cache\f722c6881cd8e8f2c\InstallManager_WLE_WLE.exe
2012-09-09 13:34 . 2012-09-09 13:34 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\e37d5c061cd8e8f20\MeshBetaRemover.exe
2012-09-09 13:34 . 2012-09-09 13:34 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\d056e4a81cd8e8f18\DSETUP.dll
2012-09-09 13:34 . 2012-09-09 13:34 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\d056e4a81cd8e8f18\DXSETUP.exe
2012-09-09 13:34 . 2012-09-09 13:34 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\d056e4a81cd8e8f18\dsetup32.dll
2012-09-09 13:34 . 2012-09-09 13:34 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\cf42f0fc1cd8e8f17\DSETUP.dll
2012-09-09 13:34 . 2012-09-09 13:34 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\cf42f0fc1cd8e8f17\DXSETUP.exe
2012-09-09 13:34 . 2012-09-09 13:34 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\cf42f0fc1cd8e8f17\dsetup32.dll
2012-09-09 13:32 . 2012-09-10 12:00 -------- d-----w- c:\users\Dimitris\AppData\Local\Windows Live
2012-09-09 13:21 . 2009-10-01 01:02 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2012-09-09 13:21 . 2009-10-01 01:01 40448 ----a-w- c:\windows\system32\drivers\WpdUsb.sys
2012-09-09 13:21 . 2009-10-01 01:01 839168 ----a-w- c:\windows\system32\drivers\UMDF\WpdMtpDr.dll
2012-09-09 13:09 . 2012-02-29 15:09 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-09-09 13:09 . 2012-02-29 13:32 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-09-09 12:38 . 2012-09-09 12:38 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-09 12:38 . 2012-09-09 12:38 478720 ----a-w- c:\windows\system32\dxgi.dll
2012-09-09 12:38 . 2012-09-09 12:38 189952 ----a-w- c:\windows\system32\d3d10core.dll
2012-09-09 12:38 . 2012-09-09 12:38 1029120 ----a-w- c:\windows\system32\d3d10.dll
2012-09-09 12:38 . 2012-09-09 12:38 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2012-09-09 12:38 . 2012-09-09 12:38 37376 ----a-w- c:\windows\system32\cdd.dll
2012-09-09 12:37 . 2012-09-09 12:37 519680 ----a-w- c:\windows\system32\d3d11.dll
2012-09-09 12:37 . 2012-09-09 12:37 252928 ----a-w- c:\windows\system32\dxdiag.exe
2012-09-09 12:37 . 2012-09-09 12:37 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2012-09-09 12:02 . 2011-03-02 15:44 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
2012-09-09 12:02 . 2009-05-04 09:59 25088 ----a-w- c:\windows\system32\dnscacheugc.exe
2012-09-09 12:01 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll
2012-09-09 12:01 . 2011-03-03 15:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2012-09-09 12:01 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2012-09-09 12:01 . 2011-02-22 13:33 797696 ----a-w- c:\windows\system32\FntCache.dll
2012-09-09 11:59 . 2012-04-23 16:00 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-09-09 11:59 . 2012-04-23 16:00 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-09-09 11:59 . 2012-04-23 16:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-09-09 11:59 . 2010-12-28 15:53 253952 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2012-09-09 11:59 . 2010-12-28 15:53 241664 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2012-09-09 11:59 . 2010-12-28 15:53 57344 ----a-w- c:\program files\Common Files\System\msadc\msadcs.dll
2012-09-09 11:59 . 2010-12-28 15:53 180224 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2012-09-09 11:59 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2012-09-09 11:58 . 2011-07-06 15:31 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2012-09-09 11:58 . 2011-04-29 13:24 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2012-09-09 11:58 . 2011-04-29 13:24 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2012-09-09 11:58 . 2010-01-29 15:40 1616384 ----a-w- c:\program files\Windows Mail\msoe.dll
2012-09-09 11:58 . 2010-08-31 15:44 531968 ----a-w- c:\windows\system32\comctl32.dll
2012-09-09 11:58 . 2011-04-14 14:59 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
2012-09-09 11:58 . 2011-05-02 17:16 739328 ----a-w- c:\windows\system32\inetcomm.dll
2012-09-09 11:56 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll
2012-09-09 11:56 . 2012-06-05 16:47 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-09-09 11:55 . 2012-03-30 12:39 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-09 11:55 . 2011-02-18 14:03 305152 ----a-w- c:\windows\system32\drivers\srv.sys
2012-09-09 11:55 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-09-09 11:55 . 2010-05-27 20:08 81920 ----a-w- c:\windows\system32\iccvid.dll
2012-09-09 11:55 . 2010-06-17 18:08 10926592 ----a-w- c:\program files\Movie Maker\MOVIEMK.dll
2012-09-09 11:55 . 2010-06-17 16:16 150016 ----a-w- c:\program files\Movie Maker\MOVIEMK.exe
2012-09-09 11:55 . 2011-02-22 13:23 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2012-09-09 11:55 . 2011-04-29 13:25 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2012-09-09 11:55 . 2011-04-29 13:25 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2012-09-09 11:55 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-09-09 11:55 . 2011-10-25 15:56 49152 ----a-w- c:\windows\system32\csrsrv.dll
2012-09-09 11:54 . 2011-10-14 16:02 429056 ----a-w- c:\windows\system32\EncDec.dll
2012-09-09 11:54 . 2010-10-12 13:41 66048 ----a-w- c:\program files\Windows Mail\wabmig.exe
2012-09-09 11:54 . 2010-10-12 13:41 515584 ----a-w- c:\program files\Windows Mail\wab.exe
2012-09-09 11:54 . 2010-10-12 15:53 33280 ----a-w- c:\program files\Windows Mail\wabfind.dll
2012-09-09 11:54 . 2010-04-05 17:01 67072 ----a-w- c:\windows\system32\asycfilt.dll
2012-09-09 11:54 . 2011-04-21 13:58 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2012-09-09 10:29 . 2012-09-09 10:31 -------- d-----w- c:\windows\system32\ca-ES
2012-09-09 10:29 . 2012-09-09 10:30 -------- d-----w- c:\windows\system32\eu-ES
2012-09-09 10:05 . 2009-04-10 20:27 57856 ----a-w- c:\windows\system32\compcln.exe
2012-09-09 10:02 . 2009-04-10 20:28 153600 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\rtscom.dll
2012-09-09 10:02 . 2009-04-10 18:46 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-09 10:02 . 2009-04-10 18:45 113664 ----a-w- c:\windows\system32\drivers\rmcast.sys
2012-09-09 10:02 . 2009-04-10 20:32 149480 ----a-w- c:\windows\system32\drivers\pci.sys
2012-09-09 10:02 . 2009-04-10 20:32 43496 ----a-w- c:\windows\system32\drivers\pciidex.sys
2012-09-09 10:02 . 2009-04-10 18:45 72192 ----a-w- c:\windows\system32\drivers\pacer.sys
2012-09-09 10:02 . 2009-04-10 18:42 167936 ----a-w- c:\windows\system32\drivers\portcls.sys
2012-09-09 10:02 . 2009-04-10 20:32 1083880 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-09-09 10:02 . 2009-04-10 18:14 35328 ----a-w- c:\windows\system32\drivers\npfs.sys
2012-09-09 10:02 . 2009-04-10 20:28 172544 ----a-w- c:\windows\system32\wbem\ntevt.dll
2012-09-09 10:02 . 2009-04-10 18:43 62208 ----a-w- c:\windows\system32\drivers\ohci1394.sys
2012-09-09 10:00 . 2009-04-10 18:38 17408 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2012-09-09 09:10 . 2012-09-09 09:10 -------- d-----w- C:\PerfLogs
2012-09-09 08:23 . 2008-01-18 23:53 53248 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\el\Microsoft.Ink.Resources.dll
2012-09-09 08:16 . 2008-01-18 18:50 18944 ----a-w- c:\windows\system32\drivers\mcd.sys
2012-09-09 08:15 . 2008-01-18 20:34 36352 ----a-w- c:\windows\system32\esentprf.dll
2012-09-09 08:14 . 2008-01-18 20:33 168448 ----a-w- c:\program files\Windows Mail\WindowsMailGadget.exe
2012-09-09 07:51 . 2012-09-09 07:51 -------- d-----w- c:\windows\system32\EventProviders
2012-09-08 23:06 . 2012-09-08 23:06 -------- d-----w- c:\users\Dimitris\Updater
2012-09-08 23:06 . 2012-09-08 23:06 -------- d-----w- c:\program files\Common Files\Skype
2012-09-08 23:06 . 2012-09-08 23:06 -------- d-----w- c:\users\Dimitris\Phone
2012-09-08 09:32 . 2012-09-06 01:24 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-09-08 09:32 . 2012-09-06 01:24 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2012-09-08 09:32 . 2012-09-06 01:24 73696 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll
2012-09-08 08:53 . 2012-09-08 23:55 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-09-08 08:53 . 2012-09-06 01:25 68576 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
2012-09-08 08:53 . 2012-09-06 01:25 192600 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-09-08 08:53 . 2012-09-06 01:25 114144 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-09-08 08:53 . 2012-09-06 01:25 2288608 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-09-08 08:37 . 2012-08-27 22:50 7022536 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F5EFB401-AF3E-4D2F-8F9B-B5ED446098BE}\mpengine.dll
2012-09-08 05:01 . 2012-09-08 05:01 -------- d-----w- c:\program files\Java
2012-09-07 20:40 . 2012-09-07 20:40 -------- d-----w- c:\users\Dimitris\AppData\Roaming\SUPERAntiSpyware.com
2012-09-07 20:40 . 2012-09-07 20:40 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-09-07 20:40 . 2012-09-07 20:40 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-09-07 18:31 . 2012-09-07 18:31 -------- d-----w- c:\users\Dimitris\AppData\Roaming\Simply Super Software
2012-09-07 18:30 . 2012-09-07 19:40 -------- d-----w- c:\program files\Trojan Remover
2012-09-07 18:30 . 2012-09-07 18:30 -------- d-----w- c:\programdata\Simply Super Software
2012-09-06 21:32 . 2012-09-06 22:28 -------- d-----w- C:\sh4ldr
2012-09-06 21:32 . 2012-09-06 21:32 -------- d-----w- c:\program files\Enigma Software Group
2012-09-06 21:30 . 2012-09-06 22:28 -------- d-----w- c:\windows\ADAFC0B4FC1545D9BAB3BC7A8829D0C4.TMP
2012-09-06 21:30 . 2012-09-06 21:30 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-08-18 11:45 . 2012-08-18 11:45 -------- d-----w- c:\users\Dimitris\AppData\Roaming\Unity
2012-08-15 07:27 . 2012-08-15 07:27 -------- d-----w- c:\program files\Common Files\Java
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-09 17:24 . 2010-06-24 08:33 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-09-09 12:39 . 2012-09-09 12:39 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-09-09 12:39 . 2012-09-09 12:39 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-09-09 12:39 . 2012-09-09 12:39 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-09-09 12:39 . 2012-09-09 12:39 161792 ----a-w- c:\windows\system32\msls31.dll
2012-09-09 12:39 . 2012-09-09 12:39 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-09-09 12:39 . 2012-09-09 12:39 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-09-09 12:39 . 2012-09-09 12:39 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-09-09 12:39 . 2012-09-09 12:39 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-09-09 12:39 . 2012-09-09 12:39 152064 ----a-w- c:\windows\system32\wextract.exe
2012-09-09 12:39 . 2012-09-09 12:39 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-09-09 12:39 . 2012-09-09 12:39 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-09-09 12:39 . 2012-09-09 12:39 11776 ----a-w- c:\windows\system32\mshta.exe
2012-09-09 12:38 . 2012-09-09 12:38 98816 ----a-w- c:\windows\system32\mfps.dll
2012-09-09 12:38 . 2012-09-09 12:38 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2012-09-09 12:38 . 2012-09-09 12:38 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2012-09-09 12:38 . 2012-09-09 12:38 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2012-09-09 12:38 . 2012-09-09 12:38 2873344 ----a-w- c:\windows\system32\mf.dll
2012-09-09 12:38 . 2012-09-09 12:38 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2012-09-09 12:38 . 2012-09-09 12:38 209920 ----a-w- c:\windows\system32\mfplat.dll
2012-09-09 12:38 . 2012-09-09 12:38 586240 ----a-w- c:\windows\system32\stobject.dll
2012-09-09 12:38 . 2012-09-09 12:38 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2012-09-09 12:38 . 2012-09-09 12:38 847360 ----a-w- c:\windows\system32\OpcServices.dll
2012-09-09 12:38 . 2012-09-09 12:38 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2012-09-09 12:38 . 2012-09-09 12:38 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2012-09-09 12:38 . 2012-09-09 12:38 258048 ----a-w- c:\windows\system32\winspool.drv
2012-09-09 12:38 . 2012-09-09 12:38 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2012-09-09 12:37 . 2012-09-09 12:37 4096 ----a-w- c:\windows\system32\drivers\el-GR\dxgkrnl.sys.mui
2012-09-09 12:37 . 2012-09-09 12:37 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2012-09-09 12:37 . 2012-09-09 12:37 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2012-09-09 12:37 . 2012-09-09 12:37 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2012-09-09 12:37 . 2012-09-09 12:37 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2012-09-09 08:54 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2012-09-09 08:54 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2012-09-08 05:02 . 2012-09-08 05:02 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-08 05:01 . 2012-08-15 07:26 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-08 05:01 . 2011-12-24 11:17 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-08 15:20 . 2012-08-08 15:20 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-08-08 15:20 . 2012-08-08 15:20 22328 ----a-w- c:\users\Dimitris\AppData\Roaming\PnkBstrK.sys
2012-08-08 15:20 . 2012-08-08 15:20 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-08-08 15:20 . 2012-08-08 15:20 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2012-08-06 18:56 . 2012-08-06 18:56 1130824 ----a-w- c:\windows\system32\dfshim.dll
2012-08-06 18:56 . 2012-08-06 18:56 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2012-08-06 18:56 . 2012-08-06 18:56 49472 ----a-w- c:\windows\system32\netfxperf.dll
2012-08-06 18:56 . 2012-08-06 18:56 297808 ----a-w- c:\windows\system32\mscoree.dll
2012-08-06 18:56 . 2012-08-06 18:56 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2012-07-04 14:02 . 2012-09-09 12:43 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-07-03 10:46 . 2012-03-12 12:38 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-15 13:39 . 2012-09-07 18:30 169744 ----a-w- c:\windows\system32\ztvunrar36.dll
2012-06-15 13:35 . 2012-09-07 18:30 185616 ----a-w- c:\windows\system32\ztvunrar39.dll
2012-06-15 13:33 . 2012-09-07 18:30 605968 ----a-w- c:\windows\system32\ztv7z.dll
2012-06-15 13:33 . 2012-09-07 18:30 77072 ----a-w- c:\windows\system32\ztvcabinet.dll
2012-09-06 01:26 . 2011-11-11 15:38 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
"SmpcSys"="c:\program files\Packard Bell\SetUpMyPC\SmpSys.exe" [2006-10-23 1092152]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-07-27 288048]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-08-03 39408]
"DMQ_4053"="c:\program files\Switcher\DMQ_4053\SwitchUSB.exe" [2011-06-09 1589248]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]
"Facebook Update"="c:\users\Dimitris\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-10-09 729088]
"RtHDVCpl"="RtHDVCpl.exe" [2007-01-09 4186112]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-07-11 90112]
"toolbar_eula_launcher"="c:\program files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-01-10 18944]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2007-08-07 200704]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-01-13 37888]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-01-12 49208]
"MobileConnect"="c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2009-08-14 2332160]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"DiscWizardMonitor.exe"="c:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe" [2009-10-16 1325936]
"AcronisTimounterMonitor"="c:\program files\Seagate\DiscWizard\TimounterMonitor.exe" [2009-10-16 904840]
"Seagate Scheduler2 Service"="c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe" [2009-10-16 136544]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2012-08-27 3165456]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-27 843712]
.
c:\users\Dimitris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1896998450-3613239171-3286227423-1002Core.job
- c:\users\Dimitris\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-23 20:58]
.
2012-09-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1896998450-3613239171-3286227423-1002UA.job
- c:\users\Dimitris\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-23 20:58]
.
2012-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-10 15:50]
.
2012-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-10 15:50]
.
2012-09-10 c:\windows\Tasks\Recovery DVD Creator.job
- c:\program files\Packard Bell\SetupMyPc\MCDCheck.exe [2007-03-28 16:34]
.
2012-09-10 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 9c20379f-c01a-469c-ae8e-95513123dd98.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2012-09-09 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task c8493ab5-dc05-4021-b82d-2f06beb643a7.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Settings,ProxyOverride = local
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Ε&ξαγωγή στο Microsoft Excel - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Dimitris\AppData\Roaming\Mozilla\Firefox\Profiles\sdhpvdui.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Freemake Video Converter_is1 - c:\program files\Freemake\Freemake Video Converter\Uninstall\unins000.exe
AddRemove-WinRAR - c:\windows\WinRAR\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-10 21:15
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1896998450-3613239171-3286227423-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*zvΎZ¦^Γ–]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-1896998450-3613239171-3286227423-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*zvΎZ¦^Γ–\OpenWithList]
@Class="Shell"
"a"="Corel PaintShop Pro.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-1896998450-3613239171-3286227423-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*zHwΎZε^vΩό]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-1896998450-3613239171-3286227423-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*zHwΎZε^vΩό\OpenWithList]
@Class="Shell"
"a"="Corel PaintShop Pro.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-1896998450-3613239171-3286227423-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*ώzαuzαuΎZ]„[Ο~]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-1896998450-3613239171-3286227423-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*ώzαuzαuΎZ]„[Ο~\OpenWithList]
@Class="Shell"
"a"="Corel PaintShop Pro.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-1896998450-3613239171-3286227423-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*ώzvzvΎZ/^νΛEj]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-1896998450-3613239171-3286227423-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*ώzvzvΎZ/^νΛEj\OpenWithList]
@Class="Shell"
"a"="Corel PaintShop Pro.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-1896998450-3613239171-3286227423-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*ώzvzvΎZ/^mΜEj]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-1896998450-3613239171-3286227423-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*ώzvzvΎZ/^mΜEj\OpenWithList]
@Class="Shell"
"a"="Corel PaintShop Pro.exe"
"MRUList"="a"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(1004)
c:\windows\system32\relog_ap.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Microsoft\BingBar\7.1.361.0\BBSvc.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Common Files\Seagate\Schedule2\schedul2.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\System32\PAStiSvc.exe
c:\program files\TeamViewer\Version7\TeamViewer_Service.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conime.exe
.
**************************************************************************
.
Completion time: 2012-09-10 21:21:42 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-10 18:21
.
Pre-Run: 13 Κατάλογοι 147.524.255.744 διαθέσιμα byte
Post-Run: 17 Κατάλογοι 147.589.591.040 διαθέσιμα byte
.
- - End Of File - - 9CF3B08E6A408C67B52145B35D59DEE8
i am waiting for your reply!
i am so grateful to you!!!
-
Please download aswMBR.exe (http://public.avast.com/%7Egmerek/aswMBR.exe) ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
(http://i424.photobucket.com/albums/pp322/digistar/aswMBR_Scan.jpg)
Click the "Scan" button to start scan
Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives
(http://i424.photobucket.com/albums/pp322/digistar/aswMBR_SaveLog.png)
On completion of the scan click save log, save it to your desktop and post in your next reply
********************************************************************
Please download RootRepeal from GooglePages.com (http://rootrepeal.googlepages.com/RootRepeal.zip).- Extract the program file to your Desktop.
- Run the program RootRepeal.exe and go to the Report tab and click on the Scan button.
(http://i39.tinypic.com/nclahc.gif)
- Select ALL of the checkboxes and then click OK and it will start scanning your system.
(http://i39.tinypic.com/2j5lb6.gif)
- If you have multiple drives you only need to check the C: drive or the one Windows is installed on.
- When done, click on Save Report
- Save it to the Desktop.
- Please copy/paste the contents of the report in your next reply.
Please remove any e-mail address in the RootRepeal report (if present).
-
hello again!
these are the results of aswMBR!
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-11 17:18:58
-----------------------------
17:18:58.350 OS Version: Windows 6.0.6002 Service Pack 2
17:18:58.350 Number of processors: 2 586 0xF06
17:18:58.350 ComputerName: DIMITRIS-PC UserName: Dimitris
17:20:12.928 Initialize success
17:21:01.725 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
17:21:01.741 Disk 0 Vendor: ST3250820AS 3.AAD Size: 238475MB BusType: 3
17:21:01.757 Disk 0 MBR read successfully
17:21:01.772 Disk 0 MBR scan
17:21:01.772 Disk 0 Windows VISTA default MBR code
17:21:01.788 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 8192 MB offset 2048
17:21:01.819 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 230281 MB offset 16779264
17:21:01.850 Disk 0 scanning sectors +488394752
17:21:02.022 Disk 0 scanning C:\Windows\system32\drivers
17:21:11.694 Service scanning
17:21:31.257 Modules scanning
17:21:50.444 Disk 0 trace - called modules:
17:21:50.475 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS viaide.sys
17:21:50.475 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8560c0f0]
17:21:50.491 3 CLASSPNP.SYS[881a88b3] -> nt!IofCallDriver -> [0x84e31a70]
17:21:50.491 5 acpi.sys[8269a6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x84e23b98]
17:21:50.491 Scan finished successfully
17:22:21.819 Disk 0 MBR has been saved successfully to "C:\Users\Dimitris\Desktop\MBR.dat"
17:22:21.819 The log file has been saved successfully to "C:\Users\Dimitris\Desktop\aswMBR.txt"
-
dear Dave !
a question!
how long takes for the rootrepeal to finish scan? it is over 1/2 an hour and doesn't finish yet! is there something wrong?
thanks again!!!
-
dear dave i can't run rootrepeal. it starts scan but after about 7-8 minutes stops at a particular file and closes automatically.
what should i do? sould i try run it in safe mode?
please help me!!!
thank you very much!!!
-
tried safe mode too! nothing .
some crash reports only is all i 've got.
ROOTREPEAL CRASH REPORT
-------------------------
Windows Version: Windows Vista SP2
Exception Code: 0xc0000005
Exception Address: 0x004bed8c
Attempt to write to address: 0x00000000
ROOTREPEAL CRASH REPORT
-------------------------
Windows Version: Windows Vista SP2
Exception Code: 0xc0000005
Exception Address: 0x77377267
Attempt to read from address: 0xfffffff9
ROOTREPEAL CRASH REPORT
-------------------------
Windows Version: Windows Vista SP2
Exception Code: 0xc0000005
Exception Address: 0x0040ab12
Attempt to write to address: 0x00000004
thanks again!!!
i 'll be patiently waiting for your reply!!!
-
Ok, let's try this one.
SysProt Antirootkit
Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).
http://sites.google.com/site/sysprotantirootkit/ (http://sites.google.com/site/sysprotantirootkit/)
Unzip it into a folder on your desktop.
- Double click Sysprot.exe to start the program.
- Click on the Log tab.
- In the Write to log box select the following items.
- Process << Selected
- Kernel Modules << Selected
- SSDT << Selected
- Kernel Hooks << Selected
- IRP Hooks << NOT Selected
- Ports << NOT Selected
- Hidden Files << Selected
- At the bottom of the page
- Hidden Objects Only << Selected
- Click on the Create Log button on the bottom right.
- After a few seconds a new window should appear.
- Select Scan Root Drive. Click on the Start button.
- When it is complete a new window will appear to indicate that the scan is finished.
- The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.
-
super dave failed to start service syspot antirootkit needs to be run with admin priviliges!
-
SysProt AntiRootkit v1.0.1.0
by swatkat
******************************************************************************************
******************************************************************************************
No Hidden Processes found
******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \SystemRoot\System32\Drivers\dump_dumpata.sys
Service Name: ---
Module Base: 8D676000
Module End: 8D681000
Hidden: Yes
Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: 8D681000
Module End: 8D689000
Hidden: Yes
******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwCreateSection
Address: 8A3657DE
Driver Base: 0
Driver End: 0
Driver Name: _unknown_
Function Name: ZwRequestWaitReplyPort
Address: 8A3657E8
Driver Base: 0
Driver End: 0
Driver Name: _unknown_
Function Name: ZwSetContextThread
Address: 8A3657E3
Driver Base: 0
Driver End: 0
Driver Name: _unknown_
Function Name: ZwSetSecurityObject
Address: 8A3657ED
Driver Base: 0
Driver End: 0
Driver Name: _unknown_
Function Name: ZwSystemDebugControl
Address: 8A3657F2
Driver Base: 0
Driver End: 0
Driver Name: _unknown_
Function Name: ZwTerminateProcess
Address: 8D35D640
Driver Base: 8D353000
Driver End: 8D375000
Driver Name: \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
******************************************************************************************
******************************************************************************************
No Kernel Hooks found
******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\Qoobox\BackEnv\AppData.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Cache.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Cookies.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Desktop.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Favorites.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\History.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\LocalAppData.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\LocalSettings.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Music.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\NetHood.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Personal.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Pictures.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\PrintHood.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Profiles.Folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Programs.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Recent.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\SendTo.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\SetPath.bat
Status: Access denied
Object: C:\Qoobox\BackEnv\StartMenu.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\StartUp.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\SysPath.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Templates.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\VikPev00
Status: Access denied
Object: C:\Users\Dimitris\AppData\Roaming\SecuROM\UserData\?????????χ?πρ????????
Status: Hidden
Object: C:\Users\Dimitris\AppData\Roaming\SecuROM\UserData\?????????χ?πρ????????
Status: Hidden
Object: C:\Users\Dimitris\Desktop\ΣΟΦΙΑ\?anaooUoaeo Aei?ecoco-1.doc
Status: Hidden
Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl
Status: Access denied
Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl
Status: Access denied
Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl
Status: Access denied
Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl
Status: Access denied
-
dear dave!
what should we do next?
thanks for your big help!!!
elisabeth!!!
-
Please give me an update on how your computer is running.
I'd like to scan your machine with ESET OnlineScan
•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
•Click the (http://i424.photobucket.com/albums/pp322/digistar/esetOnline.png) button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on (http://i424.photobucket.com/albums/pp322/digistar/esetSmartInstall.png) to download the ESET Smart Installer. Save it to your desktop.
- Double click on the (http://i424.photobucket.com/albums/pp322/digistar/esetSmartInstallDesktopIcon-1.png) icon on your desktop.
•Check (http://i424.photobucket.com/albums/pp322/digistar/esetAcceptTerms.png)
•Click the (http://i424.photobucket.com/albums/pp322/digistar/esetStart.png) button.
•Accept any security warnings from your browser.
•Check (http://i424.photobucket.com/albums/pp322/digistar/esetScanArchives.png)
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push (http://i424.photobucket.com/albums/pp322/digistar/esetListThreats.png)
•Push (http://i424.photobucket.com/albums/pp322/digistar/esetExport.png), and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the (http://i424.photobucket.com/albums/pp322/digistar/esetBack.png) button.
•Push (http://i424.photobucket.com/albums/pp322/digistar/esetFinish.png)
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
-
super Dave,
my pc run much better , the internet is faster and doesn't stuck all the time
-
Dear Dave eventually,
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=71aa893efe25c04f892814b685722d93
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-03-08 12:03:41
# local_time=2012-03-08 02:03:41 )
# country="Greece"
# lang=1033
# osver=6.0.6000 NT
# compatibility_mode=1792 16777175 100 0 80501 80501 0 0
# compatibility_mode=5892 16776573 100 100 245490 168734441 0 0
# compatibility_mode=8192 67108863 100 0 144 144 0 0
# scanned=150751
# found=2
# cleaned=0
# scan_time=6508
C:\ProgramData\Spybot - Search & Destroy\Recovery\FastBrowserSearchToolbar33.zip Win32/Bagle.gen.zip worm (unable to clean) 00000000000000000000000000000000 I
C:\ProgramData\Spybot - Search & Destroy\Recovery\FastBrowserSearchToolbar91.zip Win32/Bagle.gen.zip worm (unable to clean) 00000000000000000000000000000000 I
# version=7
# iexplore.exe=7.00.6000.16386 (vista_rtm.061101-2205)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=71aa893efe25c04f892814b685722d93
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-03-12 02:51:23
# local_time=2012-03-12 04:51:23 )
# country="Greece"
# lang=1033
# osver=6.0.6000 NT
# compatibility_mode=1792 16777175 100 0 434372 434372 0 0
# compatibility_mode=5892 16776573 100 100 599361 169088312 0 0
# compatibility_mode=8192 67108863 100 0 354015 354015 0 0
# scanned=128954
# found=1
# cleaned=0
# scan_time=8311
${Memory} a variant of Win32/Spy.Zbot.AAN trojan 00000000000000000000000000000000 I
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=71aa893efe25c04f892814b685722d93
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-03-13 12:08:31
# local_time=2012-03-13 02:08:31 )
# country="Greece"
# lang=1033
# osver=6.0.6000 NT
# compatibility_mode=1792 16777175 100 0 517360 517360 0 0
# compatibility_mode=5892 16776573 100 100 86396 169171300 0 0
# compatibility_mode=8192 67108863 100 0 437003 437003 0 0
# scanned=37555
# found=0
# cleaned=0
# scan_time=1952
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=71aa893efe25c04f892814b685722d93
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-09-14 06:13:06
# local_time=2012-09-14 09:13:06 )
# country="Greece"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1792 16777215 100 0 16477017 16477017 0 0
# compatibility_mode=5892 16776574 100 100 244209 185127357 0 0
# compatibility_mode=8192 67108863 100 0 16396660 16396660 0 0
# scanned=172081
# found=3
# cleaned=3
# scan_time=8556
C:\Users\Dimitris\AppData\Local\Mozilla\Firefox\Profiles\sdhpvdui.default\Cache\B\FD\1C0A1d01 HTML/Iframe.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Dimitris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\189fd7d2-1cd1a852 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Dimitris\Downloads\SpywareCease_Setup.exe multiple threats (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
-
dear Dave,
i 'm really sorry but i skiped by mistake the step of exporting the list of threats found. is there somehing we can do?or doen't matter anymore?
-
dear Dave,
i 'm really sorry but i skiped by mistake the step of exporting the list of threats found. is there somehing we can do?or doen't matter anymore?
That's ok. How's your computer running now?
-
I don't have problem running any of my pc programmes.
th problem i had with the pc was the slow internet and that stucked all the time and needed reboot.
now, the internet is faster and doesn't stuck all the time(i reboot once a day).it sometimes stucks for 1-2 seconds , and after it works fine. But this, may be caused by the internet connection. how can i assure that?
i also wanted to ask you , where i can download free and safe screensaver (because now i don't have one) and i need your advice about my antivirus Avira free edition .what should i have on my pc to prevent or to eliminate other future threats?
sorry, for my wearing questions!!!
Thanks again!!
i 'll be waitning for your directions!!!
-
But this, may be caused by the internet connection. how can i assure that?
We can take a look at this by running this tool
Please download MiniToolBox (http://download.bleepingcomputer.com/farbar/MiniToolBox.exe) to Desktop and run it.
(http://i424.photobucket.com/albums/pp322/digistar/MiniToolBox.png)
Checkmark the following boxes:
- Flush DNS
- Report IE Proxy Settings
- Reset IE Proxy Settings
- List content of Hosts
- List IP Configuration
- Lst Last 10 Event Viewer Errors
- List Users, Partitions and Memory Size
[/b]
Click Go and copy/paste the log (Result.txt) into your next post.
************************************************************
i also wanted to ask you , where i can download free and safe screensaver (because now i don't have one) and i need your advice about my antivirus Avira free edition .what should i have on my pc to prevent or to eliminate other future threats?
You can take a look in this site. (http://www.majorgeeks.com/) Everything there is trustworthy.
-
Dear Dave ,
the results of minitoolbox!
MiniToolBox by Farbar Version: 23-07-2012
Ran by Dimitris (administrator) on 15-09-2012 at 23:40:42
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************
========================= Flush DNS: ===================================
η£ © §¨£β«¨ΰ¤ IP «ΰ¤ Windows
⫬® ΅΅α¨ © « £¤γ£ cache €¤αΆ¬© DNS.
========================= IE Proxy Settings: ==============================
Proxy is not enabled.
No Proxy Server is set.
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
127.0.0.1 localhost
========================= IP Configuration: ================================
VIA Rhine II compatible adapter Fast Ethernet = local connection (Connected)
# ----------------------------------
# η£ © §¨£β«¨ΰ¤ IPv4
# ----------------------------------
pushd interface ipv4
reset
set global dhcpmediasense=disabled
popd
# ’βΆ¦ ¨η£ © §¨£β«¨ΰ¤ IPv4
η£ © §¨£β«¨ΰ¤ IP «ΰ¤ Windows
£ ΅¤«¨΅¦η ¬§¦Ά¦ ©«γ . . . . : Dimitris-PC
„§ε£ ΅η¨ ¦¬ DNS . . . . . . . :
’秦 ΅ζ£™¦¬. . . . . . . . . . . : “™¨ › ΅ζ
„¤¨¦§¦ε© ›¨¦£¦Άζ© IP. . . : ξ®
„¤¨¦§¦ε© £©¦Άα™© WINS . . : ξ®
ε©« ¤γ«© § £α«ΰ¤ DNS . : lan
¨¦©¨£¦β Ethernet ’¦§ ΅γ ©η¤›©:
„§ε£ DNS ©¬΅΅¨ £β¤ ©η¤›©: lan
¨ ¨γ . . . . . . . . . . . . : VIA Rhine II ©¬£™«ζ §¨¦©¨£¦β Fast Ethernet
”¬© ΅γ › 笤©. . . . . . . . . : 00-19-DB-40-52-18
„¤¨¦§¦ε© DHCP. . . . . . . . :
€¬«ζ£« ¨η£ © ¤¨γ . . . . . :
ƒ 笤© IPv6 «¦§ ΅γ ©η¤›© . : fe80::5b:e83f:bb36:f46%8(¨¦« £ι£¤¦)
ƒ 笤© IPv4. . . . . . . . . . : 192.168.1.64(¨¦« £ι£¤¦)
‹α©΅ ¬§¦› ΅«η¦¬. . . . . . . . . : 255.255.255.0
뤨¥ ΅£ε©ΰ©. . . . . . . . : ‘α™™«¦, 15 ‘§«£™¨ε¦¬ 2012 10:57:41 ££
γ¥ ΅£ε©ΰ© . . . . . . . . . : ‰¬¨ ΅γ, 16 ‘§«£™¨ε¦¬ 2012 10:57:41 ££
¨¦§ Ά£β¤ §ηΆ . . . . . . . : 192.168.1.254
ƒ ΅¦£ ©«γ DHCP . . . . . . . . : 192.168.1.254
DHCPv6 IAID . . . . . . . . . . . : 201333211
DUID ¬§¦Ά¦ ©«γ-§Άα« DHCPv6 . . : 00-01-00-01-11-FB-5A-5E-00-19-DB-40-52-18
ƒ ΅¦£ ©«β DNS . . . . . . . . . : 192.168.1.254
NetBIOS © Tcpip. . . . . . . . . : „¤¨¦§¦ £β¤¦
¨¦©¨£¦β › ¦®β«¬© ‘礛© «¦§ ΅¦η › ΅«η¦¬*:
‰«α©«© £β©¦¬ . . . . . . . . . : λ® §¦©¬¤›ε
„§ε£ DNS ©¬΅΅¨ £β¤ ©η¤›©: lan
¨ ¨γ . . . . . . . . . . . . : ¨¦©¨£¦β Microsoft ISATAP
”¬© ΅γ › 笤©. . . . . . . . . : 00-00-00-00-00-00-00-E0
„¤¨¦§¦ε© DHCP. . . . . . .. . : ξ®
€¬«ζ£« ¨η£ © ¤¨γ . . . . . :
¨¦©¨£¦β › ¦®β«¬© ‘礛© «¦§ ΅¦η › ΅«η¦¬* 6:
„§ε£ DNS ©¬΅΅¨ £β¤ ©η¤›©:
¨ ¨γ . . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
”¬© ΅γ › 笤©. . . . . . . . . : 02-00-54-55-4E-01
„¤¨¦§¦ε© DHCP. . . . . . .. . : ξ®
€¬«ζ£« ¨η£ © ¤¨γ . . . . . :
ƒ 笤© IPv6. . . . . . . . . . : 2001:0:5ef5:79fd:8d2:22f0:d109:1320(¨¦« £ι£¤¦)
ƒ 笤© IPv6 «¦§ ΅γ ©η¤›© . : fe80::8d2:22f0:d109:1320%9(¨¦« £ι£¤¦)
¨¦§ Ά£β¤ §ηΆ . . . . . . . : ::
NetBIOS © Tcpip. . . . . . . . . : €§¤¨¦§¦ £β¤¦
servers: dsldevice.lan
Address: 192.168.1.254
DNS request timed out.
timeout was 2 seconds.
name: google.com
Address: 2a00:1450:4001:c01::65
„΅«Άε« Ά «¦¬¨ε Ping ©«¦ google.com [209.85.148.138] £ 32 byte ››¦£β¤ΰ¤:
€§α¤«© §ζ: 209.85.148.138: bytes=32 ®¨ζ¤¦=84ms TTL=57
€§α¤«© §ζ: 209.85.148.138: bytes=32 ®¨ζ¤¦=83ms TTL=57
‘«« ©« ΅α ©«¦ ®ε Ping 209.85.148.138:
΅β«: €§©«Ά£β¤ = 2, ⤫ = 2, €§¦Ά©β¤« = 0 (§ιΆ 0%),
Άγ¦ › ›¨¦£ι¤ §¦©«¦Άγ ΅ § ©«¨¦γ ΅«α §¨¦©β © © ® Ά ¦©«α «¦¬
›¬«¨¦Άβ§«¦¬:
„Άα® ©«¦ = 83ms, ‹β ©«¦ = 84ms, ‹β©¦ 樦 = 83ms
servers: dsldevice.lan
Address: 192.168.1.254
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
„΅«Άε« Ά «¦¬¨ε Ping ©«¦ yahoo.com [72.30.38.140] £ 32 byte ››¦£β¤ΰ¤:
€§α¤«© §ζ: 72.30.38.140: bytes=32 ®¨ζ¤¦=426ms TTL=53
€§α¤«© §ζ: 72.30.38.140: bytes=32 ®¨ζ¤¦=263ms TTL=53
‘«« ©« ΅α ©«¦ ®ε Ping 72.30.38.140:
΅β«: €§©«Ά£β¤ = 2, ⤫ = 2, €§¦Ά©β¤« = 0 (§ιΆ 0%),
Άγ¦ › ›¨¦£ι¤ §¦©«¦Άγ ΅ § ©«¨¦γ ΅«α §¨¦©β © © ® Ά ¦©«α «¦¬
›¬«¨¦Άβ§«¦¬:
„Άα® ©«¦ = 263ms, ‹β ©«¦ = 426ms, ‹β©¦ 樦 = 344ms
servers: dsldevice.lan
Address: 192.168.1.254
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
„΅«Άε« Ά «¦¬¨ε Ping ©«¦ bleepingcomputer.com [208.43.87.2] £ 32 byte ››¦£β¤ΰ¤:
€§α¤«© §ζ: 208.43.87.2: ƒ¤ ε¤ ›¬¤«γ §¨ζ©™© ©«¦¤ ΅¤«¨ ΅ζ ¬§¦Ά¦ ©«γ §¨¦¦¨ ©£¦η.
€§α¤«© §ζ: 208.43.87.2: ƒ¤ ε¤ ›¬¤«γ §¨ζ©™© ©«¦¤ ΅¤«¨ ΅ζ ¬§¦Ά¦ ©«γ §¨¦¦¨ ©£¦η.
‘«« ©« ΅α ©«¦ ®ε Ping 208.43.87.2:
΅β«: €§©«Ά£β¤ = 2, ⤫ = 2, €§¦Ά©β¤« = 0 (§ιΆ 0%),
„΅«Άε« Ά «¦¬¨ε Ping ©«¦ 127.0.0.1 £ 32 byte ››¦£β¤ΰ¤:
€§α¤«© §ζ: 127.0.0.1: bytes=32 ®¨ζ¤¦<1ms TTL=128
€§α¤«© §ζ: 127.0.0.1: bytes=32 ®¨ζ¤¦<1ms TTL=128
‘«« ©« ΅α ©«¦ ®ε Ping 127.0.0.1:
΅β«: €§©«Ά£β¤ = 2, ⤫ = 2, €§¦Ά©β¤« = 0 (§ιΆ 0%),
Άγ¦ › ›¨¦£ι¤ §¦©«¦Άγ ΅ § ©«¨¦γ ΅«α §¨¦©β © © ® Ά ¦©«α «¦¬
›¬«¨¦Άβ§«¦¬:
„Άα® ©«¦ = 0ms, ‹β ©«¦ = 0ms, ‹β©¦ 樦 = 0ms
===========================================================================
ε©« › ©¬¤›β©ΰ¤
8 ...00 19 db 40 52 18 ...... VIA Rhine II 1 ........................... Software Loopback Interface 1
13 ...00 00 00 00 00 00 00 e0 9 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
===========================================================================
IPv4 夡 › ›¨¦£ι¤
===========================================================================
„¤¨β › ›¨¦£β:
ƒ 笤© › ΅«η¦¬ ‹α©΅ › ΅«η¦¬ ηΆ ƒ ©η¤›© ‹β«¨¦
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.64 20
127.0.0.0 255.0.0.0 ‹ ©η¤›© 127.0.0.1 306
127.0.0.1 255.255.255.255 ‹ ©η¤›© 127.0.0.1 306
127.255.255.255 255.255.255.255 ‹ ©η¤›© 127.0.0.1 306
192.168.1.0 255.255.255.0 ‹ ©η¤›© 192.168.1.64 276
192.168.1.64 255.255.255.255 ‹ ©η¤›© 192.168.1.64 276
192.168.1.255 255.255.255.255 ‹ ©η¤›© 192.168.1.64 276
224.0.0.0 240.0.0.0 ‹ ©η¤›© 127.0.0.1 306
224.0.0.0 240.0.0.0 ‹ ©η¤›© 192.168.1.64 276
255.255.255.255 255.255.255.255 ‹ ©η¤›© 127.0.0.1 306
255.255.255.255 255.255.255.255 ‹ ©η¤›© 192.168.1.64 276
===========================================================================
‘¬¤®ε › ›¨¦£β:
‰£ε
IPv6 夡 › ›¨¦£ι¤
===========================================================================
„¤¨β › ›¨¦£β:
ƒ 笤© › ΅«η¦¬ £«¨ ΅γ If ηΆ
9 18 ::/0 ‹ ©η¤›©
1 306 ::1/128 ‹ ©η¤›©
9 18 2001::/32 ‹ ©η¤›©
9 266 2001:0:5ef5:79fd:8d2:22f0:d109:1320/128
‹ ©η¤›©
8 276 fe80::/64 ‹ ©η¤›©
9 266 fe80::/64 ‹ ©η¤›©
8 276 fe80::5b:e83f:bb36:f46/128
‹ ©η¤›©
9 266 fe80::8d2:22f0:d109:1320/128
‹ ©η¤›©
1 306 ff00::/8 ‹ ©η¤›©
9 266 ff00::/8 ‹ ©η¤›©
8 276 ff00::/8 ‹ ©η¤›©
===========================================================================
‘¬¤®ε › ›¨¦£β:
‰£ε
========================= Event log errors: ===============================
Application errors:
==================
Error: (09/15/2012 10:51:08 PM) (Source: VMCService) (User: )
Description: conflictManagerTypeValue
Error: (09/15/2012 06:11:42 PM) (Source: VMCService) (User: )
Description: GetProcessOwner
Error: (09/15/2012 02:13:53 PM) (Source: VMCService) (User: )
Description: conflictManagerTypeValue
Error: (09/15/2012 02:11:53 PM) (Source: VMCService) (User: )
Description: GetProcessOwner
Error: (09/15/2012 07:08:36 AM) (Source: VMCService) (User: )
Description: conflictManagerTypeValue
Error: (09/15/2012 00:10:06 AM) (Source: VMCService) (User: )
Description: GetProcessOwner
Error: (09/14/2012 09:33:31 PM) (Source: VMCService) (User: )
Description: conflictManagerTypeValue
Error: (09/14/2012 09:31:17 PM) (Source: VMCService) (User: )
Description: GetProcessOwner
Error: (09/14/2012 02:14:26 PM) (Source: VMCService) (User: )
Description: conflictManagerTypeValue
Error: (09/14/2012 02:12:06 PM) (Source: VMCService) (User: )
Description: GetProcessOwner
System errors:
=============
Error: (09/14/2012 09:56:58 PM) (Source: Service Control Manager) (User: )
Description: Windows Search%%1053
Error: (09/14/2012 09:56:58 PM) (Source: Service Control Manager) (User: )
Description: 30000Windows Search
Error: (09/14/2012 09:56:58 PM) (Source: Service Control Manager) (User: )
Description: Windows Search%%1053
Error: (09/14/2012 09:56:58 PM) (Source: Service Control Manager) (User: )
Description: 30000Windows Search
Error: (09/14/2012 09:56:58 PM) (Source: DCOM) (User: )
Description: 1053WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
Error: (09/12/2012 06:28:20 PM) (Source: EventLog) (User: )
Description: the previous end of operating system in 5:25:18 μμ σε 12/9/2012 was not expected.
Error: (09/12/2012 07:14:49 AM) (Source: DCOM) (User: )
Description: 1068netprofm{A47979D2-C419-11D9-A5B4-001185AD2B89}
Error: (09/12/2012 07:14:49 AM) (Source: DCOM) (User: )
Description: 1068netman{BA126AD1-2166-11D1-B1D0-00805FC1270E}
Error: (09/12/2012 07:14:44 AM) (Source: DCOM) (User: )
Description: 1068fdPHost{145B4335-FE2A-4927-A040-7C35AD3180EF}
Error: (09/12/2012 07:14:41 AM) (Source: DCOM) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}
Microsoft Office Sessions:
=========================
========================= Memory info: ===================================
Percentage of memory in use: 47%
Total physical RAM: 2045.76 MB
Available physical RAM: 1068.23 MB
Total Pagefile: 4346.54 MB
Available Pagefile: 3110.07 MB
Total Virtual: 2047.88 MB
Available Virtual: 1933.22 MB
========================= Partitions: =====================================
1 Drive c: (HDD) (Fixed) (Total:224.88 GB) (Free:125.27 GB) NTFS
========================= Users: ========================================
¦¨ ©£¦ε User \\DIMITRIS-PC
Administrator ASPNET Dimitris
Guest
† ¤«¦Άγ ¦Ά¦΅Ά¨ι΅ £ § «¬®ε.
**** End of log ****
thank you very much for all your help
i'm really grateful to you!!!
-
Your internet speed is quite fast. in the meantime let's do some cleanup.
To uninstall ComboFix
- Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
- In the field, type in ComboFix /uninstall
(http://i424.photobucket.com/albums/pp322/digistar/Combofix_uninstall_image.jpg)
(Note: Make sure there's a space between the word ComboFix and the forward-slash.)
- Then, press Enter, or click OK.
- This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.
**********************************************************
Click Start> Computer> right click the C Drive and choose Properties> enter
Click Disk Cleanup from there.
(http://i424.photobucket.com/albums/pp322/digistar/diskcleanup2.jpg)
Click OK on the Disk Cleanup Screen.
Click Yes on the Confirmation screen.
(http://i424.photobucket.com/albums/pp322/digistar/diskcleanup.jpg)
This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
*****************************************************
Go to Microsoft Windows Update (http://windowsupdate.microsoft.com/) and get all critical updates.
----------
I suggest using WOT - Web of Trust (http://www.mywot.com/). WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.
SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html)- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer (http://www.bleepingcomputer.com/forums/tutorial49.html) from Spyware and Malware
* If you don't know what ActiveX controls are, see here (http://www.webopedia.com/TERM/A/ActiveX_control.html)
Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. (http://www.safer-networking.org/en/spybotsd/index.html) Guide: Use Spybot's Immunize Feature (http://www.bleepingcomputer.com/tutorials/tutorial43.html#immunize) to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ (http://www.safer-networking.org/en/faq/index.html)
Check out Keeping Yourself Safe On The Web (http://evilfantasy.wordpress.com/2008/05/20/keeping-yourself-safe-on-the-web/) for tips and free tools to help keep you safe in the future.
Also see Slow Computer? It may not be Malware (http://evilfantasy.wordpress.com/2008/05/24/slow-computer-it-may-not-be-malware/) for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!
-
Dear Dave, you have been enormus help with my pc issues!
I 'd like to thank you once again!!!
One two more things to ask if you have the time please!
1) I cannot unistal combofix. i did what you 've written and it is still there. with the command it starts scanning th pc again , not unistall.
2) i downloaded spyboot and wot on my pc.
3) what am i keeping on my pc from all the programmes now?
i will keep avira (as antivirus protection), spyboot (for malwares) .
what about malware bytes , superantispyware and the other tools as sysprot and rootrepeal?
*note: when i clicked the immunization in spyboot (avira blocked me the entrance in host files and spyboot gave a message that some files maybe blocked from my antivirus and because of that spyboot couldn't immunize the hosts file).
thanks again!!!you are number 1!
-
1) I cannot unistal combofix. i did what you 've written and it is still there. with the command it starts scanning th pc again , not unistall.
Download this program and run it Uninstall ComboFix (http://download.bleepingcomputer.com/sUBs/CF_UNINST.EXE) .It will remove ComboFix for you
To set a new Restore Point.
Click Start button , click Control Panel, click System and Maintenance, and then clicking System. In the left pane, click System Protection. If you are prompted for an administrator password or confirmation, type the password or provide confirmation. To turn off System Protection for a hard disk, clear the check box next to the disk, and then click OK. Reboot to Normal Mode.
Click the Start button , click Control Panel, click System and Maintenance, and then click System.
In the left pane, click System Protection. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.
To turn on System Protection for a hard disk, select the check box next to the disk, and then click OK.
This will give you a new, clean Restore Point.
*************************************************************
what am i keeping on my pc from all the programmes now?
i will keep avira (as antivirus protection), spyboot (for malwares) .
what about malware bytes , superantispyware and the other tools as sysprot and rootrepeal?
You can keep MBAM Adwcleaner and SAS, if you have room. Update them and run them on a regular basis. All the rest of those programs can go.
note: when i clicked the immunization in spyboot (avira blocked me the entrance in host files and spyboot gave a message that some files maybe blocked from my antivirus and because of that spyboot couldn't immunize the hosts file).
That's ok. You can possibly change the settings in your AV to allow those files.
thanks again!!!you are number 1
You're welcome. That's what my wife says but she holds up her second finger when she says it.lol. I will lock this thread. If you need it re-opened, please send me a pm.