Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Help needed with 'TR/Crypt.XPACK.Gen8 [trojan] [Solved]

Started by Theo Haris , Feb 11 2012 12:51 PM

  • This topic is locked This topic is locked

#1
Theo Haris
Posted 11 February 2012 - 12:51 PM

Theo Haris

    Member

  • Member
  • PipPip
  • 43 posts
Hello,

A few days ago, on February 3rd, I received a notification from Avira that there was malware in my computer. I received the same notification February 9th - I thought Avira had dealt with it. Please see it below:

Virus or unwanted program 'TR/Crypt.XPACK.Gen8 [trojan]'
detected in file 'C:\Documents and Settings\Theo Haris\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe.
Action performed: Deny access

My computer has been performing extremely slowly during the past few days - up to the point where it gets hard to work. I checked with Avira and with Malwarebytes, but no infection came up. Deleting the googletalkplugin.exe file only made it reappear.

About a year ago, I had received excellent help from this forum in dealing with malware. I thought I'd turn to you again, because it gets really hard to work these days... Any help will be much appreciated.

Thank you very much.

Here's the OTL log:

OTL logfile created on: 11/2/2012 8:15:35 μμ - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Theo Haris\Επιφάνεια εργασίας
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000408 | Country: Ελλάδα | Language: ELL | Date Format: d/M/yyyy

1022,05 Mb Total Physical Memory | 422,05 Mb Available Physical Memory | 41,29% Memory free
2,40 Gb Paging File | 1,50 Gb Available in Paging File | 62,34% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 44,37 Gb Total Space | 2,57 Gb Free Space | 5,80% Space Free | Partition Type: FAT32
Drive D: | 44,86 Gb Total Space | 2,16 Gb Free Space | 4,81% Space Free | Partition Type: FAT32

Computer Name: ACER-92EDFFD6C3 | User Name: Theo Haris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/11 20:15:18 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Theo Haris\Επιφάνεια εργασίας\OTL.exe
PRC - [2012/02/11 14:37:18 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/12/09 16:16:00 | 000,161,336 | ---- | M] (Google) -- C:\Documents and Settings\Theo Haris\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2011/10/11 15:00:34 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/10/11 15:00:22 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/10/11 15:00:10 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/10/11 15:00:10 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/04/07 14:23:34 | 002,672,600 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
PRC - [2011/01/24 13:23:14 | 000,286,000 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Firewall Plus\FWService.exe
PRC - [2010/03/26 10:13:54 | 000,136,840 | ---- | M] () -- C:\Program Files\Join Air\UIExec.exe
PRC - [2010/03/26 09:59:00 | 000,251,016 | ---- | M] () -- C:\Program Files\Join Air\AssistantServices.exe
PRC - [2009/11/28 18:57:50 | 002,381,120 | ---- | M] () -- C:\Program Files\Hide The IP 2010\AVRedirector.exe
PRC - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/11/13 09:33:54 | 000,097,128 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
PRC - [2008/04/14 18:30:36 | 001,038,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/15 12:53:16 | 000,655,688 | ---- | M] (ACTiKEY) -- C:\WINDOWS\system32\itheaSvc.EXE
PRC - [2008/02/21 11:30:44 | 000,061,440 | ---- | M] () -- C:\Program Files\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
PRC - [2006/08/31 16:52:06 | 000,118,784 | ---- | M] (Bytemobile, Inc.) -- C:\WINDOWS\system32\bmwebcfg.exe
PRC - [2005/12/01 17:38:38 | 000,458,752 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\QtZgAcer.EXE
PRC - [2005/11/25 15:59:44 | 000,212,992 | ---- | M] (Acer Inc) -- C:\Acer\Empowering Technology\ePower\epm-dm.exe
PRC - [2005/11/16 17:00:50 | 000,397,312 | ---- | M] (acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\Monitor.exe
PRC - [2005/10/24 16:45:32 | 002,462,208 | ---- | M] (Avocent Inc.) -- C:\Acer\Empowering Technology\admtray.exe
PRC - [2005/10/24 16:40:52 | 001,314,816 | ---- | M] (Avocent Inc.) -- C:\Acer\Empowering Technology\admServ.exe
PRC - [2005/10/19 09:30:16 | 000,069,632 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
PRC - [2005/01/07 16:17:16 | 000,102,491 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2003/04/18 18:06:26 | 000,008,192 | ---- | M] () -- C:\Program Files\Telecom Italia\WanMiniport1st\srvany.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/11 14:37:16 | 001,911,768 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/11/13 13:23:22 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/10/11 15:00:24 | 000,398,288 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2011/05/22 20:21:36 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2010/03/26 10:13:54 | 000,136,840 | ---- | M] () -- C:\Program Files\Join Air\UIExec.exe
MOD - [2010/03/26 09:59:00 | 000,251,016 | ---- | M] () -- C:\Program Files\Join Air\AssistantServices.exe
MOD - [2009/11/28 18:57:50 | 002,381,120 | ---- | M] () -- C:\Program Files\Hide The IP 2010\AVRedirector.exe
MOD - [2008/04/14 18:29:40 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/02/21 11:30:44 | 000,061,440 | ---- | M] () -- C:\Program Files\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
MOD - [2006/09/14 00:20:24 | 000,126,464 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2005/11/09 22:22:14 | 000,876,544 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\Libeay32.dll
MOD - [2005/11/09 22:22:14 | 000,208,965 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2005/11/09 22:22:14 | 000,053,322 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\IntStngs.dll
MOD - [2005/10/19 10:17:58 | 000,073,728 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll
MOD - [2005/09/05 16:31:56 | 000,229,472 | ---- | M] () -- C:\Acer\Empowering Technology\NetMonitor.dll
MOD - [2005/08/24 01:24:00 | 000,010,752 | ---- | M] () -- C:\WINDOWS\system32\MSNChatHook.dll
MOD - [2005/07/06 13:50:14 | 000,057,344 | ---- | M] () -- C:\Program Files\Launch Manager\HokHIDKC.dll
MOD - [2003/12/29 20:45:08 | 000,040,960 | ---- | M] () -- C:\Acer\Empowering Technology\ServiceControl.dll
MOD - [2003/04/18 18:06:26 | 000,008,192 | ---- | M] () -- C:\Program Files\Telecom Italia\WanMiniport1st\srvany.exe
MOD - [2001/10/28 17:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\prnmnt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (Pcmrome)
SRV - File not found [Disabled | Stopped] -- -- (gupdate1c998781007dfbe) Google Update Service (gupdate1c998781007dfbe)
SRV - File not found [Disabled | Stopped] -- -- (CLTNetCnService)
SRV - File not found [Disabled | Stopped] -- -- (ccSetMgr)
SRV - File not found [Disabled | Stopped] -- -- (ccPwdSvc)
SRV - File not found [Disabled | Stopped] -- -- (ccEvtMgr)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/10/11 15:00:22 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/10/11 15:00:10 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/01/24 13:23:14 | 000,286,000 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Firewall Plus\FWService.exe -- (PCToolsFirewallPlus)
SRV - [2010/06/14 15:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/03/26 09:59:00 | 000,251,016 | ---- | M] () [Auto | Running] -- C:\Program Files\Join Air\AssistantServices.exe -- (UI Assistant Service)
SRV - [2009/11/28 18:57:50 | 002,381,120 | ---- | M] () [Auto | Running] -- C:\Program Files\Hide The IP 2010\AVRedirector.exe -- (AVRedirector)
SRV - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/03/15 12:53:16 | 000,655,688 | ---- | M] (ACTiKEY) [Auto | Running] -- C:\WINDOWS\system32\itheaSvc.EXE -- (itheaService)
SRV - [2006/08/31 16:52:06 | 000,118,784 | ---- | M] (Bytemobile, Inc.) [Auto | Running] -- C:\WINDOWS\System32\bmwebcfg.exe -- (bmwebcfg)
SRV - [2005/10/24 16:40:52 | 001,314,816 | ---- | M] (Avocent Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\admServ.exe -- (AWService)
SRV - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2003/04/18 18:06:26 | 000,008,192 | ---- | M] () [Auto | Running] -- C:\Program Files\Telecom Italia\WanMiniport1st\srvany.exe -- (Network WanMiniport First Position)


========== Driver Services (SafeList) ==========

DRV - [2012/02/11 20:16:30 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/12/18 03:58:10 | 000,281,504 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2011/12/18 03:58:08 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2011/12/08 14:17:16 | 000,134,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/10/11 15:00:34 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/10/11 15:00:34 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011/03/02 12:40:54 | 000,160,576 | ---- | M] (PC Tools) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PCTAppEvent.sys -- (PCTAppEvent)
DRV - [2011/02/04 12:42:58 | 000,071,680 | ---- | M] (Notebook Hardware Control) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\nhcDriver.sys -- (nhcDriverDevice)
DRV - [2011/01/17 09:10:26 | 000,251,560 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2011/01/17 08:11:12 | 000,125,248 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctplfw.sys -- (pctplfw)
DRV - [2011/01/12 10:36:22 | 000,089,472 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctNdis-PacketFilter.sys -- (PCTFW-PacketFilter)
DRV - [2010/07/08 08:49:10 | 000,057,536 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctNdis.sys -- (pctNdisMP)
DRV - [2010/07/08 08:49:10 | 000,057,536 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pctNdis.sys -- (pctNdis)
DRV - [2010/06/17 15:14:28 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/02/26 14:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010/02/26 14:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010/02/26 14:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010/02/26 14:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009/10/29 19:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009/10/29 19:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009/10/29 19:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2009/10/29 19:28:24 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter)
DRV - [2009/10/07 10:49:50 | 000,023,832 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2009/10/07 10:49:38 | 006,756,632 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam 120(UVC)
DRV - [2009/10/07 01:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/01/06 20:07:28 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2008/09/05 21:25:04 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2006/10/16 14:45:26 | 000,088,960 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2006/08/31 16:58:22 | 000,018,560 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2006/01/04 07:46:42 | 001,420,288 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/11/17 15:45:40 | 004,069,888 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/11/09 14:45:56 | 000,013,440 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005/10/23 19:20:52 | 000,218,496 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/10/18 01:53:24 | 000,998,656 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/10/18 01:52:30 | 000,721,280 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/10/15 18:20:44 | 000,012,106 | ---- | M] (OSA Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OsaFsLoc.sys -- (OsaFsLoc)
DRV - [2005/09/29 20:11:42 | 000,078,720 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2005/09/13 15:34:40 | 000,004,392 | ---- | M] (OSA Technologies) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NdisFilt.sys -- (NdisFilt)
DRV - [2005/09/11 19:49:44 | 003,298,432 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2005/06/30 16:58:24 | 000,007,296 | ---- | M] (OSA Technologies, An Avocent Company) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\osaio.sys -- (osaio)
DRV - [2005/05/02 12:13:42 | 000,009,600 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETMNT.sys -- (NETMNT)
DRV - [2005/04/07 18:08:46 | 000,078,208 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epm-shd.sys -- (EpmShd)
DRV - [2005/01/14 15:57:16 | 000,004,010 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\osanbm.sys -- (osanbm)
DRV - [2005/01/13 14:46:16 | 000,069,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15.sys)
DRV - [2004/07/19 13:10:00 | 000,004,096 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epm-psd.sys -- (EpmPsd)
DRV - [2004/06/26 13:22:00 | 000,004,736 | ---- | M] (RDV Soft) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vncdrv.sys -- (vncdrv)
DRV - [2004/03/08 12:55:50 | 000,013,567 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2003/12/15 18:22:00 | 000,038,448 | ---- | M] (OLYMPUS OPTICAL CO.,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VNUSB.sys -- (VNUSB)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://facebook.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "https://secure.wikim...wiki/Main_Page"
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.50
FF - prefs.js..extensions.enabledItems: {3CE993BF-A3D9-4fd2-B3B6-768CBBC337F8}:0.9.6
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.2
FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.6
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.3
FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.7.5
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.5
FF - prefs.js..extensions.enabledItems: [email protected]:2.5.3
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {9c51bd27-6ed8-4000-a2bf-36cb95c0c947}:11.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.732
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2
FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.socks: ""
FF - prefs.js..network.proxy.backup.socks_port: 0
FF - prefs.js..network.proxy.backup.ssl: ""
FF - prefs.js..network.proxy.backup.ssl_port: 0
FF - prefs.js..network.proxy.ftp: "127.0.0.1"
FF - prefs.js..network.proxy.ftp_port: 7212
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 7212
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 7212
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 7212
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.46: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.23\npGoogleOneClick8.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Theo Haris\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Theo Haris\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Theo Haris\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Theo Haris\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2010/11/17 13:28:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2006/07/15 20:42:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2006/07/15 20:42:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{A89AED22-9133-424c-88E7-C8235C5FF302}: C:\Program Files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\Theo Haris\Application Data\Hide IP NG\firefox_plugin\

[2008/08/29 02:37:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Theo Haris\Application Data\Mozilla\Extensions
[2006/07/15 20:49:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Theo Haris\Application Data\Mozilla\Firefox\Profiles\ixy64s0q.default\extensions
[2012/01/10 11:29:56 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Documents and Settings\Theo Haris\Application Data\Mozilla\Firefox\Profiles\ixy64s0q.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2011/01/07 13:33:32 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Documents and Settings\Theo Haris\Application Data\Mozilla\Firefox\Profiles\ixy64s0q.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2011/11/19 15:07:30 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Theo Haris\Application Data\Mozilla\Firefox\Profiles\ixy64s0q.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012/02/11 14:37:30 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Theo Haris\Application Data\Mozilla\Firefox\Profiles\ixy64s0q.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012/01/26 20:37:42 | 000,000,000 | ---D | M] (Ghostery) -- C:\Documents and Settings\Theo Haris\Application Data\Mozilla\Firefox\Profiles\ixy64s0q.default\extensions\[email protected]
[2012/01/10 23:04:14 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Documents and Settings\Theo Haris\Application Data\Mozilla\Firefox\Profiles\ixy64s0q.default\extensions\[email protected]
[2008/11/04 20:21:56 | 000,005,179 | ---- | M] () -- C:\Documents and Settings\Theo Haris\Application Data\Mozilla\Firefox\Profiles\ixy64s0q.default\searchplugins\BitTorrent.xml
[2006/07/15 20:42:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/27 13:38:12 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
() (No name found) -- C:\DOCUMENTS AND SETTINGS\THEO HARIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\IXY64S0Q.DEFAULT\EXTENSIONS\{1280606B-2510-4FE0-97EF-9B5A22EAFE30}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\THEO HARIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\IXY64S0Q.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\THEO HARIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\IXY64S0Q.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\THEO HARIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\IXY64S0Q.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\THEO HARIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\IXY64S0Q.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI
[2012/02/11 14:37:18 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2007/01/04 02:29:08 | 000,049,152 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2005/02/13 04:43:14 | 000,000,243 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\ingr.png
[2005/02/13 05:47:44 | 000,000,357 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\ingr.src
[2011/09/30 15:40:56 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml
[2011/09/30 15:40:56 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/09/30 15:40:56 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/09/30 15:40:56 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/09/30 15:40:56 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Theo Haris\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Theo Haris\Local Settings\Application Data\Google\Chrome\Application\17.0.963.46\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Theo Haris\Local Settings\Application Data\Google\Chrome\Application\17.0.963.46\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Theo Haris\Local Settings\Application Data\Google\Chrome\Application\17.0.963.46\pdf.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Documents and Settings\Theo Haris\Application Data\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Documents and Settings\Theo Haris\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.210.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U21 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: BitTorrent (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Theo Haris\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Turn Off the Lights = C:\Documents and Settings\Theo Haris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.0.0.51_0\
CHR - Extension: WOT = C:\Documents and Settings\Theo Haris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.2.11_0\
CHR - Extension: YouTube = C:\Documents and Settings\Theo Haris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: Adblock Plus (Beta) = C:\Documents and Settings\Theo Haris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: Google Search = C:\Documents and Settings\Theo Haris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Google Maps = C:\Documents and Settings\Theo Haris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.3_0\
CHR - Extension: Gmail = C:\Documents and Settings\Theo Haris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2011/02/23 23:31:34 | 000,000,055 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 192.168.1.3 HP000D9D03EC7E
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll File not found
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {B7FC60D5-AB79-477E-96EE-5C7770EAEAB9} - No CLSID value found.
O4 - HKLM..\Run: [00PCTFW] C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe (PC Tools)
O4 - HKLM..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe (Acer Value Labs, Taiwan)
O4 - HKLM..\Run: [ADMTray.exe] C:\Acer\Empowering Technology\admtray.exe (Avocent Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
O4 - HKLM..\Run: [EPM-DM] c:\Acer\Empowering Technology\ePower\epm-dm.exe (Acer Inc)
O4 - HKLM..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe (acer Inc.)
O4 - HKLM..\Run: [GhostSurf Reminder] "C:\Program Files\GhostSurf 2005\Privacy Control Center.exe" reminder File not found
O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [UIExec] C:\Program Files\Join Air\UIExec.exe ()
O4 - HKCU..\Run: [Easy-Hide-IP] C:\Program Files\Easy-Hide-IP\easy-hide-ip.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll File not found
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\mswsock.dll File not found
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1152986441640 (MUWebControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{47117E5C-B3C0-48AB-B206-F37C47B7E0FE}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\cbXrPFXn: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop Components:0 (Τρέχουσα αρχική σελίδα) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Theo Haris\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Theo Haris\Application Data\Mozilla\Firefox\Desktop Background.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/12/20 23:33:42 | 000,000,065 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2006/01/06 07:54:00 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.FRK -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/11 20:16:28 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/02/11 20:15:03 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Theo Haris\Επιφάνεια εργασίας\OTL.exe
[2012/02/11 18:11:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Theo Haris\Επιφάνεια εργασίας\2
[2012/02/11 18:00:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Theo Haris\Επιφάνεια εργασίας\5
[2012/02/11 17:39:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Theo Haris\Επιφάνεια εργασίας\1
[2012/02/11 14:46:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Theo Haris\Start Menu\Προγράμματα\Google Chrome
[2012/02/07 19:48:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Theo Haris\Τα έγγραφά μου\Solyaris
[2012/02/06 18:17:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Theo Haris\Τα έγγραφά μου\The.Blue.Planet
[2012/02/05 16:23:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Theo Haris\Τα έγγραφά μου\Books
[2012/01/29 20:26:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Theo Haris\Επιφάνεια εργασίας\Reports
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/11 20:16:30 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/02/11 20:15:18 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Theo Haris\Επιφάνεια εργασίας\OTL.exe
[2012/02/11 15:56:20 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Theo Haris\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
[2012/02/11 14:47:24 | 000,002,209 | ---- | M] () -- C:\Documents and Settings\Theo Haris\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/02/11 14:33:08 | 000,000,537 | ---- | M] () -- C:\WINDOWS\System32\eRLog.ini
[2012/02/11 14:32:46 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/02/11 14:31:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/11 14:30:56 | 1071,763,456 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/10 23:26:02 | 000,001,232 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3454746940-2026256558-170670400-1006Core1cce127828194ea.job
[2012/02/08 21:03:24 | 000,060,416 | ---- | M] () -- C:\Documents and Settings\Theo Haris\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/06 01:16:08 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2012/02/06 01:16:06 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2012/02/01 23:27:40 | 000,000,345 | ---- | M] () -- C:\Documents and Settings\Theo Haris\Τα έγγραφά μου\Συντόμευση για το Second phase.lnk
[2012/01/31 18:03:56 | 000,573,986 | ---- | M] () -- C:\WINDOWS\System32\perfh008.dat
[2012/01/31 18:03:56 | 000,439,544 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/31 18:03:56 | 000,103,398 | ---- | M] () -- C:\WINDOWS\System32\perfc008.dat
[2012/01/31 18:03:56 | 000,070,804 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/28 19:58:14 | 000,071,317 | ---- | M] () -- C:\Documents and Settings\Theo Haris\Τα έγγραφά μου\201.jpg
[2012/01/12 23:19:02 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/11 14:47:23 | 000,002,209 | ---- | C] () -- C:\Documents and Settings\Theo Haris\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/02/01 23:27:38 | 000,000,345 | ---- | C] () -- C:\Documents and Settings\Theo Haris\Τα έγγραφά μου\Συντόμευση για το Second phase.lnk
[2012/02/01 23:21:49 | 000,001,232 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3454746940-2026256558-170670400-1006Core1cce127828194ea.job
[2012/01/28 19:58:12 | 000,071,317 | ---- | C] () -- C:\Documents and Settings\Theo Haris\Τα έγγραφά μου\201.jpg
[2011/09/15 15:17:41 | 000,180,624 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2011/07/25 04:18:56 | 000,000,273 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/03/25 18:32:12 | 000,002,072 | ---- | C] () -- C:\WINDOWS\System32\avr.ini
[2011/03/25 18:22:21 | 000,202,048 | ---- | C] () -- C:\WINDOWS\System32\AVLibrary.dll
[2011/03/25 17:51:12 | 000,000,068 | ---- | C] () -- C:\WINDOWS\MyProg.ini
[2011/03/25 17:15:28 | 000,000,362 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Setting.dat
[2011/03/25 17:15:28 | 000,000,022 | ---- | C] () -- C:\Documents and Settings\Theo Haris\Application Data\UserFlag.ini
[2011/03/09 21:10:23 | 000,004,128 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\qaynnrds.wbe
[2011/03/09 21:10:22 | 000,005,107 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\bfvtdhtf.ywx
[2011/02/23 23:28:13 | 000,068,274 | ---- | C] () -- C:\WINDOWS\hpoins05.dat
[2011/02/23 23:28:13 | 000,019,696 | ---- | C] () -- C:\WINDOWS\hpomdl05.dat
[2011/02/23 23:02:43 | 000,000,641 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2011/02/14 16:51:13 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2011/02/14 16:51:13 | 000,000,698 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2011/02/09 19:59:10 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Theo Haris\Local Settings\Application Data\housecall.guid.cache
[2010/12/06 20:03:14 | 000,011,046 | ---- | C] () -- C:\WINDOWS\scunin.dat
[2010/02/08 18:38:51 | 000,060,416 | ---- | C] () -- C:\Documents and Settings\Theo Haris\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/01 16:02:13 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\Theo Haris\Local Settings\Application Data\fusioncache.dat
[2010/01/26 23:06:44 | 000,082,289 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/01/11 20:09:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Game.INI
[2009/10/07 01:46:36 | 000,025,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2009/10/07 01:23:08 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2009/08/25 04:14:35 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\rmc_rtspdl.dll
[2009/08/20 23:51:10 | 000,758,272 | ---- | C] () -- C:\WINDOWS\System32\kcpp.dll
[2009/07/10 23:48:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2009/06/12 22:34:49 | 000,001,004 | ---- | C] () -- C:\WINDOWS\Love Potion.dat
[2009/06/12 22:04:55 | 000,000,251 | ---- | C] () -- C:\WINDOWS\MugE.ini
[2009/03/29 15:09:11 | 000,000,367 | ---- | C] () -- C:\Documents and Settings\Theo Haris\Application Data\flashfavorite.htm
[2009/02/28 16:37:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\ncvDS61.dll
[2009/02/28 16:37:36 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\ncCompress.dll
[2009/02/28 16:37:36 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ncUtil62.dll
[2009/02/28 16:37:31 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\nczlib.dll
[2009/02/28 16:37:31 | 000,053,760 | ---- | C] () -- C:\WINDOWS\System32\zlib32.dll
[2009/02/26 00:27:19 | 000,000,005 | ---- | C] () -- C:\WINDOWS\sbacknt.bin
[2009/02/14 04:29:38 | 000,112,640 | ---- | C] () -- C:\WINDOWS\lsb_un20.exe
[2008/11/02 01:23:18 | 000,000,048 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/08/29 00:10:18 | 000,281,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2008/08/29 00:10:17 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2008/07/10 01:30:59 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/05/26 22:22:52 | 000,017,986 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2008/05/26 22:22:50 | 000,022,822 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2008/05/26 22:22:48 | 000,017,066 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/04/01 00:45:25 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2008/02/08 00:59:16 | 000,241,664 | ---- | C] () -- C:\WINDOWS\NwtGatewayDLL.dll
[2008/02/08 00:59:16 | 000,001,110 | ---- | C] () -- C:\WINDOWS\NwtGatewayConfig.ini
[2007/10/25 00:40:19 | 000,002,004 | ---- | C] () -- C:\WINDOWS\IMM02D.ini
[2007/10/25 00:32:35 | 000,002,004 | ---- | C] () -- C:\WINDOWS\IMM02C.ini
[2007/10/24 23:18:19 | 000,000,187 | ---- | C] () -- C:\WINDOWS\RELATION.INI
[2007/10/24 22:55:10 | 000,002,004 | ---- | C] () -- C:\WINDOWS\IMM02B.ini
[2007/10/24 22:22:26 | 000,002,004 | ---- | C] () -- C:\WINDOWS\IMM02A.ini
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2007/04/15 14:21:23 | 000,000,683 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2007/04/11 21:12:12 | 000,001,387 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/03/10 16:09:23 | 000,000,258 | ---- | C] () -- C:\WINDOWS\QTW.ini
[2007/02/21 21:56:49 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2007/02/21 20:33:29 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\GkSui20.EXE
[2007/02/11 20:07:26 | 000,008,192 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2006/11/23 17:36:56 | 000,000,031 | ---- | C] () -- C:\WINDOWS\warhead.ini
[2006/10/13 15:18:40 | 000,108,544 | ---- | C] () -- C:\WINDOWS\System32\vbis4032.dll
[2006/10/13 15:18:31 | 000,000,082 | ---- | C] () -- C:\WINDOWS\System32\lexiko.ini
[2006/09/30 15:44:20 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2006/08/18 21:24:10 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/07/26 02:57:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2006/07/23 17:09:34 | 000,000,188 | ---- | C] () -- C:\WINDOWS\System32\eDataSecurity.dat
[2006/07/17 17:22:42 | 000,094,122 | ---- | C] () -- C:\WINDOWS\hpiins01.dat
[2006/07/17 04:06:41 | 000,000,265 | ---- | C] () -- C:\WINDOWS\scummvm.ini
[2006/07/16 00:49:43 | 000,000,319 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2006/07/16 00:39:27 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/07/16 00:34:16 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006/07/16 00:34:11 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2006/07/15 20:49:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/07/15 20:44:44 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/07/15 20:42:30 | 000,003,585 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/07/15 18:17:57 | 000,000,537 | ---- | C] () -- C:\WINDOWS\System32\eRLog.ini
[2006/07/15 18:10:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NT.INI
[2006/07/15 18:09:06 | 000,067,072 | ---- | C] () -- C:\WINDOWS\System32\HTCA_SelfExtract.bin
[2006/07/15 18:09:01 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\SC_res.dll
[2006/07/15 18:09:01 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\EN_res.dll
[2006/07/15 18:09:01 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\TC_res.dll
[2006/07/15 18:09:01 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\MSNChatHook.dll
[2006/07/15 18:09:00 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\APISlice.dll
[2006/03/16 10:42:57 | 000,589,824 | ---- | C] () -- C:\WINDOWS\AntiV.EXE
[2006/03/16 10:42:57 | 000,002,772 | ---- | C] () -- C:\WINDOWS\AntiV.INI
[2006/01/21 13:04:42 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/01/06 14:30:08 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/01/06 14:24:42 | 000,573,986 | ---- | C] () -- C:\WINDOWS\System32\perfh008.dat
[2006/01/06 14:24:42 | 000,439,544 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/01/06 14:24:42 | 000,103,398 | ---- | C] () -- C:\WINDOWS\System32\perfc008.dat
[2006/01/06 14:24:42 | 000,070,804 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/01/06 14:14:08 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2006/01/06 07:57:22 | 000,347,400 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/01/06 07:26:26 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/01/06 07:25:10 | 000,022,812 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/12/14 20:59:52 | 000,000,038 | ---- | C] () -- C:\WINDOWS\Acer.ini
[2005/12/08 02:01:06 | 000,112,425 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2005/12/01 00:24:56 | 000,037,706 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/10/21 00:58:52 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\vspxvfw.dll
[2005/09/01 16:20:46 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\vspxcore.dll
[2005/07/15 01:48:46 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2005/05/02 12:13:42 | 000,009,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\NETMNT.sys
[2005/03/28 00:45:26 | 000,000,093 | ---- | C] () -- C:\WINDOWS\ALaunch.ini
[2004/09/07 20:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/09/07 20:00:00 | 000,346,772 | ---- | C] () -- C:\WINDOWS\System32\perfi008.dat
[2004/09/07 20:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/09/07 20:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/09/07 20:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/09/07 20:00:00 | 000,040,794 | ---- | C] () -- C:\WINDOWS\System32\perfd008.dat
[2004/09/07 20:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/09/07 20:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/09/07 20:00:00 | 000,003,341 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/09/07 20:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/09/07 20:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/12/29 20:45:08 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ServiceControl.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/05/24 01:34:46 | 000,032,768 | ---- | C] () -- C:\WINDOWS\AMove.exe
[2001/12/26 15:12:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001/10/28 17:42:30 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\prnmnt.dll
[2001/09/03 22:46:38 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001/08/26 02:04:08 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/26 02:02:42 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/07/30 15:33:56 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001/07/23 21:04:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
[1996/04/03 21:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2006/07/15 18:14:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acer
[2007/02/10 01:20:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2007/02/16 03:57:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/09/21 18:46:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Emotum
[2008/01/24 23:26:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Valusoft
[2008/06/11 01:26:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugazo
[2008/09/29 14:24:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Games
[2008/10/06 23:28:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2008/10/10 22:27:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy2
[2008/12/06 23:43:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NevoSoft Games
[2009/03/14 06:06:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2009/03/14 06:12:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2009/12/17 14:10:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Final Draft
[2010/01/04 15:47:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\The Mirror Mysteries
[2010/01/10 23:00:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SulusGames
[2010/01/18 00:15:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\River Past G5
[2010/01/25 01:57:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2010/02/18 21:06:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ludia
[2010/05/29 22:55:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nifflas
[2010/08/03 18:47:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2010/09/07 19:09:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/10/11 22:57:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alawar Stargaze
[2010/11/13 15:21:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeHideIP
[2010/11/13 15:30:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Arovax
[2010/11/26 00:58:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/11/26 13:55:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/11/26 14:09:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/12/16 01:22:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Clarus
[2011/03/25 17:20:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AutoHideIP
[2011/03/25 18:21:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{9EED6215-0EA2-4F03-9B52-E6A11207F1F0}
[2011/10/22 00:32:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VSP
[2006/07/15 18:14:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\Acer
[2006/08/19 14:10:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\BitTorrent
[2006/09/30 16:11:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\Image Zone Express
[2007/01/21 21:06:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\PlayFirst
[2007/01/31 19:36:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\BSplayer
[2007/03/01 14:09:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\BSplayer Pro
[2007/05/02 14:24:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\uTorrent
[2008/01/24 23:26:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\Valusoft
[2008/02/08 00:59:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\Bytemobile
[2008/02/08 00:59:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\ICS
[2008/02/08 01:06:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\Vodafone Mobile Connect
[2008/06/11 00:01:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\Home Sweet Home
[2008/09/05 21:24:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\DAEMON Tools
[2009/03/16 21:01:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\Windows Desktop Search
[2009/03/16 21:05:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\Windows Search
[2009/06/12 21:55:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\GetRight
[2009/09/02 18:46:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\GraveyardShift
[2009/09/20 18:26:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\Flood Light Games
[2009/09/25 08:19:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\Games
[2009/12/17 14:12:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\Final Draft
[2009/12/24 12:42:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\com.adobe.example.avatarAirApplication.199ED43C2CFEB351CD0244628B93195D7C58F98C.1
[2010/01/10 23:00:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\SulusGames
[2010/01/10 23:11:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\Enlightenus
[2010/01/11 20:20:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\Orneon
[2010/01/17 21:30:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\WebCam
[2010/01/18 00:15:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\River Past G5
[2010/01/22 01:42:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\GetRightToGo
[2010/01/26 23:08:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\Leadertech
[2010/02/12 00:34:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\Free Mp3 Wma Ogg Converter
[2010/02/18 21:06:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\Ludia
[2010/05/09 04:34:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\NotMyIp
[2010/05/09 16:53:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\Hide IP NG
[2010/05/29 22:55:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\Nifflas
[2010/08/04 00:07:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\ESET
[2010/09/25 04:35:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\Big Fish Games
[2010/11/13 15:21:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\FreeHideIP
[2010/11/15 18:18:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\Dropbox
[2010/11/17 13:29:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\PC Suite
[2010/11/17 13:29:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\Nokia
[2010/11/26 14:14:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\AVG10
[2010/11/28 03:11:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\Phenomenon 32 Saves
[2010/12/15 01:26:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\.minecraft
[2011/02/04 12:42:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\Notebook Hardware Control
[2011/02/15 12:24:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\OnlineArmor
[2011/03/04 14:56:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\FileZilla
[2011/03/09 21:10:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\Ninsight
[2011/03/25 17:20:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\AutoHideIP
[2011/05/26 18:00:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\SubtitlesModifier
[2011/06/15 19:43:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\Tenebril
[2011/09/15 15:18:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\PrimoPDF
[2011/09/19 16:26:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\MediaVideoConverter Software Studio
[2011/10/22 14:21:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\PCToolsFirewallPlus

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2011/12/07 14:37:10 | 000,052,224 | ---- | M] ()(C:\Documents and Settings\Theo Haris\Τα έγγραφά μου\??????????? - ????????.doc) -- C:\Documents and Settings\Theo Haris\Τα έγγραφά μου\синопсис.doc
[2011/12/07 14:37:10 | 000,052,224 | ---- | C] ()(C:\Documents and Settings\Theo Haris\Τα έγγραφά μου\??????????? - ????????.doc) -- C:\Documents and Settings\Theo Haris\Τα έγγραφά μου\синопсис.doc
[2011/12/07 14:35:41 | 000,047,104 | ---- | C] ()(C:\Documents and Settings\Theo Haris\Τα έγγραφά μου\??????????? - ???????? english.doc) -- C:\Documents and Settings\Theo Haris\Τα έγγραφά μου\синопсис english.doc
[2011/12/07 14:35:28 | 000,047,104 | ---- | M] ()(C:\Documents and Settings\Theo Haris\Τα έγγραφά μου\??????????? - ???????? english.doc) -- C:\Documents and Settings\Theo Haris\Τα έγγραφά μου\синопсис english.doc

< End of report >

Edited by Theo Haris, 12 February 2012 - 12:20 PM.

  • 0

Advertisements

#2
Render
Posted 15 February 2012 - 05:26 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi and welcome to GeeksToGo! Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out :)

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just in case you are unable to access this site.

Please note:
  • Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply.
  • Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for us to analyse and fix your PC in the long run.
  • Please subscribe to this topic if you have not already done so. Please check back just in case, as the email system can fail at times.
  • Just because your machine is running better does not mean it is completely cleaned. Please wait for the 'all clear' from me to say when we are done.
  • Please reply within 3 days to be fair to other people asking for help.
  • Please tell me if you have your original Windows CD/DVD available
  • When in doubt, please stop and ask first. There's no harm in asking questions!

If you have since resolved the original problem you were having, I would appreciate you letting me know. If not please perform the following steps below so I can have a look at the current condition of your machine.

  • Please download aswMBR.exe to your desktop.
  • Double click the aswMBR.exe to run it.

    Posted Image
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click the Scan button to start scan.

    Posted Image
  • On completion of the scan click Save log, save it to your desktop and post in your next reply.
  • Also on Desktop there should be a file called MBR.dat after that, zip it and then attach it here

How to add an attachment to a new topic or reply
  • 0

#3
Theo Haris
Posted 15 February 2012 - 03:49 PM

Theo Haris

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
Attached File  MBR.zip   449bytes   157 downloadsDear Render,

Thank you very much for your offer to help me.

I do have the Windows CD, but my laptop's CD player has been dysfunctional for quite some time, so I can't run it...

Here is the log you requested. Attached you'll find MBR.zip. Thank you once more.


aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-15 23:02:00
-----------------------------
23:02:00.937 OS Version: Windows 5.1.2600 Service Pack 3
23:02:00.937 Number of processors: 1 586 0xD08
23:02:00.937 ComputerName: ACER-92EDFFD6C3 UserName: Theo Haris
23:02:19.890 Initialize success
23:04:42.687 AVAST engine defs: 12021501
23:04:54.343 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
23:04:54.343 Disk 0 Vendor: ST9100825A 3.06 Size: 95396MB BusType: 3
23:04:54.390 Disk 0 MBR read successfully
23:04:54.390 Disk 0 MBR scan
23:04:54.890 Disk 0 unknown MBR code
23:04:54.921 Disk 0 Partition 1 00 12 Compaq diag MSWIN4.1 3992 MB offset 63
23:04:55.109 Disk 0 Partition 2 80 (A) 0C FAT32 LBA MSWIN4.1 45449 MB offset 8177085
23:04:55.250 Disk 0 Partition 3 00 0C FAT32 LBA MSWIN4.1 45951 MB offset 101257695
23:04:55.359 Disk 0 scanning sectors +195366465
23:04:55.437 Disk 0 scanning C:\WINDOWS\system32\drivers
23:05:29.515 Service scanning
23:05:31.859 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
23:05:33.250 Modules scanning
23:06:02.406 Disk 0 trace - called modules:
23:06:02.453 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spxb.sys >>UNKNOWN [0x8718c938]<<
23:06:02.468 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x870e7ab8]
23:06:02.468 3 CLASSPNP.SYS[f75d2fd7] -> nt!IofCallDriver -> \Device\00000088[0x871009e8]
23:06:02.484 5 ACPI.sys[f7350620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x87100d98]
23:06:06.093 AVAST engine scan C:\WINDOWS
23:06:38.062 AVAST engine scan C:\WINDOWS\system32
23:11:41.687 AVAST engine scan C:\WINDOWS\system32\drivers
23:12:05.906 AVAST engine scan C:\Documents and Settings\Theo Haris
23:30:08.062 AVAST engine scan C:\Documents and Settings\All Users
23:34:24.656 Scan finished successfully
23:44:42.265 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Theo Haris\Επιφάνεια εργασίας\MBR.dat"
23:44:42.328 The log file has been saved successfully to "C:\Documents and Settings\Theo Haris\Επιφάνεια εργασίας\aswMBR.txt"

Edited by Theo Haris, 15 February 2012 - 03:51 PM.

  • 0

#4
Render
Posted 16 February 2012 - 12:45 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Posted Image Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware

Notes:
  • Do not mouse-click Combofix's window while it is running. That may cause it to stall.
  • ComboFix may reset a number of Internet Explorer's settings, including making Internet Explorer the default browser.
  • Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
  • CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
  • If you are using personal certificates I recommend you to export them before running ComboFix and save them to external media.
Please carefully follow all steps below:
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes. ComboFix will now start scanning your computer for known infections. This procedure can take some time, so please be patient.
  • When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Give it at least 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofix. Use copy/paste.

Also please describe how your computer behaves at the moment.
  • 0

#5
Theo Haris
Posted 16 February 2012 - 04:11 PM

Theo Haris

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
Dear Render,

Thank you once more for your help.

I hope I didn't screw this up, because some weird things happened. While Combofix was running, Windows decided to start update. I hope this didn't mess something up. Also, when combofix ended and the log was ready, I activated firewall and antivirus and opened firefox. Firewall told me that Cf10625.3xe tried to access the Internet and whether I trusted me. Foolishly perhaps (because it's a combofix componenet, isn't it?) I chose "Don't trust". Then, firefox couldn't enter Internet. I got a screen saying:

Your request to visit website www.geekstogo.com has been blocked. The website has been denied because the Firewall application rules are set to block this application: Cf106253xe.

I tried to unblock the application from the Firewall list, but I couldn't find it. So, to go online, I had to disable the firewall.

Other than that, my computer is running very slow, lags lots, particulary in Firefox and even more particularly when flash components are running.


Here's the log of Combofix pasted. Please note that I've changed the name of a couple of folders for personal reasons, I hope this is not a big problem.

ComboFix 12-02-16.02 - Theo Haris 16/02/2012 22:57:06.2.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1253.30.1032.18.1022.242 [GMT 2:00]
Running from: c:\documents and settings\Theo Haris\Επιφάνεια εργασίας\ComboFix.exe
AV: Avira Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: PC Tools Firewall Plus *Disabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-01-16 to 2012-02-16 )))))))))))))))))))))))))))))))
.
.
2012-02-16 17:09 . 2012-02-16 17:09 -------- d-----w- c:\windows\LastGood
2012-02-16 17:08 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-16 17:08 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\dllcache\iacenc.dll
2012-02-11 22:19 . 2012-02-11 22:19 -------- d-----w- c:\program files\VSP
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-12 17:20 . 2004-09-07 18:00 1860224 ----a-w- c:\windows\system32\win32k.sys
2011-12-18 01:58 . 2008-08-28 22:10 281504 ----a-w- c:\windows\system32\drivers\atksgt.sys
2011-12-18 01:58 . 2008-08-28 22:10 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2011-12-10 13:24 . 2011-02-13 17:31 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-08 12:17 . 2011-10-22 11:55 134856 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-11-25 21:57 . 2004-09-07 18:00 293888 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 14:40 . 2004-09-07 18:00 1859840 ------w- c:\windows\system32\_000005_.tmp.dll
2011-11-20 12:15 . 2006-07-15 21:58 98304 ----a-w- c:\windows\DUMPf9a9.tmp
2011-11-20 06:12 . 2004-09-07 18:00 61952 ----a-w- c:\windows\system32\packager.exe
2012-02-11 12:37 . 2011-08-21 14:36 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Theo Haris\Application Data\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Theo Haris\Application Data\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Theo Haris\Application Data\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2007-01-05 204288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-01-07 102491]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-01-07 692315]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-10-19 69632]
"EPM-DM"="c:\acer\Empowering Technology\ePower\epm-dm.exe" [2005-11-25 212992]
"Acer ePower Management"="c:\acer\Empowering Technology\ePower\Acer ePower Management.exe" [2005-11-09 3084288]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2005-12-01 458752]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\Monitor.exe" [2005-11-16 397312]
"ADMTray.exe"="c:\acer\Empowering Technology\admtray.exe" [2005-10-24 2462208]
"RTHDCPL"="RTHDCPL.EXE" [2005-11-17 15600128]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-08-09 81920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"UIExec"="c:\program files\Join Air\UIExec.exe" [2010-03-26 136840]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2011-04-07 2672600]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Προγράμματα^Εκκίνηση^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Προγράμματα\Εκκίνηση\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Προγράμματα^Εκκίνηση^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Προγράμματα\Εκκίνηση\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Προγράμματα^Εκκίνηση^Device Detector 2.lnk]
path=c:\documents and settings\All Users\Start Menu\Προγράμματα\Εκκίνηση\Device Detector 2.lnk
backup=c:\windows\pss\Device Detector 2.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Προγράμματα^Εκκίνηση^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Προγράμματα\Εκκίνηση\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Προγράμματα^Εκκίνηση^ID_Γρήγορη_εκκίνηση_πινακοθήκης_HP_ell.lnk]
path=c:\documents and settings\All Users\Start Menu\Προγράμματα\Εκκίνηση\ID_Γρήγορη_εκκίνηση_πινακοθήκης_HP_ell.lnk
backup=c:\windows\pss\ID_Γρήγορη_εκκίνηση_πινακοθήκης_HP_ell.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Προγράμματα^Εκκίνηση^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Προγράμματα\Εκκίνηση\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Theo Haris^Start Menu^Προγράμματα^Εκκίνηση^PowerReg Scheduler.exe]
path=c:\documents and settings\Theo Haris\Start Menu\Προγράμματα\Εκκίνηση\PowerReg Scheduler.exe
backup=c:\windows\pss\PowerReg Scheduler.exeStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 16:43 69632 ----a-w- c:\windows\Alcmtr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
2005-08-12 12:43 45056 ----a-w- c:\program files\ATI Technologies\ATI.ACE\CLI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 16:30 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-01 07:39 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 20:22 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-09-23 22:08 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-07-18 18:06 77824 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-07-18 18:10 114688 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-07-18 18:09 94208 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2004-09-07 18:00 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2009-10-14 11:36 2793304 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
2004-09-07 18:00 59392 ----a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2004-09-07 18:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2004-09-07 18:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 12:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 09:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2007-01-05 18:49 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gupdate1c998781007dfbe"=2 (0x2)
"CyberLink Media Library Service"=2 (0x2)
"CLTNetCnService"=2 (0x2)
"CLSched"=2 (0x2)
"CLCapSvc"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccEvtMgr"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Theo Haris\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Theo Haris\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=
"c:\\Documents and Settings\\Theo Haris\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [15/6/2008 6:53 μμ 717296]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [22/10/2011 1:55 μμ 36000]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [22/10/2011 2:14 μμ 251560]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [22/10/2011 1:55 μμ 86224]
R2 AVRedirector;AVRedirector;c:\program files\Hide The IP 2010\AVRedirector.exe [28/11/2009 6:57 μμ 2381120]
R2 itheaService;Service Ithea;c:\windows\system32\itheaSvc.EXE [9/3/2011 8:46 μμ 655688]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [22/10/2011 2:14 μμ 160576]
R2 UI Assistant Service;UI Assistant Service;c:\program files\Join Air\AssistantServices.exe [21/12/2010 3:14 μμ 251016]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [22/10/2011 2:13 μμ 89472]
R3 pctNdisMP;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [22/10/2011 2:13 μμ 57536]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [22/10/2011 2:12 μμ 125248]
S2 Network WanMiniport First Position;Network WanMiniport First Position;c:\program files\Telecom Italia\WanMiniport1st\srvany.exe [11/6/2009 1:47 μμ 8192]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [21/12/2010 3:14 μμ 9216]
S3 ONDAusbmdm6k;ONDA Proprietary USB Driver;c:\windows\system32\DRIVERS\ONDAusbmdm6k.sys --> c:\windows\system32\DRIVERS\ONDAusbmdm6k.sys [?]
S3 ONDAusbnet;ONDA USB-NDIS miniport;c:\windows\system32\DRIVERS\ONDAusbnet.sys --> c:\windows\system32\DRIVERS\ONDAusbnet.sys [?]
S3 ONDAusbnmea;ONDA NMEA Port;c:\windows\system32\DRIVERS\ONDAusbnmea.sys --> c:\windows\system32\DRIVERS\ONDAusbnmea.sys [?]
S3 ONDAusbser6k;ONDA Diagnostic Port;c:\windows\system32\DRIVERS\ONDAusbser6k.sys --> c:\windows\system32\DRIVERS\ONDAusbser6k.sys [?]
S3 ONDAusbvoice;ONDA VoUSB Port;c:\windows\system32\DRIVERS\ONDAusbvoice.sys --> c:\windows\system32\DRIVERS\ONDAusbvoice.sys [?]
S3 pctNdis;PC Tools Firewall Intermediate Filter Service;c:\windows\system32\drivers\pctNdis.sys [22/10/2011 2:13 μμ 57536]
S3 TMPassthruMP;TMPassthruMP;c:\windows\system32\DRIVERS\TMPassthru.sys --> c:\windows\system32\DRIVERS\TMPassthru.sys [?]
S4 gupdate1c998781007dfbe;Google Update Service (gupdate1c998781007dfbe);"c:\program files\Google\Update\GoogleUpdate.exe" /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]
S4 Pcmrome;Pcmrome; [x]
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2012-02-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3454746940-2026256558-170670400-1006Core1cce127828194ea.job
- c:\documents and settings\Theo Haris\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-02 14:11]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://facebook.com/
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: bmnet.dll
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\documents and settings\Theo Haris\Application Data\Mozilla\Firefox\Profiles\ixy64s0q.default\
FF - prefs.js: browser.startup.homepage - hxxps://secure.wikimedia.org/wikipedia/en/wiki/Main_Page
FF - prefs.js: network.proxy.ftp - 127.0.0.1
FF - prefs.js: network.proxy.ftp_port - 7212
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 7212
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 7212
FF - prefs.js: network.proxy.ssl - 127.0.0.1
FF - prefs.js: network.proxy.ssl_port - 7212
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{B7FC60D5-AB79-477E-96EE-5C7770EAEAB9} - (no file)
HKCU-Run-Easy-Hide-IP - c:\program files\Easy-Hide-IP\easy-hide-ip.exe
HKLM-Run-GhostSurf Reminder - c:\program files\GhostSurf 2005\Privacy Control Center.exe
Notify-cbXrPFXn - (no file)
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
AddRemove-{342C7C88-D335-4bc2-8CF1-281857629CE2} - c:\program files\HP\Digital Imaging\{342C7C88-D335-4bc2-8CF1-281857629CE2}\setup\hpzscr01.exe
AddRemove-{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1 - c:\program files\Spybot - Search & Destroy\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-16 23:21
Windows 5.1.2600 Service Pack 3 FAT NTAPI
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\9 ™’t*’F*’*\GK]
"SaveDataPath"="d:\\Games\\sawa2"
DUMPHIVE0.003 (REGF)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(612)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'lsass.exe'(668)
c:\windows\system32\bmnet.dll
.
Completion time: 2012-02-16 23:29:32
ComboFix-quarantined-files.txt 2012-02-16 21:29
.
Pre-Run: 21 Κατάλογοι 10.707.763.200 διαθέσιμα byte
Post-Run: 22 Κατάλογοι 12.826.705.920 διαθέσιμα byte
.
- - End Of File - - 1095B1338BB957A23F575D6D3E11E9B5
  • 0

#6
Render
Posted 16 February 2012 - 06:10 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi,

Please delete your copy of OTL.exe and do the following:

Posted Image OTL Custom Scan

  • Download OTL to your desktop.
  • Double click on the Posted Image icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top, make sure Stadard output is selected.
  • Select Scan all users
  • Under the Extra Registry section, check Use SafeList
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scans/Fixes box copy and paste this in:

    netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
userinit.exe
svchost.exe
consrv.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

  • 0

#7
Theo Haris
Posted 17 February 2012 - 04:15 AM

Theo Haris

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
Here you go. Thank you very much.


OTL logfile created on: 17/2/2012 11:56:34 πμ - Run 2
OTL by OldTimer - Version 3.2.32.0 Folder = C:\Documents and Settings\Theo Haris\Επιφάνεια εργασίας
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000408 | Country: Ελλάδα | Language: ELL | Date Format: d/M/yyyy

1022,05 Mb Total Physical Memory | 275,14 Mb Available Physical Memory | 26,92% Memory free
2,40 Gb Paging File | 1,39 Gb Available in Paging File | 57,76% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 44,37 Gb Total Space | 11,45 Gb Free Space | 25,79% Space Free | Partition Type: FAT32
Drive D: | 44,86 Gb Total Space | 2,16 Gb Free Space | 4,80% Space Free | Partition Type: FAT32
Drive K: | 3,68 Gb Total Space | 0,03 Gb Free Space | 0,81% Space Free | Partition Type: FAT32

Computer Name: ACER-92EDFFD6C3 | User Name: Theo Haris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/17 11:52:10 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Theo Haris\Επιφάνεια εργασίας\OTL.exe
PRC - [2012/02/11 14:37:18 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/10/11 15:00:34 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/10/11 15:00:22 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/10/11 15:00:10 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/10/11 15:00:10 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/04/07 14:23:34 | 002,672,600 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
PRC - [2011/01/24 13:23:14 | 000,286,000 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Firewall Plus\FWService.exe
PRC - [2010/03/26 10:13:54 | 000,136,840 | ---- | M] () -- C:\Program Files\Join Air\UIExec.exe
PRC - [2010/03/26 09:59:00 | 000,251,016 | ---- | M] () -- C:\Program Files\Join Air\AssistantServices.exe
PRC - [2009/11/28 18:57:50 | 002,381,120 | ---- | M] () -- C:\Program Files\Hide The IP 2010\AVRedirector.exe
PRC - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/04/14 18:30:36 | 001,038,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/15 12:53:16 | 000,655,688 | ---- | M] (ACTiKEY) -- C:\WINDOWS\system32\itheaSvc.EXE
PRC - [2008/02/21 11:30:44 | 000,061,440 | ---- | M] () -- C:\Program Files\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
PRC - [2006/08/31 16:52:06 | 000,118,784 | ---- | M] (Bytemobile, Inc.) -- C:\WINDOWS\system32\bmwebcfg.exe
PRC - [2005/12/01 17:38:38 | 000,458,752 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\QtZgAcer.EXE
PRC - [2005/11/25 15:59:44 | 000,212,992 | ---- | M] (Acer Inc) -- C:\Acer\Empowering Technology\ePower\epm-dm.exe
PRC - [2005/11/16 17:00:50 | 000,397,312 | ---- | M] (acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\Monitor.exe
PRC - [2005/10/24 16:45:32 | 002,462,208 | ---- | M] (Avocent Inc.) -- C:\Acer\Empowering Technology\admtray.exe
PRC - [2005/10/24 16:40:52 | 001,314,816 | ---- | M] (Avocent Inc.) -- C:\Acer\Empowering Technology\admServ.exe
PRC - [2005/10/19 09:30:16 | 000,069,632 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
PRC - [2005/01/07 16:17:16 | 000,102,491 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2003/04/18 18:06:26 | 000,008,192 | ---- | M] () -- C:\Program Files\Telecom Italia\WanMiniport1st\srvany.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/11 14:37:16 | 001,911,768 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/11/13 13:23:22 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/10/11 15:00:24 | 000,398,288 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2011/05/22 20:21:36 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2010/03/26 10:13:54 | 000,136,840 | ---- | M] () -- C:\Program Files\Join Air\UIExec.exe
MOD - [2010/03/26 09:59:00 | 000,251,016 | ---- | M] () -- C:\Program Files\Join Air\AssistantServices.exe
MOD - [2009/11/28 18:57:50 | 002,381,120 | ---- | M] () -- C:\Program Files\Hide The IP 2010\AVRedirector.exe
MOD - [2008/02/21 11:30:44 | 000,061,440 | ---- | M] () -- C:\Program Files\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
MOD - [2006/09/14 00:20:24 | 000,126,464 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2005/11/09 22:22:14 | 000,876,544 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\Libeay32.dll
MOD - [2005/11/09 22:22:14 | 000,208,965 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2005/11/09 22:22:14 | 000,053,322 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\IntStngs.dll
MOD - [2005/09/05 16:31:56 | 000,229,472 | ---- | M] () -- C:\Acer\Empowering Technology\NetMonitor.dll
MOD - [2005/08/24 01:24:00 | 000,010,752 | ---- | M] () -- C:\WINDOWS\system32\MSNChatHook.dll
MOD - [2005/07/06 13:50:14 | 000,057,344 | ---- | M] () -- C:\Program Files\Launch Manager\HokHIDKC.dll
MOD - [2003/12/29 20:45:08 | 000,040,960 | ---- | M] () -- C:\Acer\Empowering Technology\ServiceControl.dll
MOD - [2003/04/18 18:06:26 | 000,008,192 | ---- | M] () -- C:\Program Files\Telecom Italia\WanMiniport1st\srvany.exe
MOD - [2001/10/28 17:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\prnmnt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (Pcmrome)
SRV - File not found [Disabled | Stopped] -- -- (gupdate1c998781007dfbe) Google Update Service (gupdate1c998781007dfbe)
SRV - File not found [Disabled | Stopped] -- -- (CLTNetCnService)
SRV - File not found [Disabled | Stopped] -- -- (ccSetMgr)
SRV - File not found [Disabled | Stopped] -- -- (ccPwdSvc)
SRV - File not found [Disabled | Stopped] -- -- (ccEvtMgr)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/10/11 15:00:22 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/10/11 15:00:10 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/01/24 13:23:14 | 000,286,000 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Firewall Plus\FWService.exe -- (PCToolsFirewallPlus)
SRV - [2010/06/14 15:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/03/26 09:59:00 | 000,251,016 | ---- | M] () [Auto | Running] -- C:\Program Files\Join Air\AssistantServices.exe -- (UI Assistant Service)
SRV - [2009/11/28 18:57:50 | 002,381,120 | ---- | M] () [Auto | Running] -- C:\Program Files\Hide The IP 2010\AVRedirector.exe -- (AVRedirector)
SRV - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/03/15 12:53:16 | 000,655,688 | ---- | M] (ACTiKEY) [Auto | Running] -- C:\WINDOWS\system32\itheaSvc.EXE -- (itheaService)
SRV - [2006/08/31 16:52:06 | 000,118,784 | ---- | M] (Bytemobile, Inc.) [Auto | Running] -- C:\WINDOWS\System32\bmwebcfg.exe -- (bmwebcfg)
SRV - [2005/10/24 16:40:52 | 001,314,816 | ---- | M] (Avocent Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\admServ.exe -- (AWService)
SRV - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2003/04/18 18:06:26 | 000,008,192 | ---- | M] () [Auto | Running] -- C:\Program Files\Telecom Italia\WanMiniport1st\srvany.exe -- (Network WanMiniport First Position)


========== Driver Services (SafeList) ==========

DRV - [2011/12/18 03:58:10 | 000,281,504 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2011/12/18 03:58:08 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2011/12/08 14:17:16 | 000,134,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/10/11 15:00:34 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/10/11 15:00:34 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011/03/02 12:40:54 | 000,160,576 | ---- | M] (PC Tools) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PCTAppEvent.sys -- (PCTAppEvent)
DRV - [2011/02/04 12:42:58 | 000,071,680 | ---- | M] (Notebook Hardware Control) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\nhcDriver.sys -- (nhcDriverDevice)
DRV - [2011/01/17 09:10:26 | 000,251,560 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2011/01/17 08:11:12 | 000,125,248 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctplfw.sys -- (pctplfw)
DRV - [2011/01/12 10:36:22 | 000,089,472 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctNdis-PacketFilter.sys -- (PCTFW-PacketFilter)
DRV - [2010/07/08 08:49:10 | 000,057,536 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctNdis.sys -- (pctNdisMP)
DRV - [2010/07/08 08:49:10 | 000,057,536 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pctNdis.sys -- (pctNdis)
DRV - [2010/06/17 15:14:28 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/02/26 14:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010/02/26 14:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010/02/26 14:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010/02/26 14:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009/10/29 19:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009/10/29 19:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009/10/29 19:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2009/10/29 19:28:24 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter)
DRV - [2009/10/07 10:49:50 | 000,023,832 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2009/10/07 10:49:38 | 006,756,632 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam 120(UVC)
DRV - [2009/10/07 01:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/01/06 20:07:28 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2008/09/05 21:25:04 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2006/10/16 14:45:26 | 000,088,960 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2006/08/31 16:58:22 | 000,018,560 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2006/01/04 07:46:42 | 001,420,288 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/11/17 15:45:40 | 004,069,888 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/11/09 14:45:56 | 000,013,440 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005/10/23 19:20:52 | 000,218,496 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/10/18 01:53:24 | 000,998,656 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/10/18 01:52:30 | 000,721,280 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/10/15 18:20:44 | 000,012,106 | ---- | M] (OSA Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OsaFsLoc.sys -- (OsaFsLoc)
DRV - [2005/09/29 20:11:42 | 000,078,720 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2005/09/13 15:34:40 | 000,004,392 | ---- | M] (OSA Technologies) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NdisFilt.sys -- (NdisFilt)
DRV - [2005/09/11 19:49:44 | 003,298,432 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2005/06/30 16:58:24 | 000,007,296 | ---- | M] (OSA Technologies, An Avocent Company) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\osaio.sys -- (osaio)
DRV - [2005/05/02 12:13:42 | 000,009,600 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETMNT.sys -- (NETMNT)
DRV - [2005/04/07 18:08:46 | 000,078,208 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epm-shd.sys -- (EpmShd)
DRV - [2005/01/14 15:57:16 | 000,004,010 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\osanbm.sys -- (osanbm)
DRV - [2005/01/13 14:46:16 | 000,069,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15.sys)
DRV - [2004/07/19 13:10:00 | 000,004,096 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epm-psd.sys -- (EpmPsd)
DRV - [2004/06/26 13:22:00 | 000,004,736 | ---- | M] (RDV Soft) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vncdrv.sys -- (vncdrv)
DRV - [2004/03/08 12:55:50 | 000,013,567 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2003/12/15 18:22:00 | 000,038,448 | ---- | M] (OLYMPUS OPTICAL CO.,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VNUSB.sys -- (VNUSB)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3454746940-2026256558-170670400-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://facebook.com/
IE - HKU\S-1-5-21-3454746940-2026256558-170670400-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3454746940-2026256558-170670400-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "https://secure.wikim...wiki/Main_Page"
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.50
FF - prefs.js..extensions.enabledItems: {3CE993BF-A3D9-4fd2-B3B6-768CBBC337F8}:0.9.6
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.2
FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.6
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.3
FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.7.5
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.5
FF - prefs.js..extensions.enabledItems: [email protected]:2.5.3
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {9c51bd27-6ed8-4000-a2bf-36cb95c0c947}:11.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.732
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2
FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.socks: ""
FF - prefs.js..network.proxy.backup.socks_port: 0
FF - prefs.js..network.proxy.backup.ssl: ""
FF - prefs.js..network.proxy.backup.ssl_port: 0
FF - prefs.js..network.proxy.ftp: "127.0.0.1"
FF - prefs.js..network.proxy.ftp_port: 7212
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 7212
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 7212
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 7212
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.46: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.23\npGoogleOneClick8.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Theo Haris\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Theo Haris\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Theo Haris\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Theo Haris\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2010/11/17 13:28:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2006/07/15 20:42:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2006/07/15 20:42:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{A89AED22-9133-424c-88E7-C8235C5FF302}: C:\Program Files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\Theo Haris\Application Data\Hide IP NG\firefox_plugin\

[2008/08/29 02:37:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Theo Haris\Application Data\Mozilla\Extensions
[2006/07/15 20:49:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Theo Haris\Application Data\Mozilla\Firefox\Profiles\ixy64s0q.default\extensions
[2012/01/10 11:29:56 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Documents and Settings\Theo Haris\Application Data\Mozilla\Firefox\Profiles\ixy64s0q.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2011/01/07 13:33:32 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Documents and Settings\Theo Haris\Application Data\Mozilla\Firefox\Profiles\ixy64s0q.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2011/11/19 15:07:30 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Theo Haris\Application Data\Mozilla\Firefox\Profiles\ixy64s0q.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012/02/12 04:46:12 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Theo Haris\Application Data\Mozilla\Firefox\Profiles\ixy64s0q.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012/01/26 20:37:42 | 000,000,000 | ---D | M] (Ghostery) -- C:\Documents and Settings\Theo Haris\Application Data\Mozilla\Firefox\Profiles\ixy64s0q.default\extensions\[email protected]
[2012/01/10 23:04:14 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Documents and Settings\Theo Haris\Application Data\Mozilla\Firefox\Profiles\ixy64s0q.default\extensions\[email protected]
[2008/11/04 20:21:56 | 000,005,179 | ---- | M] () -- C:\Documents and Settings\Theo Haris\Application Data\Mozilla\Firefox\Profiles\ixy64s0q.default\searchplugins\BitTorrent.xml
[2006/07/15 20:42:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/27 13:38:12 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
() (No name found) -- C:\DOCUMENTS AND SETTINGS\THEO HARIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\IXY64S0Q.DEFAULT\EXTENSIONS\{1280606B-2510-4FE0-97EF-9B5A22EAFE30}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\THEO HARIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\IXY64S0Q.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\THEO HARIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\IXY64S0Q.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\THEO HARIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\IXY64S0Q.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\THEO HARIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\IXY64S0Q.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI
[2012/02/11 14:37:18 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2007/01/04 02:29:08 | 000,049,152 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2005/02/13 04:43:14 | 000,000,243 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\ingr.png
[2005/02/13 05:47:44 | 000,000,357 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\ingr.src
[2011/09/30 15:40:56 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml
[2011/09/30 15:40:56 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/09/30 15:40:56 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/09/30 15:40:56 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/09/30 15:40:56 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Theo Haris\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Theo Haris\Local Settings\Application Data\Google\Chrome\Application\17.0.963.46\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Theo Haris\Local Settings\Application Data\Google\Chrome\Application\17.0.963.46\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Theo Haris\Local Settings\Application Data\Google\Chrome\Application\17.0.963.46\pdf.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Documents and Settings\Theo Haris\Application Data\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Documents and Settings\Theo Haris\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.210.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U21 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: BitTorrent (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Theo Haris\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Turn Off the Lights = C:\Documents and Settings\Theo Haris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.0.0.51_0\
CHR - Extension: WOT = C:\Documents and Settings\Theo Haris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.2.11_0\
CHR - Extension: YouTube = C:\Documents and Settings\Theo Haris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: Adblock Plus (Beta) = C:\Documents and Settings\Theo Haris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: Google Search = C:\Documents and Settings\Theo Haris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Google Maps = C:\Documents and Settings\Theo Haris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.3_0\
CHR - Extension: Gmail = C:\Documents and Settings\Theo Haris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/02/16 23:20:52 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll File not found
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [00PCTFW] C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe (PC Tools)
O4 - HKLM..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe (Acer Value Labs, Taiwan)
O4 - HKLM..\Run: [ADMTray.exe] C:\Acer\Empowering Technology\admtray.exe (Avocent Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
O4 - HKLM..\Run: [EPM-DM] c:\Acer\Empowering Technology\ePower\epm-dm.exe (Acer Inc)
O4 - HKLM..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe (acer Inc.)
O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [UIExec] C:\Program Files\Join Air\UIExec.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3454746940-2026256558-170670400-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3454746940-2026256558-170670400-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3454746940-2026256558-170670400-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3454746940-2026256558-170670400-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll File not found
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\mswsock.dll File not found
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1152986441640 (MUWebControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{47117E5C-B3C0-48AB-B206-F37C47B7E0FE}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Τρέχουσα αρχική σελίδα) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Theo Haris\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Theo Haris\Application Data\Mozilla\Firefox\Desktop Background.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/12/20 23:33:42 | 000,000,065 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2006/01/06 07:54:00 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.FRK -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/02/17 11:52:10 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Theo Haris\Επιφάνεια εργασίας\OTL.exe
[2012/02/17 02:03:32 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Theo Haris\PrivacIE
[2012/02/17 01:13:21 | 000,000,000 | -HSD | C] -- C:\Recycled
[2012/02/16 23:55:55 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Theo Haris\IETldCache
[2012/02/16 23:42:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2012/02/16 23:41:39 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2012/02/16 23:37:26 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2012/02/16 22:53:48 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/02/16 22:53:48 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/02/16 22:53:48 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/02/16 22:53:48 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/02/16 22:53:23 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/16 22:49:42 | 004,406,022 | R--- | C] (Swearware) -- C:\Documents and Settings\Theo Haris\Επιφάνεια εργασίας\ComboFix.exe
[2012/02/16 00:09:40 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Theo Haris\Επιφάνεια εργασίας\Environmental Assessment
[2012/02/15 22:09:22 | 004,733,440 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Theo Haris\Επιφάνεια εργασίας\aswMBR.exe
[2012/02/14 20:30:49 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Theo Haris\Επιφάνεια εργασίας\Agora.2009.DVDRiP.XViD-iKA.www.USABIT.com
[2012/02/12 00:19:16 | 000,000,000 | ---D | C] -- C:\Program Files\VSP
[2012/02/11 14:46:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Theo Haris\Start Menu\Προγράμματα\Google Chrome
[2012/02/05 16:23:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Theo Haris\Τα έγγραφά μου\Kindle books
[2012/01/29 20:26:53 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Theo Haris\Επιφάνεια εργασίας\Final Reports
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/17 11:52:10 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Theo Haris\Επιφάνεια εργασίας\OTL.exe
[2012/02/17 11:33:48 | 000,000,594 | ---- | M] () -- C:\WINDOWS\System32\eRLog.ini
[2012/02/17 11:32:36 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/02/17 11:30:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/17 11:30:14 | 1071,763,456 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/16 23:56:40 | 000,000,723 | ---- | M] () -- C:\Documents and Settings\Theo Haris\Application Data\Microsoft\Internet Explorer\Quick Launch\Εκκίνηση του προγράμματος περιήγησης Internet Explorer.lnk
[2012/02/16 23:54:04 | 000,347,400 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/02/16 23:43:44 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/02/16 23:23:02 | 000,573,986 | ---- | M] () -- C:\WINDOWS\System32\perfh008.dat
[2012/02/16 23:23:02 | 000,439,544 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/02/16 23:23:02 | 000,103,398 | ---- | M] () -- C:\WINDOWS\System32\perfc008.dat
[2012/02/16 23:23:02 | 000,070,804 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/02/16 22:49:58 | 004,406,022 | R--- | M] (Swearware) -- C:\Documents and Settings\Theo Haris\Επιφάνεια εργασίας\ComboFix.exe
[2012/02/15 23:47:40 | 000,000,449 | ---- | M] () -- C:\Documents and Settings\Theo Haris\Επιφάνεια εργασίας\MBR.zip
[2012/02/15 23:44:44 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Theo Haris\Επιφάνεια εργασίας\MBR.dat
[2012/02/15 23:26:06 | 000,001,232 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3454746940-2026256558-170670400-1006Core1cce127828194ea.job
[2012/02/15 23:05:46 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Theo Haris\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
[2012/02/15 22:09:54 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Theo Haris\Επιφάνεια εργασίας\aswMBR.exe
[2012/02/15 17:20:44 | 000,064,000 | ---- | M] () -- C:\Documents and Settings\Theo Haris\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/13 22:27:52 | 009,916,134 | ---- | M] () -- C:\Documents and Settings\Theo Haris\Τα έγγραφά μου\fromartlov.rar
[2012/02/13 13:17:34 | 000,088,560 | ---- | M] () -- C:\Documents and Settings\Theo Haris\Τα έγγραφά μου\Σύνταγμα-12-Φεβρουαρίου-2012-158-620x465.jpg
[2012/02/11 20:56:38 | 000,000,710 | ---- | M] () -- C:\Documents and Settings\Theo Haris\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/02/11 14:47:24 | 000,002,209 | ---- | M] () -- C:\Documents and Settings\Theo Haris\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/02/06 01:16:08 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2012/02/06 01:16:06 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2012/02/01 23:27:40 | 000,000,345 | ---- | M] () -- C:\Documents and Settings\Theo Haris\Τα έγγραφά μου\Συντόμευση για το Second phase.lnk
[2012/01/28 19:58:14 | 000,071,317 | ---- | M] () -- C:\Documents and Settings\Theo Haris\Τα έγγραφά μου\201.jpg
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/16 23:56:39 | 000,000,723 | ---- | C] () -- C:\Documents and Settings\Theo Haris\Application Data\Microsoft\Internet Explorer\Quick Launch\Εκκίνηση του προγράμματος περιήγησης Internet Explorer.lnk
[2012/02/16 23:56:39 | 000,000,711 | ---- | C] () -- C:\Documents and Settings\Theo Haris\Start Menu\Προγράμματα\Internet Explorer.lnk
[2012/02/16 22:53:48 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/02/16 22:53:48 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/02/16 22:53:48 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/02/16 22:53:48 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/02/16 22:53:48 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/02/16 19:08:23 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/16 19:08:23 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/02/15 23:47:39 | 000,000,449 | ---- | C] () -- C:\Documents and Settings\Theo Haris\Επιφάνεια εργασίας\MBR.zip
[2012/02/15 23:44:42 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Theo Haris\Επιφάνεια εργασίας\MBR.dat
[2012/02/13 22:25:53 | 009,916,134 | ---- | C] () -- C:\Documents and Settings\Theo Haris\Τα έγγραφά μου\fromartlov.rar
[2012/02/13 13:17:32 | 000,088,560 | ---- | C] () -- C:\Documents and Settings\Theo Haris\Τα έγγραφά μου\Σύνταγμα-12-Φεβρουαρίου-2012-158-620x465.jpg
[2012/02/11 14:47:23 | 000,002,209 | ---- | C] () -- C:\Documents and Settings\Theo Haris\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/02/01 23:27:38 | 000,000,345 | ---- | C] () -- C:\Documents and Settings\Theo Haris\Τα έγγραφά μου\Συντόμευση για το Second phase.lnk
[2012/02/01 23:21:49 | 000,001,232 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3454746940-2026256558-170670400-1006Core1cce127828194ea.job
[2012/01/28 19:58:12 | 000,071,317 | ---- | C] () -- C:\Documents and Settings\Theo Haris\Τα έγγραφά μου\201.jpg
[2011/09/15 15:17:41 | 000,180,624 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2011/07/25 04:18:56 | 000,000,273 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/03/25 18:32:12 | 000,002,072 | ---- | C] () -- C:\WINDOWS\System32\avr.ini
[2011/03/25 18:22:21 | 000,202,048 | ---- | C] () -- C:\WINDOWS\System32\AVLibrary.dll
[2011/03/25 17:51:12 | 000,000,068 | ---- | C] () -- C:\WINDOWS\MyProg.ini
[2011/03/25 17:15:28 | 000,000,362 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Setting.dat
[2011/03/25 17:15:28 | 000,000,022 | ---- | C] () -- C:\Documents and Settings\Theo Haris\Application Data\UserFlag.ini
[2011/03/09 21:10:23 | 000,004,128 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\qaynnrds.wbe
[2011/03/09 21:10:22 | 000,005,107 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\bfvtdhtf.ywx
[2011/02/23 23:28:13 | 000,068,274 | ---- | C] () -- C:\WINDOWS\hpoins05.dat
[2011/02/23 23:28:13 | 000,019,696 | ---- | C] () -- C:\WINDOWS\hpomdl05.dat
[2011/02/23 23:02:43 | 000,000,641 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2011/02/14 16:51:13 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2011/02/14 16:51:13 | 000,000,698 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2011/02/09 19:59:10 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Theo Haris\Local Settings\Application Data\housecall.guid.cache
[2010/12/06 20:03:14 | 000,011,046 | ---- | C] () -- C:\WINDOWS\scunin.dat
[2010/02/08 18:38:51 | 000,064,000 | ---- | C] () -- C:\Documents and Settings\Theo Haris\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/01 16:02:13 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\Theo Haris\Local Settings\Application Data\fusioncache.dat
[2010/01/26 23:06:44 | 000,082,289 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/01/11 20:09:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Game.INI
[2009/10/07 01:46:36 | 000,025,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2009/10/07 01:23:08 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2009/08/25 04:14:35 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\rmc_rtspdl.dll
[2009/08/20 23:51:10 | 000,758,272 | ---- | C] () -- C:\WINDOWS\System32\kcpp.dll
[2009/07/10 23:48:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2009/06/12 22:34:49 | 000,001,004 | ---- | C] () -- C:\WINDOWS\Love Potion.dat
[2009/06/12 22:04:55 | 000,000,251 | ---- | C] () -- C:\WINDOWS\MugE.ini
[2009/03/29 15:09:11 | 000,000,367 | ---- | C] () -- C:\Documents and Settings\Theo Haris\Application Data\flashfavorite.htm
[2009/02/28 16:37:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\ncvDS61.dll
[2009/02/28 16:37:36 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\ncCompress.dll
[2009/02/28 16:37:36 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ncUtil62.dll
[2009/02/28 16:37:31 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\nczlib.dll
[2009/02/28 16:37:31 | 000,053,760 | ---- | C] () -- C:\WINDOWS\System32\zlib32.dll
[2009/02/26 00:27:19 | 000,000,005 | ---- | C] () -- C:\WINDOWS\sbacknt.bin
[2009/02/14 04:29:38 | 000,112,640 | ---- | C] () -- C:\WINDOWS\lsb_un20.exe
[2008/11/02 01:23:18 | 000,000,048 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/08/29 00:10:18 | 000,281,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2008/08/29 00:10:17 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2008/07/10 01:30:59 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/05/26 22:22:52 | 000,017,986 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2008/05/26 22:22:50 | 000,022,822 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2008/05/26 22:22:48 | 000,017,066 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/04/01 00:45:25 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2008/02/08 00:59:16 | 000,241,664 | ---- | C] () -- C:\WINDOWS\NwtGatewayDLL.dll
[2008/02/08 00:59:16 | 000,001,110 | ---- | C] () -- C:\WINDOWS\NwtGatewayConfig.ini
[2007/10/25 00:40:19 | 000,002,004 | ---- | C] () -- C:\WINDOWS\IMM02D.ini
[2007/10/25 00:32:35 | 000,002,004 | ---- | C] () -- C:\WINDOWS\IMM02C.ini
[2007/10/24 23:18:19 | 000,000,187 | ---- | C] () -- C:\WINDOWS\RELATION.INI
[2007/10/24 22:55:10 | 000,002,004 | ---- | C] () -- C:\WINDOWS\IMM02B.ini
[2007/10/24 22:22:26 | 000,002,004 | ---- | C] () -- C:\WINDOWS\IMM02A.ini
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2007/04/15 14:21:23 | 000,000,683 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2007/04/11 21:12:12 | 000,001,387 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/03/10 16:09:23 | 000,000,258 | ---- | C] () -- C:\WINDOWS\QTW.ini
[2007/02/21 21:56:49 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2007/02/21 20:33:29 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\GkSui20.EXE
[2007/02/11 20:07:26 | 000,008,192 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2006/11/23 17:36:56 | 000,000,031 | ---- | C] () -- C:\WINDOWS\warhead.ini
[2006/10/13 15:18:40 | 000,108,544 | ---- | C] () -- C:\WINDOWS\System32\vbis4032.dll
[2006/10/13 15:18:31 | 000,000,082 | ---- | C] () -- C:\WINDOWS\System32\lexiko.ini
[2006/09/30 15:44:20 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2006/08/18 21:24:10 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/07/26 02:57:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2006/07/23 17:09:34 | 000,000,188 | ---- | C] () -- C:\WINDOWS\System32\eDataSecurity.dat
[2006/07/17 17:22:42 | 000,094,122 | ---- | C] () -- C:\WINDOWS\hpiins01.dat
[2006/07/17 04:06:41 | 000,000,265 | ---- | C] () -- C:\WINDOWS\scummvm.ini
[2006/07/16 00:49:43 | 000,000,319 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2006/07/16 00:39:27 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/07/16 00:34:16 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006/07/16 00:34:11 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2006/07/15 20:49:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/07/15 20:44:44 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/07/15 20:42:30 | 000,003,585 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/07/15 18:17:57 | 000,000,594 | ---- | C] () -- C:\WINDOWS\System32\eRLog.ini
[2006/07/15 18:10:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NT.INI
[2006/07/15 18:09:06 | 000,067,072 | ---- | C] () -- C:\WINDOWS\System32\HTCA_SelfExtract.bin
[2006/07/15 18:09:01 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\SC_res.dll
[2006/07/15 18:09:01 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\EN_res.dll
[2006/07/15 18:09:01 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\TC_res.dll
[2006/07/15 18:09:01 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\MSNChatHook.dll
[2006/07/15 18:09:00 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\APISlice.dll
[2006/03/16 10:42:57 | 000,589,824 | ---- | C] () -- C:\WINDOWS\AntiV.EXE
[2006/03/16 10:42:57 | 000,002,772 | ---- | C] () -- C:\WINDOWS\AntiV.INI
[2006/01/21 13:04:42 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/01/06 14:30:08 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/01/06 14:24:42 | 000,573,986 | ---- | C] () -- C:\WINDOWS\System32\perfh008.dat
[2006/01/06 14:24:42 | 000,439,544 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/01/06 14:24:42 | 000,103,398 | ---- | C] () -- C:\WINDOWS\System32\perfc008.dat
[2006/01/06 14:24:42 | 000,070,804 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/01/06 14:14:08 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2006/01/06 07:57:22 | 000,347,400 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/01/06 07:26:26 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/01/06 07:25:10 | 000,022,812 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/12/14 20:59:52 | 000,000,038 | ---- | C] () -- C:\WINDOWS\Acer.ini
[2005/12/08 02:01:06 | 000,112,425 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2005/12/01 00:24:56 | 000,037,706 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/10/21 00:58:52 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\vspxvfw.dll
[2005/09/01 16:20:46 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\vspxcore.dll
[2005/07/15 01:48:46 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2005/05/02 12:13:42 | 000,009,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\NETMNT.sys
[2005/03/28 00:45:26 | 000,000,093 | ---- | C] () -- C:\WINDOWS\ALaunch.ini
[2004/09/07 20:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/09/07 20:00:00 | 000,346,772 | ---- | C] () -- C:\WINDOWS\System32\perfi008.dat
[2004/09/07 20:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/09/07 20:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/09/07 20:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/09/07 20:00:00 | 000,040,794 | ---- | C] () -- C:\WINDOWS\System32\perfd008.dat
[2004/09/07 20:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/09/07 20:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/09/07 20:00:00 | 000,003,341 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/09/07 20:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/09/07 20:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/12/29 20:45:08 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ServiceControl.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/05/24 01:34:46 | 000,032,768 | ---- | C] () -- C:\WINDOWS\AMove.exe
[2001/12/26 15:12:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001/10/28 17:42:30 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\prnmnt.dll
[2001/09/03 22:46:38 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001/08/26 02:04:08 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/26 02:02:42 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/07/30 15:33:56 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001/07/23 21:04:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
[1996/04/03 21:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2008/02/08 19:22:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\ICS
[2008/02/08 19:22:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Vodafone Mobile Connect
[2006/07/15 18:14:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acer
[2007/02/10 01:20:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2007/02/16 03:57:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/09/21 18:46:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Emotum
[2008/01/24 23:26:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Valusoft
[2008/06/11 01:26:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugazo
[2008/09/29 14:24:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Games
[2008/10/06 23:28:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2008/10/10 22:27:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy2
[2008/12/06 23:43:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NevoSoft Games
[2009/03/14 06:06:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2009/03/14 06:12:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2009/12/17 14:10:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Final Draft
[2010/01/04 15:47:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\The Mirror Mysteries
[2010/01/10 23:00:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SulusGames
[2010/01/18 00:15:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\River Past G5
[2010/01/25 01:57:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2010/02/18 21:06:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ludia
[2010/05/29 22:55:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nifflas
[2010/08/03 18:47:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2010/09/07 19:09:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/10/11 22:57:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alawar Stargaze
[2010/11/13 15:21:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeHideIP
[2010/11/13 15:30:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Arovax
[2010/11/26 00:58:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/11/26 13:55:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/11/26 14:09:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/12/16 01:22:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Clarus
[2011/03/25 17:20:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AutoHideIP
[2011/03/25 18:21:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{9EED6215-0EA2-4F03-9B52-E6A11207F1F0}
[2011/10/22 00:32:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VSP
[2008/02/08 01:01:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Bytemobile
[2011/12/23 17:12:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Dropbox
[2006/07/15 18:14:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\Acer
[2006/08/19 14:10:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\BitTorrent
[2006/09/30 16:11:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\Image Zone Express
[2007/01/21 21:06:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\PlayFirst
[2007/01/31 19:36:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\BSplayer
[2007/03/01 14:09:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\BSplayer Pro
[2007/05/02 14:24:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\uTorrent
[2008/01/24 23:26:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\Valusoft
[2008/02/08 00:59:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\Bytemobile
[2008/02/08 00:59:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\ICS
[2008/02/08 01:06:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\Vodafone Mobile Connect
[2008/06/11 00:01:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\Home Sweet Home
[2008/09/05 21:24:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\DAEMON Tools
[2009/03/16 21:01:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\Windows Desktop Search
[2009/03/16 21:05:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\Windows Search
[2009/06/12 21:55:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\GetRight
[2009/09/02 18:46:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\GraveyardShift
[2009/09/20 18:26:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\Flood Light Games
[2009/09/25 08:19:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\Games
[2009/12/17 14:12:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\Final Draft
[2009/12/24 12:42:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\com.adobe.example.avatarAirApplication.199ED43C2CFEB351CD0244628B93195D7C58F98C.1
[2010/01/10 23:00:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\SulusGames
[2010/01/10 23:11:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\Enlightenus
[2010/01/11 20:20:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\Orneon
[2010/01/17 21:30:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\WebCam Recorder
[2010/01/18 00:15:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\River Past G5
[2010/01/22 01:42:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\GetRightToGo
[2010/01/26 23:08:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\Leadertech
[2010/02/12 00:34:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\Free Mp3 Wma Ogg Converter
[2010/02/18 21:06:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\Ludia
[2010/05/09 04:34:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\NotMyIp
[2010/05/09 16:53:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\Hide IP NG
[2010/05/29 22:55:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\Nifflas
[2010/08/04 00:07:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\ESET
[2010/09/25 04:35:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\Big Fish Games
[2010/11/13 15:21:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\FreeHideIP
[2010/11/15 18:18:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\Dropbox
[2010/11/17 13:29:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\PC Suite
[2010/11/17 13:29:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\Nokia
[2010/11/26 14:14:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\AVG10
[2010/11/28 03:11:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\Phenomenon 32 Saves
[2010/12/15 01:26:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\.minecraft
[2011/02/04 12:42:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\Notebook Hardware Control
[2011/02/15 12:24:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\OnlineArmor
[2011/03/04 14:56:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\FileZilla
[2011/03/09 21:10:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\Ninsight
[2011/03/25 17:20:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\AutoHideIP
[2011/05/26 18:00:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\SubtitlesModifier
[2011/06/15 19:43:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\Tenebril
[2011/09/15 15:18:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\PrimoPDF
[2011/09/19 16:26:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\MediaVideoConverter Software Studio
[2011/10/22 14:21:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\PCToolsFirewallPlus

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2007/06/13 16:10:30 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=1DEB059FFD416425426735E6EC1CF3C0 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2008/04/14 18:30:36 | 001,038,336 | ---- | M] (Microsoft Corporation) MD5=8B93A11CDA30DD8AD9902B59BB401411 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/14 18:30:36 | 001,038,336 | ---- | M] (Microsoft Corporation) MD5=8B93A11CDA30DD8AD9902B59BB401411 -- C:\WINDOWS\explorer.exe
[2008/04/14 18:30:36 | 001,038,336 | ---- | M] (Microsoft Corporation) MD5=8B93A11CDA30DD8AD9902B59BB401411 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 16:22:20 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=AD3142E6012B955DFEF6831E6D4C19CD -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 18:31:06 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=274E9C78C12EBF74DC56B2BF64312F34 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/14 18:31:06 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=274E9C78C12EBF74DC56B2BF64312F34 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/14 18:31:06 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=274E9C78C12EBF74DC56B2BF64312F34 -- C:\WINDOWS\system32\svchost.exe
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2004/09/07 20:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=D0488D4C9C04CA3FFDA71D8A0D7959FA -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/09/07 20:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=E0EB5D17FCF2C50357E32B8A6D0799ED -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 18:31:08 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=FD570C21EC04E768DE7577CAD6081C76 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/14 18:31:08 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=FD570C21EC04E768DE7577CAD6081C76 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 18:31:08 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=FD570C21EC04E768DE7577CAD6081C76 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/09/07 20:00:00 | 000,508,416 | ---- | M] (Microsoft Corporation) MD5=5C13423B50E48732AD8DC2E6C2B25EFD -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/14 18:31:12 | 000,513,536 | ---- | M] (Microsoft Corporation) MD5=5C928CB57C89F8623608DBF5467379EE -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/14 18:31:12 | 000,513,536 | ---- | M] (Microsoft Corporation) MD5=5C928CB57C89F8623608DBF5467379EE -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 18:31:12 | 000,513,536 | ---- | M] (Microsoft Corporation) MD5=5C928CB57C89F8623608DBF5467379EE -- C:\WINDOWS\system32\winlogon.exe
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/02/11 14:37:10 | 000,834,832 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/02/11 14:37:10 | 000,834,832 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/02/11 14:37:10 | 000,834,832 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/02/11 14:37:18 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/02/11 14:37:18 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/02/11 14:37:18 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Theo Haris\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2012/01/27 10:49:34 | 001,048,560 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Theo Haris\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2012/01/27 10:49:34 | 001,048,560 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Theo Haris\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/01/27 10:49:34 | 001,048,560 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\Theo Haris\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/01/27 10:49:34 | 001,048,560 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/12/16 14:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/12/16 14:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/12/16 14:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/02/11 14:37:10 | 000,834,832 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/02/11 14:37:10 | 000,834,832 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/02/11 14:37:10 | 000,834,832 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/02/11 14:37:18 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/02/11 14:37:18 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/02/11 14:37:18 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Theo Haris\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2012/01/27 10:49:34 | 001,048,560 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Theo Haris\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2012/01/27 10:49:34 | 001,048,560 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Theo Haris\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/01/27 10:49:34 | 001,048,560 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\Theo Haris\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/01/27 10:49:34 | 001,048,560 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/12/16 14:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/12/16 14:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/12/16 14:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

========== Files - Unicode (All) ==========
[2011/12/07 14:37:10 | 000,052,224 | ---- | M] ()(C:\Documents and Settings\Theo Haris\Τα έγγραφά μου\??????????? - ????????.doc) -- C:\Documents and Settings\Theo Haris\Τα έγγραφά μου\Каподистрия - синопсис.doc
[2011/12/07 14:37:10 | 000,052,224 | ---- | C] ()(C:\Documents and Settings\Theo Haris\Τα έγγραφά μου\??????????? - ????????.doc) -- C:\Documents and Settings\Theo Haris\Τα έγγραφά μου\Каподистрия - синопсис.doc
[2011/12/07 14:35:41 | 000,047,104 | ---- | C] ()(C:\Documents and Settings\Theo Haris\Τα έγγραφά μου\??????????? - ???????? english.doc) -- C:\Documents and Settings\Theo Haris\Τα έγγραφά μου\Каподистрия - синопсис english.doc
[2011/12/07 14:35:28 | 000,047,104 | ---- | M] ()(C:\Documents and Settings\Theo Haris\Τα έγγραφά μου\??????????? - ???????? english.doc) -- C:\Documents and Settings\Theo Haris\Τα έγγραφά μου\Каподистрия - синопсис english.doc

< End of report >

OTL Extras logfile created on: 17/2/2012 11:56:34 πμ - Run 2
OTL by OldTimer - Version 3.2.32.0 Folder = C:\Documents and Settings\Theo Haris\Επιφάνεια εργασίας
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000408 | Country: Ελλάδα | Language: ELL | Date Format: d/M/yyyy

1022,05 Mb Total Physical Memory | 275,14 Mb Available Physical Memory | 26,92% Memory free
2,40 Gb Paging File | 1,39 Gb Available in Paging File | 57,76% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 44,37 Gb Total Space | 11,45 Gb Free Space | 25,79% Space Free | Partition Type: FAT32
Drive D: | 44,86 Gb Total Space | 2,16 Gb Free Space | 4,80% Space Free | Partition Type: FAT32
Drive K: | 3,68 Gb Total Space | 0,03 Gb Free Space | 0,81% Space Free | Partition Type: FAT32

Computer Name: ACER-92EDFFD6C3 | User Name: Theo Haris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-3454746940-2026256558-170670400-1006\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Υπηρεσία κοινής χρήσης δικτύου του Windows Media Player
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Υπηρεσία κοινής χρήσης δικτύου του Windows Media Player
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Υπηρεσία κοινής χρήσης δικτύου του Windows Media Player
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Υπηρεσία κοινής χρήσης δικτύου του Windows Media Player
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Υπηρεσία κοινής χρήσης δικτύου του Windows Media Player
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Υπηρεσία κοινής χρήσης δικτύου του Windows Media Player

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Υπηρεσία κοινής χρήσης δικτύου του Windows Media Player
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Υπηρεσία κοινής χρήσης δικτύου του Windows Media Player
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Υπηρεσία κοινής χρήσης δικτύου του Windows Media Player
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Υπηρεσία κοινής χρήσης δικτύου του Windows Media Player
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Υπηρεσία κοινής χρήσης δικτύου του Windows Media Player
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Υπηρεσία κοινής χρήσης δικτύου του Windows Media Player

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"C:\Documents and Settings\Theo Haris\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll" = C:\Documents and Settings\Theo Haris\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin -- (Google)
"C:\Documents and Settings\Theo Haris\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Theo Haris\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" = C:\Program Files\ATI Technologies\ATI.ACE\cli.exe:*:Enabled:CLI Application (Command Line Interface) -- (ATI Technologies Inc.)
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Logitech\Logitech Vid\Vid.exe" = C:\Program Files\Logitech\Logitech Vid\Vid.exe:*:Enabled:Logitech Vid -- (Logitech Inc.)
"C:\Documents and Settings\Theo Haris\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Theo Haris\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- ()
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{089DD780-DB3F-4CDB-A0C2-111360247298}" = PC Connectivity Solution
"{0A053D60-9267-11D5-8A2B-0050DA8B7D89}" = Planescape - Torment
"{0DC86BEC-5CE3-413A-BB61-C40A3D186B24}" = Scan
"{10F0C60A-6CF4-4D10-8B85-B5D43DCC69F5}_is1" = The Strange and Somewhat Sinister Tale of the House at Desert B
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15B70821-7893-4607-805A-BB80F3EA8279}" = Acer Empowering Technology framework
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{1B9B5B3B-28E7-4E59-A80D-D670AA984514}" = Nokia Connectivity Cable Driver
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}" = Nokia PC Suite
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{2687340C-C114-47DC-9F0E-C1BA85FEB001}" = POWERPREP II
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 21
"{281D28EC-1357-4778-B2D7-DEA56D70EF96}" = Logitech High Quality Video
"{350C9408-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{385979FE-DC4F-4140-8EAD-A59625000D72}" = NTI Backup NOW! 4
"{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = Microsoft AppLocale
"{3D9E9EB7-B14F-4AE4-8C1F-1AD4CF3093BE}" = Microsoft .NET Framework 1.1 Greek Language Pack
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{45235788-142C-44BE-8A4D-DDE9A84492E5}" = AGEIA PhysX v7.09.13
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AFC0F3B-0678-44F5-A70C-FACE61310F27}" = Enhancer
"{4F0C7CCF-5666-474B-B02E-AC514A95EC93}" = NVIDIA GAME System Software 2.8.1
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{50897E53-4A8B-4C0C-81C0-DCFA6893C753}" = Hide The IP 2010
"{5421155F-B033-49DB-9B33-8F80F233D4D5}" = GdiplusUpgrade
"{5469D537-9B44-4c78-BF2D-5F9807564F74}" = HP PSC & OfficeJet 4.7
"{5607C1B8-DA2B-31D0-93A6-968D8C23A944}" = Microsoft .NET Framework 3.5 Language Pack SP1 - ell
"{57481C12-C102-395A-8BC3-941F2D79A114}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - ELL
"{57D9FDCA-B3DF-4637-902F-857B56FF8273}" = STELLA 9.0.1
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{591C113C-8D3B-4FEC-AF5E-36F0DFEEA8C0}" = Cooking Academy
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5EFDFC8B-D438-4792-A298-E87AA9ADA816}" = Acer eDataSecurity Management
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63A6E9A9-A190-46D4-9430-2DB28654AFD8}" = Norton 360
"{655CB07D-C944-40BE-B93F-55957CAC7625}" = AiO_Scan
"{6AA26B7C-7C26-33B4-88DD-431CB7C94742}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - ELL
"{6CA897D0-67F5-4F75-8261-DC8BFCA6DA42}" = Acer eLock Management
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78D62D17-D970-42DA-B8CF-5E5576293B33}" = Final Draft 7
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{86ACFE52-BE3A-4E54-840F-D031339825AD}" = ATI Catalyst Control Center
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{901F0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Proofing Tools
"{9977BB98-D0E6-4850-A3BF-2BD8CFB9D794}" = Βοηθός εισόδου του Windows Live
"{9A18357B-5DA5-4F33-8037-19E528DD2F5B}" = isee Player 9.0.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A589DA26-51BD-475D-8C32-E19E34145842}" = Camtasia Studio 6
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9D65D46-3708-4F5B-9117-0199C7098D11}" = WanMiniport1st
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = Join Air
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CCF13D13-A87B-34E8-B689-1896D0C2DBA2}" = Google Talk Plugin
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2784EF8-89B9-4992-935B-389F225AD377}" = Vodafone Mobile Connect
"{D458BBDC-0363-42E0-8FF9-4736E3CB3CA2}" = Acer Screensaver
"{DB8CEC42-30B1-4F49-BD06-9393EB81CCF7}" = SPSS 13.0 for Windows
"{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}" = ccCommon
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
"{DEE08946-40F0-4890-853E-60A6C3306041}" = Acer ePerformance Management
"{E38BC648-883B-4EE5-966C-94C4B7AB3E0B}" = Acer eSettings Management
"{E431C518-2EE2-471E-9234-BE995C36D513}" = Acer eDataSecurity Management 1.00.23
"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton AntiVirus Parent MSI
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EA4FA30B-7321-4428-90E9-28B088EC8DC9}" = Runtime 8.0 Libraries
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4E74C05-CD77-4422-B5BB-E82693EE2FA3}" = iSpQ VideoChat 8.0
"{FB91E774-867B-4567-ACE7-8144EF036068}" = Olympus Digital Wave Player
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"34EA302E7F4CBD17A19E33BBCB72363234956D7E" = Πακέτο προγραμμάτων οδήγησης των Windows - Nokia Modem (06/09/2010 4.5)
"504244733D18C8F63FF584AEB290E3904E791693" = Πακέτο προγραμμάτων οδήγησης των Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"All ATI Software" = ATI - Βοηθητικό πρόγραμμα απεγκατάστασης λογισμικού
"ATI Display Driver" = ATI Display Driver
"Avira AntiVir Desktop" = Avira Free Antivirus
"Ayato 2.0_is1" = Ayato 3 version 1.2.0.730
"BFGC" = Big Fish Games: Game Manager
"BFG-Cooking Dash" = Cooking Dash
"BFG-Home Sweet Home" = Home Sweet Home
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_AcrS009E" = HDAUDIO Soft Data Fax Modem with SmartCP
"Cooking Academy 2 World Cuisine1.0.1" = Cooking Academy 2 World Cuisine
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"EEEE705096F837B7907659F100C9FE6DA001970F" = Πακέτο προγραμμάτων οδήγησης των Windows - Nokia Modem (06/09/2010 7.01.0.7)
"ePresentation" = Acer ePresentation Management
"Farm Craft1.0.5" = Farm Craft
"Farm Frenzy 2_is1" = Farm Frenzy 2
"Farm Mania1.0" = Farm Mania
"FileZilla Client" = FileZilla Client 3.5.0
"GridVista" = Acer GridVista
"Hide The IP 2010" = Hide The IP 2010
"Hot Dish 2 Cross Country Cook-off 1.00" = Hot Dish 2 Cross Country Cook-off 1.00
"HP Photo & Imaging" = HP Image Zone 4.7
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{15B70821-7893-4607-805A-BB80F3EA8279}" = Acer Empowering Technology framework
"InstallShield_{385979FE-DC4F-4140-8EAD-A59625000D72}" = NTI Backup NOW! 4
"InstallShield_{6CA897D0-67F5-4F75-8261-DC8BFCA6DA42}" = Acer eLock Management
"InstallShield_{DEE08946-40F0-4890-853E-60A6C3306041}" = Acer ePerformance Management
"InstallShield_{E38BC648-883B-4EE5-966C-94C4B7AB3E0B}" = Acer eSettings Management
"KLiteCodecPack_is1" = K-Lite Codec Pack 2.72 Full
"LHTTSENG" = L&H TTS3000 British English
"LManager" = Launch Manager
"lvdrivers_12.10" = Πακέτο προγράμματος οδήγησης του Logitech Webcam Software
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"MediaVideoConverter Video Converter" = mediAvatar Video Converter
"MEL" = MEL
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - ell" = Πακέτο γλώσσας του Microsoft .NET Framework 3.5 SP1 - ELL
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 10.0.1 (x86 en-GB)" = Mozilla Firefox 10.0.1 (x86 en-GB)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia PC Suite" = Nokia PC Suite
"PC Tools Firewall Plus" = PC Tools Firewall Plus 7.0
"ProInst" = Intel® PROSet/Wireless Software
"RealPlayer 6.0" = RealPlayer
"Recuva" = Recuva (remove only)
"Simtegra.MapSys.1.5_is1" = MapSys 1.5
"Starcraft" = Starcraft
"Subtitles modifier_is1" = Subtitles modifier 2.96
"SymSetup.{C6F5B6CF-609C-428E-876F-CA83176C021B}" = Norton AntiVirus 2005 (Symantec Corporation)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"The Rosetta Stone" = The Rosetta Stone
"uTorrent" = µTorrent
"VisualSubSync" = VisualSubSync (remove only)
"VLC media player" = VLC media player 0.9.8a
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
"Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3454746940-2026256558-170670400-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/2/2012 9:20:34 πμ | Computer Name = ACER-92EDFFD6C3 | Source = Application Error | ID = 1000
Description = Ελαττωματική εφαρμογή wordconv.exe, έκδοση 12.0.6500.5000, ελαττωματική
λειτουργική μονάδα unknown, έκδοση 0.0.0.0, ελαττωματική διεύθυνση 0x31265c4b.

Error - 5/2/2012 5:48:35 μμ | Computer Name = ACER-92EDFFD6C3 | Source = WmiAdapter | ID = 4099
Description = Το άνοιγμα υπηρεσίας απέτυχε.

Error - 8/2/2012 6:32:05 πμ | Computer Name = ACER-92EDFFD6C3 | Source = WmiAdapter | ID = 4099
Description = Το άνοιγμα υπηρεσίας απέτυχε.

Error - 8/2/2012 3:04:03 μμ | Computer Name = ACER-92EDFFD6C3 | Source = Application Error | ID = 1000
Description = Ελαττωματική εφαρμογή explorer.exe, έκδοση 6.0.2900.5512, ελαττωματική
λειτουργική μονάδα emzdecmp4_h263.dll, έκδοση 2.9.0.0, ελαττωματική διεύθυνση 0x00002847.

Error - 9/2/2012 6:07:17 πμ | Computer Name = ACER-92EDFFD6C3 | Source = WmiAdapter | ID = 4099
Description = Το άνοιγμα υπηρεσίας απέτυχε.

Error - 13/2/2012 1:30:03 μμ | Computer Name = ACER-92EDFFD6C3 | Source = PerfNet | ID = 2004
Description = Δεν είναι δυνατό το άνοιγμα της υπηρεσίας διακομιστή. Δεν θα επιστραφούν
δεδομένα
για τις επιδόσεις του διακομιστή. Ο κωδικός σφάλματος που επιστράφηκε βρίσκεται
στα δεδομένα DWORD 0.

Error - 14/2/2012 2:00:14 μμ | Computer Name = ACER-92EDFFD6C3 | Source = PerfNet | ID = 2005
Description = Δεν είναι δυνατή η ανάγνωση των δεδομένων για τις επιδόσεις της υπηρεσίας
διακομιστή. Δεν θα επιστραφούν δεδομένα για τις επιδόσεις διακομιστή σε αυτό το
δείγμα. Ο κωδικός σφάλματος που επιστράφηκε βρίσκεται στα δεδομένα DWORD 0, η IOSB.Status
έχει την τιμή DWORD 1 και η IOSB.Information έχει την τιμή DWORD 2.

Error - 14/2/2012 2:00:14 μμ | Computer Name = ACER-92EDFFD6C3 | Source = PerfNet | ID = 2006
Description = Δεν είναι δυνατή η ανάγνωση των δεδομένων για τις επιδόσεις ουράς
διακομιστή από την υπηρεσία διακομιστή. Δεν θα επιστραφούν δεδομένα για τις επιδόσεις
της ουράς διακομιστή σε αυτό το δείγμα. Ο κωδικός σφάλματος που επιστράφηκε βρίσκεται
στα δεδομένα DWORD 0, η IOSB.Status έχει την τιμή DWORD 1 και η IOSB.Information
έχει την τιμή DWORD 2.

Error - 15/2/2012 7:58:09 πμ | Computer Name = ACER-92EDFFD6C3 | Source = Application Error | ID = 1000
Description = Ελαττωματική εφαρμογή wordconv.exe, έκδοση 12.0.6500.5000, ελαττωματική
λειτουργική μονάδα unknown, έκδοση 0.0.0.0, ελαττωματική διεύθυνση 0x31265c4b.

Error - 15/2/2012 11:21:08 πμ | Computer Name = ACER-92EDFFD6C3 | Source = Application Error | ID = 1000
Description = Ελαττωματική εφαρμογή explorer.exe, έκδοση 6.0.2900.5512, ελαττωματική
λειτουργική μονάδα emzdecmp4_h263.dll, έκδοση 2.9.0.0, ελαττωματική διεύθυνση 0x00002847.

[ System Events ]
Error - 16/2/2012 1:04:03 μμ | Computer Name = ACER-92EDFFD6C3 | Source = Service Control Manager | ID = 7026
Description = Απέτυχε η φόρτωση των ακόλουθων προγραμμάτων οδήγησης της εκκίνησης
του υπολογιστή ή της εκκίνησης του συστήματος: nhcDriverDevice

Error - 16/2/2012 4:53:12 μμ | Computer Name = ACER-92EDFFD6C3 | Source = Service Control Manager | ID = 7034
Description = Η λειτουργία της υπηρεσίας Process Monitor τερματίστηκε αναπάντεχα.
Αυτό συνέβη 1 φορά(ές).

Error - 16/2/2012 4:55:34 μμ | Computer Name = ACER-92EDFFD6C3 | Source = Service Control Manager | ID = 7031
Description = Η υπηρεσία Υπηρεσία κοινής χρήσης δικτύου του Windows Media Player
τερματίστηκε απροσδόκητα. Αυτό έχει συμβεί 1 φορές. Θα εκτελεστεί η ακόλουθη
διορθωτική κίνηση σε 30000 χιλιοστά του δευτερολέπτου: Επανεκκίνηση της υπηρεσίας.

Error - 16/2/2012 4:56:43 μμ | Computer Name = ACER-92EDFFD6C3 | Source = Service Control Manager | ID = 7034
Description = Η λειτουργία της υπηρεσίας Network WanMiniport First Position τερματίστηκε
αναπάντεχα. Αυτό συνέβη 1 φορά(ές).

Error - 16/2/2012 4:56:46 μμ | Computer Name = ACER-92EDFFD6C3 | Source = Service Control Manager | ID = 7031
Description = Η υπηρεσία Υπηρεσία κοινής χρήσης δικτύου του Windows Media Player
τερματίστηκε απροσδόκητα. Αυτό έχει συμβεί 1 φορές. Θα εκτελεστεί η ακόλουθη
διορθωτική κίνηση σε 30000 χιλιοστά του δευτερολέπτου: Επανεκκίνηση της υπηρεσίας.

Error - 16/2/2012 5:08:11 μμ | Computer Name = ACER-92EDFFD6C3 | Source = Service Control Manager | ID = 7031
Description = Η υπηρεσία Υπηρεσία κοινής χρήσης δικτύου του Windows Media Player
τερματίστηκε απροσδόκητα. Αυτό έχει συμβεί 1 φορές. Θα εκτελεστεί η ακόλουθη
διορθωτική κίνηση σε 30000 χιλιοστά του δευτερολέπτου: Επανεκκίνηση της υπηρεσίας.

Error - 16/2/2012 5:09:26 μμ | Computer Name = ACER-92EDFFD6C3 | Source = Service Control Manager | ID = 7031
Description = Η υπηρεσία Υπηρεσία κοινής χρήσης δικτύου του Windows Media Player
τερματίστηκε απροσδόκητα. Αυτό έχει συμβεί 1 φορές. Θα εκτελεστεί η ακόλουθη
διορθωτική κίνηση σε 30000 χιλιοστά του δευτερολέπτου: Επανεκκίνηση της υπηρεσίας.

Error - 16/2/2012 5:56:06 μμ | Computer Name = ACER-92EDFFD6C3 | Source = Service Control Manager | ID = 7026
Description = Απέτυχε η φόρτωση των ακόλουθων προγραμμάτων οδήγησης της εκκίνησης
του υπολογιστή ή της εκκίνησης του συστήματος: nhcDriverDevice

Error - 16/2/2012 9:19:38 μμ | Computer Name = ACER-92EDFFD6C3 | Source = Service Control Manager | ID = 7011
Description = Χρονικό όριο αναμονής (30000 χιλιοστά του δευτερολέπτου) για απόκριση
συναλλαγής από την υπηρεσία Schedule.

Error - 17/2/2012 5:33:14 πμ | Computer Name = ACER-92EDFFD6C3 | Source = Service Control Manager | ID = 7026
Description = Απέτυχε η φόρτωση των ακόλουθων προγραμμάτων οδήγησης της εκκίνησης
του υπολογιστή ή της εκκίνησης του συστήματος: nhcDriverDevice


< End of report >
  • 0

#8
Render
Posted 17 February 2012 - 04:40 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
We need to run an OTL Fix

Warning This fix is only relevant for this system and no other, using on another computer may cause problems.

  • Please double click on Posted Image on your Desktop (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
  • Under the Custom Scans/Fixes box copy and paste this in (Please carefully select all text in code box beginning with : ):

    :OTL
FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.socks: ""
FF - prefs.js..network.proxy.backup.socks_port: 0
FF - prefs.js..network.proxy.backup.ssl: ""
FF - prefs.js..network.proxy.backup.ssl_port: 0
FF - prefs.js..network.proxy.ftp: "127.0.0.1"
FF - prefs.js..network.proxy.ftp_port: 7212
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 7212
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 7212
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 7212
FF - prefs.js..network.proxy.type: 0
  	
:Files
ipconfig /flushdns /c
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C

:Reg

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYJAVA]
[emptyflash]
[createrestorepoint]
[reboot]
  • Make sure all other windows are closed and to let it run uninterrupted.
  • Click on Posted Image button.
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click on Posted Image button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#9
Theo Haris
Posted 17 February 2012 - 08:12 PM

Theo Haris

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
Dear Render,

Here is the Fix log:

All processes killed
========== OTL ==========
Prefs.js: "" removed from network.proxy.backup.ftp
Prefs.js: 0 removed from network.proxy.backup.ftp_port
Prefs.js: "" removed from network.proxy.backup.socks
Prefs.js: 0 removed from network.proxy.backup.socks_port
Prefs.js: "" removed from network.proxy.backup.ssl
Prefs.js: 0 removed from network.proxy.backup.ssl_port
Prefs.js: "127.0.0.1" removed from network.proxy.ftp
Prefs.js: 7212 removed from network.proxy.ftp_port
Prefs.js: "127.0.0.1" removed from network.proxy.http
Prefs.js: 7212 removed from network.proxy.http_port
Prefs.js: true removed from network.proxy.share_proxy_settings
Prefs.js: "127.0.0.1" removed from network.proxy.socks
Prefs.js: 7212 removed from network.proxy.socks_port
Prefs.js: "127.0.0.1" removed from network.proxy.ssl
Prefs.js: 7212 removed from network.proxy.ssl_port
Prefs.js: 0 removed from network.proxy.type
========== FILES ==========
< ipconfig /flushdns /c >
Ρύθμιση παραμέτρων IP των Windows
Πέτυχε η εκκένωση της μνήμης cache Ανάλυσης DNS.
C:\Documents and Settings\Theo Haris\Επιφάνεια εργασίας\cmd.bat deleted successfully.
C:\Documents and Settings\Theo Haris\Επιφάνεια εργασίας\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >
€¤« š¨α­ž΅˜¤ 0 ˜¨®œε˜
C:\Documents and Settings\Theo Haris\Επιφάνεια εργασίας\cmd.bat deleted successfully.
C:\Documents and Settings\Theo Haris\Επιφάνεια εργασίας\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >
€¤« š¨α­ž΅˜¤ 0 ˜¨®œε˜
C:\Documents and Settings\Theo Haris\Επιφάνεια εργασίας\cmd.bat deleted successfully.
C:\Documents and Settings\Theo Haris\Επιφάνεια εργασίας\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >
€¤« š¨α­ž΅˜¤ 0 ˜¨®œε˜
C:\Documents and Settings\Theo Haris\Επιφάνεια εργασίας\cmd.bat deleted successfully.
C:\Documents and Settings\Theo Haris\Επιφάνεια εργασίας\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >
€¤« š¨α­ž΅˜¤ 0 ˜¨®œε˜
C:\Documents and Settings\Theo Haris\Επιφάνεια εργασίας\cmd.bat deleted successfully.
C:\Documents and Settings\Theo Haris\Επιφάνεια εργασίας\cmd.txt deleted successfully.
========== REGISTRY ==========
========== COMMANDS ==========
HOSTS file reset successfully

[EMPTYTEMP]

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 49286 bytes

User: Theo Haris
->Temp folder emptied: 1784563 bytes
->Temporary Internet Files folder emptied: 124330388 bytes
->Java cache emptied: 1624110 bytes
->FireFox cache emptied: 86542569 bytes
->Google Chrome cache emptied: 115037512 bytes
->Flash cache emptied: 8199933 bytes

User: Favorites

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 98304 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 109744 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 53162 bytes

Total Files Cleaned = 322,00 mb


[EMPTYJAVA]

User: Default User

User: All Users

User: NetworkService

User: LocalService

User: Theo Haris
->Java cache emptied: 0 bytes

User: Favorites

Total Java Files Cleaned = 0,00 mb


[EMPTYFLASH]

User: Default User
->Flash cache emptied: 0 bytes

User: All Users

User: NetworkService

User: LocalService

User: Theo Haris
->Flash cache emptied: 0 bytes

User: Favorites

Total Flash Files Cleaned = 0,00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.32.0 log created on 02182012_035523

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...



And here is the Quick Scan log:

OTL logfile created on: 18/2/2012 4:02:49 πμ - Run 3
OTL by OldTimer - Version 3.2.32.0 Folder = C:\Documents and Settings\Theo Haris\Επιφάνεια εργασίας
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000408 | Country: Ελλάδα | Language: ELL | Date Format: d/M/yyyy

1022,05 Mb Total Physical Memory | 409,70 Mb Available Physical Memory | 40,09% Memory free
2,40 Gb Paging File | 1,86 Gb Available in Paging File | 77,68% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 44,37 Gb Total Space | 11,71 Gb Free Space | 26,40% Space Free | Partition Type: FAT32
Drive D: | 44,86 Gb Total Space | 2,16 Gb Free Space | 4,80% Space Free | Partition Type: FAT32

Computer Name: ACER-92EDFFD6C3 | User Name: Theo Haris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/17 11:52:10 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Theo Haris\Επιφάνεια εργασίας\OTL.exe
PRC - [2011/10/11 15:00:34 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/10/11 15:00:22 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/10/11 15:00:10 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/10/11 15:00:10 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/04/07 14:23:34 | 002,672,600 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
PRC - [2011/01/24 13:23:14 | 000,286,000 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Firewall Plus\FWService.exe
PRC - [2010/03/26 10:13:54 | 000,136,840 | ---- | M] () -- C:\Program Files\Join Air\UIExec.exe
PRC - [2010/03/26 09:59:00 | 000,251,016 | ---- | M] () -- C:\Program Files\Join Air\AssistantServices.exe
PRC - [2009/11/28 18:57:50 | 002,381,120 | ---- | M] () -- C:\Program Files\Hide The IP 2010\AVRedirector.exe
PRC - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/04/14 18:30:36 | 001,038,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/15 12:53:16 | 000,655,688 | ---- | M] (ACTiKEY) -- C:\WINDOWS\system32\itheaSvc.EXE
PRC - [2008/02/21 11:30:44 | 000,061,440 | ---- | M] () -- C:\Program Files\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
PRC - [2006/08/31 16:52:06 | 000,118,784 | ---- | M] (Bytemobile, Inc.) -- C:\WINDOWS\system32\bmwebcfg.exe
PRC - [2005/12/01 17:38:38 | 000,458,752 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\QtZgAcer.EXE
PRC - [2005/11/25 15:59:44 | 000,212,992 | ---- | M] (Acer Inc) -- C:\Acer\Empowering Technology\ePower\epm-dm.exe
PRC - [2005/11/16 17:00:50 | 000,397,312 | ---- | M] (acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\Monitor.exe
PRC - [2005/10/24 16:45:32 | 002,462,208 | ---- | M] (Avocent Inc.) -- C:\Acer\Empowering Technology\admtray.exe
PRC - [2005/10/24 16:40:52 | 001,314,816 | ---- | M] (Avocent Inc.) -- C:\Acer\Empowering Technology\admServ.exe
PRC - [2005/10/19 09:30:16 | 000,069,632 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
PRC - [2005/01/07 16:17:16 | 000,102,491 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2003/04/18 18:06:26 | 000,008,192 | ---- | M] () -- C:\Program Files\Telecom Italia\WanMiniport1st\srvany.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/11 15:00:24 | 000,398,288 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2010/03/26 10:13:54 | 000,136,840 | ---- | M] () -- C:\Program Files\Join Air\UIExec.exe
MOD - [2010/03/26 09:59:00 | 000,251,016 | ---- | M] () -- C:\Program Files\Join Air\AssistantServices.exe
MOD - [2009/11/28 18:57:50 | 002,381,120 | ---- | M] () -- C:\Program Files\Hide The IP 2010\AVRedirector.exe
MOD - [2008/02/21 11:30:44 | 000,061,440 | ---- | M] () -- C:\Program Files\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
MOD - [2005/11/09 22:22:14 | 000,876,544 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\Libeay32.dll
MOD - [2005/11/09 22:22:14 | 000,208,965 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2005/11/09 22:22:14 | 000,053,322 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\IntStngs.dll
MOD - [2005/09/05 16:31:56 | 000,229,472 | ---- | M] () -- C:\Acer\Empowering Technology\NetMonitor.dll
MOD - [2005/08/24 01:24:00 | 000,010,752 | ---- | M] () -- C:\WINDOWS\system32\MSNChatHook.dll
MOD - [2005/07/06 13:50:14 | 000,057,344 | ---- | M] () -- C:\Program Files\Launch Manager\HokHIDKC.dll
MOD - [2003/12/29 20:45:08 | 000,040,960 | ---- | M] () -- C:\Acer\Empowering Technology\ServiceControl.dll
MOD - [2003/04/18 18:06:26 | 000,008,192 | ---- | M] () -- C:\Program Files\Telecom Italia\WanMiniport1st\srvany.exe
MOD - [2001/10/28 17:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\prnmnt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (Pcmrome)
SRV - File not found [Disabled | Stopped] -- -- (gupdate1c998781007dfbe) Google Update Service (gupdate1c998781007dfbe)
SRV - File not found [Disabled | Stopped] -- -- (CLTNetCnService)
SRV - File not found [Disabled | Stopped] -- -- (ccSetMgr)
SRV - File not found [Disabled | Stopped] -- -- (ccPwdSvc)
SRV - File not found [Disabled | Stopped] -- -- (ccEvtMgr)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/10/11 15:00:22 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/10/11 15:00:10 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/01/24 13:23:14 | 000,286,000 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Firewall Plus\FWService.exe -- (PCToolsFirewallPlus)
SRV - [2010/06/14 15:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/03/26 09:59:00 | 000,251,016 | ---- | M] () [Auto | Running] -- C:\Program Files\Join Air\AssistantServices.exe -- (UI Assistant Service)
SRV - [2009/11/28 18:57:50 | 002,381,120 | ---- | M] () [Auto | Running] -- C:\Program Files\Hide The IP 2010\AVRedirector.exe -- (AVRedirector)
SRV - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/03/15 12:53:16 | 000,655,688 | ---- | M] (ACTiKEY) [Auto | Running] -- C:\WINDOWS\system32\itheaSvc.EXE -- (itheaService)
SRV - [2006/08/31 16:52:06 | 000,118,784 | ---- | M] (Bytemobile, Inc.) [Auto | Running] -- C:\WINDOWS\System32\bmwebcfg.exe -- (bmwebcfg)
SRV - [2005/10/24 16:40:52 | 001,314,816 | ---- | M] (Avocent Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\admServ.exe -- (AWService)
SRV - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2003/04/18 18:06:26 | 000,008,192 | ---- | M] () [Auto | Running] -- C:\Program Files\Telecom Italia\WanMiniport1st\srvany.exe -- (Network WanMiniport First Position)


========== Driver Services (SafeList) ==========

DRV - [2012/02/18 01:05:30 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/12/18 03:58:10 | 000,281,504 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2011/12/18 03:58:08 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2011/10/11 15:00:34 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/10/11 15:00:34 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011/03/02 12:40:54 | 000,160,576 | ---- | M] (PC Tools) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PCTAppEvent.sys -- (PCTAppEvent)
DRV - [2011/02/04 12:42:58 | 000,071,680 | ---- | M] (Notebook Hardware Control) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\nhcDriver.sys -- (nhcDriverDevice)
DRV - [2011/01/17 09:10:26 | 000,251,560 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2011/01/17 08:11:12 | 000,125,248 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctplfw.sys -- (pctplfw)
DRV - [2011/01/12 10:36:22 | 000,089,472 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctNdis-PacketFilter.sys -- (PCTFW-PacketFilter)
DRV - [2010/07/08 08:49:10 | 000,057,536 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctNdis.sys -- (pctNdisMP)
DRV - [2010/07/08 08:49:10 | 000,057,536 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pctNdis.sys -- (pctNdis)
DRV - [2010/06/17 15:14:28 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/02/26 14:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010/02/26 14:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010/02/26 14:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010/02/26 14:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009/10/29 19:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009/10/29 19:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009/10/29 19:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2009/10/29 19:28:24 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter)
DRV - [2009/10/07 10:49:50 | 000,023,832 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2009/10/07 10:49:38 | 006,756,632 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam 120(UVC)
DRV - [2009/10/07 01:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/01/06 20:07:28 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2008/09/05 21:25:04 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2006/10/16 14:45:26 | 000,088,960 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2006/08/31 16:58:22 | 000,018,560 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2006/01/04 07:46:42 | 001,420,288 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/11/17 15:45:40 | 004,069,888 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/11/09 14:45:56 | 000,013,440 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005/10/23 19:20:52 | 000,218,496 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/10/18 01:53:24 | 000,998,656 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/10/18 01:52:30 | 000,721,280 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/10/15 18:20:44 | 000,012,106 | ---- | M] (OSA Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OsaFsLoc.sys -- (OsaFsLoc)
DRV - [2005/09/29 20:11:42 | 000,078,720 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2005/09/13 15:34:40 | 000,004,392 | ---- | M] (OSA Technologies) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NdisFilt.sys -- (NdisFilt)
DRV - [2005/09/11 19:49:44 | 003,298,432 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2005/06/30 16:58:24 | 000,007,296 | ---- | M] (OSA Technologies, An Avocent Company) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\osaio.sys -- (osaio)
DRV - [2005/05/02 12:13:42 | 000,009,600 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETMNT.sys -- (NETMNT)
DRV - [2005/04/07 18:08:46 | 000,078,208 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epm-shd.sys -- (EpmShd)
DRV - [2005/01/14 15:57:16 | 000,004,010 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\osanbm.sys -- (osanbm)
DRV - [2005/01/13 14:46:16 | 000,069,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15.sys)
DRV - [2004/07/19 13:10:00 | 000,004,096 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epm-psd.sys -- (EpmPsd)
DRV - [2004/06/26 13:22:00 | 000,004,736 | ---- | M] (RDV Soft) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vncdrv.sys -- (vncdrv)
DRV - [2004/03/08 12:55:50 | 000,013,567 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2003/12/15 18:22:00 | 000,038,448 | ---- | M] (OLYMPUS OPTICAL CO.,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VNUSB.sys -- (VNUSB)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://facebook.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "https://secure.wikim...wiki/Main_Page"
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.50
FF - prefs.js..extensions.enabledItems: {3CE993BF-A3D9-4fd2-B3B6-768CBBC337F8}:0.9.6
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.2
FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.6
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.3
FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.7.5
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.5
FF - prefs.js..extensions.enabledItems: [email protected]:2.5.3
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {9c51bd27-6ed8-4000-a2bf-36cb95c0c947}:11.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.732
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2
FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: ""
FF - prefs.js..network.proxy.backup.socks: ""
FF - prefs.js..network.proxy.backup.socks_port: ""
FF - prefs.js..network.proxy.backup.ssl: ""
FF - prefs.js..network.proxy.backup.ssl_port: ""
FF - prefs.js..network.proxy.ftp: ""
FF - prefs.js..network.proxy.ftp_port: ""
FF - prefs.js..network.proxy.http: ""
FF - prefs.js..network.proxy.http_port: ""
FF - prefs.js..network.proxy.share_proxy_settings: ""
FF - prefs.js..network.proxy.socks: ""
FF - prefs.js..network.proxy.socks_port: ""
FF - prefs.js..network.proxy.ssl: ""
FF - prefs.js..network.proxy.ssl_port: ""
FF - prefs.js..network.proxy.type: ""

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.46: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.23\npGoogleOneClick8.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Theo Haris\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Theo Haris\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Theo Haris\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Theo Haris\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2010/11/17 13:28:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2006/07/15 20:42:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2006/07/15 20:42:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{A89AED22-9133-424c-88E7-C8235C5FF302}: C:\Program Files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\Theo Haris\Application Data\Hide IP NG\firefox_plugin\

[2008/08/29 02:37:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Theo Haris\Application Data\Mozilla\Extensions
[2006/07/15 20:49:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Theo Haris\Application Data\Mozilla\Firefox\Profiles\ixy64s0q.default\extensions
[2012/01/10 11:29:56 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Documents and Settings\Theo Haris\Application Data\Mozilla\Firefox\Profiles\ixy64s0q.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2011/01/07 13:33:32 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Documents and Settings\Theo Haris\Application Data\Mozilla\Firefox\Profiles\ixy64s0q.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2011/11/19 15:07:30 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Theo Haris\Application Data\Mozilla\Firefox\Profiles\ixy64s0q.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012/02/12 04:46:12 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Theo Haris\Application Data\Mozilla\Firefox\Profiles\ixy64s0q.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012/01/26 20:37:42 | 000,000,000 | ---D | M] (Ghostery) -- C:\Documents and Settings\Theo Haris\Application Data\Mozilla\Firefox\Profiles\ixy64s0q.default\extensions\[email protected]
[2012/01/10 23:04:14 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Documents and Settings\Theo Haris\Application Data\Mozilla\Firefox\Profiles\ixy64s0q.default\extensions\[email protected]
[2008/11/04 20:21:56 | 000,005,179 | ---- | M] () -- C:\Documents and Settings\Theo Haris\Application Data\Mozilla\Firefox\Profiles\ixy64s0q.default\searchplugins\BitTorrent.xml
[2006/07/15 20:42:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/27 13:38:12 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
() (No name found) -- C:\DOCUMENTS AND SETTINGS\THEO HARIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\IXY64S0Q.DEFAULT\EXTENSIONS\{1280606B-2510-4FE0-97EF-9B5A22EAFE30}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\THEO HARIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\IXY64S0Q.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\THEO HARIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\IXY64S0Q.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\THEO HARIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\IXY64S0Q.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\THEO HARIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\IXY64S0Q.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI
[2012/02/18 03:44:34 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2007/01/04 02:29:08 | 000,049,152 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2005/02/13 04:43:14 | 000,000,243 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\ingr.png
[2005/02/13 05:47:44 | 000,000,357 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\ingr.src
[2011/09/30 15:40:56 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml
[2011/09/30 15:40:56 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/09/30 15:40:56 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/09/30 15:40:56 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/09/30 15:40:56 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Theo Haris\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Theo Haris\Local Settings\Application Data\Google\Chrome\Application\17.0.963.46\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Theo Haris\Local Settings\Application Data\Google\Chrome\Application\17.0.963.46\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Theo Haris\Local Settings\Application Data\Google\Chrome\Application\17.0.963.46\pdf.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Documents and Settings\Theo Haris\Application Data\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Documents and Settings\Theo Haris\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.210.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U21 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: BitTorrent (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Theo Haris\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Turn Off the Lights = C:\Documents and Settings\Theo Haris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.0.0.51_0\
CHR - Extension: WOT = C:\Documents and Settings\Theo Haris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.2.11_0\
CHR - Extension: YouTube = C:\Documents and Settings\Theo Haris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: Adblock Plus (Beta) = C:\Documents and Settings\Theo Haris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: Google Search = C:\Documents and Settings\Theo Haris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Google Maps = C:\Documents and Settings\Theo Haris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.3_0\
CHR - Extension: Gmail = C:\Documents and Settings\Theo Haris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/02/18 03:55:32 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll File not found
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [00PCTFW] C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe (PC Tools)
O4 - HKLM..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe (Acer Value Labs, Taiwan)
O4 - HKLM..\Run: [ADMTray.exe] C:\Acer\Empowering Technology\admtray.exe (Avocent Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
O4 - HKLM..\Run: [EPM-DM] c:\Acer\Empowering Technology\ePower\epm-dm.exe (Acer Inc)
O4 - HKLM..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe (acer Inc.)
O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [UIExec] C:\Program Files\Join Air\UIExec.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll File not found
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\mswsock.dll File not found
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1152986441640 (MUWebControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{47117E5C-B3C0-48AB-B206-F37C47B7E0FE}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Τρέχουσα αρχική σελίδα) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Theo Haris\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Theo Haris\Application Data\Mozilla\Firefox\Desktop Background.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/12/20 23:33:42 | 000,000,065 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2006/01/06 07:54:00 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.FRK -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/18 03:50:09 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/02/18 02:51:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2012/02/17 11:52:10 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Theo Haris\Επιφάνεια εργασίας\OTL.exe
[2012/02/17 02:03:32 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Theo Haris\PrivacIE
[2012/02/17 01:13:21 | 000,000,000 | -HSD | C] -- C:\Recycled
[2012/02/16 23:55:55 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Theo Haris\IETldCache
[2012/02/16 23:42:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2012/02/16 23:37:26 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2012/02/16 22:53:48 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/02/16 22:53:48 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/02/16 22:53:48 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/02/16 22:53:48 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/02/16 22:53:23 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/16 22:49:42 | 004,406,022 | R--- | C] (Swearware) -- C:\Documents and Settings\Theo Haris\Επιφάνεια εργασίας\ComboFix.exe
[2012/02/16 00:09:40 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Theo Haris\Επιφάνεια εργασίας\Environmental Assessment
[2012/02/15 22:09:22 | 004,733,440 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Theo Haris\Επιφάνεια εργασίας\aswMBR.exe
[2012/02/14 20:30:49 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Theo Haris\Επιφάνεια εργασίας\Agora.2009.DVDRiP.XViD-iKA.www.USABIT.com
[2012/02/11 14:46:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Theo Haris\Start Menu\Προγράμματα\Google Chrome
[2012/02/05 16:23:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Theo Haris\Τα έγγραφά μου\Kindle books
[2012/01/29 20:26:53 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Theo Haris\Επιφάνεια εργασίας\Final Reports

========== Files - Modified Within 30 Days ==========

[2012/02/18 04:02:08 | 000,000,537 | ---- | M] () -- C:\WINDOWS\System32\eRLog.ini
[2012/02/18 04:01:36 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/02/18 03:59:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/18 03:59:44 | 1071,763,456 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/18 03:15:44 | 000,064,000 | ---- | M] () -- C:\Documents and Settings\Theo Haris\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/18 01:13:10 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Theo Haris\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
[2012/02/18 01:05:30 | 000,137,416 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2012/02/17 11:52:10 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Theo Haris\Επιφάνεια εργασίας\OTL.exe
[2012/02/16 23:56:40 | 000,000,723 | ---- | M] () -- C:\Documents and Settings\Theo Haris\Application Data\Microsoft\Internet Explorer\Quick Launch\Εκκίνηση του προγράμματος περιήγησης Internet Explorer.lnk
[2012/02/16 23:54:04 | 000,347,400 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/02/16 23:43:44 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/02/16 23:23:02 | 000,573,986 | ---- | M] () -- C:\WINDOWS\System32\perfh008.dat
[2012/02/16 23:23:02 | 000,439,544 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/02/16 23:23:02 | 000,103,398 | ---- | M] () -- C:\WINDOWS\System32\perfc008.dat
[2012/02/16 23:23:02 | 000,070,804 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/02/16 22:49:58 | 004,406,022 | R--- | M] (Swearware) -- C:\Documents and Settings\Theo Haris\Επιφάνεια εργασίας\ComboFix.exe
[2012/02/15 23:47:40 | 000,000,449 | ---- | M] () -- C:\Documents and Settings\Theo Haris\Επιφάνεια εργασίας\MBR.zip
[2012/02/15 23:44:44 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Theo Haris\Επιφάνεια εργασίας\MBR.dat
[2012/02/15 23:26:06 | 000,001,232 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3454746940-2026256558-170670400-1006Core1cce127828194ea.job
[2012/02/15 22:09:54 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Theo Haris\Επιφάνεια εργασίας\aswMBR.exe
[2012/02/13 22:27:52 | 009,916,134 | ---- | M] () -- C:\Documents and Settings\Theo Haris\Τα έγγραφά μου\fromartlov.rar
[2012/02/13 13:17:34 | 000,088,560 | ---- | M] () -- C:\Documents and Settings\Theo Haris\Τα έγγραφά μου\Σύνταγμα-12-Φεβρουαρίου-2012-158-620x465.jpg
[2012/02/11 20:56:38 | 000,000,710 | ---- | M] () -- C:\Documents and Settings\Theo Haris\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/02/11 14:47:24 | 000,002,209 | ---- | M] () -- C:\Documents and Settings\Theo Haris\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/02/06 01:16:08 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2012/02/06 01:16:06 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2012/02/01 23:27:40 | 000,000,345 | ---- | M] () -- C:\Documents and Settings\Theo Haris\Τα έγγραφά μου\Συντόμευση για το Second phase.lnk
[2012/01/28 19:58:14 | 000,071,317 | ---- | M] () -- C:\Documents and Settings\Theo Haris\Τα έγγραφά μου\201.jpg

========== Files Created - No Company Name ==========

[2012/02/16 23:56:39 | 000,000,723 | ---- | C] () -- C:\Documents and Settings\Theo Haris\Application Data\Microsoft\Internet Explorer\Quick Launch\Εκκίνηση του προγράμματος περιήγησης Internet Explorer.lnk
[2012/02/16 23:56:39 | 000,000,711 | ---- | C] () -- C:\Documents and Settings\Theo Haris\Start Menu\Προγράμματα\Internet Explorer.lnk
[2012/02/16 22:53:48 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/02/16 22:53:48 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/02/16 22:53:48 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/02/16 22:53:48 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/02/16 22:53:48 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/02/16 19:08:23 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/16 19:08:23 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/02/15 23:47:39 | 000,000,449 | ---- | C] () -- C:\Documents and Settings\Theo Haris\Επιφάνεια εργασίας\MBR.zip
[2012/02/15 23:44:42 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Theo Haris\Επιφάνεια εργασίας\MBR.dat
[2012/02/13 22:25:53 | 009,916,134 | ---- | C] () -- C:\Documents and Settings\Theo Haris\Τα έγγραφά μου\fromartlov.rar
[2012/02/13 13:17:32 | 000,088,560 | ---- | C] () -- C:\Documents and Settings\Theo Haris\Τα έγγραφά μου\Σύνταγμα-12-Φεβρουαρίου-2012-158-620x465.jpg
[2012/02/11 14:47:23 | 000,002,209 | ---- | C] () -- C:\Documents and Settings\Theo Haris\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/02/01 23:27:38 | 000,000,345 | ---- | C] () -- C:\Documents and Settings\Theo Haris\Τα έγγραφά μου\Συντόμευση για το Second phase.lnk
[2012/02/01 23:21:49 | 000,001,232 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3454746940-2026256558-170670400-1006Core1cce127828194ea.job
[2012/01/28 19:58:12 | 000,071,317 | ---- | C] () -- C:\Documents and Settings\Theo Haris\Τα έγγραφά μου\201.jpg
[2011/09/15 15:17:41 | 000,180,624 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2011/07/25 04:18:56 | 000,000,273 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/03/25 18:32:12 | 000,002,072 | ---- | C] () -- C:\WINDOWS\System32\avr.ini
[2011/03/25 18:22:21 | 000,202,048 | ---- | C] () -- C:\WINDOWS\System32\AVLibrary.dll
[2011/03/25 17:51:12 | 000,000,068 | ---- | C] () -- C:\WINDOWS\MyProg.ini
[2011/03/25 17:15:28 | 000,000,362 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Setting.dat
[2011/03/25 17:15:28 | 000,000,022 | ---- | C] () -- C:\Documents and Settings\Theo Haris\Application Data\UserFlag.ini
[2011/03/09 21:10:23 | 000,004,128 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\qaynnrds.wbe
[2011/03/09 21:10:22 | 000,005,107 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\bfvtdhtf.ywx
[2011/02/23 23:28:13 | 000,068,274 | ---- | C] () -- C:\WINDOWS\hpoins05.dat
[2011/02/23 23:28:13 | 000,019,696 | ---- | C] () -- C:\WINDOWS\hpomdl05.dat
[2011/02/23 23:02:43 | 000,000,641 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2011/02/14 16:51:13 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2011/02/14 16:51:13 | 000,000,698 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2011/02/09 19:59:10 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Theo Haris\Local Settings\Application Data\housecall.guid.cache
[2010/12/06 20:03:14 | 000,011,046 | ---- | C] () -- C:\WINDOWS\scunin.dat
[2010/02/08 18:38:51 | 000,064,000 | ---- | C] () -- C:\Documents and Settings\Theo Haris\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/01 16:02:13 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\Theo Haris\Local Settings\Application Data\fusioncache.dat
[2010/01/26 23:06:44 | 000,082,289 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/01/11 20:09:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Game.INI
[2009/10/07 01:46:36 | 000,025,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2009/10/07 01:23:08 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2009/08/25 04:14:35 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\rmc_rtspdl.dll
[2009/08/20 23:51:10 | 000,758,272 | ---- | C] () -- C:\WINDOWS\System32\kcpp.dll
[2009/07/10 23:48:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2009/06/12 22:34:49 | 000,001,004 | ---- | C] () -- C:\WINDOWS\Love Potion.dat
[2009/06/12 22:04:55 | 000,000,251 | ---- | C] () -- C:\WINDOWS\MugE.ini
[2009/03/29 15:09:11 | 000,000,367 | ---- | C] () -- C:\Documents and Settings\Theo Haris\Application Data\flashfavorite.htm
[2009/02/28 16:37:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\ncvDS61.dll
[2009/02/28 16:37:36 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\ncCompress.dll
[2009/02/28 16:37:36 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ncUtil62.dll
[2009/02/28 16:37:31 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\nczlib.dll
[2009/02/28 16:37:31 | 000,053,760 | ---- | C] () -- C:\WINDOWS\System32\zlib32.dll
[2009/02/26 00:27:19 | 000,000,005 | ---- | C] () -- C:\WINDOWS\sbacknt.bin
[2009/02/14 04:29:38 | 000,112,640 | ---- | C] () -- C:\WINDOWS\lsb_un20.exe
[2008/11/02 01:23:18 | 000,000,048 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/08/29 00:10:18 | 000,281,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2008/08/29 00:10:17 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2008/07/10 01:30:59 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/05/26 22:22:52 | 000,017,986 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2008/05/26 22:22:50 | 000,022,822 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2008/05/26 22:22:48 | 000,017,066 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/04/01 00:45:25 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2008/02/08 00:59:16 | 000,241,664 | ---- | C] () -- C:\WINDOWS\NwtGatewayDLL.dll
[2008/02/08 00:59:16 | 000,001,110 | ---- | C] () -- C:\WINDOWS\NwtGatewayConfig.ini
[2007/10/25 00:40:19 | 000,002,004 | ---- | C] () -- C:\WINDOWS\IMM02D.ini
[2007/10/25 00:32:35 | 000,002,004 | ---- | C] () -- C:\WINDOWS\IMM02C.ini
[2007/10/24 23:18:19 | 000,000,187 | ---- | C] () -- C:\WINDOWS\RELATION.INI
[2007/10/24 22:55:10 | 000,002,004 | ---- | C] () -- C:\WINDOWS\IMM02B.ini
[2007/10/24 22:22:26 | 000,002,004 | ---- | C] () -- C:\WINDOWS\IMM02A.ini
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2007/04/15 14:21:23 | 000,000,683 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2007/04/11 21:12:12 | 000,001,387 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/03/10 16:09:23 | 000,000,258 | ---- | C] () -- C:\WINDOWS\QTW.ini
[2007/02/21 21:56:49 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2007/02/21 20:33:29 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\GkSui20.EXE
[2007/02/11 20:07:26 | 000,008,192 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2006/11/23 17:36:56 | 000,000,031 | ---- | C] () -- C:\WINDOWS\warhead.ini
[2006/10/13 15:18:40 | 000,108,544 | ---- | C] () -- C:\WINDOWS\System32\vbis4032.dll
[2006/10/13 15:18:31 | 000,000,082 | ---- | C] () -- C:\WINDOWS\System32\lexiko.ini
[2006/09/30 15:44:20 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2006/08/18 21:24:10 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/07/26 02:57:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2006/07/23 17:09:34 | 000,000,188 | ---- | C] () -- C:\WINDOWS\System32\eDataSecurity.dat
[2006/07/17 17:22:42 | 000,094,122 | ---- | C] () -- C:\WINDOWS\hpiins01.dat
[2006/07/17 04:06:41 | 000,000,265 | ---- | C] () -- C:\WINDOWS\scummvm.ini
[2006/07/16 00:49:43 | 000,000,319 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2006/07/16 00:39:27 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/07/16 00:34:16 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006/07/16 00:34:11 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2006/07/15 20:49:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/07/15 20:44:44 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/07/15 20:42:30 | 000,003,585 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/07/15 18:17:57 | 000,000,537 | ---- | C] () -- C:\WINDOWS\System32\eRLog.ini
[2006/07/15 18:10:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NT.INI
[2006/07/15 18:09:06 | 000,067,072 | ---- | C] () -- C:\WINDOWS\System32\HTCA_SelfExtract.bin
[2006/07/15 18:09:01 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\SC_res.dll
[2006/07/15 18:09:01 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\EN_res.dll
[2006/07/15 18:09:01 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\TC_res.dll
[2006/07/15 18:09:01 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\MSNChatHook.dll
[2006/07/15 18:09:00 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\APISlice.dll
[2006/03/16 10:42:57 | 000,589,824 | ---- | C] () -- C:\WINDOWS\AntiV.EXE
[2006/03/16 10:42:57 | 000,002,772 | ---- | C] () -- C:\WINDOWS\AntiV.INI
[2006/01/21 13:04:42 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/01/06 14:30:08 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/01/06 14:24:42 | 000,573,986 | ---- | C] () -- C:\WINDOWS\System32\perfh008.dat
[2006/01/06 14:24:42 | 000,439,544 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/01/06 14:24:42 | 000,103,398 | ---- | C] () -- C:\WINDOWS\System32\perfc008.dat
[2006/01/06 14:24:42 | 000,070,804 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/01/06 14:14:08 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2006/01/06 07:57:22 | 000,347,400 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/01/06 07:26:26 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/01/06 07:25:10 | 000,022,812 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/12/14 20:59:52 | 000,000,038 | ---- | C] () -- C:\WINDOWS\Acer.ini
[2005/12/08 02:01:06 | 000,112,425 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2005/12/01 00:24:56 | 000,037,706 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/10/21 00:58:52 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\vspxvfw.dll
[2005/09/01 16:20:46 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\vspxcore.dll
[2005/07/15 01:48:46 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2005/05/02 12:13:42 | 000,009,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\NETMNT.sys
[2005/03/28 00:45:26 | 000,000,093 | ---- | C] () -- C:\WINDOWS\ALaunch.ini
[2004/09/07 20:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/09/07 20:00:00 | 000,346,772 | ---- | C] () -- C:\WINDOWS\System32\perfi008.dat
[2004/09/07 20:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/09/07 20:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/09/07 20:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/09/07 20:00:00 | 000,040,794 | ---- | C] () -- C:\WINDOWS\System32\perfd008.dat
[2004/09/07 20:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/09/07 20:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/09/07 20:00:00 | 000,003,341 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/09/07 20:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/09/07 20:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/12/29 20:45:08 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ServiceControl.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/05/24 01:34:46 | 000,032,768 | ---- | C] () -- C:\WINDOWS\AMove.exe
[2001/12/26 15:12:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001/10/28 17:42:30 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\prnmnt.dll
[2001/09/03 22:46:38 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001/08/26 02:04:08 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/26 02:02:42 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/07/30 15:33:56 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001/07/23 21:04:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
[1996/04/03 21:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2006/07/15 18:14:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acer
[2007/02/10 01:20:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2007/02/16 03:57:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/09/21 18:46:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Emotum
[2008/01/24 23:26:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Valusoft
[2008/06/11 01:26:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugazo
[2008/09/29 14:24:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Games
[2008/10/06 23:28:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2008/10/10 22:27:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy2
[2008/12/06 23:43:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NevoSoft Games
[2009/03/14 06:06:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2009/03/14 06:12:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2009/12/17 14:10:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Final Draft
[2010/01/04 15:47:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\The Mirror Mysteries
[2010/01/10 23:00:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SulusGames
[2010/01/18 00:15:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\River Past G5
[2010/01/25 01:57:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2010/02/18 21:06:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ludia
[2010/05/29 22:55:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nifflas
[2010/08/03 18:47:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2010/09/07 19:09:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/10/11 22:57:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alawar Stargaze
[2010/11/13 15:21:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeHideIP
[2010/11/13 15:30:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Arovax
[2010/11/26 00:58:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/11/26 13:55:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/11/26 14:09:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/12/16 01:22:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Clarus
[2011/03/25 17:20:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AutoHideIP
[2011/03/25 18:21:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{9EED6215-0EA2-4F03-9B52-E6A11207F1F0}
[2011/10/22 00:32:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VSP
[2006/07/15 18:14:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\Acer
[2006/08/19 14:10:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\BitTorrent
[2006/09/30 16:11:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\Image Zone Express
[2007/01/21 21:06:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\PlayFirst
[2007/01/31 19:36:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\BSplayer
[2007/03/01 14:09:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\BSplayer Pro
[2007/05/02 14:24:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\uTorrent
[2008/01/24 23:26:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\Valusoft
[2008/02/08 00:59:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\Bytemobile
[2008/02/08 00:59:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\ICS
[2008/02/08 01:06:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\Vodafone Mobile Connect
[2008/06/11 00:01:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\Home Sweet Home
[2008/09/05 21:24:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\DAEMON Tools
[2009/03/16 21:01:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\Windows Desktop Search
[2009/03/16 21:05:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\Windows Search
[2009/06/12 21:55:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\GetRight
[2009/09/02 18:46:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\GraveyardShift
[2009/09/20 18:26:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\Flood Light Games
[2009/09/25 08:19:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\Games
[2009/12/17 14:12:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\Final Draft
[2009/12/24 12:42:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\com.adobe.example.avatarAirApplication.199ED43C2CFEB351CD0244628B93195D7C58F98C.1
[2010/01/10 23:00:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\SulusGames
[2010/01/10 23:11:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\Enlightenus
[2010/01/11 20:20:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\Orneon
[2010/01/17 21:30:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\WebCam Recorder
[2010/01/18 00:15:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\River Past G5
[2010/01/22 01:42:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\GetRightToGo
[2010/01/26 23:08:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\Leadertech
[2010/02/12 00:34:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\Free Mp3 Wma Ogg Converter
[2010/02/18 21:06:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\Ludia
[2010/05/09 04:34:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\NotMyIp
[2010/05/09 16:53:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\Hide IP NG
[2010/05/29 22:55:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\Nifflas
[2010/08/04 00:07:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\ESET
[2010/09/25 04:35:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\Big Fish Games
[2010/11/13 15:21:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\FreeHideIP
[2010/11/15 18:18:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\Dropbox
[2010/11/17 13:29:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\PC Suite
[2010/11/17 13:29:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\Nokia
[2010/11/26 14:14:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\AVG10
[2010/11/28 03:11:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\Phenomenon 32 Saves
[2010/12/15 01:26:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\.minecraft
[2011/02/04 12:42:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\Notebook Hardware Control
[2011/02/15 12:24:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\OnlineArmor
[2011/03/04 14:56:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\FileZilla
[2011/03/09 21:10:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\Ninsight
[2011/03/25 17:20:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\AutoHideIP
[2011/05/26 18:00:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\SubtitlesModifier
[2011/06/15 19:43:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\Tenebril
[2011/09/15 15:18:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\PrimoPDF
[2011/09/19 16:26:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\MediaVideoConverter Software Studio
[2011/10/22 14:21:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theo Haris\Application Data\PCToolsFirewallPlus

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2011/12/07 14:37:10 | 000,052,224 | ---- | M] ()(C:\Documents and Settings\Theo Haris\Τα έγγραφά μου\??????????? - ????????.doc) -- C:\Documents and Settings\Theo Haris\Τα έγγραφά μου\синопсис.doc
[2011/12/07 14:37:10 | 000,052,224 | ---- | C] ()(C:\Documents and Settings\Theo Haris\Τα έγγραφά μου\??????????? - ????????.doc) -- C:\Documents and Settings\Theo Haris\Τα έγγραφά μου\синопсис.doc
[2011/12/07 14:35:41 | 000,047,104 | ---- | C] ()(C:\Documents and Settings\Theo Haris\Τα έγγραφά μου\??????????? - ???????? english.doc) -- C:\Documents and Settings\Theo Haris\Τα έγγραφά μου\синопсис english.doc
[2011/12/07 14:35:28 | 000,047,104 | ---- | M] ()(C:\Documents and Settings\Theo Haris\Τα έγγραφά μου\??????????? - ???????? english.doc) -- C:\Documents and Settings\Theo Haris\Τα έγγραφά μου\синопсис english.doc

< End of report >
  • 0

#10
Render
Posted 18 February 2012 - 06:50 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
We should proceed with general antimalware scan which can take quite a long time so please be patient.

Download Virus Removal Tool (VRT) from Here to your desktop
(You have to enter your e-mail address and click on Submit Form button. Please download latest English version of this tool)

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
(Please be patient as this scan can take a few hours)
Posted Image

Allow VRT to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post


Now the Analysis

Rerun VRT and select the Manual Disinfection tab and press Start Gathering System Information

Posted Image

On completion click the link to locate the zip file to upload and attach to your next post

Posted Image
  • 0

Advertisements

#11
Theo Haris
Posted 18 February 2012 - 11:27 AM

Theo Haris

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
Thank you. Patience is my middle name :)

Say, I thought I'd ask before continuing.. I have Avira installed, should I uninstall it before installing the Kaspersky Virus Removal Tool?
  • 0

#12
Render
Posted 18 February 2012 - 02:33 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
No, it's not necessary to uninstall your AV program.
  • 0

#13
Theo Haris
Posted 19 February 2012 - 05:14 PM

Theo Haris

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
Please find attached the log of the system information.

I couldn't save the results of the virus scan, because no threats were detected.

Attached File  avptool_sysinfo.zip   26.23KB   150 downloads
  • 0

#14
Render
Posted 20 February 2012 - 04:08 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi,

How is your computer running now? Any problems?
  • 0

#15
Theo Haris
Posted 20 February 2012 - 08:13 AM

Theo Haris

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
Hello!

There are still some problems with my computer. For instance, it lags whenever i open a word document - and I don't run many applications at the same time. I'm not sure what more to say... It is still slow...

It can go on the Internet with firewall enabled, so that's ok.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP