TROJAN.RANSOM

[elisabeth77]

HI HOPE TEAM !

THANK YOU FOR THE ACCEPTANCE!
As you can think i have issues with my pc!

i 'have run Malware - Antimalware bytes and every time i receive the same error

hkcu\software\Microsoft\windows\currentversion\windows\load

it is a Trojan.ransom

i have seen a same topic from mp1975 on august 25th 2012 helped by super Dave.

so , i have already run SUPERAntiSpyware free edition and now i am running the malware bytes again. Do i have to  download the malware bytes again or can i run the version i already have on my computer?

please help me through .......


thanks in advance!!!!!!!!!!

[elisabeth77]

here is the summary from super antispyware

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/08/2012 at 01:49 AM

Application Version : 5.5.1016

Core Rules Database Version : 9192
Trace Rules Database Version: 7004

Scan type       : Complete Scan
Total Scan Time : 02:00:27

Operating System Information
Windows Vista Home Premium 32-bit (Build 6.00.6000)
UAC On - Limited User (Administrator User)

Memory items scanned      : 926
Memory threats detected   : 0
Registry items scanned    : 35424
Registry threats detected : 27
File items scanned        : 126367
File threats detected     : 50

Browser Hijacker.Deskbar
   HKCR\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}
   HKCR\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}\1.0
   HKCR\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}\1.0\0
   HKCR\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}\1.0\0\win32
   HKCR\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}\1.0\FLAGS
   HKCR\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}\1.0\HELPDIR
   HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
   HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid
   HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid32
   HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib
   HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib#Version
   HKCR\Interface\{9EBB289A-2D7B-465B-825F-1530B813E95A}
   HKCR\Interface\{9EBB289A-2D7B-465B-825F-1530B813E95A}\ProxyStubClsid
   HKCR\Interface\{9EBB289A-2D7B-465B-825F-1530B813E95A}\ProxyStubClsid32
   HKCR\Interface\{9EBB289A-2D7B-465B-825F-1530B813E95A}\TypeLib
   HKCR\Interface\{9EBB289A-2D7B-465B-825F-1530B813E95A}\TypeLib#Version
   HKCR\Interface\{CD5C92AE-97B0-4BC3-BA65-BA0308D543BF}
   HKCR\Interface\{CD5C92AE-97B0-4BC3-BA65-BA0308D543BF}\ProxyStubClsid
   HKCR\Interface\{CD5C92AE-97B0-4BC3-BA65-BA0308D543BF}\ProxyStubClsid32
   HKCR\Interface\{CD5C92AE-97B0-4BC3-BA65-BA0308D543BF}\TypeLib
   HKCR\Interface\{CD5C92AE-97B0-4BC3-BA65-BA0308D543BF}\TypeLib#Version
   HKCR\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
   HKCR\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}\ProxyStubClsid
   HKCR\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}\ProxyStubClsid32
   HKCR\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}\TypeLib
   HKCR\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}\TypeLib#Version

Adware.Tracking Cookie
   C:\USERS\DIMITRIS\AppData\Roaming\Microsoft\Windows\Cookies\Low\dimitris@adultfriendfinder[1].txt [ Cookie:dimitris@*adult URL*/ ]
   C:\USERS\DIMITRIS\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\USERS\DIMITRIS\AppData\Roaming\Microsoft\Windows\Cookies\Low\dimitris@trafficholder[1].txt [ Cookie:[email protected]/cgi-bin/traffic/ ]
   C:\USERS\DIMITRIS\AppData\Roaming\Microsoft\Windows\Cookies\Low\dimitris@mature-porn-movie[2].txt [ Cookie:[email protected]/ ]
   C:\USERS\DIMITRIS\AppData\Roaming\Microsoft\Windows\Cookies\Low\dimitris@yadro[1].txt [ *Blocked Russian URL*/ ]
   C:\USERS\DIMITRIS\AppData\Roaming\Microsoft\Windows\Cookies\Low\dimitris@exoclick[2].txt [ Cookie:[email protected]/ ]
   C:\USERS\DIMITRIS\AppData\Roaming\Microsoft\Windows\Cookies\Low\dimitris@toplist[2].txt [ Cookie:[email protected]/ ]
   C:\USERS\DIMITRIS\AppData\Roaming\Microsoft\Windows\Cookies\Low\dimitris@statcounter[1].txt [ Cookie:[email protected]/ ]
   C:\USERS\DIMITRIS\AppData\Roaming\Microsoft\Windows\Cookies\Low\dimitris@toplist[4].txt [ Cookie:[email protected]/ ]
   C:\USERS\DIMITRIS\AppData\Roaming\Microsoft\Windows\Cookies\Low\dimitris@sextracker[1].txt [ Cookie:[email protected]/ ]
   C:\USERS\DIMITRIS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /COUNTER13.SEXTRACKER ]
   C:\USERS\DIMITRIS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\DIMITRIS@TOPLIST[1].TXT [ /TOPLIST ]
   *Blocked Russian URL* [ C:\USERS\DIMITRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SDHPVDUI.DEFAULT\COOKIES.SQLITE ]
   *Blocked Russian URL* [ C:\USERS\DIMITRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SDHPVDUI.DEFAULT\COOKIES.SQLITE ]
   .doubleclick.net [ C:\USERS\DIMITRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SDHPVDUI.DEFAULT\COOKIES.SQLITE ]
   .imrworldwide.com [ C:\USERS\DIMITRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SDHPVDUI.DEFAULT\COOKIES.SQLITE ]
   .imrworldwide.com [ C:\USERS\DIMITRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SDHPVDUI.DEFAULT\COOKIES.SQLITE ]
   in.getclicky.com [ C:\USERS\DIMITRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SDHPVDUI.DEFAULT\COOKIES.SQLITE ]
   network.clickbanner.gr [ C:\USERS\DIMITRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SDHPVDUI.DEFAULT\COOKIES.SQLITE ]
   ad.yieldmanager.com [ C:\USERS\DIMITRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SDHPVDUI.DEFAULT\COOKIES.SQLITE ]
   ad.yieldmanager.com [ C:\USERS\DIMITRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SDHPVDUI.DEFAULT\COOKIES.SQLITE ]
   ad.yieldmanager.com [ C:\USERS\DIMITRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SDHPVDUI.DEFAULT\COOKIES.SQLITE ]
   ad.yieldmanager.com [ C:\USERS\DIMITRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SDHPVDUI.DEFAULT\COOKIES.SQLITE ]
   www.googleadservices.com [ C:\USERS\DIMITRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SDHPVDUI.DEFAULT\COOKIES.SQLITE ]
   .atdmt.com [ C:\USERS\DIMITRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SDHPVDUI.DEFAULT\COOKIES.SQLITE ]
   .h.atdmt.com [ C:\USERS\DIMITRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SDHPVDUI.DEFAULT\COOKIES.SQLITE ]
   .h.atdmt.com [ C:\USERS\DIMITRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SDHPVDUI.DEFAULT\COOKIES.SQLITE ]
   .atdmt.com [ C:\USERS\DIMITRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SDHPVDUI.DEFAULT\COOKIES.SQLITE ]
   .atdmt.com [ C:\USERS\DIMITRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SDHPVDUI.DEFAULT\COOKIES.SQLITE ]
   .h.atdmt.com [ C:\USERS\DIMITRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SDHPVDUI.DEFAULT\COOKIES.SQLITE ]
   .h.atdmt.com [ C:\USERS\DIMITRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SDHPVDUI.DEFAULT\COOKIES.SQLITE ]
   .apmebf.com [ C:\USERS\DIMITRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SDHPVDUI.DEFAULT\COOKIES.SQLITE ]
   .apmebf.com [ C:\USERS\DIMITRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SDHPVDUI.DEFAULT\COOKIES.SQLITE ]
   .pathfinder.gr [ C:\USERS\DIMITRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SDHPVDUI.DEFAULT\COOKIES.SQLITE ]
   .lexicon.pathfinder.gr [ C:\USERS\DIMITRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SDHPVDUI.DEFAULT\COOKIES.SQLITE ]
   .lexicon.pathfinder.gr [ C:\USERS\DIMITRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SDHPVDUI.DEFAULT\COOKIES.SQLITE ]
   .lexicon.pathfinder.gr [ C:\USERS\DIMITRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SDHPVDUI.DEFAULT\COOKIES.SQLITE ]
   .doubleclick.net [ C:\USERS\DIMITRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SDHPVDUI.DEFAULT\COOKIES.SQLITE ]
   .kaspersky.122.2o7.net [ C:\USERS\DIMITRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SDHPVDUI.DEFAULT\COOKIES.SQLITE ]
   .histats.com [ C:\USERS\DIMITRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SDHPVDUI.DEFAULT\COOKIES.SQLITE ]
   .histats.com [ C:\USERS\DIMITRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SDHPVDUI.DEFAULT\COOKIES.SQLITE ]
   .kontera.com [ C:\USERS\DIMITRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SDHPVDUI.DEFAULT\COOKIES.SQLITE ]
   .mmstat.com [ C:\USERS\DIMITRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SDHPVDUI.DEFAULT\COOKIES.SQLITE ]
   .cnzz.mmstat.com [ C:\USERS\DIMITRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SDHPVDUI.DEFAULT\COOKIES.SQLITE ]
   .oracle.112.2o7.net [ C:\USERS\DIMITRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SDHPVDUI.DEFAULT\COOKIES.SQLITE ]
   .adserver.adtechus.com [ C:\USERS\DIMITRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SDHPVDUI.DEFAULT\COOKIES.SQLITE ]
   7.rotator.wigetmedia.com [ C:\USERS\DIMITRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SDHPVDUI.DEFAULT\COOKIES.SQLITE ]
   ad.yieldmanager.com [ C:\USERS\DIMITRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SDHPVDUI.DEFAULT\COOKIES.SQLITE ]
   ad.yieldmanager.com [ C:\USERS\DIMITRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SDHPVDUI.DEFAULT\COOKIES.SQLITE ]
   ad.yieldmanager.com [ C:\USERS\DIMITRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SDHPVDUI.DEFAULT\COOKIES.SQLITE ]

PUP.BabylonToolbar
   HKU\S-1-5-21-1896998450-3613239171-3286227423-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}

[elisabeth77]

 and here are the results of malware - Antimalware bytes

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Data base version : v2012.09.08.02

Windows Vista x86 NTFS
Internet Explorer 7.0.6000.16982
Dimitris :: DIMITRIS-PC [administrator]

8/9/2012 7:54:33 πμ
mbam-log-2012-09-08 (09-47-56).txt

scan type: Full Scan (C:\|L:\|)
Activate scan options: Ram | Startup | Register | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 322922
Time elapsed: 1 hour, 38 minutes, 14 seconds

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)


Registry Keys Detected: 0
(No malicious items detected)


Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Ransom) -> Data: C:\Users\Dimitris\LOCALS~1\Temp\ahmthhvvu.scr -> No action.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)


(end)

[elisabeth77]

here comes the results of Security Check by screen317

Results of screen317's Security Check version 0.99.50 
 Windows Vista  x86 (UAC is enabled) 
 Out of date service pack!![/b]
 Internet Explorer 7 Out of date!
``````````````Antivirus/Firewall Check:``````````````[/u]
 WMI entry may not exist for antivirus; attempting automatic update.
 Avira successfully updated!
`````````Anti-malware/Other Utilities Check:`````````[/u]
 MVPS Hosts File 
 SUPERAntiSpyware     
 Trojan Remover 6.8.4   
 Malwarebytes Anti-Malware έκδοση 1.62.0.1300 
 CCleaner     
 Java 7 Update 7 
 Adobe Flash Player    11.1.102.55 
 Adobe Reader 8 Adobe Reader out of Date!
 Mozilla Firefox 8.0 Firefox out of Date! 
 Google Chrome 21.0.1180.83 
 Google Chrome 21.0.1180.89 
````````Process Check: objlist.exe by Laurent````````[/u] 
 Windows Defender MSASCui.exe
 Avira Antivir avgnt.exe
 Avira Antivir avguard.exe
 Windows Defender MSASCui.exe   
`````````````````System Health check`````````````````[/u]
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````[/u]

[SuperDave]

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
Please try running MBAM again and, this time, clean the infection.

Go to Microsoft Windows Update and get all critical updates including the latest Service Pack and IE 9.

Please download AdwCleaner by Xplode onto your Desktop.

• Double click on AdwCleaner.exe to run the tool.
  
• Click on Search.
  
• A logfile will automatically open after the scan has finished.
• Please post the content of that logfile in your reply.
• You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.

[elisabeth77]

Dear Dave ,

thank you for your help!

here are the results of Adwcleaner.

i am looking forward for your instructions!!!


# AdwCleaner v2.000 - Logfile created 09/09/2012 at 01:41:34
# Updated 30/08/2012 by Xplode
# Operating system : Windows Vista (TM) Home Premium  (32 bits)
# User : Dimitris - DIMITRIS-PC
# Boot Mode : Normal
# Running from : C:\Users\Dimitris\Downloads\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\Program Files\Mozilla FireFox\Components\AskSearch.js
File Found : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
File Found : C:\user.js
File Found : C:\Users\Dimitris\AppData\Roaming\Mozilla\Firefox\Profiles\sdhpvdui.default\searchplugins\Conduit.xml
Folder Found : C:\Program Files\Conduit
Folder Found : C:\Program Files\FreeMake
Folder Found : C:\Program Files\TorrentReactor.Net
Folder Found : C:\Program Files\Winamp Toolbar
Folder Found : C:\ProgramData\FreeMake
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeMake
Folder Found : C:\ProgramData\Winamp Toolbar
Folder Found : C:\Users\Dimitris\AppData\Local\Conduit
Folder Found : C:\Users\Dimitris\AppData\Local\Winamp Toolbar
Folder Found : C:\Users\Dimitris\AppData\LocalLow\BabylonToolbar
Folder Found : C:\Users\Dimitris\AppData\LocalLow\Conduit
Folder Found : C:\Users\Dimitris\AppData\LocalLow\facemoods.com
Folder Found : C:\Users\Dimitris\AppData\LocalLow\FreeMake
Folder Found : C:\Users\Dimitris\AppData\LocalLow\PriceGong
Folder Found : C:\Users\Dimitris\AppData\LocalLow\TorrentReactor.Net
Folder Found : C:\Users\Dimitris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeMake
Folder Found : C:\Users\Dimitris\AppData\Roaming\Mozilla\Firefox\Profiles\sdhpvdui.default\CT3214568
Folder Found : C:\Users\Dimitris\AppData\Roaming\Mozilla\Firefox\Profiles\sdhpvdui.default\extensions\{adca5064-9e30-43fe-9856-58b07a3149fe}
Folder Found : C:\Users\Dimitris\AppData\Roaming\Mozilla\Firefox\Profiles\sdhpvdui.default\extensions\[email protected]
Folder Found : C:\Users\Dimitris\AppData\Roaming\Mozilla\Firefox\Profiles\sdhpvdui.default\Smartbar
Folder Found : C:\Users\Dimitris\Documents\FreeMake

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\Freemake
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AppDataLow\Software\TorrentReactor.Net
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\BrowserCompanion
Key Found : HKCU\Software\Freemake
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\facemoods
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FreeMake Toolbar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\TorrentReactor.Net Toolbar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Winamp Toolbar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{04CEFF5B-A46D-4417-8018-43A059BDF9A6}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64182481-4F71-486B-A045-B233BD0DA8FC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9A4D1490-F317-4D7C-A2FA-5A0FE233331F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ADCA5064-9E30-43FE-9856-58B07A3149FE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B23920F4-4C2F-412B-9450-1D7028D5454E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Found : HKCU\Software\Winamp Toolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\winamptbServer.exe
Key Found : HKLM\SOFTWARE\Classes\b
Key Found : HKLM\SOFTWARE\Classes\CLSID\{04CEFF5B-A46D-4417-8018-43A059BDF9A6}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6EF4E91D-DDD5-4478-BCA7-DA04435934C0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{801FD5AC-90F0-4FE9-A8A3-AA98A3B4F6AD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{841FD004-57A2-4B49-BBDB-5897394619DB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9A4D1490-F317-4D7C-A2FA-5A0FE233331F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{ADCA5064-9E30-43FE-9856-58B07A3149FE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B23920F4-4C2F-412B-9450-1D7028D5454E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B38D6EDE-390B-4620-8365-29E16459EBDA}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BB468DEB-B219-4BAE-BA7E-A8000B6AF0A3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F20F11FD-203E-45A9-B7BB-AFC1B4FEA7A6}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FE178B09-C8AA-4734-804D-1849BCCA0C29}
Key Found : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
Key Found : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
Key Found : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{0F54B66A-21CF-4548-AE59-A6B83EE6676F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{51A971CA-D36E-4D13-A799-2CF0A491D04D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{56FBEA9F-EF93-4318-B75F-A96FC7C7BD7B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{78B3C85E-44FF-4DC8-B3AD-156F39DC75E5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{841FD004-57A2-4B49-BBDB-5897394619DB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E1164984-B567-47BD-A7FF-240C2594404A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E19FDA06-5BDF-43C2-B794-BCD8A4C2051F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FAB076F5-E4DD-4EA4-AFEE-F18BF972B057}
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT1561457
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3214568
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{538CD77C-BFDD-49B0-9562-77419CAB89D1}
Key Found : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
Key Found : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
Key Found : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch
Key Found : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch.1
Key Found : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand
Key Found : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand.1
Key Found : HKLM\SOFTWARE\Classes\WinampTb.Downloader
Key Found : HKLM\SOFTWARE\Classes\WinampTb.Downloader.1
Key Found : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo
Key Found : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo.1
Key Found : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams
Key Found : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams.1
Key Found : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper
Key Found : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper.1
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\Freemake
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\clbfjfbnelcflpgpklppgplejolacbej
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ibgfbdggapddbjjbopabhlhianklajie
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{12911484-55A2-4151-9A28-E08DF7015DBC}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{81EFB41B-2381-4EC1-B366-BB93AECD9F1B}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{04CEFF5B-A46D-4417-8018-43A059BDF9A6}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9A4D1490-F317-4D7C-A2FA-5A0FE233331F}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FreeMake Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TorrentReactor.Net Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Winamp Toolbar
Key Found : HKLM\Software\TorrentReactor.Net
Key Found : HKLM\Software\Winamp Toolbar
Key Found : HKU\S-1-5-21-1896998450-3613239171-3286227423-1002\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKU\S-1-5-21-1896998450-3613239171-3286227423-1002\Software\Microsoft\Internet Explorer\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}
Key Found : HKU\S-1-5-21-1896998450-3613239171-3286227423-1002\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKU\S-1-5-21-1896998450-3613239171-3286227423-1002\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
Key Found : HKU\S-1-5-21-1896998450-3613239171-3286227423-1002\Software\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{1BB22D38-A411-4B13-A746-C2A4F4EC7344}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{3041D03E-FD4B-44E0-B742-2D9B88305F98}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{ADCA5064-9E30-43FE-9856-58B07A3149FE}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{B23920F4-4C2F-412B-9450-1D7028D5454E}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{ADCA5064-9E30-43FE-9856-58B07A3149FE}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{1BB22D38-A411-4B13-A746-C2A4F4EC7344}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{ADCA5064-9E30-43FE-9856-58B07A3149FE}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B23920F4-4C2F-412B-9450-1D7028D5454E}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{ADCA5064-9E30-43FE-9856-58B07A3149FE}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{B23920F4-4C2F-412B-9450-1D7028D5454E}]

***** [Internet Browsers] *****

-\\ Internet Explorer v7.0.6000.16982

[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?babsrc=NT_ss&mntrId=c85f62db0000000000000019db405218&tlver=1.4.19.19&affID=19404

-\\ Mozilla Firefox v15.0.1 (el)

Profile name : default
File : C:\Users\Dimitris\AppData\Roaming\Mozilla\Firefox\Profiles\sdhpvdui.default\prefs.js

Found : user_pref("CT3214568.1000082.isPlayDisplay", "true");
Found : user_pref("CT3214568.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]
Found : user_pref("CT3214568.1000234.TWC_TMP_city", "ATHENS");
Found : user_pref("CT3214568.1000234.TWC_TMP_country", "GR");
Found : user_pref("CT3214568.1000234.TWC_locId", "GRXX0004");
Found : user_pref("CT3214568.1000234.TWC_location", "Athens, Greece");
Found : user_pref("CT3214568.1000234.TWC_region", "OT");
Found : user_pref("CT3214568.1000234.TWC_temp_dis", "c");
Found : user_pref("CT3214568.1000234.TWC_wind_dis", "kmh");
Found : user_pref("CT3214568.1000234.weatherData", "{\"icon\":\"33.png\",\"temperature\":\"24�C\",\"temperat[...]
Found : user_pref("CT3214568.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3214568.ENABLE_RETURN_WEB_SEARCH_ON_T HE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Found : user_pref("CT3214568.FirstTime", "true");
Found : user_pref("CT3214568.FirstTimeFF3", "true");
Found : user_pref("CT3214568.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT321[...]
Found : user_pref("CT3214568.UserID", "UN61010824010489033");
Found : user_pref("CT3214568.addressBarTakeOverEnabledInHi dden", "true");
Found : user_pref("CT3214568.autoDisableScopes", -1);
Found : user_pref("CT3214568.browser.search.defaultthis.en gineName", true);
Found : user_pref("CT3214568.cb_experience_000", "4");
Found : user_pref("CT3214568.cb_firstuse0100", "1");
Found : user_pref("CT3214568.cbcountry_001", "GR");
Found : user_pref("CT3214568.cbfirsttime", "Mon Aug 06 2012 21:50:24 GMT+0300");
Found : user_pref("CT3214568.defaultSearch", "true");
Found : user_pref("CT3214568.embeddedsData", "[{\"appId\":\"10000002\",\"apiPermissions\":{\"crossDomainAjax[...]
Found : user_pref("CT3214568.enableAlerts", "always");
Found : user_pref("CT3214568.enableSearchFromAddressBar", "true");
Found : user_pref("CT3214568.firstTimeDialogOpened", "true");
Found : user_pref("CT3214568.fixPageNotFoundError", "true");
Found : user_pref("CT3214568.fixPageNotFoundErrorInHidden", "true");
Found : user_pref("CT3214568.fixUrls", true);
Found : user_pref("CT3214568.hxxp___www_socialgrowthtechno logies_com_couponbuddy_v001.APP_WIN_FEA TURES", "op[...]
Found : user_pref("CT3214568.installId", "ConduitNSISIntegration");
Found : user_pref("CT3214568.installType", "ConduitNSISIntegration");
Found : user_pref("CT3214568.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3214568.isNewTabEnabled", true);
Found : user_pref("CT3214568.isPerformedSmartBarTransition", "true");
Found : user_pref("CT3214568.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Found : user_pref("CT3214568.keyword", true);
Found : user_pref("CT3214568.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxps[...]
Found : user_pref("CT3214568.openThankYouPage", "false");
Found : user_pref("CT3214568.openUninstallPage", "true");
Found : user_pref("CT3214568.search.searchAppId", "10000002");
Found : user_pref("CT3214568.search.searchCount", "1");
Found : user_pref("CT3214568.searchInNewTabEnabledInHidden", "true");
Found : user_pref("CT3214568.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3214568.serviceLayer_service_login_is FirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Found : user_pref("CT3214568.serviceLayer_service_login_lo ginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Found : user_pref("CT3214568.serviceLayer_service_toolbarG rouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Found : user_pref("CT3214568.serviceLayer_service_toolbarG rouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Found : user_pref("CT3214568.serviceLayer_service_toolbarG rouping_activeToolbarName", "{\"dataType\":\"strin[...]
Found : user_pref("CT3214568.serviceLayer_service_toolbarG rouping_invoked", "{\"dataType\":\"string\",\"data[...]
Found : user_pref("CT3214568.serviceLayer_service_usage_to olbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Found : user_pref("CT3214568.serviceLayer_services_appTrac kingFirstTime_lastUpdate", "1346307154067");
Found : user_pref("CT3214568.serviceLayer_services_appTrac king_lastUpdate", "1345412499281");
Found : user_pref("CT3214568.serviceLayer_services_appsMet adata_lastUpdate", "1347091181087");
Found : user_pref("CT3214568.serviceLayer_services_gottenA ppsContextMenu_lastUpdate", "1346069587037");
Found : user_pref("CT3214568.serviceLayer_services_login_1 0.10.20.14_lastUpdate", "1346083862574");
Found : user_pref("CT3214568.serviceLayer_services_login_1 0.10.27.6_lastUpdate", "1347119996540");
Found : user_pref("CT3214568.serviceLayer_services_optimiz er_lastUpdate", "1346351036616");
Found : user_pref("CT3214568.serviceLayer_services_otherAp psContextMenu_lastUpdate", "1346069587073");
Found : user_pref("CT3214568.serviceLayer_services_searchA PI_lastUpdate", "1347091181259");
Found : user_pref("CT3214568.serviceLayer_services_service Map_lastUpdate", "1347091181067");
Found : user_pref("CT3214568.serviceLayer_services_toolbar ContextMenu_lastUpdate", "1346069586698");
Found : user_pref("CT3214568.serviceLayer_services_toolbar Settings_lastUpdate", "1347115618965");
Found : user_pref("CT3214568.serviceLayer_services_transla tion_lastUpdate", "1347091181457");
Found : user_pref("CT3214568.settingsINI", true);
Found : user_pref("CT3214568.shouldFirstTimeDialog", "false");
Found : user_pref("CT3214568.smartbar.CTID", "CT3214568");
Found : user_pref("CT3214568.smartbar.Uninstall", "0");
Found : user_pref("CT3214568.smartbar.homepage", true);
Found : user_pref("CT3214568.smartbar.toolbarName", "FreemakeTB ");
Found : user_pref("CT3214568.toolbarBornServerTime", "6-8-2012");
Found : user_pref("CT3214568.toolbarCurrentServerTime", "8-9-2012");
Found : user_pref("CT3214568.url_history0001", "hxxp://www.google.gr/url?sa=t&rct=j&q=%CF%87%CF%81%CF%85%CF%[...]
Found : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3214568&SearchSource=1[...]
Found : user_pref("Smartbar.ConduitSearchEngineList", "FreeMake Customized Web Search");
Found : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3214568[...]
Found : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.babylon.com/?babsrc=adbartrp&affID[...]
Found : user_pref("Smartbar.keywordURLSelectedCTID", "CT3214568");
Found : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Found : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
Found : user_pref("browser.search.order.1", "Search the web (Babylon)");
Found : user_pref("browser.search.selectedEngine", "FreeMake Customized Web Search");
Found : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3214568&SearchSource=13");
Found : user_pref("extensions.BabylonToolbar.admin", false);
Found : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Found : user_pref("extensions.BabylonToolbar.babExt", "");
Found : user_pref("extensions.BabylonToolbar.babTrack", "affID=101363");
Found : user_pref("extensions.BabylonToolbar.bbDpng", 6);
Found : user_pref("extensions.BabylonToolbar.dfltSrch", false);
Found : user_pref("extensions.BabylonToolbar.hmpg", false);
Found : user_pref("extensions.BabylonToolbar.id", "c85f62db0000000000000019db405218");
Found : user_pref("extensions.BabylonToolbar.instlDay", "15379");
Found : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Found : user_pref("extensions.BabylonToolbar.lastDP", 6);
Found : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.1721:21:09");
Found : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "8.0");
Found : user_pref("extensions.BabylonToolbar.newTab", false);
Found : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb");
Found : user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
Found : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Found : user_pref("extensions.BabylonToolbar.propectorlck", 69576808);
Found : user_pref("extensions.BabylonToolbar.prtkDS", 1);
Found : user_pref("extensions.BabylonToolbar.prtkHmpg", 1);
Found : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Found : user_pref("extensions.BabylonToolbar.ptch_0717", true);
Found : user_pref("extensions.BabylonToolbar.smplGrp", "none");
Found : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Found : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Found : user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17");
Found : user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.1721:21:09");
Found : user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17");
Found : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Found : user_pref("extensions.BabylonToolbar_i.babExt", "");
Found : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=101363");
Found : user_pref("extensions.BabylonToolbar_i.hardId", "c85f62db0000000000000019db405218");
Found : user_pref("extensions.BabylonToolbar_i.id", "c85f62db0000000000000019db405218");
Found : user_pref("extensions.BabylonToolbar_i.instlDay", "15379");
Found : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Found : user_pref("extensions.BabylonToolbar_i.newTab", false);
Found : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Found : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Found : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Found : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Found : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1721:21:09");
Found : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Found : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3214568&SearchSource=2&q=[...]

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Dimitris\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found [l.424] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT3214568&SearchSource=48&sspv=CHOB18" ]
Found [l.426] : homepage = "hxxp://search.conduit.com/?ctid=CT3214568&SearchSource=48&sspv=CHOB18",

*************************

AdwCleaner[R1].txt - [23395 octets] - [09/09/2012 01:41:34]

########## EOF - C:\AdwCleaner[R1].txt - [23456 octets] ##########

[elisabeth77]

Dave,

adw cleaner ask me if i want to delete items found! should i click delete option or not!!

thanks again!!!

[elisabeth77]

dear Dave,

i run all the updates on my pc  and run again security check . here are the results!
Results of screen317's Security Check version 0.99.50 
 Windows Vista Service Pack 2 x86 (UAC is enabled) 
 Internet Explorer 9 
``````````````Antivirus/Firewall Check:``````````````[/u]
Avira Desktop   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````[/u]
 MVPS Hosts File 
 SUPERAntiSpyware     
 Trojan Remover 6.8.4   
 Malwarebytes Anti-Malware έκδοση 1.62.0.1300 
 CCleaner     
 Java 7 Update 7 
 Adobe Flash Player    11.1.102.55 
 Adobe Reader 8 Adobe Reader out of Date!
 Mozilla Firefox (15.0.1)
 Google Chrome 21.0.1180.83 
 Google Chrome 21.0.1180.89 
````````Process Check: objlist.exe by Laurent````````[/u] 
 Windows Defender MSASCui.exe
 Avira Antivir avgnt.exe
 Avira Antivir avguard.exe
 Windows Defender MSASCui.exe   
`````````````````System Health check`````````````````[/u]
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````[/u]



the results of adwcleaner too!

# AdwCleaner v2.000 - Logfile created 09/09/2012 at 21:17:52
# Updated 30/08/2012 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# User : Dimitris - DIMITRIS-PC
# Boot Mode : Normal
# Running from : C:\Users\Dimitris\Downloads\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\Program Files\Mozilla FireFox\Components\AskSearch.js
File Found : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
File Found : C:\user.js
File Found : C:\Users\Dimitris\AppData\Roaming\Mozilla\Firefox\Profiles\sdhpvdui.default\searchplugins\Conduit.xml
Folder Found : C:\Program Files\Conduit
Folder Found : C:\Program Files\FreeMake
Folder Found : C:\Program Files\TorrentReactor.Net
Folder Found : C:\Program Files\Winamp Toolbar
Folder Found : C:\ProgramData\FreeMake
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeMake
Folder Found : C:\ProgramData\Winamp Toolbar
Folder Found : C:\Users\Dimitris\AppData\Local\Conduit
Folder Found : C:\Users\Dimitris\AppData\Local\Winamp Toolbar
Folder Found : C:\Users\Dimitris\AppData\LocalLow\BabylonToolbar
Folder Found : C:\Users\Dimitris\AppData\LocalLow\Conduit
Folder Found : C:\Users\Dimitris\AppData\LocalLow\facemoods.com
Folder Found : C:\Users\Dimitris\AppData\LocalLow\FreeMake
Folder Found : C:\Users\Dimitris\AppData\LocalLow\PriceGong
Folder Found : C:\Users\Dimitris\AppData\LocalLow\TorrentReactor.Net
Folder Found : C:\Users\Dimitris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeMake
Folder Found : C:\Users\Dimitris\AppData\Roaming\Mozilla\Firefox\Profiles\sdhpvdui.default\CT3214568
Folder Found : C:\Users\Dimitris\AppData\Roaming\Mozilla\Firefox\Profiles\sdhpvdui.default\extensions\{adca5064-9e30-43fe-9856-58b07a3149fe}
Folder Found : C:\Users\Dimitris\AppData\Roaming\Mozilla\Firefox\Profiles\sdhpvdui.default\extensions\[email protected]
Folder Found : C:\Users\Dimitris\AppData\Roaming\Mozilla\Firefox\Profiles\sdhpvdui.default\Smartbar
Folder Found : C:\Users\Dimitris\Documents\FreeMake

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\Freemake
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AppDataLow\Software\TorrentReactor.Net
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\BrowserCompanion
Key Found : HKCU\Software\Freemake
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\facemoods
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FreeMake Toolbar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\TorrentReactor.Net Toolbar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Winamp Toolbar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{ADCA5064-9E30-43FE-9856-58B07A3149FE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B23920F4-4C2F-412B-9450-1D7028D5454E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{04CEFF5B-A46D-4417-8018-43A059BDF9A6}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9A4D1490-F317-4D7C-A2FA-5A0FE233331F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ADCA5064-9E30-43FE-9856-58B07A3149FE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B23920F4-4C2F-412B-9450-1D7028D5454E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Key Found : HKCU\Software\Winamp Toolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\winamptbServer.exe
Key Found : HKLM\SOFTWARE\Classes\b
Key Found : HKLM\SOFTWARE\Classes\CLSID\{04CEFF5B-A46D-4417-8018-43A059BDF9A6}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6EF4E91D-DDD5-4478-BCA7-DA04435934C0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{801FD5AC-90F0-4FE9-A8A3-AA98A3B4F6AD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{841FD004-57A2-4B49-BBDB-5897394619DB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9A4D1490-F317-4D7C-A2FA-5A0FE233331F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{ADCA5064-9E30-43FE-9856-58B07A3149FE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B23920F4-4C2F-412B-9450-1D7028D5454E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B38D6EDE-390B-4620-8365-29E16459EBDA}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BB468DEB-B219-4BAE-BA7E-A8000B6AF0A3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F20F11FD-203E-45A9-B7BB-AFC1B4FEA7A6}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FE178B09-C8AA-4734-804D-1849BCCA0C29}
Key Found : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
Key Found : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
Key Found : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{0F54B66A-21CF-4548-AE59-A6B83EE6676F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{51A971CA-D36E-4D13-A799-2CF0A491D04D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{56FBEA9F-EF93-4318-B75F-A96FC7C7BD7B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{78B3C85E-44FF-4DC8-B3AD-156F39DC75E5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{841FD004-57A2-4B49-BBDB-5897394619DB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E1164984-B567-47BD-A7FF-240C2594404A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E19FDA06-5BDF-43C2-B794-BCD8A4C2051F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FAB076F5-E4DD-4EA4-AFEE-F18BF972B057}
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT1561457
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3214568
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{538CD77C-BFDD-49B0-9562-77419CAB89D1}
Key Found : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
Key Found : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
Key Found : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch
Key Found : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch.1
Key Found : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand
Key Found : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand.1
Key Found : HKLM\SOFTWARE\Classes\WinampTb.Downloader
Key Found : HKLM\SOFTWARE\Classes\WinampTb.Downloader.1
Key Found : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo
Key Found : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo.1
Key Found : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams
Key Found : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams.1
Key Found : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper
Key Found : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper.1
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\Freemake
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\clbfjfbnelcflpgpklppgplejolacbej
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ibgfbdggapddbjjbopabhlhianklajie
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{12911484-55A2-4151-9A28-E08DF7015DBC}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{81EFB41B-2381-4EC1-B366-BB93AECD9F1B}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{04CEFF5B-A46D-4417-8018-43A059BDF9A6}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9A4D1490-F317-4D7C-A2FA-5A0FE233331F}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FreeMake Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TorrentReactor.Net Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Winamp Toolbar
Key Found : HKLM\Software\TorrentReactor.Net
Key Found : HKLM\Software\Winamp Toolbar
Key Found : HKU\S-1-5-21-1896998450-3613239171-3286227423-1002\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKU\S-1-5-21-1896998450-3613239171-3286227423-1002\Software\Microsoft\Internet Explorer\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}
Key Found : HKU\S-1-5-21-1896998450-3613239171-3286227423-1002\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKU\S-1-5-21-1896998450-3613239171-3286227423-1002\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
Key Found : HKU\S-1-5-21-1896998450-3613239171-3286227423-1002\Software\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{1BB22D38-A411-4B13-A746-C2A4F4EC7344}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{3041D03E-FD4B-44E0-B742-2D9B88305F98}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{ADCA5064-9E30-43FE-9856-58B07A3149FE}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{B23920F4-4C2F-412B-9450-1D7028D5454E}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{ADCA5064-9E30-43FE-9856-58B07A3149FE}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{1BB22D38-A411-4B13-A746-C2A4F4EC7344}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{ADCA5064-9E30-43FE-9856-58B07A3149FE}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B23920F4-4C2F-412B-9450-1D7028D5454E}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{ADCA5064-9E30-43FE-9856-58B07A3149FE}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{B23920F4-4C2F-412B-9450-1D7028D5454E}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v15.0.1 (el)

Profile name : default
File : C:\Users\Dimitris\AppData\Roaming\Mozilla\Firefox\Profiles\sdhpvdui.default\prefs.js

Found : user_pref("CT3214568.1000082.isPlayDisplay", "true");
Found : user_pref("CT3214568.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]
Found : user_pref("CT3214568.1000234.TWC_TMP_city", "ATHENS");
Found : user_pref("CT3214568.1000234.TWC_TMP_country", "GR");
Found : user_pref("CT3214568.1000234.TWC_locId", "GRXX0004");
Found : user_pref("CT3214568.1000234.TWC_location", "Athens, Greece");
Found : user_pref("CT3214568.1000234.TWC_region", "OT");
Found : user_pref("CT3214568.1000234.TWC_temp_dis", "c");
Found : user_pref("CT3214568.1000234.TWC_wind_dis", "kmh");
Found : user_pref("CT3214568.1000234.weatherData", "{\"icon\":\"33.png\",\"temperature\":\"24�C\",\"temperat[...]
Found : user_pref("CT3214568.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3214568.ENABLE_RETURN_WEB_SEARCH_ON_T HE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Found : user_pref("CT3214568.FirstTime", "true");
Found : user_pref("CT3214568.FirstTimeFF3", "true");
Found : user_pref("CT3214568.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT321[...]
Found : user_pref("CT3214568.UserID", "UN61010824010489033");
Found : user_pref("CT3214568.addressBarTakeOverEnabledInHi dden", "true");
Found : user_pref("CT3214568.autoDisableScopes", -1);
Found : user_pref("CT3214568.browser.search.defaultthis.en gineName", true);
Found : user_pref("CT3214568.cb_experience_000", "4");
Found : user_pref("CT3214568.cb_firstuse0100", "1");
Found : user_pref("CT3214568.cbcountry_001", "GR");
Found : user_pref("CT3214568.cbfirsttime", "Mon Aug 06 2012 21:50:24 GMT+0300");
Found : user_pref("CT3214568.defaultSearch", "true");
Found : user_pref("CT3214568.embeddedsData", "[{\"appId\":\"10000002\",\"apiPermissions\":{\"crossDomainAjax[...]
Found : user_pref("CT3214568.enableAlerts", "always");
Found : user_pref("CT3214568.enableSearchFromAddressBar", "true");
Found : user_pref("CT3214568.firstTimeDialogOpened", "true");
Found : user_pref("CT3214568.fixPageNotFoundError", "true");
Found : user_pref("CT3214568.fixPageNotFoundErrorInHidden", "true");
Found : user_pref("CT3214568.fixUrls", true);
Found : user_pref("CT3214568.hxxp___www_socialgrowthtechno logies_com_couponbuddy_v001.APP_WIN_FEA TURES", "op[...]
Found : user_pref("CT3214568.installId", "ConduitNSISIntegration");
Found : user_pref("CT3214568.installType", "ConduitNSISIntegration");
Found : user_pref("CT3214568.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3214568.isNewTabEnabled", true);
Found : user_pref("CT3214568.isPerformedSmartBarTransition", "true");
Found : user_pref("CT3214568.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Found : user_pref("CT3214568.keyword", true);
Found : user_pref("CT3214568.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%[...]
Found : user_pref("CT3214568.openThankYouPage", "false");
Found : user_pref("CT3214568.openUninstallPage", "true");
Found : user_pref("CT3214568.search.searchAppId", "10000002");
Found : user_pref("CT3214568.search.searchCount", "1");
Found : user_pref("CT3214568.searchInNewTabEnabledInHidden", "true");
Found : user_pref("CT3214568.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3214568.serviceLayer_service_login_is FirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Found : user_pref("CT3214568.serviceLayer_service_login_lo ginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Found : user_pref("CT3214568.serviceLayer_service_toolbarG rouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Found : user_pref("CT3214568.serviceLayer_service_toolbarG rouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Found : user_pref("CT3214568.serviceLayer_service_toolbarG rouping_activeToolbarName", "{\"dataType\":\"strin[...]
Found : user_pref("CT3214568.serviceLayer_service_toolbarG rouping_invoked", "{\"dataType\":\"string\",\"data[...]
Found : user_pref("CT3214568.serviceLayer_service_usage_to olbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Found : user_pref("CT3214568.serviceLayer_services_appTrac kingFirstTime_lastUpdate", "1347171157638");
Found : user_pref("CT3214568.serviceLayer_services_appTrac king_lastUpdate", "1345412499281");
Found : user_pref("CT3214568.serviceLayer_services_appsMet adata_lastUpdate", "1347177593886");
Found : user_pref("CT3214568.serviceLayer_services_gottenA ppsContextMenu_lastUpdate", "1346069587037");
Found : user_pref("CT3214568.serviceLayer_services_login_1 0.10.20.14_lastUpdate", "1346083862574");
Found : user_pref("CT3214568.serviceLayer_services_login_1 0.10.27.6_lastUpdate", "1347202856160");
Found : user_pref("CT3214568.serviceLayer_services_optimiz er_lastUpdate", "1346351036616");
Found : user_pref("CT3214568.serviceLayer_services_otherAp psContextMenu_lastUpdate", "1346069587073");
Found : user_pref("CT3214568.serviceLayer_services_searchA PI_lastUpdate", "1347177595344");
Found : user_pref("CT3214568.serviceLayer_services_service Map_lastUpdate", "1347177593841");
Found : user_pref("CT3214568.serviceLayer_services_toolbar ContextMenu_lastUpdate", "1346069586698");
Found : user_pref("CT3214568.serviceLayer_services_toolbar Settings_lastUpdate", "1347210058336");
Found : user_pref("CT3214568.serviceLayer_services_transla tion_lastUpdate", "1347177594426");
Found : user_pref("CT3214568.settingsINI", true);
Found : user_pref("CT3214568.shouldFirstTimeDialog", "false");
Found : user_pref("CT3214568.smartbar.CTID", "CT3214568");
Found : user_pref("CT3214568.smartbar.Uninstall", "0");
Found : user_pref("CT3214568.smartbar.homepage", true);
Found : user_pref("CT3214568.smartbar.toolbarName", "FreemakeTB ");
Found : user_pref("CT3214568.toolbarBornServerTime", "6-8-2012");
Found : user_pref("CT3214568.toolbarCurrentServerTime", "9-9-2012");
Found : user_pref("CT3214568.url_history0001", "hxxp://www.tacticalshop.gr/airsoft-umarex-co2-heckler-koch-p[...]
Found : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3214568&SearchSource=1[...]
Found : user_pref("Smartbar.ConduitSearchEngineList", "FreeMake Customized Web Search");
Found : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3214568[...]
Found : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.babylon.com/?babsrc=adbartrp&affID[...]
Found : user_pref("Smartbar.keywordURLSelectedCTID", "CT3214568");
Found : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Found : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
Found : user_pref("browser.search.order.1", "Search the web (Babylon)");
Found : user_pref("browser.search.selectedEngine", "FreeMake Customized Web Search");
Found : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3214568&SearchSource=13");
Found : user_pref("extensions.BabylonToolbar.admin", false);
Found : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Found : user_pref("extensions.BabylonToolbar.babExt", "");
Found : user_pref("extensions.BabylonToolbar.babTrack", "affID=101363");
Found : user_pref("extensions.BabylonToolbar.bbDpng", 6);
Found : user_pref("extensions.BabylonToolbar.dfltSrch", false);
Found : user_pref("extensions.BabylonToolbar.hmpg", false);
Found : user_pref("extensions.BabylonToolbar.id", "c85f62db0000000000000019db405218");
Found : user_pref("extensions.BabylonToolbar.instlDay", "15379");
Found : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Found : user_pref("extensions.BabylonToolbar.lastDP", 6);
Found : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.1721:21:09");
Found : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "8.0");
Found : user_pref("extensions.BabylonToolbar.newTab", false);
Found : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb");
Found : user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
Found : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Found : user_pref("extensions.BabylonToolbar.propectorlck", 69576808);
Found : user_pref("extensions.BabylonToolbar.prtkDS", 1);
Found : user_pref("extensions.BabylonToolbar.prtkHmpg", 1);
Found : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Found : user_pref("extensions.BabylonToolbar.ptch_0717", true);
Found : user_pref("extensions.BabylonToolbar.smplGrp", "none");
Found : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Found : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Found : user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17");
Found : user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.1721:21:09");
Found : user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17");
Found : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Found : user_pref("extensions.BabylonToolbar_i.babExt", "");
Found : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=101363");
Found : user_pref("extensions.BabylonToolbar_i.hardId", "c85f62db0000000000000019db405218");
Found : user_pref("extensions.BabylonToolbar_i.id", "c85f62db0000000000000019db405218");
Found : user_pref("extensions.BabylonToolbar_i.instlDay", "15379");
Found : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Found : user_pref("extensions.BabylonToolbar_i.newTab", false);
Found : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Found : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Found : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Found : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Found : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1721:21:09");
Found : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Found : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3214568&SearchSource=2&q=[...]

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Dimitris\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found [l.424] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT3214568&SearchSource=48&sspv=CHOB18" ]
Found [l.426] : homepage = "hxxp://search.conduit.com/?ctid=CT3214568&SearchSource=48&sspv=CHOB18",

*************************

AdwCleaner[R1].txt - [23526 octets] - [09/09/2012 01:41:34]
AdwCleaner[R2].txt - [23587 octets] - [09/09/2012 01:49:27]
AdwCleaner[R3].txt - [23648 octets] - [09/09/2012 01:49:46]
AdwCleaner[R4].txt - [22906 octets] - [09/09/2012 21:17:52]

########## EOF - C:\AdwCleaner[R4].txt - [22967 octets] ##########


mbam keeps findind the same virus and cannot destroy it after reboot!
i have also deleted screensaver because at first mbam showed the file of screensaver as infected.

I am looking forward for your instructions , telling me what else needed to be with the pc.

thanks in advance ! you are number 1!

[SuperDave]

Remove the Adware:

• Please close all open programs and internet browsers.
• Double click on adwcleaner.exe to run the tool.
  
• Click on Delete.
  
• Confirm each time with OK
  
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the content of that logfile in your reply.
• You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.
  

************************************************************************
Download Combofix from any of the links below, and save it to your DESKTOP. 

Link 1
Link 2
Link 3

To prevent your anti-virus application interfering with  ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

• Close any open windows and double click ComboFix.exe to run it.
  
  You will see the following image:
  

Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:



As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to  have this pre-installed on your machine before doing any malware  removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair  mode that will allow us to more easily help you should your computer  have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.



Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

[elisabeth77]

dear Dave step 1 done!

# AdwCleaner v2.000 - Logfile created 09/10/2012 at 06:57:33
# Updated 30/08/2012 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# User : Dimitris - DIMITRIS-PC
# Boot Mode : Normal
# Running from : C:\Users\Dimitris\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Program Files\Mozilla FireFox\Components\AskSearch.js
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\user.js
File Deleted : C:\Users\Dimitris\AppData\Roaming\Mozilla\Firefox\Profiles\sdhpvdui.default\searchplugins\Conduit.xml
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\FreeMake
Folder Deleted : C:\Program Files\TorrentReactor.Net
Folder Deleted : C:\Program Files\Winamp Toolbar
Folder Deleted : C:\ProgramData\FreeMake
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeMake
Folder Deleted : C:\ProgramData\Winamp Toolbar
Folder Deleted : C:\Users\Dimitris\AppData\Local\Conduit
Folder Deleted : C:\Users\Dimitris\AppData\Local\Winamp Toolbar
Folder Deleted : C:\Users\Dimitris\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Dimitris\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Dimitris\AppData\LocalLow\facemoods.com
Folder Deleted : C:\Users\Dimitris\AppData\LocalLow\FreeMake
Folder Deleted : C:\Users\Dimitris\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Dimitris\AppData\LocalLow\TorrentReactor.Net
Folder Deleted : C:\Users\Dimitris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeMake
Folder Deleted : C:\Users\Dimitris\AppData\Roaming\Mozilla\Firefox\Profiles\sdhpvdui.default\CT3214568
Folder Deleted : C:\Users\Dimitris\AppData\Roaming\Mozilla\Firefox\Profiles\sdhpvdui.default\extensions\{adca5064-9e30-43fe-9856-58b07a3149fe}
Folder Deleted : C:\Users\Dimitris\AppData\Roaming\Mozilla\Firefox\Profiles\sdhpvdui.default\extensions\[email protected]
Folder Deleted : C:\Users\Dimitris\AppData\Roaming\Mozilla\Firefox\Profiles\sdhpvdui.default\Smartbar
Folder Deleted : C:\Users\Dimitris\Documents\FreeMake

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Freemake
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\TorrentReactor.Net
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\BrowserCompanion
Key Deleted : HKCU\Software\Freemake
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\facemoods
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FreeMake Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\TorrentReactor.Net Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Winamp Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{ADCA5064-9E30-43FE-9856-58B07A3149FE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B23920F4-4C2F-412B-9450-1D7028D5454E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{04CEFF5B-A46D-4417-8018-43A059BDF9A6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9A4D1490-F317-4D7C-A2FA-5A0FE233331F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ADCA5064-9E30-43FE-9856-58B07A3149FE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B23920F4-4C2F-412B-9450-1D7028D5454E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Key Deleted : HKCU\Software\Winamp Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\winamptbServer.exe
Key Deleted : HKLM\SOFTWARE\Classes\b
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{04CEFF5B-A46D-4417-8018-43A059BDF9A6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6EF4E91D-DDD5-4478-BCA7-DA04435934C0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{801FD5AC-90F0-4FE9-A8A3-AA98A3B4F6AD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{841FD004-57A2-4B49-BBDB-5897394619DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9A4D1490-F317-4D7C-A2FA-5A0FE233331F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADCA5064-9E30-43FE-9856-58B07A3149FE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B23920F4-4C2F-412B-9450-1D7028D5454E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B38D6EDE-390B-4620-8365-29E16459EBDA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BB468DEB-B219-4BAE-BA7E-A8000B6AF0A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F20F11FD-203E-45A9-B7BB-AFC1B4FEA7A6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE178B09-C8AA-4734-804D-1849BCCA0C29}
Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0F54B66A-21CF-4548-AE59-A6B83EE6676F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{51A971CA-D36E-4D13-A799-2CF0A491D04D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{56FBEA9F-EF93-4318-B75F-A96FC7C7BD7B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{78B3C85E-44FF-4DC8-B3AD-156F39DC75E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{841FD004-57A2-4B49-BBDB-5897394619DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1164984-B567-47BD-A7FF-240C2594404A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E19FDA06-5BDF-43C2-B794-BCD8A4C2051F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FAB076F5-E4DD-4EA4-AFEE-F18BF972B057}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1561457
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3214568
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{538CD77C-BFDD-49B0-9562-77419CAB89D1}
Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch.1
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand.1
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.Downloader
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.Downloader.1
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo.1
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams.1
Key Deleted : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper
Key Deleted : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Freemake
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\clbfjfbnelcflpgpklppgplejolacbej
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ibgfbdggapddbjjbopabhlhianklajie
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{12911484-55A2-4151-9A28-E08DF7015DBC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{81EFB41B-2381-4EC1-B366-BB93AECD9F1B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{04CEFF5B-A46D-4417-8018-43A059BDF9A6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9A4D1490-F317-4D7C-A2FA-5A0FE233331F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FreeMake Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TorrentReactor.Net Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Winamp Toolbar
Key Deleted : HKLM\Software\TorrentReactor.Net
Key Deleted : HKLM\Software\Winamp Toolbar
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{1BB22D38-A411-4B13-A746-C2A4F4EC7344}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{3041D03E-FD4B-44E0-B742-2D9B88305F98}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{ADCA5064-9E30-43FE-9856-58B07A3149FE}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{B23920F4-4C2F-412B-9450-1D7028D5454E}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{ADCA5064-9E30-43FE-9856-58B07A3149FE}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{1BB22D38-A411-4B13-A746-C2A4F4EC7344}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{ADCA5064-9E30-43FE-9856-58B07A3149FE}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B23920F4-4C2F-412B-9450-1D7028D5454E}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{ADCA5064-9E30-43FE-9856-58B07A3149FE}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{B23920F4-4C2F-412B-9450-1D7028D5454E}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v15.0.1 (el)

Profile name : default
File : C:\Users\Dimitris\AppData\Roaming\Mozilla\Firefox\Profiles\sdhpvdui.default\prefs.js

C:\Users\Dimitris\AppData\Roaming\Mozilla\Firefox\Profiles\sdhpvdui.default\user.js ... Deleted !

Deleted : user_pref("CT3214568.1000082.isPlayDisplay", "true");
Deleted : user_pref("CT3214568.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]
Deleted : user_pref("CT3214568.1000234.TWC_TMP_city", "ATHENS");
Deleted : user_pref("CT3214568.1000234.TWC_TMP_country", "GR");
Deleted : user_pref("CT3214568.1000234.TWC_locId", "GRXX0004");
Deleted : user_pref("CT3214568.1000234.TWC_location", "Athens, Greece");
Deleted : user_pref("CT3214568.1000234.TWC_region", "OT");
Deleted : user_pref("CT3214568.1000234.TWC_temp_dis", "c");
Deleted : user_pref("CT3214568.1000234.TWC_wind_dis", "kmh");
Deleted : user_pref("CT3214568.1000234.weatherData", "{\"icon\":\"33.png\",\"temperature\":\"24�C\",\"temperat[...]
Deleted : user_pref("CT3214568.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3214568.ENABLE_RETURN_WEB_SEARCH_ON_T HE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Deleted : user_pref("CT3214568.FirstTime", "true");
Deleted : user_pref("CT3214568.FirstTimeFF3", "true");
Deleted : user_pref("CT3214568.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT321[...]
Deleted : user_pref("CT3214568.UserID", "UN61010824010489033");
Deleted : user_pref("CT3214568.addressBarTakeOverEnabledInHi dden", "true");
Deleted : user_pref("CT3214568.autoDisableScopes", -1);
Deleted : user_pref("CT3214568.browser.search.defaultthis.en gineName", true);
Deleted : user_pref("CT3214568.cb_experience_000", "4");
Deleted : user_pref("CT3214568.cb_firstuse0100", "1");
Deleted : user_pref("CT3214568.cbcountry_001", "GR");
Deleted : user_pref("CT3214568.cbfirsttime", "Mon Aug 06 2012 21:50:24 GMT+0300");
Deleted : user_pref("CT3214568.defaultSearch", "true");
Deleted : user_pref("CT3214568.embeddedsData", "[{\"appId\":\"10000002\",\"apiPermissions\":{\"crossDomainAjax[...]
Deleted : user_pref("CT3214568.enableAlerts", "always");
Deleted : user_pref("CT3214568.enableSearchFromAddressBar", "true");
Deleted : user_pref("CT3214568.firstTimeDialogOpened", "true");
Deleted : user_pref("CT3214568.fixPageNotFoundError", "true");
Deleted : user_pref("CT3214568.fixPageNotFoundErrorInHidden", "true");
Deleted : user_pref("CT3214568.fixUrls", true);
Deleted : user_pref("CT3214568.hxxp___www_socialgrowthtechno logies_com_couponbuddy_v001.APP_WIN_FEA TURES", "op[...]
Deleted : user_pref("CT3214568.installId", "ConduitNSISIntegration");
Deleted : user_pref("CT3214568.installType", "ConduitNSISIntegration");
Deleted : user_pref("CT3214568.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3214568.isNewTabEnabled", true);
Deleted : user_pref("CT3214568.isPerformedSmartBarTransition", "true");
Deleted : user_pref("CT3214568.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Deleted : user_pref("CT3214568.keyword", true);
Deleted : user_pref("CT3214568.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%[...]
Deleted : user_pref("CT3214568.openThankYouPage", "false");
Deleted : user_pref("CT3214568.openUninstallPage", "true");
Deleted : user_pref("CT3214568.search.searchAppId", "10000002");
Deleted : user_pref("CT3214568.search.searchCount", "1");
Deleted : user_pref("CT3214568.searchInNewTabEnabledInHidden", "true");
Deleted : user_pref("CT3214568.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3214568.serviceLayer_service_login_is FirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Deleted : user_pref("CT3214568.serviceLayer_service_login_lo ginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Deleted : user_pref("CT3214568.serviceLayer_service_toolbarG rouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Deleted : user_pref("CT3214568.serviceLayer_service_toolbarG rouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3214568.serviceLayer_service_toolbarG rouping_activeToolbarName", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3214568.serviceLayer_service_toolbarG rouping_invoked", "{\"dataType\":\"string\",\"data[...]
Deleted : user_pref("CT3214568.serviceLayer_service_usage_to olbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Deleted : user_pref("CT3214568.serviceLayer_services_appTrac kingFirstTime_lastUpdate", "1347171157638");
Deleted : user_pref("CT3214568.serviceLayer_services_appTrac king_lastUpdate", "1345412499281");
Deleted : user_pref("CT3214568.serviceLayer_services_appsMet adata_lastUpdate", "1347177593886");
Deleted : user_pref("CT3214568.serviceLayer_services_gottenA ppsContextMenu_lastUpdate", "1346069587037");
Deleted : user_pref("CT3214568.serviceLayer_services_login_1 0.10.20.14_lastUpdate", "1346083862574");
Deleted : user_pref("CT3214568.serviceLayer_services_login_1 0.10.27.6_lastUpdate", "1347246069173");
Deleted : user_pref("CT3214568.serviceLayer_services_optimiz er_lastUpdate", "1346351036616");
Deleted : user_pref("CT3214568.serviceLayer_services_otherAp psContextMenu_lastUpdate", "1346069587073");
Deleted : user_pref("CT3214568.serviceLayer_services_searchA PI_lastUpdate", "1347177595344");
Deleted : user_pref("CT3214568.serviceLayer_services_service Map_lastUpdate", "1347177593841");
Deleted : user_pref("CT3214568.serviceLayer_services_toolbar ContextMenu_lastUpdate", "1346069586698");
Deleted : user_pref("CT3214568.serviceLayer_services_toolbar Settings_lastUpdate", "1347246095080");
Deleted : user_pref("CT3214568.serviceLayer_services_transla tion_lastUpdate", "1347177594426");
Deleted : user_pref("CT3214568.settingsINI", true);
Deleted : user_pref("CT3214568.shouldFirstTimeDialog", "false");
Deleted : user_pref("CT3214568.smartbar.CTID", "CT3214568");
Deleted : user_pref("CT3214568.smartbar.Uninstall", "0");
Deleted : user_pref("CT3214568.smartbar.homepage", true);
Deleted : user_pref("CT3214568.smartbar.toolbarName", "FreemakeTB ");
Deleted : user_pref("CT3214568.toolbarBornServerTime", "6-8-2012");
Deleted : user_pref("CT3214568.toolbarCurrentServerTime", "10-9-2012");
Deleted : user_pref("CT3214568.url_history0001", "hxxp://www.facebook.com/photo.php?fbid=103428316469655&set=a[...]
Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3214568&SearchSource=1[...]
Deleted : user_pref("Smartbar.ConduitSearchEngineList", "FreeMake Customized Web Search");
Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3214568[...]
Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.babylon.com/?babsrc=adbartrp&affID[...]
Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3214568");
Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Deleted : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)");
Deleted : user_pref("browser.search.selectedEngine", "FreeMake Customized Web Search");
Deleted : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3214568&SearchSource=13");
Deleted : user_pref("extensions.BabylonToolbar.admin", false);
Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar.babTrack", "affID=101363");
Deleted : user_pref("extensions.BabylonToolbar.bbDpng", 6);
Deleted : user_pref("extensions.BabylonToolbar.dfltSrch", false);
Deleted : user_pref("extensions.BabylonToolbar.hmpg", false);
Deleted : user_pref("extensions.BabylonToolbar.id", "c85f62db0000000000000019db405218");
Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15379");
Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar.lastDP", 6);
Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.1721:21:09");
Deleted : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "8.0");
Deleted : user_pref("extensions.BabylonToolbar.newTab", false);
Deleted : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb");
Deleted : user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar.propectorlck", 69576808);
Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 1);
Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 1);
Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar.ptch_0717", true);
Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.1721:21:09");
Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=101363");
Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "c85f62db0000000000000019db405218");
Deleted : user_pref("extensions.BabylonToolbar_i.id", "c85f62db0000000000000019db405218");
Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15379");
Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar_i.newTab", false);
Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1721:21:09");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3214568&SearchSource=2&q=[...]

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Dimitris\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.424] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT3214568&SearchSource=48&sspv=CHOB18" ]
Deleted [l.426] : homepage = "hxxp://search.conduit.com/?ctid=CT3214568&SearchSource=48&sspv=CHOB18",

*************************

AdwCleaner[R1].txt - [23526 octets] - [09/09/2012 01:41:34]
AdwCleaner[R2].txt - [23587 octets] - [09/09/2012 01:49:27]
AdwCleaner[R3].txt - [23648 octets] - [09/09/2012 01:49:46]
AdwCleaner[R4].txt - [23037 octets] - [09/09/2012 21:17:52]
AdwCleaner[S1].txt - [23257 octets] - [10/09/2012 06:57:33]

########## EOF - C:\AdwCleaner[S1].txt - [23318 octets] ##########


you will have to give me time for the next step!

thanks again!!!

[elisabeth77]

Super Dave,

i finally have the results of combofix

ComboFix 12-09-10.03 - Dimitris 10/09/2012  21:00:50.1.2 - x86
Microsoft� Windows Vista� Home Premium   6.0.6002.2.1253.30.1032.18.2046.1203 [GMT 3:00]
Running from: c:\users\Dimitris\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Dimitris\AppData\Roaming\inst.exe
c:\users\Dimitris\AppData\Roaming\screensaver_Beach.scr
c:\users\Dimitris\AppData\Roaming\vso_ts_preview.xml
c:\users\Dimitris\family_tree_builder_1198.exe
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\WinRAR
c:\windows\WinRAR\uninstall.exe
.
Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_RKHIT
-------\Service_RkHit
.
.
(((((((((((((((((((((((((   Files Created from 2012-08-10 to 2012-09-10  )))))))))))))))))))))))))))))))
.
.
2012-09-10 18:09 . 2012-09-10 18:09   --------   d-----w-   c:\users\Default\AppData\Local\temp
2012-09-09 17:30 . 2012-09-09 17:30   --------   d-----w-   c:\windows\el
2012-09-09 17:29 . 2010-09-22 21:21   39272   ----a-w-   c:\windows\system32\drivers\fssfltr.sys
2012-09-09 17:14 . 2012-03-01 14:46   219648   ----a-w-   c:\windows\system32\d3d10_1core.dll
2012-09-09 17:14 . 2012-02-29 14:08   1172480   ----a-w-   c:\windows\system32\d3d10warp.dll
2012-09-09 17:14 . 2012-02-29 13:44   683008   ----a-w-   c:\windows\system32\d2d1.dll
2012-09-09 17:14 . 2012-02-29 13:41   1069056   ----a-w-   c:\windows\system32\DWrite.dll
2012-09-09 17:14 . 2012-03-01 14:46   160768   ----a-w-   c:\windows\system32\d3d10_1.dll
2012-09-09 16:07 . 2012-09-09 16:07   --------   d-----w-   c:\program files\Windows Portable Devices
2012-09-09 13:35 . 2012-09-09 13:35   469256   ----a-w-   c:\program files\Common Files\Windows Live\.cache\f722c6881cd8e8f2c\InstallManager_WLE_WLE.exe
2012-09-09 13:34 . 2012-09-09 13:34   15712   ----a-w-   c:\program files\Common Files\Windows Live\.cache\e37d5c061cd8e8f20\MeshBetaRemover.exe
2012-09-09 13:34 . 2012-09-09 13:34   94040   ----a-w-   c:\program files\Common Files\Windows Live\.cache\d056e4a81cd8e8f18\DSETUP.dll
2012-09-09 13:34 . 2012-09-09 13:34   525656   ----a-w-   c:\program files\Common Files\Windows Live\.cache\d056e4a81cd8e8f18\DXSETUP.exe
2012-09-09 13:34 . 2012-09-09 13:34   1691480   ----a-w-   c:\program files\Common Files\Windows Live\.cache\d056e4a81cd8e8f18\dsetup32.dll
2012-09-09 13:34 . 2012-09-09 13:34   94040   ----a-w-   c:\program files\Common Files\Windows Live\.cache\cf42f0fc1cd8e8f17\DSETUP.dll
2012-09-09 13:34 . 2012-09-09 13:34   525656   ----a-w-   c:\program files\Common Files\Windows Live\.cache\cf42f0fc1cd8e8f17\DXSETUP.exe
2012-09-09 13:34 . 2012-09-09 13:34   1691480   ----a-w-   c:\program files\Common Files\Windows Live\.cache\cf42f0fc1cd8e8f17\dsetup32.dll
2012-09-09 13:32 . 2012-09-10 12:00   --------   d-----w-   c:\users\Dimitris\AppData\Local\Windows Live
2012-09-09 13:21 . 2009-10-01 01:02   31232   ----a-w-   c:\windows\system32\BthMtpContextHandler.dll
2012-09-09 13:21 . 2009-10-01 01:01   40448   ----a-w-   c:\windows\system32\drivers\WpdUsb.sys
2012-09-09 13:21 . 2009-10-01 01:01   839168   ----a-w-   c:\windows\system32\drivers\UMDF\WpdMtpDr.dll
2012-09-09 13:09 . 2012-02-29 15:09   157696   ----a-w-   c:\windows\system32\imagehlp.dll
2012-09-09 13:09 . 2012-02-29 13:32   12800   ----a-w-   c:\windows\system32\drivers\fs_rec.sys
2012-09-09 12:38 . 2012-09-09 12:38   486400   ----a-w-   c:\windows\system32\d3d10level9.dll
2012-09-09 12:38 . 2012-09-09 12:38   478720   ----a-w-   c:\windows\system32\dxgi.dll
2012-09-09 12:38 . 2012-09-09 12:38   189952   ----a-w-   c:\windows\system32\d3d10core.dll
2012-09-09 12:38 . 2012-09-09 12:38   1029120   ----a-w-   c:\windows\system32\d3d10.dll
2012-09-09 12:38 . 2012-09-09 12:38   638336   ----a-w-   c:\windows\system32\drivers\dxgkrnl.sys
2012-09-09 12:38 . 2012-09-09 12:38   37376   ----a-w-   c:\windows\system32\cdd.dll
2012-09-09 12:37 . 2012-09-09 12:37   519680   ----a-w-   c:\windows\system32\d3d11.dll
2012-09-09 12:37 . 2012-09-09 12:37   252928   ----a-w-   c:\windows\system32\dxdiag.exe
2012-09-09 12:37 . 2012-09-09 12:37   195584   ----a-w-   c:\windows\system32\dxdiagn.dll
2012-09-09 12:02 . 2011-03-02 15:44   86528   ----a-w-   c:\windows\system32\dnsrslvr.dll
2012-09-09 12:02 . 2009-05-04 09:59   25088   ----a-w-   c:\windows\system32\dnscacheugc.exe
2012-09-09 12:01 . 2010-08-26 16:34   1696256   ----a-w-   c:\windows\system32\gameux.dll
2012-09-09 12:01 . 2011-03-03 15:40   28672   ----a-w-   c:\windows\system32\Apphlpdm.dll
2012-09-09 12:01 . 2011-03-03 13:35   4240384   ----a-w-   c:\windows\system32\GameUXLegacyGDFs.dll
2012-09-09 12:01 . 2011-02-22 13:33   797696   ----a-w-   c:\windows\system32\FntCache.dll
2012-09-09 11:59 . 2012-04-23 16:00   984064   ----a-w-   c:\windows\system32\crypt32.dll
2012-09-09 11:59 . 2012-04-23 16:00   98304   ----a-w-   c:\windows\system32\cryptnet.dll
2012-09-09 11:59 . 2012-04-23 16:00   133120   ----a-w-   c:\windows\system32\cryptsvc.dll
2012-09-09 11:59 . 2010-12-28 15:53   253952   ----a-w-   c:\program files\Common Files\System\ado\msadox.dll
2012-09-09 11:59 . 2010-12-28 15:53   241664   ----a-w-   c:\program files\Common Files\System\ado\msadomd.dll
2012-09-09 11:59 . 2010-12-28 15:53   57344   ----a-w-   c:\program files\Common Files\System\msadc\msadcs.dll
2012-09-09 11:59 . 2010-12-28 15:53   180224   ----a-w-   c:\program files\Common Files\System\msadc\msadco.dll
2012-09-09 11:59 . 2010-09-13 13:56   168960   ----a-w-   c:\program files\Windows Media Player\wmplayer.exe
2012-09-09 11:58 . 2011-07-06 15:31   214016   ----a-w-   c:\windows\system32\drivers\mrxsmb10.sys
2012-09-09 11:58 . 2011-04-29 13:24   79872   ----a-w-   c:\windows\system32\drivers\mrxsmb20.sys
2012-09-09 11:58 . 2011-04-29 13:24   106496   ----a-w-   c:\windows\system32\drivers\mrxsmb.sys
2012-09-09 11:58 . 2010-01-29 15:40   1616384   ----a-w-   c:\program files\Windows Mail\msoe.dll
2012-09-09 11:58 . 2010-08-31 15:44   531968   ----a-w-   c:\windows\system32\comctl32.dll
2012-09-09 11:58 . 2011-04-14 14:59   75264   ----a-w-   c:\windows\system32\drivers\dfsc.sys
2012-09-09 11:58 . 2011-05-02 17:16   739328   ----a-w-   c:\windows\system32\inetcomm.dll
2012-09-09 11:56 . 2011-09-30 15:57   707584   ----a-w-   c:\program files\Common Files\System\wab32.dll
2012-09-09 11:56 . 2012-06-05 16:47   708608   ----a-w-   c:\program files\Common Files\System\ado\msado15.dll
2012-09-09 11:55 . 2012-03-30 12:39   905600   ----a-w-   c:\windows\system32\drivers\tcpip.sys
2012-09-09 11:55 . 2011-02-18 14:03   305152   ----a-w-   c:\windows\system32\drivers\srv.sys
2012-09-09 11:55 . 2012-06-04 15:26   440704   ----a-w-   c:\windows\system32\drivers\ksecdd.sys
2012-09-09 11:55 . 2010-05-27 20:08   81920   ----a-w-   c:\windows\system32\iccvid.dll
2012-09-09 11:55 . 2010-06-17 18:08   10926592   ----a-w-   c:\program files\Movie Maker\MOVIEMK.dll
2012-09-09 11:55 . 2010-06-17 16:16   150016   ----a-w-   c:\program files\Movie Maker\MOVIEMK.exe
2012-09-09 11:55 . 2011-02-22 13:23   69632   ----a-w-   c:\windows\system32\drivers\bowser.sys
2012-09-09 11:55 . 2011-04-29 13:25   146432   ----a-w-   c:\windows\system32\drivers\srv2.sys
2012-09-09 11:55 . 2011-04-29 13:25   102400   ----a-w-   c:\windows\system32\drivers\srvnet.sys
2012-09-09 11:55 . 2012-05-01 14:03   180736   ----a-w-   c:\windows\system32\drivers\rdpwd.sys
2012-09-09 11:55 . 2011-10-25 15:56   49152   ----a-w-   c:\windows\system32\csrsrv.dll
2012-09-09 11:54 . 2011-10-14 16:02   429056   ----a-w-   c:\windows\system32\EncDec.dll
2012-09-09 11:54 . 2010-10-12 13:41   66048   ----a-w-   c:\program files\Windows Mail\wabmig.exe
2012-09-09 11:54 . 2010-10-12 13:41   515584   ----a-w-   c:\program files\Windows Mail\wab.exe
2012-09-09 11:54 . 2010-10-12 15:53   33280   ----a-w-   c:\program files\Windows Mail\wabfind.dll
2012-09-09 11:54 . 2010-04-05 17:01   67072   ----a-w-   c:\windows\system32\asycfilt.dll
2012-09-09 11:54 . 2011-04-21 13:58   273408   ----a-w-   c:\windows\system32\drivers\afd.sys
2012-09-09 10:29 . 2012-09-09 10:31   --------   d-----w-   c:\windows\system32\ca-ES
2012-09-09 10:29 . 2012-09-09 10:30   --------   d-----w-   c:\windows\system32\eu-ES
2012-09-09 10:05 . 2009-04-10 20:27   57856   ----a-w-   c:\windows\system32\compcln.exe
2012-09-09 10:02 . 2009-04-10 20:28   153600   ----a-w-   c:\program files\Common Files\Microsoft Shared\ink\rtscom.dll
2012-09-09 10:02 . 2009-04-10 18:46   33280   ----a-w-   c:\windows\system32\drivers\RNDISMP.sys
2012-09-09 10:02 . 2009-04-10 18:45   113664   ----a-w-   c:\windows\system32\drivers\rmcast.sys
2012-09-09 10:02 . 2009-04-10 20:32   149480   ----a-w-   c:\windows\system32\drivers\pci.sys
2012-09-09 10:02 . 2009-04-10 20:32   43496   ----a-w-   c:\windows\system32\drivers\pciidex.sys
2012-09-09 10:02 . 2009-04-10 18:45   72192   ----a-w-   c:\windows\system32\drivers\pacer.sys
2012-09-09 10:02 . 2009-04-10 18:42   167936   ----a-w-   c:\windows\system32\drivers\portcls.sys
2012-09-09 10:02 . 2009-04-10 20:32   1083880   ----a-w-   c:\windows\system32\drivers\ntfs.sys
2012-09-09 10:02 . 2009-04-10 18:14   35328   ----a-w-   c:\windows\system32\drivers\npfs.sys
2012-09-09 10:02 . 2009-04-10 20:28   172544   ----a-w-   c:\windows\system32\wbem\ntevt.dll
2012-09-09 10:02 . 2009-04-10 18:43   62208   ----a-w-   c:\windows\system32\drivers\ohci1394.sys
2012-09-09 10:00 . 2009-04-10 18:38   17408   ----a-w-   c:\windows\system32\drivers\kbdhid.sys
2012-09-09 09:10 . 2012-09-09 09:10   --------   d-----w-   C:\PerfLogs
2012-09-09 08:23 . 2008-01-18 23:53   53248   ----a-w-   c:\program files\Common Files\Microsoft Shared\ink\el\Microsoft.Ink.Resources.dll
2012-09-09 08:16 . 2008-01-18 18:50   18944   ----a-w-   c:\windows\system32\drivers\mcd.sys
2012-09-09 08:15 . 2008-01-18 20:34   36352   ----a-w-   c:\windows\system32\esentprf.dll
2012-09-09 08:14 . 2008-01-18 20:33   168448   ----a-w-   c:\program files\Windows Mail\WindowsMailGadget.exe
2012-09-09 07:51 . 2012-09-09 07:51   --------   d-----w-   c:\windows\system32\EventProviders
2012-09-08 23:06 . 2012-09-08 23:06   --------   d-----w-   c:\users\Dimitris\Updater
2012-09-08 23:06 . 2012-09-08 23:06   --------   d-----w-   c:\program files\Common Files\Skype
2012-09-08 23:06 . 2012-09-08 23:06   --------   d-----w-   c:\users\Dimitris\Phone
2012-09-08 09:32 . 2012-09-06 01:24   770384   ----a-w-   c:\program files\Mozilla Firefox\msvcr100.dll
2012-09-08 09:32 . 2012-09-06 01:24   421200   ----a-w-   c:\program files\Mozilla Firefox\msvcp100.dll
2012-09-08 09:32 . 2012-09-06 01:24   73696   ----a-w-   c:\program files\Mozilla Firefox\breakpadinjector.dll
2012-09-08 08:53 . 2012-09-08 23:55   --------   d-----w-   c:\program files\Mozilla Maintenance Service
2012-09-08 08:53 . 2012-09-06 01:25   68576   ----a-w-   c:\program files\Mozilla Firefox\mozglue.dll
2012-09-08 08:53 . 2012-09-06 01:25   192600   ----a-w-   c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-09-08 08:53 . 2012-09-06 01:25   114144   ----a-w-   c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-09-08 08:53 . 2012-09-06 01:25   2288608   ----a-w-   c:\program files\Mozilla Firefox\gkmedias.dll
2012-09-08 08:37 . 2012-08-27 22:50   7022536   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{F5EFB401-AF3E-4D2F-8F9B-B5ED446098BE}\mpengine.dll
2012-09-08 05:01 . 2012-09-08 05:01   --------   d-----w-   c:\program files\Java
2012-09-07 20:40 . 2012-09-07 20:40   --------   d-----w-   c:\users\Dimitris\AppData\Roaming\SUPERAntiSpyware.com
2012-09-07 20:40 . 2012-09-07 20:40   --------   d-----w-   c:\program files\SUPERAntiSpyware
2012-09-07 20:40 . 2012-09-07 20:40   --------   d-----w-   c:\programdata\SUPERAntiSpyware.com
2012-09-07 18:31 . 2012-09-07 18:31   --------   d-----w-   c:\users\Dimitris\AppData\Roaming\Simply Super Software
2012-09-07 18:30 . 2012-09-07 19:40   --------   d-----w-   c:\program files\Trojan Remover
2012-09-07 18:30 . 2012-09-07 18:30   --------   d-----w-   c:\programdata\Simply Super Software
2012-09-06 21:32 . 2012-09-06 22:28   --------   d-----w-   C:\sh4ldr
2012-09-06 21:32 . 2012-09-06 21:32   --------   d-----w-   c:\program files\Enigma Software Group
2012-09-06 21:30 . 2012-09-06 22:28   --------   d-----w-   c:\windows\ADAFC0B4FC1545D9BAB3BC7A8829D0C4.TMP
2012-09-06 21:30 . 2012-09-06 21:30   --------   d-----w-   c:\program files\Common Files\Wise Installation Wizard
2012-08-18 11:45 . 2012-08-18 11:45   --------   d-----w-   c:\users\Dimitris\AppData\Roaming\Unity
2012-08-15 07:27 . 2012-08-15 07:27   --------   d-----w-   c:\program files\Common Files\Java
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-09 17:24 . 2010-06-24 08:33   19720   ----a-w-   c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-09-09 12:39 . 2012-09-09 12:39   76800   ----a-w-   c:\windows\system32\SetIEInstalledDate.exe
2012-09-09 12:39 . 2012-09-09 12:39   74752   ----a-w-   c:\windows\system32\RegisterIEPKEYs.exe
2012-09-09 12:39 . 2012-09-09 12:39   48640   ----a-w-   c:\windows\system32\mshtmler.dll
2012-09-09 12:39 . 2012-09-09 12:39   161792   ----a-w-   c:\windows\system32\msls31.dll
2012-09-09 12:39 . 2012-09-09 12:39   1129472   ----a-w-   c:\windows\system32\wininet.dll
2012-09-09 12:39 . 2012-09-09 12:39   63488   ----a-w-   c:\windows\system32\tdc.ocx
2012-09-09 12:39 . 2012-09-09 12:39   420864   ----a-w-   c:\windows\system32\vbscript.dll
2012-09-09 12:39 . 2012-09-09 12:39   23552   ----a-w-   c:\windows\system32\licmgr10.dll
2012-09-09 12:39 . 2012-09-09 12:39   152064   ----a-w-   c:\windows\system32\wextract.exe
2012-09-09 12:39 . 2012-09-09 12:39   2382848   ----a-w-   c:\windows\system32\mshtml.tlb
2012-09-09 12:39 . 2012-09-09 12:39   1800704   ----a-w-   c:\windows\system32\jscript9.dll
2012-09-09 12:39 . 2012-09-09 12:39   11776   ----a-w-   c:\windows\system32\mshta.exe
2012-09-09 12:38 . 2012-09-09 12:38   98816   ----a-w-   c:\windows\system32\mfps.dll
2012-09-09 12:38 . 2012-09-09 12:38   979456   ----a-w-   c:\windows\system32\MFH264Dec.dll
2012-09-09 12:38 . 2012-09-09 12:38   357376   ----a-w-   c:\windows\system32\MFHEAACdec.dll
2012-09-09 12:38 . 2012-09-09 12:38   302592   ----a-w-   c:\windows\system32\mfmp4src.dll
2012-09-09 12:38 . 2012-09-09 12:38   2873344   ----a-w-   c:\windows\system32\mf.dll
2012-09-09 12:38 . 2012-09-09 12:38   261632   ----a-w-   c:\windows\system32\mfreadwrite.dll
2012-09-09 12:38 . 2012-09-09 12:38   209920   ----a-w-   c:\windows\system32\mfplat.dll
2012-09-09 12:38 . 2012-09-09 12:38   586240   ----a-w-   c:\windows\system32\stobject.dll
2012-09-09 12:38 . 2012-09-09 12:38   135680   ----a-w-   c:\windows\system32\XpsRasterService.dll
2012-09-09 12:38 . 2012-09-09 12:38   847360   ----a-w-   c:\windows\system32\OpcServices.dll
2012-09-09 12:38 . 2012-09-09 12:38   667648   ----a-w-   c:\windows\system32\printfilterpipelinesvc.exe
2012-09-09 12:38 . 2012-09-09 12:38   26112   ----a-w-   c:\windows\system32\printfilterpipelineprxy.dll
2012-09-09 12:38 . 2012-09-09 12:38   258048   ----a-w-   c:\windows\system32\winspool.drv
2012-09-09 12:38 . 2012-09-09 12:38   1554432   ----a-w-   c:\windows\system32\xpsservices.dll
2012-09-09 12:37 . 2012-09-09 12:37   4096   ----a-w-   c:\windows\system32\drivers\el-GR\dxgkrnl.sys.mui
2012-09-09 12:37 . 2012-09-09 12:37   974848   ----a-w-   c:\windows\system32\WindowsCodecs.dll
2012-09-09 12:37 . 2012-09-09 12:37   369664   ----a-w-   c:\windows\system32\WMPhoto.dll
2012-09-09 12:37 . 2012-09-09 12:37   321024   ----a-w-   c:\windows\system32\PhotoMetadataHandler.dll
2012-09-09 12:37 . 2012-09-09 12:37   189440   ----a-w-   c:\windows\system32\WindowsCodecsExt.dll
2012-09-09 08:54 . 2006-11-02 10:32   101888   ----a-w-   c:\windows\system32\ifxcardm.dll
2012-09-09 08:54 . 2006-11-02 10:32   82432   ----a-w-   c:\windows\system32\axaltocm.dll
2012-09-08 05:02 . 2012-09-08 05:02   93672   ----a-w-   c:\windows\system32\WindowsAccessBridge.dll
2012-09-08 05:01 . 2012-08-15 07:26   821736   ----a-w-   c:\windows\system32\npDeployJava1.dll
2012-09-08 05:01 . 2011-12-24 11:17   746984   ----a-w-   c:\windows\system32\deployJava1.dll
2012-08-08 15:20 . 2012-08-08 15:20   22328   ----a-w-   c:\windows\system32\drivers\PnkBstrK.sys
2012-08-08 15:20 . 2012-08-08 15:20   22328   ----a-w-   c:\users\Dimitris\AppData\Roaming\PnkBstrK.sys
2012-08-08 15:20 . 2012-08-08 15:20   103736   ----a-w-   c:\windows\system32\PnkBstrB.exe
2012-08-08 15:20 . 2012-08-08 15:20   66872   ----a-w-   c:\windows\system32\PnkBstrA.exe
2012-08-06 18:56 . 2012-08-06 18:56   1130824   ----a-w-   c:\windows\system32\dfshim.dll
2012-08-06 18:56 . 2012-08-06 18:56   99176   ----a-w-   c:\windows\system32\PresentationHostProxy.dll
2012-08-06 18:56 . 2012-08-06 18:56   49472   ----a-w-   c:\windows\system32\netfxperf.dll
2012-08-06 18:56 . 2012-08-06 18:56   297808   ----a-w-   c:\windows\system32\mscoree.dll
2012-08-06 18:56 . 2012-08-06 18:56   295264   ----a-w-   c:\windows\system32\PresentationHost.exe
2012-07-04 14:02 . 2012-09-09 12:43   2047488   ----a-w-   c:\windows\system32\win32k.sys
2012-07-03 10:46 . 2012-03-12 12:38   22344   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-06-15 13:39 . 2012-09-07 18:30   169744   ----a-w-   c:\windows\system32\ztvunrar36.dll
2012-06-15 13:35 . 2012-09-07 18:30   185616   ----a-w-   c:\windows\system32\ztvunrar39.dll
2012-06-15 13:33 . 2012-09-07 18:30   605968   ----a-w-   c:\windows\system32\ztv7z.dll
2012-06-15 13:33 . 2012-09-07 18:30   77072   ----a-w-   c:\windows\system32\ztvcabinet.dll
2012-09-06 01:26 . 2011-11-11 15:38   266720   ----a-w-   c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
"SmpcSys"="c:\program files\Packard Bell\SetUpMyPC\SmpSys.exe" [2006-10-23 1092152]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-07-27 288048]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-08-03 39408]
"DMQ_4053"="c:\program files\Switcher\DMQ_4053\SwitchUSB.exe" [2011-06-09 1589248]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]
"Facebook Update"="c:\users\Dimitris\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-10-09 729088]
"RtHDVCpl"="RtHDVCpl.exe" [2007-01-09 4186112]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-07-11 90112]
"toolbar_eula_launcher"="c:\program files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-01-10 18944]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2007-08-07 200704]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-01-13 37888]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-01-12 49208]
"MobileConnect"="c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2009-08-14 2332160]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"DiscWizardMonitor.exe"="c:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe" [2009-10-16 1325936]
"AcronisTimounterMonitor"="c:\program files\Seagate\DiscWizard\TimounterMonitor.exe" [2009-10-16 904840]
"Seagate Scheduler2 Service"="c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe" [2009-10-16 136544]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2012-08-27 3165456]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-27 843712]
.
c:\users\Dimitris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe

.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12   REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt   REG_MULTI_SZ      hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation   REG_MULTI_SZ      FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1896998450-3613239171-3286227423-1002Core.job
- c:\users\Dimitris\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-23 20:58]
.
2012-09-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1896998450-3613239171-3286227423-1002UA.job
- c:\users\Dimitris\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-23 20:58]
.
2012-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-10 15:50]
.
2012-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-10 15:50]
.
2012-09-10 c:\windows\Tasks\Recovery DVD Creator.job
- c:\program files\Packard Bell\SetupMyPc\MCDCheck.exe [2007-03-28 16:34]
.
2012-09-10 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 9c20379f-c01a-469c-ae8e-95513123dd98.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2012-09-09 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task c8493ab5-dc05-4021-b82d-2f06beb643a7.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Settings,ProxyOverride = local
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Ε&ξαγωγή στο Microsoft Excel - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Dimitris\AppData\Roaming\Mozilla\Firefox\Profiles\sdhpvdui.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Freemake Video Converter_is1 - c:\program files\Freemake\Freemake Video Converter\Uninstall\unins000.exe
AddRemove-WinRAR - c:\windows\WinRAR\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-10 21:15
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1896998450-3613239171-3286227423-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*z�žvΎZ�^Γ�Œš
]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-1896998450-3613239171-3286227423-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*z�žvΎZ�^Γ�Œš
\OpenWithList]
@Class="Shell"
"a"="Corel PaintShop Pro.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-1896998450-3613239171-3286227423-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*z�HwΎZε^vΩό�
]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-1896998450-3613239171-3286227423-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*z�HwΎZε^vΩό�
\OpenWithList]
@Class="Shell"
"a"="Corel PaintShop Pro.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-1896998450-3613239171-3286227423-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*ώz�αuz�αuΎZ�]�[Ο~
]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-1896998450-3613239171-3286227423-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*ώz�αuz�αuΎZ�]�[Ο~
\OpenWithList]
@Class="Shell"
"a"="Corel PaintShop Pro.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-1896998450-3613239171-3286227423-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*ώz�vz�vΎZ/^νΛEj
]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-1896998450-3613239171-3286227423-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*ώz�vz�vΎZ/^νΛEj
\OpenWithList]
@Class="Shell"
"a"="Corel PaintShop Pro.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-1896998450-3613239171-3286227423-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*ώz�vz�vΎZ/^mΜEj
]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-1896998450-3613239171-3286227423-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*ώz�vz�vΎZ/^mΜEj
\OpenWithList]
@Class="Shell"
"a"="Corel PaintShop Pro.exe"
"MRUList"="a"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(1004)
c:\windows\system32\relog_ap.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Microsoft\BingBar\7.1.361.0\BBSvc.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Common Files\Seagate\Schedule2\schedul2.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\System32\PAStiSvc.exe
c:\program files\TeamViewer\Version7\TeamViewer_Service.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conime.exe
.
**************************************************************************
.
Completion time: 2012-09-10  21:21:42 - machine was rebooted
ComboFix-quarantined-files.txt  2012-09-10 18:21
.
Pre-Run: 13 Κατάλογοι 147.524.255.744 διαθέσιμα byte
Post-Run: 17 Κατάλογοι 147.589.591.040 διαθέσιμα byte
.
- - End Of File - - 9CF3B08E6A408C67B52145B35D59DEE8

i am waiting for your reply!

i am so grateful to you!!!

[SuperDave]

Please download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it



Click the "Scan" button to start scan

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives



On completion of the scan click save log, save it to your desktop and post in your next reply
********************************************************************
Please download RootRepeal from GooglePages.com.

• Extract the program file to your Desktop.
• Run the program RootRepeal.exe and go to the Report tab and click on the Scan button.
  
  
  
• Select ALL of the checkboxes and then click OK and it will start scanning your system.
  
  
• If you have multiple drives you only need to check the C: drive or the one Windows is installed on.
• When done, click on Save Report
  
• Save it to the Desktop.
• Please copy/paste the contents of the report in your next reply.

Please remove any e-mail address in the RootRepeal report (if present).

[elisabeth77]

hello again!

these are the results of aswMBR!

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-11 17:18:58
-----------------------------
17:18:58.350    OS Version: Windows 6.0.6002 Service Pack 2
17:18:58.350    Number of processors: 2 586 0xF06
17:18:58.350    ComputerName: DIMITRIS-PC  UserName: Dimitris
17:20:12.928    Initialize success
17:21:01.725    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
17:21:01.741    Disk 0 Vendor: ST3250820AS 3.AAD Size: 238475MB BusType: 3
17:21:01.757    Disk 0 MBR read successfully
17:21:01.772    Disk 0 MBR scan
17:21:01.772    Disk 0 Windows VISTA default MBR code
17:21:01.788    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS         8192 MB offset 2048
17:21:01.819    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       230281 MB offset 16779264
17:21:01.850    Disk 0 scanning sectors +488394752
17:21:02.022    Disk 0 scanning C:\Windows\system32\drivers
17:21:11.694    Service scanning
17:21:31.257    Modules scanning
17:21:50.444    Disk 0 trace - called modules:
17:21:50.475    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS viaide.sys
17:21:50.475    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8560c0f0]
17:21:50.491    3 CLASSPNP.SYS[881a88b3] -> nt!IofCallDriver -> [0x84e31a70]
17:21:50.491    5 acpi.sys[8269a6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x84e23b98]
17:21:50.491    Scan finished successfully
17:22:21.819    Disk 0 MBR has been saved successfully to "C:\Users\Dimitris\Desktop\MBR.dat"
17:22:21.819    The log file has been saved successfully to "C:\Users\Dimitris\Desktop\aswMBR.txt"

[elisabeth77]

dear Dave !

a question!

how long takes for the rootrepeal to finish scan? it is over 1/2 an hour and doesn't finish yet! is there something wrong?

thanks again!!!

[elisabeth77]

dear dave i can't run rootrepeal. it starts scan but after about 7-8 minutes stops at a particular file and closes automatically.

what should i do? sould i try run it in safe mode?

please help me!!!

thank you very much!!!